urlscan.io logo urlscan.io
SecurityTrails logo

www.andreafortuna.org Open in urlscan Pro
2606:4700:3035::6815:5061  Public Scan

Go To Rescan Add Verdict Report
URL: https://www.andreafortuna.org/2018/06/11/powercat-a-porting-of-netcat-written-in-powershell/
Submission: On April 14 via manual from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 30 IPs in 5 countries across 28 domains to perform 137 HTTP transactions. The main IP is 2606:4700:3035::6815:5061, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.andreafortuna.org.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 17th 2020. Valid for: a year.
This is the only time www.andreafortuna.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
6 2606:4700:303... 13335 (CLOUDFLAR...)
3 192.0.77.37 2635 (AUTOMATTIC)
1 2a00:1450:400... 15169 (GOOGLE)
1 99.84.158.236 16509 (AMAZON-02)
2 192.0.76.3 2635 (AUTOMATTIC)
13 2a00:1450:400... 15169 (GOOGLE)
6 2a00:1450:400... 15169 (GOOGLE)
1 142.250.185.66 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
20 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 52.46.143.150 16509 (AMAZON-02)
3 185.29.135.190 30419 (MEDIAMATH...)
26 2a00:1450:400... 15169 (GOOGLE)
4 7 2a00:1450:400... 15169 (GOOGLE)
1 138.201.135.164 24940 (HETZNER-AS)
1 2.18.233.201 16625 (AKAMAI-AS)
3 4 2620:116:800d... 16509 (AMAZON-02)
4 4 52.39.207.175 16509 (AMAZON-02)
29 142.250.186.34 15169 (GOOGLE)
5 5 35.227.252.103 15169 (GOOGLE)
5 5 185.64.189.115 62713 (AS-PUBMATIC)
4 4 69.173.144.138 26667 (RUBICONPR...)
5 5 2.18.234.21 16625 (AKAMAI-AS)
1 2a05:d01c:1d8... 16509 (AMAZON-02)
2 142.250.185.99 15169 (GOOGLE)
1 99.84.158.56 16509 (AMAZON-02)
1 4 159.69.70.9 24940 (HETZNER-AS)
1 1 52.57.98.174 16509 (AMAZON-02)
1 1 217.182.200.19 16276 (OVH)
1 34.98.67.61 15169 (GOOGLE)
1 2 104.111.239.217 16625 (AKAMAI-AS)
1 1 99.80.199.35 16509 (AMAZON-02)
2 2 35.244.174.68 15169 (GOOGLE)
2 88.99.69.161 24940 (HETZNER-AS)
1 2001:4860:480... 15169 (GOOGLE)
137 30
6    2606:4700:3035::6815:5061 (United States)

ASN13335 (CLOUDFLARENET, US)
www.andreafortuna.org
3    192.0.77.37 (United States)

ASN2635 (AUTOMATTIC, US)
PTR: wordpress.com
c0.wp.com
1    2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
1    99.84.158.236 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-158-236.txl52.r.cloudfront.net
z-na.amazon-adsystem.com
2    192.0.76.3 (United States)

ASN2635 (AUTOMATTIC, US)
stats.wp.com
pixel.wp.com
13    2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
6    2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
www.googletagservices.com
1    142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net
partner.googleadservices.com
1    2a00:1450:4001:802::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.de
1    2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.com
20    2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
adservice.google.de
1    2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagservices.com
1    2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.com
1    52.46.143.150 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
aax-us-east.amazon-adsystem.com
3    185.29.135.190 (United Kingdom)

ASN30419 (MEDIAMATH-INC, US)
tags.mathtag.com
26    2a00:1450:4001:808::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
7    2a00:1450:4001:813::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    138.201.135.164 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.164.135.201.138.clients.your-server.de
hal9000.redintelligence.net
1    2.18.233.201 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-201.deploy.static.akamaitechnologies.com
pixel.mathtag.com
4    2620:116:800d:21:8c6e:cf2c:8d6:9fb5 (United States)

ASN16509 (AMAZON-02, US)
cms.quantserve.com
4    52.39.207.175 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-39-207-175.us-west-2.compute.amazonaws.com
e.dlx.addthis.com
29    142.250.186.34 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net
cm.g.doubleclick.net
5    35.227.252.103 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com
rtb.openx.net
5    185.64.189.115 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
image6.pubmatic.com
4    69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
pixel.rubiconproject.com
5    2.18.234.21 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com
ssum-sec.casalemedia.com
1    2a05:d01c:1d8:8101:ac20:41f1:bf24:9b3 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
ag.innovid.com
2    142.250.185.99 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f3.1e100.net
p4-ellcwkfj73ndy-i7s2uv7rlgidq7fo-if-v6exp3-v4.metric.gstatic.com
1    99.84.158.56 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-158-56.txl52.r.cloudfront.net
wms-na.amazon-adsystem.com
4    159.69.70.9 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.9.70.69.159.clients.your-server.de
hal900017.redintelligence.net
1    52.57.98.174 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-57-98-174.eu-central-1.compute.amazonaws.com
d.agkn.com
1    217.182.200.19 (France)

ASN16276 (OVH, FR)
PTR: gcm5.host.hit.gemius.pl
googlecm.hit.gemius.pl
1    34.98.67.61 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 61.67.98.34.bc.googleusercontent.com
odr.mookie1.com
2    104.111.239.217 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-239-217.deploy.static.akamaitechnologies.com
www.awin1.com
1    99.80.199.35 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-99-80-199-35.eu-west-1.compute.amazonaws.com
pixel.everesttech.net
2    35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com
id.rlcdn.com
2    88.99.69.161 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.161.69.99.88.clients.your-server.de
cdn.contentspread.net
1    2001:4860:4802:32::37 (United States)

ASN15169 (GOOGLE, US)
p4-ellcwkfj73ndy-i7s2uv7rlgidq7fo-261923-i1-bogus-dnssec-vd.gexperiments2.com
Apex Domain
Subdomains		 Transfer
49 doubleclick.net
googleads.g.doubleclick.net
cm.g.doubleclick.net
129 KB
40 googlesyndication.com
pagead2.googlesyndication.com
tpc.googlesyndication.com
558 KB
9 google.com
adservice.google.com
www.google.com
857 B
6 googletagservices.com
www.googletagservices.com
207 KB
6 andreafortuna.org
www.andreafortuna.org
17 KB
5 casalemedia.com
ssum-sec.casalemedia.com
5 KB
5 pubmatic.com
image6.pubmatic.com
4 KB
5 openx.net
rtb.openx.net
1 KB
5 redintelligence.net
hal9000.redintelligence.net
hal900017.redintelligence.net
10 KB
5 wp.com
c0.wp.com
stats.wp.com
pixel.wp.com
25 KB
4 rubiconproject.com
pixel.rubiconproject.com
2 KB
4 addthis.com
e.dlx.addthis.com
4 KB
4 quantserve.com
cms.quantserve.com
1 KB
4 mathtag.com
tags.mathtag.com
pixel.mathtag.com
3 KB
3 amazon-adsystem.com
z-na.amazon-adsystem.com
aax-us-east.amazon-adsystem.com
wms-na.amazon-adsystem.com
39 KB
2 contentspread.net
cdn.contentspread.net
27 KB
2 rlcdn.com
id.rlcdn.com
885 B
2 awin1.com
www.awin1.com
1 KB
2 gstatic.com
p4-ellcwkfj73ndy-i7s2uv7rlgidq7fo-if-v6exp3-v4.metric.gstatic.com
4 KB
2 google.de
adservice.google.de
942 B
1 gexperiments2.com
p4-ellcwkfj73ndy-i7s2uv7rlgidq7fo-261923-i1-bogus-dnssec-vd.gexperiments2.com
410 B
1 everesttech.net
pixel.everesttech.net
376 B
1 mookie1.com
odr.mookie1.com
324 B
1 gemius.pl
googlecm.hit.gemius.pl
304 B
1 agkn.com
d.agkn.com
669 B
1 innovid.com
ag.innovid.com
295 B
1 googleadservices.com
partner.googleadservices.com
643 B
0 gexperiments3.com Failed
p4-ellcwkfj73ndy-i7s2uv7rlgidq7fo-261923-i2-bogus-dnssec-bd.gexperiments3.com Failed
137 28
Domain Requested by
29 cm.g.doubleclick.net www.andreafortuna.org
googleads.g.doubleclick.net
26 tpc.googlesyndication.com googleads.g.doubleclick.net
www.andreafortuna.org
tpc.googlesyndication.com
pagead2.googlesyndication.com
20 googleads.g.doubleclick.net pagead2.googlesyndication.com
www.andreafortuna.org
googleads.g.doubleclick.net
14 pagead2.googlesyndication.com www.andreafortuna.org
pagead2.googlesyndication.com
googleads.g.doubleclick.net
tpc.googlesyndication.com
7 www.google.com 4 redirects googleads.g.doubleclick.net
6 www.googletagservices.com pagead2.googlesyndication.com
googleads.g.doubleclick.net
6 www.andreafortuna.org www.andreafortuna.org
5 ssum-sec.casalemedia.com 5 redirects
5 image6.pubmatic.com 5 redirects
5 rtb.openx.net 5 redirects
4 hal900017.redintelligence.net 1 redirects googleads.g.doubleclick.net
hal900017.redintelligence.net
4 pixel.rubiconproject.com 4 redirects
4 e.dlx.addthis.com 4 redirects
4 cms.quantserve.com 3 redirects googleads.g.doubleclick.net
3 tags.mathtag.com googleads.g.doubleclick.net
tags.mathtag.com
3 c0.wp.com www.andreafortuna.org
2 cdn.contentspread.net hal900017.redintelligence.net
2 id.rlcdn.com 2 redirects
2 www.awin1.com 1 redirects googleads.g.doubleclick.net
2 p4-ellcwkfj73ndy-i7s2uv7rlgidq7fo-if-v6exp3-v4.metric.gstatic.com googleads.g.doubleclick.net
p4-ellcwkfj73ndy-i7s2uv7rlgidq7fo-if-v6exp3-v4.metric.gstatic.com
2 adservice.google.com pagead2.googlesyndication.com
2 adservice.google.de pagead2.googlesyndication.com
1 p4-ellcwkfj73ndy-i7s2uv7rlgidq7fo-261923-i1-bogus-dnssec-vd.gexperiments2.com
1 pixel.everesttech.net 1 redirects
1 odr.mookie1.com googleads.g.doubleclick.net
1 googlecm.hit.gemius.pl 1 redirects
1 d.agkn.com 1 redirects
1 wms-na.amazon-adsystem.com www.andreafortuna.org
1 ag.innovid.com googleads.g.doubleclick.net
1 pixel.mathtag.com tags.mathtag.com
1 hal9000.redintelligence.net www.andreafortuna.org
1 aax-us-east.amazon-adsystem.com z-na.amazon-adsystem.com
1 partner.googleadservices.com pagead2.googlesyndication.com
1 pixel.wp.com www.andreafortuna.org
1 stats.wp.com www.andreafortuna.org
1 z-na.amazon-adsystem.com www.andreafortuna.org
0 p4-ellcwkfj73ndy-i7s2uv7rlgidq7fo-261923-i2-bogus-dnssec-bd.gexperiments3.com Failed
137 37

This site contains links to these domains. Also see Links.

Domain
github.com
sectools.org
www.amazon.com
Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2020-07-17 -
2021-07-17		 a year crt.sh
*.wp.com
Sectigo RSA Domain Validation Secure Server CA		 2020-04-02 -
2022-07-05		 2 years crt.sh
*.g.doubleclick.net
GTS CA 1O1		 2021-03-16 -
2021-06-08		 3 months crt.sh
z-na.amazon-adsystem.com
Amazon		 2020-12-12 -
2022-01-10		 a year crt.sh
*.googleadservices.com
GTS CA 1O1		 2021-03-16 -
2021-06-08		 3 months crt.sh
*.google.de
GTS CA 1O1		 2021-03-16 -
2021-06-08		 3 months crt.sh
*.google.com
GTS CA 1O1		 2021-03-16 -
2021-06-08		 3 months crt.sh
aax-us-east.amazon-adsystem.com
Amazon		 2021-04-09 -
2022-03-17		 a year crt.sh
*.mathtag.com
DigiCert SHA2 Secure Server CA		 2020-04-15 -
2022-04-22		 2 years crt.sh
tpc.googlesyndication.com
GTS CA 1O1		 2021-03-16 -
2021-06-08		 3 months crt.sh
www.google.com
GTS CA 1O1		 2021-03-16 -
2021-06-08		 3 months crt.sh
redintelligence.net
R3		 2021-02-19 -
2021-05-20		 3 months crt.sh
pixel.mathtag.com
DigiCert SHA2 Secure Server CA		 2020-04-15 -
2021-07-15		 a year crt.sh
*.quantserve.com
DigiCert SHA2 High Assurance Server CA		 2020-10-02 -
2021-10-07		 a year crt.sh
*.innovid.com
RapidSSL RSA CA 2018		 2020-02-07 -
2022-04-07		 2 years crt.sh
*.gstatic.com
GTS CA 1O1		 2021-03-23 -
2021-06-15		 3 months crt.sh
wms-na.assoc-amazon.com
Amazon		 2020-12-25 -
2021-12-24		 a year crt.sh
*.mookie1.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-02-22 -
2022-03-25		 a year crt.sh
www.awin1.com
DigiCert Secure Site ECC CA-1		 2020-04-21 -
2021-07-21		 a year crt.sh
contentspread.net
R3		 2021-02-01 -
2021-05-02		 3 months crt.sh
gexperiments1.com
GTS CA 1O1		 2021-03-16 -
2021-06-08		 3 months crt.sh

This page contains 25 frames:

Primary Page: https://www.andreafortuna.org/2018/06/11/powercat-a-porting-of-netcat-written-in-powershell/
Frame ID: 5B8DAFFE2C64ACA9AC8C8B1DEA01047B
Requests: 25 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210412/r20190131/zrt_lookup.html
Frame ID: 87B29A8760329C31282AB3E9EBC3684C
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&adk=1812271804&adf=3025194257&lmt=1618415400&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&ea=0&flash=0&pra=5&wgl=1&dt=1618415400012&bpp=12&bdt=266&idt=119&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5903918754885&frm=20&pv=2&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&dtd=138
Frame ID: 4A415E00D52DC4079469EBDEDC6099E7
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2495636939&pi=t.aa~a.396022158~i.17~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=4&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=1266&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=hM32MCU3M7&p=https%3A//www.andreafortuna.org&dtd=10
Frame ID: D36123EEC550B386EB7142DE4F3D96A6
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2616250793&pi=t.aa~a.396022158~i.19~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=2&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280&nras=3&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=1714&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=5dPVc6M1V9&p=https%3A//www.andreafortuna.org&dtd=16
Frame ID: 018B40195EBFD7E7A33D6A41900E65A2
Requests: 11 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2731915443&pi=t.aa~a.396022158~i.21~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=1&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280&nras=4&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=2047&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=AMYIgr1u32&p=https%3A//www.andreafortuna.org&dtd=19
Frame ID: DB120A70DD540ABE573B8D15F3691542
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2083328582&pi=t.aa~a.396022158~i.25~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=1&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280%2C900x280&nras=5&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=2764&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=lfDMdKQ5ky&p=https%3A//www.andreafortuna.org&dtd=22
Frame ID: 2AD54454A8DE28688800DB9144D6D322
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=90&adk=359448418&adf=723470516&pi=t.aa~a.3447919909~rp.1&w=900&fwrn=4&fwrnh=100&lmt=1618415400&rafmt=1&to=qs&pwprc=1462017320&psa=0&format=900x90&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1618415400352&bpp=1&bdt=606&idt=0&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280%2C900x280%2C900x280&nras=6&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=3804&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=fuMd5s5CpN&p=https%3A//www.andreafortuna.org&dtd=26
Frame ID: 2FD80522F0F08FC7AF28151793320507
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/adview?ai=C93CTKA93YP-kGJHV7_UPwrO_oAnPh46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTk2MTgwNjA2NjQyMzcxMTDIAQmoAwGqBJUCT9BpIiuqqFMr-ABpjoOikEfO1B9c3nGdlLMsBAm-MJm_DihzCc7XfZ3HusUmRWeWDOey7Wiu8Bb4X3sgun9NPoimrk-HjrGUODelYvmbk0q6y9rrx5KKme4FZbkn5XSuJI9v0eK_qt-sYfWnPdjnh0dTNHivY0DrWrFuOOwVu1hdbP_ZChbb7SBbli8Psl06h6_M7wVIvoNoVz-hO_1hap7hdr0CLQn3EaBDifkUTYdST4OPoZ-EoZRtyQ8wktClkEKS4gOJAWjmw1DutRNwp5nC-LZfAPdX3Xsj2VNYFPmCwJ-jWYzPY9SodAO6qjmbgVIPR-v353fPtGMaFN1SdER4flUAWn9MYiij0Sy5-IKoCXh3o4AG-pm04aTW17RHoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHsJixAtgHANIIBwiA4YAQEAGACgH6CwIIAYAMAbIXGAoWEhRwdWItOTYxODA2MDY2NDIzNzExMA&sigh=eYBfHc-j9wo&tpd=AGWhJmvVubUrhfiPFoNO9vjZU-EHyRj0IuaF5OC45Wht1ZTIbk86PeEGQrjFakUpllEPOIswau94XGiasxZrDMoUVYPuW3gNlIsJiO9i1F5ub5eCn5NRu4RhtZGefMBaQbCxwMFNOyZdm3dM3K7ln4oOzHkTyK8CoKg4_GFcjcvz9UUGLe3WKUx5Uml_aIAMyH71KbGV_fvJOFJ3bh3sdNH-ES_DLqXCa9aYvyICNmcofh24v51H3ELNJSG5lBZajq_AL9O5WcXUPdc8E5h5-KJZBLrBPPUjTAhO0xUm1w29EkrWV2B6Z10DHewvduJXzpwJ5qq4CG-zY5A2pt0j9bAIKTuZ8fioFhehlTUzXzYW1FdNc1grq0TwGF2IQavCRE8Rn0Ret72bNNYsVEADVm1AZQ1s_TQL5xO0Vpe3i0NrkrPhahsyef7dAhAxC_7TBWZjAzD7z_uVHbCvlf2qaAn7KRfmAeaMOFyba-puNtq1Y72fEIutQjLMoxWYzeXMRc5AUI52-20hn9cOVKhA5awEHWGRkWBnDzyMWQ2BC9iq4cj5-R1st9oFzTz7sY9exBf4xKUh7U_SfWchonVKwxRLHkRpyivUC3G9bJDdYUE1QVUJBFO-AzXBi_9AKNnbk6um6kJjx5v7VJip-OS0361SWnk8nGmbPS3pTi7HSmTtFJSwiK5aN3n9w8rZf25oR4wrwcE3cjH-Br0-NV07DKMTnPxcGHvkb4FIOw8tnOPep2g24oP6ww85bIh6swn1ZjmULsQtV5Rk8oj497fuC8WcxLVxqG8EG5jscNRt7gcASfuMwFyNANj8XXCAVfdmfEgi0GLcAqW-iLAOyT6L65l2ek3hZP-oghVYWZAdXT6AfKXsouyrzYNbAWe6RKLLvRvt_1Ot10phzZHl_lDl5tf3rQTcNyT_GYJ25l80eBUm4ZgaeuGSaA8OADPjxXtVeIHVthIBQqp_wDTUjG5tCsi9XQoKGqZu2F2zeSi_RhDlev0r94RjltuaENNs7OdexcYVyVBaolu9d06WBoiTd8v1bbYA
Frame ID: 008F484CD59237B741097093895F374A
Requests: 12 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: DAD9403DFFF775E8A1DC6C59C2DE6AE0
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: C28809F7A1B6A6346ECDC7ABAAC8B675
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: BAEC889D6D212DF8C8D90DEDF9B98DFF
Requests: 2 HTTP requests in this frame

Frame: https://p4-ellcwkfj73ndy-i7s2uv7rlgidq7fo-if-v6exp3-v4.metric.gstatic.com/v6exp3/iframe.html
Frame ID: 8D7B579D85734061BB2C9302D5304F8E
Requests: 4 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 1A472EE5988E04BB12DABFD9C78B5767
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/UsLlvuITw1lhdTUM-GMkld8y8Djv7Avn-D3pKFbWhiw.js
Frame ID: C4B2D6174DA3DBFD77DB8207917A40ED
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14751465879233591646/index.html
Frame ID: 0EF0D2C9B1275DCA3E5489EE7C53523B
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/adview?ai=Ccw-fKA93YIOlF4KM9u8P0sOqELm69uhNwpzP4bsHkunS4LIBEAEg5-ahcmCVAqAB89PL0wPIAQmpAo85h4CtD7Q-qAMByANIqgScAk_Qi-Qyw9RwQvvlZ8XLHWgxkbludy5yT9EmzYIZiCRyiomwbjtTfmEZVhzM9ihb5nmGl-miLCRl5D2OsvJUZ6cGDl8JKzxJi3bbR1KlSw9Z2Ku7AzJpyY-Z93JgOcdSGBDcWQp6gjDdWN0IDFcyDf4l86NVSpbJ8QxYzMJhrm5Ma3DNOd9juOmpooFYCrSoznH0xMmhcKLwOBqajtU1DppgF0QH5Lg4eZNB7MFttqUIqj9MuTzOaaIMD1MBSgPOocaG23gU2nVhYp2BNCWQao_DBVLMEyDf2RuhKwEBLsgNt9N-YtK_7hzewJI-PJQRP1oH4La-ALN5nYRMp4Ium2eOleUwsWzUjclzW25ZfRwxu-e5hmLpflMc6nxBwATzlNbpgQGSBQQIBBgBkgUECAUYBKAGLoAHz5e6L6gH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAPIHBBCa6Q7SCAkIgOGAEBABGB-ACgHICwHYEwKyFxoKGAgAEhRwdWItOTYxODA2MDY2NDIzNzExMA&sigh=rEgcgAfea5g&template_id=419
Frame ID: 7A888CD5CD028574479CE7E04EB86F43
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: 3617CDF12A0C26B76382A61BB4F29F93
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: B1B2C1D7C564F4B7105583E13B25A2B7
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: D08B377EA1D478C4CA0F12D8913E3E8C
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/UsLlvuITw1lhdTUM-GMkld8y8Djv7Avn-D3pKFbWhiw.js
Frame ID: B3F53C8D6A7BF45B2A16592FD46EF56B
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/UsLlvuITw1lhdTUM-GMkld8y8Djv7Avn-D3pKFbWhiw.js
Frame ID: 4EA55FEBC84A85C50F142969C6483DBB
Requests: 1 HTTP requests in this frame

Frame: https://hal900017.redintelligence.net/request_content.php?s=89178800181280102179195011564017&a=4d081671
Frame ID: A217FB01C37320AA57AE2F9BB4BC7958
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: AF14A3DF9977B574024ABB7897ADB58B
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html
Frame ID: 7C8FEADA462A8B9A1E8D78E974D4A776
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers link /rel="https:\/\/api\.w\.org\/"/i
Overall confidence: 100%
Detected patterns
  • headers link /rel="https:\/\/api\.w\.org\/"/i
Overall confidence: 100%
Detected patterns
  • headers link /rel="https:\/\/api\.w\.org\/"/i
Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Page Statistics

137
Requests

98 %
HTTPS

37 %
IPv6

28
Domains

37
Subdomains

30
IPs

5
Countries

1020 kB
Transfer

2469 kB
Size

5
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 56
  • https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAQvitUJ4o0kj1NBQhzO4iwwFKKl__gnzUitainWUnDwg8pYJMl6Gctm5-SrOjVYaj-0ZqYXKuVbX8iOmNWzT9nDB6jdPq1g1rg&google_gid=CAESEOita6MM_QNAmWISN6JXIbI&google_cver=1 HTTP 302
  • https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAQvitUJ4o0kj1NBQhzO4iwwFKKl__gnzUitainWUnDwg8pYJMl6Gctm5-SrOjVYaj-0ZqYXKuVbX8iOmNWzT9nDB6jdPq1g1rg&google_gid=CAESEOita6MM_QNAmWISN6JXIbI&google_cver=1&rd=Y HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA0MTQxNTUwMDE5NDc1OTU1Mzc3MjA0OQ%3D%3D&google_push=AQvitUJ4o0kj1NBQhzO4iwwFKKl__gnzUitainWUnDwg8pYJMl6Gctm5-SrOjVYaj-0ZqYXKuVbX8iOmNWzT9nDB6jdPq1g1rg
Request Chain 57
  • https://rtb.openx.net/sync/dds?google_gid=CAESECWXcmAyE93OfC9I7XyF0aQ&google_cver=1&google_push=AQvitULbnd63_F_wUhwT_caJSsr5zqzk8TtxyfDVRatthUiTsY_RGpQaGWSZ2Q33GKOEpYS4-DNyJXiBXHBC30h6M7SdndgbWA HTTP 302
  • https://rtb.openx.net/sync/dds?google_gid=CAESECWXcmAyE93OfC9I7XyF0aQ&google_cver=1&google_push=AQvitULbnd63_F_wUhwT_caJSsr5zqzk8TtxyfDVRatthUiTsY_RGpQaGWSZ2Q33GKOEpYS4-DNyJXiBXHBC30h6M7SdndgbWA&ox_sc=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULbnd63_F_wUhwT_caJSsr5zqzk8TtxyfDVRatthUiTsY_RGpQaGWSZ2Q33GKOEpYS4-DNyJXiBXHBC30h6M7SdndgbWA&google_hm=glNKdVTCyAQsSk8Y0Sv9Pg==
Request Chain 58
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEPSXO1cn0ZijLOKulz3qrYI&google_cver=1&google_push=AQvitUJkBJzcWkSsw46sYh41dcgut9l9u92pPFJJXO5-b19zYVYJwei_BjsyvFkCsR8zMQoIHohn2LkrULRTTtXMewV2s-T2hNc HTTP 302
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEPSXO1cn0ZijLOKulz3qrYI&google_cver=1&google_push=AQvitUJkBJzcWkSsw46sYh41dcgut9l9u92pPFJJXO5-b19zYVYJwei_BjsyvFkCsR8zMQoIHohn2LkrULRTTtXMewV2s-T2hNc&rdf=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=8qqEuURcSP2hJjBoxFYhXw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUJkBJzcWkSsw46sYh41dcgut9l9u92pPFJJXO5-b19zYVYJwei_BjsyvFkCsR8zMQoIHohn2LkrULRTTtXMewV2s-T2hNc
Request Chain 59
  • https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEAp5p8K-MLP87DoTwnbZm3k&google_cver=1&google_push=AQvitUJq6LDQpTr3iCpB7C4FoqqzsZmckU9n1jtQr_UaMYrC_bV20i6vIp8dlGB0sTb0_aUB3F8uA0O-cF1DEeHYU5ZEJTBQhME HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S05ITVFSTVQtMjAtOVlIWQ==&google_push=AQvitUJq6LDQpTr3iCpB7C4FoqqzsZmckU9n1jtQr_UaMYrC_bV20i6vIp8dlGB0sTb0_aUB3F8uA0O-cF1DEeHYU5ZEJTBQhME
Request Chain 60
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEHl6s_0Q1A--_UIX8L6_Ogs&google_cver=1&google_push=AQvitUIOCJQ3zWoVpsPg4iu_gyezY_GdjlJfN0vqF0TxXx4bKZ43_4tVMe_MQg-gFZuC0F_fI2ursZlhMTH7sY9JAdkGIgt7Ew HTTP 302
  • https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEHl6s_0Q1A--_UIX8L6_Ogs&google_push=AQvitUIOCJQ3zWoVpsPg4iu_gyezY_GdjlJfN0vqF0TxXx4bKZ43_4tVMe_MQg-gFZuC0F_fI2ursZlhMTH7sY9JAdkGIgt7Ew&s=184023&C=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YHcPKaTT5JpaF3Oh03ThrgAAByYAAAAB&google_cver=1&google_push=AQvitUIOCJQ3zWoVpsPg4iu_gyezY_GdjlJfN0vqF0TxXx4bKZ43_4tVMe_MQg-gFZuC0F_fI2ursZlhMTH7sY9JAdkGIgt7Ew&google_gid=CAESEHl6s_0Q1A--_UIX8L6_Ogs
Request Chain 63
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si
Request Chain 70
  • https://hal900017.redintelligence.net/request.php?zone=kfm7pdl6j5sw&nw=20&renderingType=javascript&namespace=dab76d1cba&subid=&uid=d41ad68e74c6b32c&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&envData=&gdpr=1&gdpr_consent=BAAAAAAAAAAAAAAAAAluAA%2F%2F%2F%2F%2F%2F%2BABgCeAJ4Ang&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D376565315897179842%26mt_id%3D8675613%26mt_adid%3D242876%26mt_sid%3D7324419%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dc8e46077-0f28-4a01-bd51-e4c9b6355cee%26mt_cid%3Dc8e46077-0f28-4a01-bd51-e4c9b6355cee%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCGVEmKA93YP-kGJHV7_UPwrO_oAnPh46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTk2MTgwNjA2NjQyMzcxMTDIAQmoAwGqBJgCT9BpIiuqqFMr-ABpjoOikEfO1B9c3nGdlLMsBAm-MJm_DihzCc7XfZ3HusUmRWeWDOey7Wiu8Bb4X3sgun9NPoimrk-HjrGUODelYvmbk0q6y9rrx5KKme4FZbkn5XSuJI9v0eK_qt-sYfWnPdjnh0dTNHivY0DrWrFuOOwVu1hdbP_ZChbb7SBbli8Psl06h6_M7wVIvoNoVz-hO_1hap7hdr0CLQn3EaBDifkUTYdST4OPoZ-EoZRtyQ8wktClkEKS4gOJAWjmw1DutRNwp5nC-LZfAPdX3Xsj2VNYFPmCwJ-jWYzPY9SodAO6qjmbgVIPR-v353fPtGMaFN1SdER4fhcCV-3g8oykXIjxU1ropohqt8inRIAG-pm04aTW17RHoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHsJixAtgHANIIBwiA4YAQEAH6CwIIAYAMAQ%2526num%253D1%2526sig%253DAOD64_37VkZhWGCPLKZdCXeIhAST8UAfyg%2526client%253Dca-pub-9618060664237110%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-9618060664237110%26output%3Dhtml%26h%3D90%26adk%3D359448418%26adf%3D723470516%26pi%3Dt.aa~a.3447919909~rp.1%26w%3D900%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1618415400%26rafmt%3D1%26to%3Dqs%26pwprc%3D1462017320%26psa%3D0%26format%3D900x90%26url%3Dhttps%253A%252F%252Fwww.andreafortuna.org%252F2018%252F06%252F11%252Fpowercat-a-porting-of-netcat-written-in-powershell%252F%26flash%3D0%26fwr%3D0%26pra%3D3%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26fa%3D40%26dt%3D1618415400352%26bpp%3D1%26bdt%3D606%26idt%3D0%26shv%3Dr20210412%26cbv%3Dr20190131%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26prev_fmts%3D0x0%252C900x280%252C900x280%252C900x280%252C900x280%26nras%3D6%26correlator%3D5903918754885%26frm%3D20%26pv%3D1%26ga_vid%3D1418355954.1618415400%26ga_sid%3D1618415400%26ga_hid%3D1307222323%26ga_fc%3D0%26u_tz%3D120%26u_his%3D2%26u_java%3D0%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_nplug%3D0%26u_nmime%3D0%26adx%3D350%26ady%3D3804%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44739547%252C44736525%252C44740079%26oid%3D3%26pvsid%3D1459824164229947%26eae%3D0%26fc%3D1920%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257Cs%257C%26abl%3DNS%26fu%3D128%26bc%3D31%26ifi%3D6%26uci%3Da!6%26btvi%3D5%26fsb%3D1%26xpc%3DfuMd5s5CpN%26p%3Dhttps%253A%2F%2Fwww.andreafortuna.org%26dtd%3D26&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fwww.andreafortuna.org&random=9841687780082&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
  • https://hal900017.redintelligence.net/request.php?zone=kfm7pdl6j5sw&nw=20&renderingType=javascript&namespace=dab76d1cba&subid=&uid=d41ad68e74c6b32c&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&envData=&gdpr=1&gdpr_consent=BAAAAAAAAAAAAAAAAAluAA%2F%2F%2F%2F%2F%2F%2BABgCeAJ4Ang&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D376565315897179842%26mt_id%3D8675613%26mt_adid%3D242876%26mt_sid%3D7324419%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dc8e46077-0f28-4a01-bd51-e4c9b6355cee%26mt_cid%3Dc8e46077-0f28-4a01-bd51-e4c9b6355cee%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCGVEmKA93YP-kGJHV7_UPwrO_oAnPh46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTk2MTgwNjA2NjQyMzcxMTDIAQmoAwGqBJgCT9BpIiuqqFMr-ABpjoOikEfO1B9c3nGdlLMsBAm-MJm_DihzCc7XfZ3HusUmRWeWDOey7Wiu8Bb4X3sgun9NPoimrk-HjrGUODelYvmbk0q6y9rrx5KKme4FZbkn5XSuJI9v0eK_qt-sYfWnPdjnh0dTNHivY0DrWrFuOOwVu1hdbP_ZChbb7SBbli8Psl06h6_M7wVIvoNoVz-hO_1hap7hdr0CLQn3EaBDifkUTYdST4OPoZ-EoZRtyQ8wktClkEKS4gOJAWjmw1DutRNwp5nC-LZfAPdX3Xsj2VNYFPmCwJ-jWYzPY9SodAO6qjmbgVIPR-v353fPtGMaFN1SdER4fhcCV-3g8oykXIjxU1ropohqt8inRIAG-pm04aTW17RHoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHsJixAtgHANIIBwiA4YAQEAH6CwIIAYAMAQ%2526num%253D1%2526sig%253DAOD64_37VkZhWGCPLKZdCXeIhAST8UAfyg%2526client%253Dca-pub-9618060664237110%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-9618060664237110%26output%3Dhtml%26h%3D90%26adk%3D359448418%26adf%3D723470516%26pi%3Dt.aa~a.3447919909~rp.1%26w%3D900%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1618415400%26rafmt%3D1%26to%3Dqs%26pwprc%3D1462017320%26psa%3D0%26format%3D900x90%26url%3Dhttps%253A%252F%252Fwww.andreafortuna.org%252F2018%252F06%252F11%252Fpowercat-a-porting-of-netcat-written-in-powershell%252F%26flash%3D0%26fwr%3D0%26pra%3D3%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26fa%3D40%26dt%3D1618415400352%26bpp%3D1%26bdt%3D606%26idt%3D0%26shv%3Dr20210412%26cbv%3Dr20190131%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26prev_fmts%3D0x0%252C900x280%252C900x280%252C900x280%252C900x280%26nras%3D6%26correlator%3D5903918754885%26frm%3D20%26pv%3D1%26ga_vid%3D1418355954.1618415400%26ga_sid%3D1618415400%26ga_hid%3D1307222323%26ga_fc%3D0%26u_tz%3D120%26u_his%3D2%26u_java%3D0%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_nplug%3D0%26u_nmime%3D0%26adx%3D350%26ady%3D3804%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44739547%252C44736525%252C44740079%26oid%3D3%26pvsid%3D1459824164229947%26eae%3D0%26fc%3D1920%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257Cs%257C%26abl%3DNS%26fu%3D128%26bc%3D31%26ifi%3D6%26uci%3Da!6%26btvi%3D5%26fsb%3D1%26xpc%3DfuMd5s5CpN%26p%3Dhttps%253A%2F%2Fwww.andreafortuna.org%26dtd%3D26&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fwww.andreafortuna.org&random=9841687780082&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Request Chain 71
  • https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESELQjnppU-gPN3kAi6Hz6v_c&google_cver=1&google_push=AQvitUJMrlZhwqbb13f5AvP9oiiEBfyK-7_FWYbWXz5pxV9fCbpRq0-RwNag9yvrz7fGupZo5MWm9gj1PZsiuIOYWJ62PLi_AFQ HTTP 302
  • https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitUJMrlZhwqbb13f5AvP9oiiEBfyK-7_FWYbWXz5pxV9fCbpRq0-RwNag9yvrz7fGupZo5MWm9gj1PZsiuIOYWJ62PLi_AFQ&google_hm=Cm5EasLiiZ2gZI9PdZXzYg
Request Chain 72
  • https://d.agkn.com/pixel/2175/?google_gid=CAESENa8ruFZSQzIQypkZ-T87HM&google_cver=1&google_push=AQvitUKe9OWMCdBWifQ83-HVBu-z9YQKRXRDPXHaluCl3z8-8v3tnadJb3Xo6kVejdViSY1jZQFDof85MPc0SOJFw6WxZEFwYFw HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=akneustar_dmp&google_cm&google_hm=Q0FFU0VOYThydUZaU1F6SVF5cGtaLVQ4N0hN
Request Chain 73
  • https://rtb.openx.net/sync/dds?google_gid=CAESECSUmcMX_GMpnNEalRSyJ-8&google_cver=1&google_push=AQvitULzNrciO8XuzQimG99FEYik4-Rp7nGbGQQ_gpa73a0aqyUy-QmphBWAQTSxn7GMXVUWGNlI0h_YVszoQFBNFBkZl8KEBA HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULzNrciO8XuzQimG99FEYik4-Rp7nGbGQQ_gpa73a0aqyUy-QmphBWAQTSxn7GMXVUWGNlI0h_YVszoQFBNFBkZl8KEBA&google_hm=glNKdVTCyAQsSk8Y0Sv9Pg==
Request Chain 74
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESED88IRcxlQjsDuCFSB4Fyz0&google_cver=1&google_push=AQvitUKwl5ZaOYOJ1eLXaawnDs15hYWbaPHqUkuZ51P_8p-2WZCWwu8rSwyy6uT6rpNaMK6p6w6S8phnOM32tukGSAGgHEUh5Ok HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=8qqEuURcSP2hJjBoxFYhXw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUKwl5ZaOYOJ1eLXaawnDs15hYWbaPHqUkuZ51P_8p-2WZCWwu8rSwyy6uT6rpNaMK6p6w6S8phnOM32tukGSAGgHEUh5Ok
Request Chain 75
  • https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEP9Bos4evWcXfgXKy1fbz_k&google_cver=1&google_push=AQvitUIaDeHo-y1PcdfAoY-CMryqZIIad_DB0o5FbfEbGuj2NWTJdjIeZS45HYPTPXgsED7ELDRkBvCtIoVt-ChVCP2WugwZBw HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S05ITVFST1QtMjUtMlk1Qw==&google_push=AQvitUIaDeHo-y1PcdfAoY-CMryqZIIad_DB0o5FbfEbGuj2NWTJdjIeZS45HYPTPXgsED7ELDRkBvCtIoVt-ChVCP2WugwZBw
Request Chain 76
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEB1dh89-w9QCJ5jnJwvXBh0&google_cver=1&google_push=AQvitUJKNoOD2CoiEND6ucHtBHiInZW-viDsPdYWGxWFMfGPlqUWyHhgAkH3ojJ19iysrEH5OYTZhwBRXsF4S7OvbGB6OEktKQQ HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YHcPKaTT5JpaF3Oh03ThrgAAByYAAAAB&google_gid=CAESEB1dh89-w9QCJ5jnJwvXBh0&google_push=AQvitUJKNoOD2CoiEND6ucHtBHiInZW-viDsPdYWGxWFMfGPlqUWyHhgAkH3ojJ19iysrEH5OYTZhwBRXsF4S7OvbGB6OEktKQQ&google_cver=1
Request Chain 77
  • https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEP4acdyCMUw1TXY0zKgJaME&google_cver=1&google_push=AQvitUI816dws1bbfWR8Y44wUF3osXy_LwThhhI73UgksbCnlv05YRl-u5HRJbcJFpaswZoZb85zEGBjJGbpS3jyVe6yICO5SsgQ HTTP 301
  • https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AQvitUI816dws1bbfWR8Y44wUF3osXy_LwThhhI73UgksbCnlv05YRl-u5HRJbcJFpaswZoZb85zEGBjJGbpS3jyVe6yICO5SsgQ&google_hm=
Request Chain 79
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si
Request Chain 104
  • https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEE2N22q8PXwblnDbzI7S6rM&google_cver=1&google_push=AQvitUISD76CnKv_PY-jCz1WU565kW-UmItxm9UoNCNS7uzKjXos0heOjVJ4KwtDbzakK9ezU5JKLN-Zt79Lr67mWBUaiGSVzw HTTP 302
  • https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitUISD76CnKv_PY-jCz1WU565kW-UmItxm9UoNCNS7uzKjXos0heOjVJ4KwtDbzakK9ezU5JKLN-Zt79Lr67mWBUaiGSVzw&google_hm=Cm5EasLiiZ2gZI9PdZXzYg
Request Chain 105
  • https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAQvitUKJOVrWljIQIRZt8vIuI8aQxXodZn6jeElYh6J-Cy38p1f8q5Hw975J-joGkQbhQ6xSDDV0450wPUwVUcRgvomfE3UZl9k&google_gid=CAESEAHZCbHLC6UhuDaS2rWuv7s&google_cver=1 HTTP 302
  • https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAQvitUKJOVrWljIQIRZt8vIuI8aQxXodZn6jeElYh6J-Cy38p1f8q5Hw975J-joGkQbhQ6xSDDV0450wPUwVUcRgvomfE3UZl9k&google_gid=CAESEAHZCbHLC6UhuDaS2rWuv7s&google_cver=1&rd=Y HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA0MTQxNTUwMDE5NTY2NDI4MjMyNTkwMw%3D%3D&google_push=AQvitUKJOVrWljIQIRZt8vIuI8aQxXodZn6jeElYh6J-Cy38p1f8q5Hw975J-joGkQbhQ6xSDDV0450wPUwVUcRgvomfE3UZl9k
Request Chain 107
  • https://rtb.openx.net/sync/dds?google_gid=CAESEOromkbSNs8OuKjKewgFcdM&google_cver=1&google_push=AQvitUJ3rOGEpSt--UHGABLMGYz0EpkBQvGf-HdT0O5casyjWPiSpbrRg9CCCfnYgvKxmt0_CBgUDvBbZpaB4qPHeRNZv9q4bew HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUJ3rOGEpSt--UHGABLMGYz0EpkBQvGf-HdT0O5casyjWPiSpbrRg9CCCfnYgvKxmt0_CBgUDvBbZpaB4qPHeRNZv9q4bew&google_hm=glNKdVTCyAQsSk8Y0Sv9Pg==
Request Chain 108
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEP3mFGVH1ZHEH-KwexdAR5I&google_cver=1&google_push=AQvitUKAiGfilR3BiCWFY1zUxlEs_OFhxchjdwl8RZDOQXxuX3QlGQmFkYGDSMZZMp4LrNo_WYSBGSg5iv2fdcW8LicdGGHIzc4 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=8qqEuURcSP2hJjBoxFYhXw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUKAiGfilR3BiCWFY1zUxlEs_OFhxchjdwl8RZDOQXxuX3QlGQmFkYGDSMZZMp4LrNo_WYSBGSg5iv2fdcW8LicdGGHIzc4
Request Chain 109
  • https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEAdm4CC9lQ61rriWhTWj9ZU&google_cver=1&google_push=AQvitULYWQPvi6uizpPBLtFWtP9Mk4YdxNn-94dA2XBu0ezPoYTwozDyp1ZHB0uug0Iymdb3KrvgJhHB0T6VKOeoYyoHn6MCFnA HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S05ITVFSVFYtMTAtQ0IwUA==&google_push=AQvitULYWQPvi6uizpPBLtFWtP9Mk4YdxNn-94dA2XBu0ezPoYTwozDyp1ZHB0uug0Iymdb3KrvgJhHB0T6VKOeoYyoHn6MCFnA
Request Chain 110
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEL_2mG-uCEpUpbAMvcR7RFs&google_cver=1&google_push=AQvitUJHE0Q-8FHr8UIFxCx1JUgG3H4H8FRGa_StcsJRMT9SPQ3B93wV0Y5pGrx1H-P8SJA0dL3pN8Pqeun4U9CES1bH7pP06tk HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YHcPKaTT5JpaF3Oh03ThrgAAByYAAAAB&google_gid=CAESEL_2mG-uCEpUpbAMvcR7RFs&google_push=AQvitUJHE0Q-8FHr8UIFxCx1JUgG3H4H8FRGa_StcsJRMT9SPQ3B93wV0Y5pGrx1H-P8SJA0dL3pN8Pqeun4U9CES1bH7pP06tk&google_cver=1
Request Chain 112
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si
Request Chain 114
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si
Request Chain 121
  • https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEDxzj04BWN-5jvqEvNutPtI&google_cver=1&google_push=AQvitULJYDxdvyttpsRy3ku_4rI5LHZEZXggljBFwPbvbKHHJJx9RyP-QxhxvumSIWwbqZVOAzIvQ9ZFOYZDJEcJ8Pt-T_ib_KS5 HTTP 302
  • https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitULJYDxdvyttpsRy3ku_4rI5LHZEZXggljBFwPbvbKHHJJx9RyP-QxhxvumSIWwbqZVOAzIvQ9ZFOYZDJEcJ8Pt-T_ib_KS5&google_hm=Cm5EasLiiZ2gZI9PdZXzYg
Request Chain 122
  • https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAQvitUKGcIKIK7AQVyJg9MZn8sp851Zr5j7rDAfP2lj4Gu2ldp3sBQyraho1CL-M6YRYV6qlUhCmBvyODCxZ0-5wwaW-BN8eWf6e&google_gid=CAESELCc2ZOQgzW996ZfSdvaZOI&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUhjUEtRQUFBWHh3eERoaw&google_push=AQvitUKGcIKIK7AQVyJg9MZn8sp851Zr5j7rDAfP2lj4Gu2ldp3sBQyraho1CL-M6YRYV6qlUhCmBvyODCxZ0-5wwaW-BN8eWf6e
Request Chain 123
  • https://id.rlcdn.com/466606.gif?cparams=google_push%3DAQvitUIGCe5SPbI-t__kxTC9YFFAIDOuZs8tU62Xhq7qPDN9_7OuAKBaWlrEbVharGwUbStyp57mPwRDulT0YYU7AKk6ys17n7Mj&google_gid=CAESEJ8raPmhudBWx5wUQ96ZPn4&google_cver=1 HTTP 307
  • https://id.rlcdn.com/1000.gif?memo=CK69HBoNCKme3IMGEgUI6AcQAEIASnBnb29nbGVfcHVzaD1BUXZpdFVJR0NlNVNQYkktdF9fa3hUQzlZRkZBSURPdVpzOHRVNjJYaHE3cVBETjlfN091QUtCYVdsckViVmhhckd3VWJTdHlwNTdtUHdSRHVsVDBZWVU3QUtrNnlzMTduN01q HTTP 307
  • https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwQUZLZDhWNllPNDhHUUlxS0gycFBWQjJ3Uk8xNFlOeWdOY1Ztb19pSER4bw==&google_push
Request Chain 124
  • https://rtb.openx.net/sync/dds?google_gid=CAESEAHrcHNc2wvMPU0YHwhuAqE&google_cver=1&google_push=AQvitULc-q14Ub0Kz7mTU6C2pT2WFJaLZirfZtUPT411nAf2tRv54HCvOrM_Am9q_GOergNKqpK_A98goBLP3cUJGB5lrIwPkefL HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULc-q14Ub0Kz7mTU6C2pT2WFJaLZirfZtUPT411nAf2tRv54HCvOrM_Am9q_GOergNKqpK_A98goBLP3cUJGB5lrIwPkefL&google_hm=glNKdVTCyAQsSk8Y0Sv9Pg==
Request Chain 125
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEMTBetr_i1ESPwF8kD69Gfo&google_cver=1&google_push=AQvitUJHWJx1g2ETkEnpHxz-_lByf9-qpz0xhXVVN7dGww-JCRjonlTYWaw5BsxstTdltcEB1b1XbZ7hrcbb4-kAERkwViEJ_ibi HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=8qqEuURcSP2hJjBoxFYhXw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUJHWJx1g2ETkEnpHxz-_lByf9-qpz0xhXVVN7dGww-JCRjonlTYWaw5BsxstTdltcEB1b1XbZ7hrcbb4-kAERkwViEJ_ibi
Request Chain 126
  • https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEDDf4ZoXdYoOsP3JgnSjGoY&google_cver=1&google_push=AQvitUIVLYUm-T0dUw1_8jKCHamDaM4HDwT2u--4LK-XL2_9ZAGRln959IHPnN93L74CADQFgzZwbuqB770-xlmHX_fVysa8lQWK HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S05ITVFTMkYtWS1CSkQy&google_push=AQvitUIVLYUm-T0dUw1_8jKCHamDaM4HDwT2u--4LK-XL2_9ZAGRln959IHPnN93L74CADQFgzZwbuqB770-xlmHX_fVysa8lQWK
Request Chain 127
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESECmTb_9H1f-gjpS9LhAwMZE&google_cver=1&google_push=AQvitUJ5PuvI9j_uJbYnwLKTSQiOGj4SktUOBlZJnptQtfJjOCNLUqMUF5vXI78-SKDvlTcf-pQ1PdpVq03C-zVr6DvTc7b86W8 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YHcPKaTT5JpaF3Oh03ThrgAAByYAAAAB&google_cver=1&google_gid=CAESECmTb_9H1f-gjpS9LhAwMZE&google_push=AQvitUJ5PuvI9j_uJbYnwLKTSQiOGj4SktUOBlZJnptQtfJjOCNLUqMUF5vXI78-SKDvlTcf-pQ1PdpVq03C-zVr6DvTc7b86W8
Request Chain 129
  • https://www.awin1.com/cshow.php?s=2846676&v=14098&q=409715&r=296283&pref1=89178800181280102179195011564017&pv=0 HTTP 302
  • https://cdn.contentspread.net/24i/advertiser/3839/creativesup/kl_kts_728x90px.gif

137 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.andreafortuna.org/2018/06/11/powercat-a-porting-of-netcat-written-in-powershell/ 		24 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.andreafortuna.org/2018/06/11/powercat-a-porting-of-netcat-written-in-powershell/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::6815:5061 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.2.34
Resource Hash
28386ec55cba2024564d8347ddd9aa707ff853e58fde6ca86374a1ebdfa68987

Request headers

:method
GET
:authority
www.andreafortuna.org
:scheme
https
:path
/2018/06/11/powercat-a-porting-of-netcat-written-in-powershell/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Apr 2021 15:49:59 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=d7fdc52974b2179874eab20d4543901bf1618415399; expires=Fri, 14-May-21 15:49:59 GMT; path=/; domain=.andreafortuna.org; HttpOnly; SameSite=Lax; Secure
x-powered-by
PHP/7.2.34
cf-edge-cache
cache,platform=wordpress
x-pingback
https://www.andreafortuna.org/xmlrpc.php
link
<https://www.andreafortuna.org/wp-json/>; rel="https://api.w.org/", <https://www.andreafortuna.org/wp-json/wp/v2/posts/3307>; rel="alternate"; type="application/json", <https://www.andreafortuna.org/?p=3307>; rel=shortlink
cache-control
max-age=172800
expires
Fri, 16 Apr 2021 15:49:58 GMT
vary
Accept-Encoding,User-Agent
cf-cache-status
DYNAMIC
cf-request-id
0972ac498e00004e49469fd000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=jiYENbsibfKXlEeCFaPJzUKs5QzRvhj3yI14x7yQJnjkNXhZ09hckOXbvDEAMjY9mO6IRR0I5FTpZnexBwIOnWGfqyYSuAnV9w3FtGJoYMDeSrNXU%2Bc6JHKc3mKmN1I63PQ%3D"}]}
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
63fe1655ac784e49-FRA
content-encoding
br
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
style.min.css
c0.wp.com/c/5.7/wp-includes/css/dist/block-library/ 		57 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://c0.wp.com/c/5.7/wp-includes/css/dist/block-library/style.min.css
Requested by
Host: www.andreafortuna.org
URL: https://www.andreafortuna.org/2018/06/11/powercat-a-porting-of-netcat-written-in-powershell/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
29778a6252b89c79ad8a313692c3f4b8ff5e300c463858732f28da488dd2cc05
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://www.andreafortuna.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc
HIT ams 1
date
Wed, 14 Apr 2021 15:49:59 GMT
content-encoding
br
last-modified
Tue, 02 Mar 2021 00:46:20 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=31536000
strict-transport-security
max-age=15552000
timing-allow-origin
*
expires
Thu, 14 Apr 2022 15:49:59 GMT
style.css
www.andreafortuna.org/wp-content/themes/Less-1.1/ 		8 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.andreafortuna.org/wp-content/themes/Less-1.1/style.css?ver=all
Requested by
Host: www.andreafortuna.org
URL: https://www.andreafortuna.org/2018/06/11/powercat-a-porting-of-netcat-written-in-powershell/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::6815:5061 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f3cdb75ee550e01cdc573411f6aea5eee14f5cee9a3f79f80da590a8d7e6404d

Request headers

Referer
https://www.andreafortuna.org/2018/06/11/powercat-a-porting-of-netcat-written-in-powershell/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Apr 2021 15:49:59 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
2153541
cf-polished
origSize=13015
cf-bgj
minify
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
0972ac4b4d00004e494d1cc000000001
last-modified
Mon, 10 Feb 2020 13:56:01 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding,User-Agent
report-to
{"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=9CpdRz5iiCog6ufsOwJj8mNz97yGAO7PsnEKUHOy4ZK0blPm9WMfHcZJuPKxaP%2FmYUnSn8QHTqH7WeFMmotBC5kxP1nSpMSbGB8rTEb6qEMQtjt5YHqR%2Fu36ZDL4%2FHX9S4o%3D"}]}
content-type
text/css
cache-control
max-age=2592000
cf-ray
63fe16587a934e49-FRA
expires
Mon, 19 Apr 2021 17:37:37 GMT
front.min.css
www.andreafortuna.org/wp-content/plugins/cookie-notice/css/ 		7 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.andreafortuna.org/wp-content/plugins/cookie-notice/css/front.min.css?ver=5.7
Requested by
Host: www.andreafortuna.org
URL: https://www.andreafortuna.org/2018/06/11/powercat-a-porting-of-netcat-written-in-powershell/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::6815:5061 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8dbb3fbf6b9f43e7b8910762718dbae04c9a3bf59d129f400985defe7447e0dd

Request headers

Referer
https://www.andreafortuna.org/2018/06/11/powercat-a-porting-of-netcat-written-in-powershell/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Apr 2021 15:49:59 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
2153541
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
0972ac4b4e00004e49ea383000000001
last-modified
Fri, 19 Feb 2021 14:06:08 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding,User-Agent
report-to
{"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=6QKSc9pZbAVd68aXXBpvUQTm7cZlPgKj24LDxFgUhMOZbBVFy5IWDWqln40jopzKmR9JV5C5L9SOTHoes8cVd%2BZxtALHZlwvWt%2BiCe74z%2Bw%2BcwYijHWWqb2GHDVbDxlRK%2Bk%3D"}]}
content-type
text/css
cache-control
max-age=2592000
cf-ray
63fe16587a944e49-FRA
expires
Mon, 19 Apr 2021 17:37:37 GMT
jetpack.css
c0.wp.com/p/jetpack/9.6.1/css/ 		75 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://c0.wp.com/p/jetpack/9.6.1/css/jetpack.css
Requested by
Host: www.andreafortuna.org
URL: https://www.andreafortuna.org/2018/06/11/powercat-a-porting-of-netcat-written-in-powershell/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
b17a1dde76cbfa8f7e19a7121ecde1ad3d2cc9fca6bbd795042d3f484b53d2a3
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://www.andreafortuna.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc
HIT ams 1
date
Wed, 14 Apr 2021 15:49:59 GMT
content-encoding
br
last-modified
Tue, 30 Mar 2021 16:59:40 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=31536000
strict-transport-security
max-age=15552000
timing-allow-origin
*
expires
Thu, 14 Apr 2022 15:49:59 GMT
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		134 KB
47 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: www.andreafortuna.org
URL: https://www.andreafortuna.org/2018/06/11/powercat-a-porting-of-netcat-written-in-powershell/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
764fce4e57ffe5d57dfb1cb47ff3aed29cfb557d61c01c26499ae6d82870fd0d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.andreafortuna.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Apr 2021 15:49:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
48482
x-xss-protection
0
server
cafe
etag
6346180602110889546
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Wed, 14 Apr 2021 15:49:59 GMT
onejs
z-na.amazon-adsystem.com/widgets/ 		25 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z-na.amazon-adsystem.com/widgets/onejs?MarketPlace=US&adInstanceId=2a818c3a-b616-4488-adbe-66363f272bae
Requested by
Host: www.andreafortuna.org
URL: https://www.andreafortuna.org/2018/06/11/powercat-a-porting-of-netcat-written-in-powershell/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.84.158.236 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-158-236.txl52.r.cloudfront.net
Software
Server /
Resource Hash
7ac082b1f9460d1b3d1b07c0ad8c4ccbebce27d98b8d577b7450824073e1eeed

Request headers

Referer
https://www.andreafortuna.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
Public
date
Wed, 14 Apr 2021 15:50:00 GMT
content-encoding
gzip
server
Server
x-amz-cf-pop
TXL52-C1
x-cache
Miss from cloudfront
content-type
application/javascript;charset=UTF-8
access-control-allow-origin
*
charset
UTF-8
cache-control
public,max-age=300,s-maxage=300,no-transform
content-length
8148
via
1.1 3a415eca835d78c74f508f31b6bbdaf0.cloudfront.net (CloudFront)
x-amz-cf-id
UcfhfVFjVNpSVz7zqTOoIKCNT3oZCP0-L9fSQl1nDhjQ7S2rbGWJiQ==
expires
Wed, 14 Apr 2021 15:55:00 GMT
photon.min.js
c0.wp.com/p/jetpack/9.6.1/_inc/build/photon/ 		758 B
440 B 		Script
General
Check archive.org
Download Go to
Full URL
https://c0.wp.com/p/jetpack/9.6.1/_inc/build/photon/photon.min.js
Requested by
Host: www.andreafortuna.org
URL: https://www.andreafortuna.org/2018/06/11/powercat-a-porting-of-netcat-written-in-powershell/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
e1b0066bc1972444c0a15e1778be06ed7bf36c55d597c065b5e79041bcda291e
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://www.andreafortuna.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc
HIT ams 1
date
Wed, 14 Apr 2021 15:49:59 GMT
content-encoding
br
last-modified
Tue, 31 Mar 2020 17:26:38 GMT
server
nginx
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=31536000
strict-transport-security
max-age=15552000
timing-allow-origin
*
expires
Thu, 14 Apr 2022 15:49:59 GMT
front.min.js
www.andreafortuna.org/wp-content/plugins/cookie-notice/js/ 		9 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.andreafortuna.org/wp-content/plugins/cookie-notice/js/front.min.js?ver=2.0.3
Requested by
Host: www.andreafortuna.org
URL: https://www.andreafortuna.org/2018/06/11/powercat-a-porting-of-netcat-written-in-powershell/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::6815:5061 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc51ed5137587b9033d06b65d9456d6d69dc52a4005cc51b2d23f85e69d4f8c8

Request headers

Referer
https://www.andreafortuna.org/2018/06/11/powercat-a-porting-of-netcat-written-in-powershell/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Apr 2021 15:49:59 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
73407
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
0972ac4b5000004e491c363000000001
last-modified
Fri, 19 Feb 2021 14:06:08 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding,User-Agent
report-to
{"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=NLPHAepl1DYdooysqXGr4%2BdMdr55zs3lm8Bes0j67s1Qq6S11qQ0tXLYpNbyPVZHWVTrPw4UkopEzoTD4i5FgOzuv1%2BAwqZ%2FQQnZs%2BR0YEDAj6%2FjGQLWtqvZovYi0ijvbtw%3D"}]}
content-type
application/javascript
cache-control
max-age=172800
cf-ray
63fe16587a994e49-FRA
expires
Thu, 15 Apr 2021 19:26:31 GMT
intersectionobserver-polyfill.min.js
www.andreafortuna.org/wp-content/plugins/jetpack/vendor/automattic/jetpack-lazy-images/src/js/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.andreafortuna.org/wp-content/plugins/jetpack/vendor/automattic/jetpack-lazy-images/src/js/intersectionobserver-polyfill.min.js?ver=1.1.2
Requested by
Host: www.andreafortuna.org
URL: https://www.andreafortuna.org/2018/06/11/powercat-a-porting-of-netcat-written-in-powershell/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::6815:5061 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
88264adf3d3193fb56c229f0b92e2a6096770eb76996d1fedc95f5bcb208ccda

Request headers

Referer
https://www.andreafortuna.org/2018/06/11/powercat-a-porting-of-netcat-written-in-powershell/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Apr 2021 15:49:59 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
73691
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
0972ac4b5000004e4953926000000001
last-modified
Wed, 07 Apr 2021 02:07:19 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding,User-Agent
report-to
{"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=xRd7z%2FvM0pzFHTli9rsdGa2iOPPSTov%2BiWXLETSUSJQs3%2FEIRI4AZECflXFM6oJxKSUckia0GZxgt2gAXmlFA0kSwmiVSyVe%2FlVtGOI32TfFUN9Cj8JskQ%2BdM9vM%2BgxvAuo%3D"}]}
content-type
application/javascript
cache-control
max-age=172800
cf-ray
63fe16587a9a4e49-FRA
expires
Thu, 15 Apr 2021 19:21:47 GMT
lazy-images.min.js
www.andreafortuna.org/wp-content/plugins/jetpack/vendor/automattic/jetpack-lazy-images/src/js/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.andreafortuna.org/wp-content/plugins/jetpack/vendor/automattic/jetpack-lazy-images/src/js/lazy-images.min.js?ver=1.1.2
Requested by
Host: www.andreafortuna.org
URL: https://www.andreafortuna.org/2018/06/11/powercat-a-porting-of-netcat-written-in-powershell/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::6815:5061 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
51e78e904c795ed5b0154a9995d1ab0b7e3667f5aede719bda86ba38236c5989

Request headers

Referer
https://www.andreafortuna.org/2018/06/11/powercat-a-porting-of-netcat-written-in-powershell/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Apr 2021 15:49:59 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
73691
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
0972ac4b5100004e492e290000000001
last-modified
Wed, 07 Apr 2021 02:07:19 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding,User-Agent
report-to
{"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Az%2BqxVPp877iq3LIIGQJ7lUQBt0hvfYuCBhup7FQdf0%2B%2FdWuO7lELOF8yixw3dactHdgxf4K2RLTA44v9pfg7geKFznObKj63ObxjD6CoUMQ%2F4H7PZCarVF6SdB%2FXoh891g%3D"}]}
content-type
application/javascript
cache-control
max-age=172800
cf-ray
63fe16587a9c4e49-FRA
expires
Thu, 15 Apr 2021 19:21:47 GMT
e-202115.js
stats.wp.com/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://stats.wp.com/e-202115.js
Requested by
Host: www.andreafortuna.org
URL: https://www.andreafortuna.org/2018/06/11/powercat-a-porting-of-netcat-written-in-powershell/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2

Request headers

Referer
https://www.andreafortuna.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc
HIT ams
date
Wed, 14 Apr 2021 15:49:59 GMT
content-encoding
gzip
server
nginx
etag
W/"5c6340e3-350a"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
expires
Sun, 03 Apr 2022 22:20:27 GMT
g.gif
pixel.wp.com/ 		50 B
115 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.wp.com/g.gif?v=ext&j=1%3A9.6.1&blog=137844517&post=3307&tz=2&srv=www.andreafortuna.org&host=www.andreafortuna.org&ref=&fcp=730&rand=0.21839745810908084
Requested by
Host: www.andreafortuna.org
URL: https://www.andreafortuna.org/2018/06/11/powercat-a-porting-of-netcat-written-in-powershell/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Referer
https://www.andreafortuna.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Apr 2021 15:50:00 GMT
cache-control
no-cache
server
nginx
content-length
50
content-type
image/gif
show_ads_impl_with_ama_fy2019.js
pagead2.googlesyndication.com/pagead/js/r20210412/r20190131/ 		222 KB
83 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20210412/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9618060664237110&plah=www.andreafortuna.org&amaexp=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e8b0d2ee262785fb4bfb4e4717d4e5cf7536e52f0821c091dc84f10b42e69df4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.andreafortuna.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Apr 2021 15:50:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
84808
x-xss-protection
0
server
cafe
etag
12939789125640300468
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Wed, 14 Apr 2021 15:50:00 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20210412/r20190131/ Frame 87B2 		10 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20210412/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a5cb642ef22434a24612329870579fbb272cb9fa7475360035596ea56fb0431a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/html/r20210412/r20190131/zrt_lookup.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.andreafortuna.org/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://www.andreafortuna.org/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
date
Tue, 13 Apr 2021 19:32:04 GMT
expires
Tue, 27 Apr 2021 19:32:04 GMT
content-type
text/html; charset=UTF-8
etag
10446291943670460780
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
4644
x-xss-protection
0
age
73076
cache-control
public, max-age=1209600
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cookie.js
partner.googleadservices.com/gampad/ 		207 B
643 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=www.andreafortuna.org&callback=_gfp_s_&client=ca-pub-9618060664237110
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210412/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9618060664237110&plah=www.andreafortuna.org&amaexp=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
07bd948064ab3e555dfe5d77d13a68e78bdc34b49277ec894945b5997dff903f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.andreafortuna.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Apr 2021 15:50:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
194
x-xss-protection
0
integrator.js
adservice.google.de/adsid/ 		107 B
165 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=www.andreafortuna.org
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210412/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9618060664237110&plah=www.andreafortuna.org&amaexp=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.andreafortuna.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 14 Apr 2021 15:50:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
165 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.andreafortuna.org
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210412/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9618060664237110&plah=www.andreafortuna.org&amaexp=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.andreafortuna.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 14 Apr 2021 15:50:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 4A41 		4 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&adk=1812271804&adf=3025194257&lmt=1618415400&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&ea=0&flash=0&pra=5&wgl=1&dt=1618415400012&bpp=12&bdt=266&idt=119&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5903918754885&frm=20&pv=2&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&dtd=138
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210412/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9618060664237110&plah=www.andreafortuna.org&amaexp=1
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e72a583c11cca50e892b65b03a32b8d9cbb5d7c075776b0fe053f30701ceecd9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-9618060664237110&output=html&adk=1812271804&adf=3025194257&lmt=1618415400&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&ea=0&flash=0&pra=5&wgl=1&dt=1618415400012&bpp=12&bdt=266&idt=119&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5903918754885&frm=20&pv=2&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&dtd=138
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.andreafortuna.org/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://www.andreafortuna.org/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Wed, 14 Apr 2021 15:50:00 GMT
server
cafe
content-length
775
x-xss-protection
0
set-cookie
test_cookie=CheckForPermission; expires=Wed, 14-Apr-2021 16:05:00 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 14 Apr 2021 15:50:00 GMT
cache-control
private
osd.js
www.googletagservices.com/activeview/js/current/ 		73 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210412/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9618060664237110&plah=www.andreafortuna.org&amaexp=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c84f7f99e22a2d9e8afaadb5c6d7a6e0ef11e672ac4c49b35e288bc1a150564b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.andreafortuna.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Apr 2021 15:50:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1618253580951442"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28266
x-xss-protection
0
expires
Wed, 14 Apr 2021 15:50:00 GMT
integrator.js
adservice.google.de/adsid/ 		107 B
777 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=www.andreafortuna.org
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210412/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9618060664237110&plah=www.andreafortuna.org&amaexp=1
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.andreafortuna.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 14 Apr 2021 15:50:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
531 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.andreafortuna.org
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210412/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9618060664237110&plah=www.andreafortuna.org&amaexp=1
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.andreafortuna.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 14 Apr 2021 15:50:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame D361 		107 KB
35 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2495636939&pi=t.aa~a.396022158~i.17~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=4&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=1266&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=hM32MCU3M7&p=https%3A//www.andreafortuna.org&dtd=10
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210412/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9618060664237110&plah=www.andreafortuna.org&amaexp=1
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4568c17f79b7277b823f402bd9bb4e447f5d939acccbf34881bcd5bb7e878176
Security Headers
Name Value
Content-Security-Policy child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14751465879233591646/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14751465879233591646/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CIPZp5iL_u8CFQKG_Qcd0qEKAg&gqi=KA93YPfUFpX23wO1vofACA&layout=/sadbundle/%24csp%253Der3%24/14751465879233591646/index.html
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2495636939&pi=t.aa~a.396022158~i.17~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=4&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=1266&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=hM32MCU3M7&p=https%3A//www.andreafortuna.org&dtd=10
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.andreafortuna.org/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
test_cookie=CheckForPermission
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://www.andreafortuna.org/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-security-policy
child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14751465879233591646/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14751465879233591646/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CIPZp5iL_u8CFQKG_Qcd0qEKAg&gqi=KA93YPfUFpX23wO1vofACA&layout=/sadbundle/%24csp%253Der3%24/14751465879233591646/index.html
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Wed, 14 Apr 2021 15:50:01 GMT
server
cafe
content-length
34719
x-xss-protection
0
set-cookie
IDE=AHWqTUmy4QMKmDjBf2jSK3nqeLh2ROofQl7o9O_BITMhzvRJfn1Ykoa2dL77WANKWVw; expires=Mon, 09-May-2022 15:50:00 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 14 Apr 2021 15:50:01 GMT
cache-control
private
ads
googleads.g.doubleclick.net/pagead/ Frame 018B 		74 KB
27 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2616250793&pi=t.aa~a.396022158~i.19~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=2&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280&nras=3&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=1714&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=5dPVc6M1V9&p=https%3A//www.andreafortuna.org&dtd=16
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210412/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9618060664237110&plah=www.andreafortuna.org&amaexp=1
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5ef13c4cbe6218ca03fb2d616d902a58ca53ae886a99d05324d9449fb75a0ba7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2616250793&pi=t.aa~a.396022158~i.19~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=2&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280&nras=3&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=1714&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=5dPVc6M1V9&p=https%3A//www.andreafortuna.org&dtd=16
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.andreafortuna.org/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
test_cookie=CheckForPermission
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://www.andreafortuna.org/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Wed, 14 Apr 2021 15:50:00 GMT
server
cafe
content-length
27194
x-xss-protection
0
set-cookie
IDE=AHWqTUk0bWntUW-h56f1UaY5JpGZXwoN0pGWUzquhEZGmBrVtws_zDlmtW1vI7mHohs; expires=Mon, 09-May-2022 15:50:00 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 14 Apr 2021 15:50:00 GMT
cache-control
private
ads
googleads.g.doubleclick.net/pagead/ Frame DB12 		62 KB
24 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2731915443&pi=t.aa~a.396022158~i.21~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=1&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280&nras=4&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=2047&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=AMYIgr1u32&p=https%3A//www.andreafortuna.org&dtd=19
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210412/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9618060664237110&plah=www.andreafortuna.org&amaexp=1
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a459521ca55dd14359675a6d33c8b203a766185238e3dcb74c8b0bc1882b4157
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2731915443&pi=t.aa~a.396022158~i.21~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=1&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280&nras=4&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=2047&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=AMYIgr1u32&p=https%3A//www.andreafortuna.org&dtd=19
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.andreafortuna.org/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
test_cookie=CheckForPermission
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://www.andreafortuna.org/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Wed, 14 Apr 2021 15:50:00 GMT
server
cafe
content-length
24448
x-xss-protection
0
set-cookie
IDE=AHWqTUm4EUFia1YD67e5I6LiYe4eHb_FqoRwBqB1wAiqn8UGhyssVR5LHMgOX7tpZjE; expires=Mon, 09-May-2022 15:50:00 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 14 Apr 2021 15:50:00 GMT
cache-control
private
ads
googleads.g.doubleclick.net/pagead/ Frame 2AD5 		62 KB
24 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2083328582&pi=t.aa~a.396022158~i.25~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=1&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280%2C900x280&nras=5&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=2764&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=lfDMdKQ5ky&p=https%3A//www.andreafortuna.org&dtd=22
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210412/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9618060664237110&plah=www.andreafortuna.org&amaexp=1
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4473c2e866897469ee5711853faf588f2fcec7b80fe8ee5d5896c43d071b4806
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2083328582&pi=t.aa~a.396022158~i.25~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=1&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280%2C900x280&nras=5&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=2764&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=lfDMdKQ5ky&p=https%3A//www.andreafortuna.org&dtd=22
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.andreafortuna.org/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
test_cookie=CheckForPermission
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://www.andreafortuna.org/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Wed, 14 Apr 2021 15:50:00 GMT
server
cafe
content-length
24283
x-xss-protection
0
set-cookie
IDE=AHWqTUnVQPsWaTOwA7WMZX7K-DgJpUa1gicO8ZKgM4mZAMlDX4FB0JI27oPHctLMSKE; expires=Mon, 09-May-2022 15:50:00 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 14 Apr 2021 15:50:00 GMT
cache-control
private
ads
googleads.g.doubleclick.net/pagead/ Frame 2FD8 		17 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=90&adk=359448418&adf=723470516&pi=t.aa~a.3447919909~rp.1&w=900&fwrn=4&fwrnh=100&lmt=1618415400&rafmt=1&to=qs&pwprc=1462017320&psa=0&format=900x90&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1618415400352&bpp=1&bdt=606&idt=0&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280%2C900x280%2C900x280&nras=6&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=3804&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=fuMd5s5CpN&p=https%3A//www.andreafortuna.org&dtd=26
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210412/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9618060664237110&plah=www.andreafortuna.org&amaexp=1
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
922f5b01ad677c26f7bc020ca83219159438eb8d82168073c56a7ebc752f948d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-9618060664237110&output=html&h=90&adk=359448418&adf=723470516&pi=t.aa~a.3447919909~rp.1&w=900&fwrn=4&fwrnh=100&lmt=1618415400&rafmt=1&to=qs&pwprc=1462017320&psa=0&format=900x90&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1618415400352&bpp=1&bdt=606&idt=0&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280%2C900x280%2C900x280&nras=6&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=3804&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=fuMd5s5CpN&p=https%3A//www.andreafortuna.org&dtd=26
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.andreafortuna.org/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
test_cookie=CheckForPermission
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://www.andreafortuna.org/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Wed, 14 Apr 2021 15:50:00 GMT
server
cafe
content-length
7801
x-xss-protection
0
set-cookie
IDE=AHWqTUn7fFMnEcx-zHdwpNl3z_4e_CH6C_nmW4_HjDpKsTedNi0ZFyspmpk-JJGGWmU; expires=Mon, 09-May-2022 15:50:00 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 14 Apr 2021 15:50:00 GMT
cache-control
private
getad
aax-us-east.amazon-adsystem.com/x/ 		134 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aax-us-east.amazon-adsystem.com/x/getad?src=330&c=100&sz=1x1&apiVersion=2.0&pj=%7B%22placement%22%3A%22adunit0%22%2C%22enable_interest_ads%22%3A%22true%22%2C%22div_name%22%3A%22amzn-assoc-ad-2a818c3a-b616-4488-adbe-66363f272bae%22%2C%22tracking_id%22%3A%22andreafortuna-20%22%2C%22fallback_mode%22%3A%7B%22type%22%3A%22search%22%2C%22value%22%3A%22smartphone%22%7D%2C%22ad_mode%22%3A%22auto%22%2C%22ad_type%22%3A%22smart%22%2C%22marketplace%22%3A%22amazon%22%2C%22region%22%3A%22US%22%2C%22linkid%22%3A%223601d80acfdbf3755ce2ac2f223b8b2d%22%2C%22default_category%22%3A%22All%22%2C%22viewerCountry%22%3A%22DK%22%2C%22textlinks%22%3A%22%22%2C%22debug%22%3A%22false%22%2C%22acap_publisherId%22%3A%22andreafortuna-20%22%2C%22slotNum%22%3A0%2C%22ead%22%3A8%7D&u=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&jscb=amzn_assoc_jsonp_callback_adunit0_0
Requested by
Host: z-na.amazon-adsystem.com
URL: https://z-na.amazon-adsystem.com/widgets/onejs?MarketPlace=US&adInstanceId=2a818c3a-b616-4488-adbe-66363f272bae
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.143.150 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
555e1d4f855fb9208dbfd8d02071c7379027ac30e6c537719187436465354ef8

Request headers

Referer
https://www.andreafortuna.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Wed, 14 Apr 2021 15:50:00 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
Server
Server
Connection
keep-alive
Vary
Accept-Encoding,User-Agent
Content-Type
text/javascript;charset=UTF-8
adview
googleads.g.doubleclick.net/pagead/ Frame 008F 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=C93CTKA93YP-kGJHV7_UPwrO_oAnPh46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTk2MTgwNjA2NjQyMzcxMTDIAQmoAwGqBJUCT9BpIiuqqFMr-ABpjoOikEfO1B9c3nGdlLMsBAm-MJm_DihzCc7XfZ3HusUmRWeWDOey7Wiu8Bb4X3sgun9NPoimrk-HjrGUODelYvmbk0q6y9rrx5KKme4FZbkn5XSuJI9v0eK_qt-sYfWnPdjnh0dTNHivY0DrWrFuOOwVu1hdbP_ZChbb7SBbli8Psl06h6_M7wVIvoNoVz-hO_1hap7hdr0CLQn3EaBDifkUTYdST4OPoZ-EoZRtyQ8wktClkEKS4gOJAWjmw1DutRNwp5nC-LZfAPdX3Xsj2VNYFPmCwJ-jWYzPY9SodAO6qjmbgVIPR-v353fPtGMaFN1SdER4flUAWn9MYiij0Sy5-IKoCXh3o4AG-pm04aTW17RHoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHsJixAtgHANIIBwiA4YAQEAGACgH6CwIIAYAMAbIXGAoWEhRwdWItOTYxODA2MDY2NDIzNzExMA&sigh=eYBfHc-j9wo&tpd=AGWhJmvVubUrhfiPFoNO9vjZU-EHyRj0IuaF5OC45Wht1ZTIbk86PeEGQrjFakUpllEPOIswau94XGiasxZrDMoUVYPuW3gNlIsJiO9i1F5ub5eCn5NRu4RhtZGefMBaQbCxwMFNOyZdm3dM3K7ln4oOzHkTyK8CoKg4_GFcjcvz9UUGLe3WKUx5Uml_aIAMyH71KbGV_fvJOFJ3bh3sdNH-ES_DLqXCa9aYvyICNmcofh24v51H3ELNJSG5lBZajq_AL9O5WcXUPdc8E5h5-KJZBLrBPPUjTAhO0xUm1w29EkrWV2B6Z10DHewvduJXzpwJ5qq4CG-zY5A2pt0j9bAIKTuZ8fioFhehlTUzXzYW1FdNc1grq0TwGF2IQavCRE8Rn0Ret72bNNYsVEADVm1AZQ1s_TQL5xO0Vpe3i0NrkrPhahsyef7dAhAxC_7TBWZjAzD7z_uVHbCvlf2qaAn7KRfmAeaMOFyba-puNtq1Y72fEIutQjLMoxWYzeXMRc5AUI52-20hn9cOVKhA5awEHWGRkWBnDzyMWQ2BC9iq4cj5-R1st9oFzTz7sY9exBf4xKUh7U_SfWchonVKwxRLHkRpyivUC3G9bJDdYUE1QVUJBFO-AzXBi_9AKNnbk6um6kJjx5v7VJip-OS0361SWnk8nGmbPS3pTi7HSmTtFJSwiK5aN3n9w8rZf25oR4wrwcE3cjH-Br0-NV07DKMTnPxcGHvkb4FIOw8tnOPep2g24oP6ww85bIh6swn1ZjmULsQtV5Rk8oj497fuC8WcxLVxqG8EG5jscNRt7gcASfuMwFyNANj8XXCAVfdmfEgi0GLcAqW-iLAOyT6L65l2ek3hZP-oghVYWZAdXT6AfKXsouyrzYNbAWe6RKLLvRvt_1Ot10phzZHl_lDl5tf3rQTcNyT_GYJ25l80eBUm4ZgaeuGSaA8OADPjxXtVeIHVthIBQqp_wDTUjG5tCsi9XQoKGqZu2F2zeSi_RhDlev0r94RjltuaENNs7OdexcYVyVBaolu9d06WBoiTd8v1bbYA
Requested by
Host: www.andreafortuna.org
URL: https://www.andreafortuna.org/2018/06/11/powercat-a-porting-of-netcat-written-in-powershell/
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=90&adk=359448418&adf=723470516&pi=t.aa~a.3447919909~rp.1&w=900&fwrn=4&fwrnh=100&lmt=1618415400&rafmt=1&to=qs&pwprc=1462017320&psa=0&format=900x90&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1618415400352&bpp=1&bdt=606&idt=0&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280%2C900x280%2C900x280&nras=6&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=3804&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=fuMd5s5CpN&p=https%3A//www.andreafortuna.org&dtd=26
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Wed, 14 Apr 2021 15:50:00 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
js
tags.mathtag.com/notify/ Frame 008F 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvTWpsbU1qaGxaVEV0TmprNVpDMDFZekJqTFRBd01EQXRNREF3TURBd01EQXdNREF3LzM3NjU2NTMxNTg5NzE3OTg0Mi84Njc1NjEzLzczMjQ0MTkvNC9ueEpyNEdzQTh5dWVyQ2NvX1VZUWY3TEVpcW0zM0s5T2ZKOXYydWs4eHkwLzEvNC8wLzAvMTUxMjU4Ni8wLzI0Mjg3Ni84NjMxODIvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC8zNzY1NjUzMTU4OTcxNzk1NDQvYW1zLzAvNDEzLzc0Lzk5OS82Ni8yYTAxOjRmODoxOTI6Oi8wLjAwMC8xNjE4NDE1NDAwLzE2MTg0MjgwMDAvNC9wdWItOTYxODA2MDY2NDIzNzExMC8/Aj9MbhBa0NJ23quLnCkErDD7yy0&nodeid=1605&group=eu&auctionid=376565315897179842&sid=7324419&cid=8675613&bp=a_agffcb&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.132.38&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCGVEmKA93YP-kGJHV7_UPwrO_oAnPh46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTk2MTgwNjA2NjQyMzcxMTDIAQmoAwGqBJgCT9BpIiuqqFMr-ABpjoOikEfO1B9c3nGdlLMsBAm-MJm_DihzCc7XfZ3HusUmRWeWDOey7Wiu8Bb4X3sgun9NPoimrk-HjrGUODelYvmbk0q6y9rrx5KKme4FZbkn5XSuJI9v0eK_qt-sYfWnPdjnh0dTNHivY0DrWrFuOOwVu1hdbP_ZChbb7SBbli8Psl06h6_M7wVIvoNoVz-hO_1hap7hdr0CLQn3EaBDifkUTYdST4OPoZ-EoZRtyQ8wktClkEKS4gOJAWjmw1DutRNwp5nC-LZfAPdX3Xsj2VNYFPmCwJ-jWYzPY9SodAO6qjmbgVIPR-v353fPtGMaFN1SdER4fhcCV-3g8oykXIjxU1ropohqt8inRIAG-pm04aTW17RHoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHsJixAtgHANIIBwiA4YAQEAH6CwIIAYAMAQ%26num%3D1%26sig%3DAOD64_37VkZhWGCPLKZdCXeIhAST8UAfyg%26client%3Dca-pub-9618060664237110%26adurl%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=90&adk=359448418&adf=723470516&pi=t.aa~a.3447919909~rp.1&w=900&fwrn=4&fwrnh=100&lmt=1618415400&rafmt=1&to=qs&pwprc=1462017320&psa=0&format=900x90&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1618415400352&bpp=1&bdt=606&idt=0&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280%2C900x280%2C900x280&nras=6&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=3804&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=fuMd5s5CpN&p=https%3A//www.andreafortuna.org&dtd=26
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.29.135.190 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software
MMBD/3.197.0 /
Resource Hash
1cbf795228d8cb1c10bf096928d7e62bf69bcd8cd2458e4e536c8c6e76680370

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Wed, 14 Apr 2021 15:50:00 GMT
Content-Encoding
gzip
x-mm-bid-request-time
1618415400
Last-Modified
Wed, 14 Apr 2021 15:50:00 GMT
Server
MMBD/3.197.0
x-mm-latency
5 (2)
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
x-mm-dbg
Count
Cache-Control
no-cache
x-mm-host
cdg-router-x43, cdg-bidder-x133
Connection
close
Content-Type
application/x-javascript; charset=UTF-8
Expires
Wed, 14 Apr 2021 15:49:59 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210412/r20110914/client/ Frame 008F 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210412/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=90&adk=359448418&adf=723470516&pi=t.aa~a.3447919909~rp.1&w=900&fwrn=4&fwrnh=100&lmt=1618415400&rafmt=1&to=qs&pwprc=1462017320&psa=0&format=900x90&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1618415400352&bpp=1&bdt=606&idt=0&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280%2C900x280%2C900x280&nras=6&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=3804&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=fuMd5s5CpN&p=https%3A//www.andreafortuna.org&dtd=26
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Apr 2021 15:49:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
12
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1303
x-xss-protection
0
server
cafe
etag
14729628269804859526
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 28 Apr 2021 15:49:48 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 008F 		118 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=90&adk=359448418&adf=723470516&pi=t.aa~a.3447919909~rp.1&w=900&fwrn=4&fwrnh=100&lmt=1618415400&rafmt=1&to=qs&pwprc=1462017320&psa=0&format=900x90&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1618415400352&bpp=1&bdt=606&idt=0&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280%2C900x280%2C900x280&nras=6&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=3804&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=fuMd5s5CpN&p=https%3A//www.andreafortuna.org&dtd=26
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
69d435ce4b2fd0eb67edcc8e6f471eced90c210fec4725692a550b807742c00b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Apr 2021 15:50:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1618253573924606"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36714
x-xss-protection
0
expires
Wed, 14 Apr 2021 15:50:00 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210412/r20110914/client/ Frame 008F 		13 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210412/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=90&adk=359448418&adf=723470516&pi=t.aa~a.3447919909~rp.1&w=900&fwrn=4&fwrnh=100&lmt=1618415400&rafmt=1&to=qs&pwprc=1462017320&psa=0&format=900x90&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1618415400352&bpp=1&bdt=606&idt=0&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280%2C900x280%2C900x280&nras=6&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=3804&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=fuMd5s5CpN&p=https%3A//www.andreafortuna.org&dtd=26
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
231064110361844d6320331a5c35979c2a492a546604d97181eb6cf7aa4ae1cd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Apr 2021 15:46:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
181
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5602
x-xss-protection
0
server
cafe
etag
7525161794280374107
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 28 Apr 2021 15:46:59 GMT
15318898951796945373
tpc.googlesyndication.com/daca_images/simgad/ Frame DB12 		78 KB
78 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/daca_images/simgad/15318898951796945373
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2731915443&pi=t.aa~a.396022158~i.21~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=1&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280&nras=4&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=2047&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=AMYIgr1u32&p=https%3A//www.andreafortuna.org&dtd=19
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f3b3197cb2f740d823672b73658fa3d64a97146359419293a79ace173b5e76e6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Apr 2021 07:35:56 GMT
x-content-type-options
nosniff
age
29644
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
79901
x-xss-protection
0
last-modified
Wed, 14 Apr 2021 06:34:48 GMT
server
sffe
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 14 Apr 2022 07:35:56 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210412/r20110914/ Frame DB12 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210412/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2731915443&pi=t.aa~a.396022158~i.21~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=1&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280&nras=4&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=2047&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=AMYIgr1u32&p=https%3A//www.andreafortuna.org&dtd=19
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7469bb0c9cf9988f08f24ddadaa9c46a4b49028ed56a7a8a3446bea69401cd79
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Apr 2021 15:44:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
344
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7114
x-xss-protection
0
server
cafe
etag
8830192366576089018
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 28 Apr 2021 15:44:16 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210412/r20110914/client/ Frame DB12 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210412/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2731915443&pi=t.aa~a.396022158~i.21~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=1&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280&nras=4&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=2047&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=AMYIgr1u32&p=https%3A//www.andreafortuna.org&dtd=19
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Apr 2021 15:49:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
12
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1303
x-xss-protection
0
server
cafe
etag
14729628269804859526
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 28 Apr 2021 15:49:48 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame DB12 		118 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2731915443&pi=t.aa~a.396022158~i.21~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=1&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280&nras=4&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=2047&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=AMYIgr1u32&p=https%3A//www.andreafortuna.org&dtd=19
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
69d435ce4b2fd0eb67edcc8e6f471eced90c210fec4725692a550b807742c00b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Apr 2021 15:50:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1618253573924606"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36714
x-xss-protection
0
expires
Wed, 14 Apr 2021 15:50:00 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210412/r20110914/client/ Frame DB12 		13 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210412/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2731915443&pi=t.aa~a.396022158~i.21~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=1&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280&nras=4&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=2047&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=AMYIgr1u32&p=https%3A//www.andreafortuna.org&dtd=19
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
231064110361844d6320331a5c35979c2a492a546604d97181eb6cf7aa4ae1cd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Apr 2021 15:46:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
181
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5602
x-xss-protection
0
server
cafe
etag
7525161794280374107
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 28 Apr 2021 15:46:59 GMT
l
www.google.com/ads/measurement/ Frame DB12 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaQgqtiVbE8jFgBOl2Q9nGMfyThqX7sbUgLoJKYh6ym_mNT8dSqg_Zdicq8oTgpBcZORxajR9qwi9TtXBmxmB-g2_hLMaQ
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2731915443&pi=t.aa~a.396022158~i.21~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=1&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280&nras=4&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=2047&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=AMYIgr1u32&p=https%3A//www.andreafortuna.org&dtd=19
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers
one_click_handler_one_afma_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210412/r20110914/client/ Frame DB12 		25 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210412/r20110914/client/one_click_handler_one_afma_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2731915443&pi=t.aa~a.396022158~i.21~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=1&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280&nras=4&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=2047&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=AMYIgr1u32&p=https%3A//www.andreafortuna.org&dtd=19
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
95f66b0fd918f7a6d36f22a9ac49210439d74085bf0fedd1dec6061918f20c1c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Apr 2021 13:03:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
10013
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10490
x-xss-protection
0
server
cafe
etag
4192951226220979311
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 28 Apr 2021 13:03:07 GMT
adview
googleads.g.doubleclick.net/pagead/ Frame DB12 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CS69rKA93YJfuF5_F7_UPiIe8iAaH6eSiYtiJ_MOrDdrZHhABIOfmoXJglQKgAb_L5oUCyAECqAMByAPJBKoElwJP0O7UJ7v9TkxCtGkjrA_KudTE7zgf5CVVowwryN8sqVB6-AAwm3tauDjVoK8Uo0W_9eZstGzsTBgWEYatwbzrQUEb9OsmGglkAVJmDcVY2dg4Pp2wP1FYwAd-edAexRh1Zew-3GsIcWhxvAsdqurwvWCyJY_n4GVb2GVy_s9eu3MeTrBwCkkhCR0mfgq4XrovtwM7ICmn1O5e5qRnBVXhg6m1ectA9VUXjOH5Ebersr3NorGvZ8tJjaYvsmPOy2LKxOQ3r0uePpoobhQwSo2XZFpgjdV5G6uZex-beH5d4VLsFJnht5WgAM3xa5T7mw0-Nbd6NDz-sryu02otBYPm3Oh9j5f35EiW6EyGWycChLTYKV1JUELABMWay-a_A5IFBAgEGAGSBQQIBRgEoAYCgAeDuteDAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAfIHBBDL0xDSCAkIgOGAEBABGB-ACgHICwHYEwKyFxoKGAgAEhRwdWItOTYxODA2MDY2NDIzNzExMA&sigh=qY4NrSpmMwM
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2731915443&pi=t.aa~a.396022158~i.21~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=1&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280&nras=4&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=2047&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=AMYIgr1u32&p=https%3A//www.andreafortuna.org&dtd=19
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2731915443&pi=t.aa~a.396022158~i.21~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=1&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280&nras=4&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=2047&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=AMYIgr1u32&p=https%3A//www.andreafortuna.org&dtd=19
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Wed, 14 Apr 2021 15:50:00 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
s
googleads.g.doubleclick.net/pagead/drt/ Frame DAD9 		143 B
220 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2731915443&pi=t.aa~a.396022158~i.21~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=1&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280&nras=4&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=2047&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=AMYIgr1u32&p=https%3A//www.andreafortuna.org&dtd=19
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
safe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/drt/s?v=r20120211
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-origin
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2731915443&pi=t.aa~a.396022158~i.21~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=1&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280&nras=4&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=2047&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=AMYIgr1u32&p=https%3A//www.andreafortuna.org&dtd=19
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
IDE=AHWqTUm4EUFia1YD67e5I6LiYe4eHb_FqoRwBqB1wAiqn8UGhyssVR5LHMgOX7tpZjE
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2731915443&pi=t.aa~a.396022158~i.21~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=1&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280&nras=4&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=2047&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=AMYIgr1u32&p=https%3A//www.andreafortuna.org&dtd=19

Response headers

content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Wed, 14 Apr 2021 15:41:26 GMT
server
safe
content-length
145
x-xss-protection
0
cache-control
public, max-age=3600
age
514
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame C288 		1 KB
854 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2731915443&pi=t.aa~a.396022158~i.21~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=1&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280&nras=4&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=2047&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=AMYIgr1u32&p=https%3A//www.andreafortuna.org&dtd=19
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
pagead2.googlesyndication.com
:scheme
https
:path
/pagead/s/cookie_push_onload.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://googleads.g.doubleclick.net/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://googleads.g.doubleclick.net/

Response headers

p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
date
Tue, 13 Apr 2021 16:59:40 GMT
expires
Wed, 14 Apr 2021 16:59:40 GMT
content-type
text/html; charset=UTF-8
etag
48472445140208031
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
724
x-xss-protection
0
cache-control
public, max-age=86400
age
82220
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
truncated
/ Frame DB12 		218 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
703eb26efb38355353185b3fb1be9bac0d61df64baf6e1fb0b11c602a5047dee

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
kfm7pdl6j5sw
hal9000.redintelligence.net/zone/ Frame 008F 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hal9000.redintelligence.net/zone/kfm7pdl6j5sw?subid=&gdpr=1&gdpr_consent=BAAAAAAAAAAAAAAAAAluAA%2F%2F%2F%2F%2F%2F%2BABgCeAJ4Ang&rnd=376565315897179842&extVar[]=DOUBLEBORDER:1&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D376565315897179842%26mt_id%3D8675613%26mt_adid%3D242876%26mt_sid%3D7324419%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dc8e46077-0f28-4a01-bd51-e4c9b6355cee%26mt_cid%3Dc8e46077-0f28-4a01-bd51-e4c9b6355cee%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCGVEmKA93YP-kGJHV7_UPwrO_oAnPh46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTk2MTgwNjA2NjQyMzcxMTDIAQmoAwGqBJgCT9BpIiuqqFMr-ABpjoOikEfO1B9c3nGdlLMsBAm-MJm_DihzCc7XfZ3HusUmRWeWDOey7Wiu8Bb4X3sgun9NPoimrk-HjrGUODelYvmbk0q6y9rrx5KKme4FZbkn5XSuJI9v0eK_qt-sYfWnPdjnh0dTNHivY0DrWrFuOOwVu1hdbP_ZChbb7SBbli8Psl06h6_M7wVIvoNoVz-hO_1hap7hdr0CLQn3EaBDifkUTYdST4OPoZ-EoZRtyQ8wktClkEKS4gOJAWjmw1DutRNwp5nC-LZfAPdX3Xsj2VNYFPmCwJ-jWYzPY9SodAO6qjmbgVIPR-v353fPtGMaFN1SdER4fhcCV-3g8oykXIjxU1ropohqt8inRIAG-pm04aTW17RHoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHsJixAtgHANIIBwiA4YAQEAH6CwIIAYAMAQ%2526num%253D1%2526sig%253DAOD64_37VkZhWGCPLKZdCXeIhAST8UAfyg%2526client%253Dca-pub-9618060664237110%2526adurl%253D%26redirect%3D
Requested by
Host: www.andreafortuna.org
URL: https://www.andreafortuna.org/2018/06/11/powercat-a-porting-of-netcat-written-in-powershell/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
138.201.135.164 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.164.135.201.138.clients.your-server.de
Software
Apache /
Resource Hash
cff638e995d587699ee00246ce73d00428599c1f842bf63228698bf2e7f8532c

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Wed, 14 Apr 2021 15:50:00 GMT
Content-Encoding
gzip
Server
Apache
Connection
close
Content-Length
3490
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
ck-confirm
tags.mathtag.com/ Frame 008F 		49 B
330 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tags.mathtag.com/ck-confirm?bid_id=376565315897179842&node_id=1605&exch_id=4
Requested by
Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvTWpsbU1qaGxaVEV0TmprNVpDMDFZekJqTFRBd01EQXRNREF3TURBd01EQXdNREF3LzM3NjU2NTMxNTg5NzE3OTg0Mi84Njc1NjEzLzczMjQ0MTkvNC9ueEpyNEdzQTh5dWVyQ2NvX1VZUWY3TEVpcW0zM0s5T2ZKOXYydWs4eHkwLzEvNC8wLzAvMTUxMjU4Ni8wLzI0Mjg3Ni84NjMxODIvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC8zNzY1NjUzMTU4OTcxNzk1NDQvYW1zLzAvNDEzLzc0Lzk5OS82Ni8yYTAxOjRmODoxOTI6Oi8wLjAwMC8xNjE4NDE1NDAwLzE2MTg0MjgwMDAvNC9wdWItOTYxODA2MDY2NDIzNzExMC8/Aj9MbhBa0NJ23quLnCkErDD7yy0&nodeid=1605&group=eu&auctionid=376565315897179842&sid=7324419&cid=8675613&bp=a_agffcb&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.132.38&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCGVEmKA93YP-kGJHV7_UPwrO_oAnPh46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTk2MTgwNjA2NjQyMzcxMTDIAQmoAwGqBJgCT9BpIiuqqFMr-ABpjoOikEfO1B9c3nGdlLMsBAm-MJm_DihzCc7XfZ3HusUmRWeWDOey7Wiu8Bb4X3sgun9NPoimrk-HjrGUODelYvmbk0q6y9rrx5KKme4FZbkn5XSuJI9v0eK_qt-sYfWnPdjnh0dTNHivY0DrWrFuOOwVu1hdbP_ZChbb7SBbli8Psl06h6_M7wVIvoNoVz-hO_1hap7hdr0CLQn3EaBDifkUTYdST4OPoZ-EoZRtyQ8wktClkEKS4gOJAWjmw1DutRNwp5nC-LZfAPdX3Xsj2VNYFPmCwJ-jWYzPY9SodAO6qjmbgVIPR-v353fPtGMaFN1SdER4fhcCV-3g8oykXIjxU1ropohqt8inRIAG-pm04aTW17RHoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHsJixAtgHANIIBwiA4YAQEAH6CwIIAYAMAQ%26num%3D1%26sig%3DAOD64_37VkZhWGCPLKZdCXeIhAST8UAfyg%26client%3Dca-pub-9618060664237110%26adurl%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.29.135.190 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software
MMBD/3.197.0 /
Resource Hash
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Wed, 14 Apr 2021 15:50:00 GMT
Server
MMBD/3.197.0
Content-Type
image/gif
Cache-Control
no-cache
x-mm-host
cdg-router-x27, cdg-bidder-x133
Connection
keep-alive
Keep-Alive
timeout=360
Content-Length
49
Expires
Wed, 14 Apr 2021 15:49:59 GMT
img
pixel.mathtag.com/event/ Frame 008F 		43 B
359 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.mathtag.com/event/img?mt_id=1368875&mt_adid=216764&v1=4&v2=376565315897179842&v3=863182&v4=7324419&v5=8675613&mt_nsync=1&no_attr=1
Requested by
Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvTWpsbU1qaGxaVEV0TmprNVpDMDFZekJqTFRBd01EQXRNREF3TURBd01EQXdNREF3LzM3NjU2NTMxNTg5NzE3OTg0Mi84Njc1NjEzLzczMjQ0MTkvNC9ueEpyNEdzQTh5dWVyQ2NvX1VZUWY3TEVpcW0zM0s5T2ZKOXYydWs4eHkwLzEvNC8wLzAvMTUxMjU4Ni8wLzI0Mjg3Ni84NjMxODIvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC8zNzY1NjUzMTU4OTcxNzk1NDQvYW1zLzAvNDEzLzc0Lzk5OS82Ni8yYTAxOjRmODoxOTI6Oi8wLjAwMC8xNjE4NDE1NDAwLzE2MTg0MjgwMDAvNC9wdWItOTYxODA2MDY2NDIzNzExMC8/Aj9MbhBa0NJ23quLnCkErDD7yy0&nodeid=1605&group=eu&auctionid=376565315897179842&sid=7324419&cid=8675613&bp=a_agffcb&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.132.38&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCGVEmKA93YP-kGJHV7_UPwrO_oAnPh46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTk2MTgwNjA2NjQyMzcxMTDIAQmoAwGqBJgCT9BpIiuqqFMr-ABpjoOikEfO1B9c3nGdlLMsBAm-MJm_DihzCc7XfZ3HusUmRWeWDOey7Wiu8Bb4X3sgun9NPoimrk-HjrGUODelYvmbk0q6y9rrx5KKme4FZbkn5XSuJI9v0eK_qt-sYfWnPdjnh0dTNHivY0DrWrFuOOwVu1hdbP_ZChbb7SBbli8Psl06h6_M7wVIvoNoVz-hO_1hap7hdr0CLQn3EaBDifkUTYdST4OPoZ-EoZRtyQ8wktClkEKS4gOJAWjmw1DutRNwp5nC-LZfAPdX3Xsj2VNYFPmCwJ-jWYzPY9SodAO6qjmbgVIPR-v353fPtGMaFN1SdER4fhcCV-3g8oykXIjxU1ropohqt8inRIAG-pm04aTW17RHoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHsJixAtgHANIIBwiA4YAQEAH6CwIIAYAMAQ%26num%3D1%26sig%3DAOD64_37VkZhWGCPLKZdCXeIhAST8UAfyg%26client%3Dca-pub-9618060664237110%26adurl%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-201.deploy.static.akamaitechnologies.com
Software
MT3 3660 495c301 master cdg-pixel-x3 /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Wed, 14 Apr 2021 15:50:00 GMT
Server
MT3 3660 495c301 master cdg-pixel-x3
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Wed, 14 Apr 2021 15:51:01 GMT
img
tags.mathtag.com/event/ Frame 008F 		49 B
330 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tags.mathtag.com/event/img?type=mmImpTrack&exch=adx&bid=376565315897179842&st=7324419&time=1618415400&nodeid=1605
Requested by
Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvTWpsbU1qaGxaVEV0TmprNVpDMDFZekJqTFRBd01EQXRNREF3TURBd01EQXdNREF3LzM3NjU2NTMxNTg5NzE3OTg0Mi84Njc1NjEzLzczMjQ0MTkvNC9ueEpyNEdzQTh5dWVyQ2NvX1VZUWY3TEVpcW0zM0s5T2ZKOXYydWs4eHkwLzEvNC8wLzAvMTUxMjU4Ni8wLzI0Mjg3Ni84NjMxODIvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC8zNzY1NjUzMTU4OTcxNzk1NDQvYW1zLzAvNDEzLzc0Lzk5OS82Ni8yYTAxOjRmODoxOTI6Oi8wLjAwMC8xNjE4NDE1NDAwLzE2MTg0MjgwMDAvNC9wdWItOTYxODA2MDY2NDIzNzExMC8/Aj9MbhBa0NJ23quLnCkErDD7yy0&nodeid=1605&group=eu&auctionid=376565315897179842&sid=7324419&cid=8675613&bp=a_agffcb&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.132.38&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCGVEmKA93YP-kGJHV7_UPwrO_oAnPh46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTk2MTgwNjA2NjQyMzcxMTDIAQmoAwGqBJgCT9BpIiuqqFMr-ABpjoOikEfO1B9c3nGdlLMsBAm-MJm_DihzCc7XfZ3HusUmRWeWDOey7Wiu8Bb4X3sgun9NPoimrk-HjrGUODelYvmbk0q6y9rrx5KKme4FZbkn5XSuJI9v0eK_qt-sYfWnPdjnh0dTNHivY0DrWrFuOOwVu1hdbP_ZChbb7SBbli8Psl06h6_M7wVIvoNoVz-hO_1hap7hdr0CLQn3EaBDifkUTYdST4OPoZ-EoZRtyQ8wktClkEKS4gOJAWjmw1DutRNwp5nC-LZfAPdX3Xsj2VNYFPmCwJ-jWYzPY9SodAO6qjmbgVIPR-v353fPtGMaFN1SdER4fhcCV-3g8oykXIjxU1ropohqt8inRIAG-pm04aTW17RHoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHsJixAtgHANIIBwiA4YAQEAH6CwIIAYAMAQ%26num%3D1%26sig%3DAOD64_37VkZhWGCPLKZdCXeIhAST8UAfyg%26client%3Dca-pub-9618060664237110%26adurl%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.29.135.190 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software
MMBD/3.197.0 /
Resource Hash
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Wed, 14 Apr 2021 15:50:00 GMT
Server
MMBD/3.197.0
Content-Type
image/gif
Cache-Control
no-cache
x-mm-host
cdg-router-x79, cdg-bidder-x133
Connection
keep-alive
Keep-Alive
timeout=360
Content-Length
49
Expires
Wed, 14 Apr 2021 15:49:59 GMT
15913171131576013627
tpc.googlesyndication.com/daca_images/simgad/ Frame 2AD5 		93 KB
93 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/daca_images/simgad/15913171131576013627
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2083328582&pi=t.aa~a.396022158~i.25~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=1&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280%2C900x280&nras=5&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=2764&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=lfDMdKQ5ky&p=https%3A//www.andreafortuna.org&dtd=22
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8b6579aeee2888bb3a619d1d7704338f1fc48a3b33a497d89ee6a63df4d3ec7c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 07 Apr 2021 18:00:07 GMT
x-content-type-options
nosniff
age
596993
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
95278
x-xss-protection
0
last-modified
Wed, 07 Apr 2021 10:45:16 GMT
server
sffe
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 07 Apr 2022 18:00:07 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210412/r20110914/ Frame 2AD5 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210412/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2083328582&pi=t.aa~a.396022158~i.25~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=1&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280%2C900x280&nras=5&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=2764&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=lfDMdKQ5ky&p=https%3A//www.andreafortuna.org&dtd=22
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7469bb0c9cf9988f08f24ddadaa9c46a4b49028ed56a7a8a3446bea69401cd79
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Apr 2021 15:44:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
344
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7114
x-xss-protection
0
server
cafe
etag
8830192366576089018
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 28 Apr 2021 15:44:16 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210412/r20110914/client/ Frame 2AD5 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210412/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2083328582&pi=t.aa~a.396022158~i.25~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=1&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280%2C900x280&nras=5&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=2764&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=lfDMdKQ5ky&p=https%3A//www.andreafortuna.org&dtd=22
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Apr 2021 15:49:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
12
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1303
x-xss-protection
0
server
cafe
etag
14729628269804859526
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 28 Apr 2021 15:49:48 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 2AD5 		118 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2083328582&pi=t.aa~a.396022158~i.25~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=1&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280%2C900x280&nras=5&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=2764&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=lfDMdKQ5ky&p=https%3A//www.andreafortuna.org&dtd=22
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
69d435ce4b2fd0eb67edcc8e6f471eced90c210fec4725692a550b807742c00b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Apr 2021 15:50:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1618253573924606"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36714
x-xss-protection
0
expires
Wed, 14 Apr 2021 15:50:00 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210412/r20110914/client/ Frame 2AD5 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210412/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2083328582&pi=t.aa~a.396022158~i.25~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=1&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280%2C900x280&nras=5&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=2764&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=lfDMdKQ5ky&p=https%3A//www.andreafortuna.org&dtd=22
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
231064110361844d6320331a5c35979c2a492a546604d97181eb6cf7aa4ae1cd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Apr 2021 15:46:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
181
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5602
x-xss-protection
0
server
cafe
etag
7525161794280374107
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 28 Apr 2021 15:46:59 GMT
l
www.google.com/ads/measurement/ Frame 2AD5 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaR_M-JSCGzroSXCsRUtzzlbIZnR_df5cOx55ZfKbeodWfat-7vGeKEo8AUNi0DoCYpznD1BO-JN-xrdns8qJQeouTi6Zg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2083328582&pi=t.aa~a.396022158~i.25~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=1&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280%2C900x280&nras=5&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=2764&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=lfDMdKQ5ky&p=https%3A//www.andreafortuna.org&dtd=22
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers
one_click_handler_one_afma_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210412/r20110914/client/ Frame 2AD5 		25 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210412/r20110914/client/one_click_handler_one_afma_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2083328582&pi=t.aa~a.396022158~i.25~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=1&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280%2C900x280&nras=5&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=2764&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=lfDMdKQ5ky&p=https%3A//www.andreafortuna.org&dtd=22
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
95f66b0fd918f7a6d36f22a9ac49210439d74085bf0fedd1dec6061918f20c1c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Apr 2021 13:03:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
10013
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10490
x-xss-protection
0
server
cafe
etag
4192951226220979311
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 28 Apr 2021 13:03:07 GMT
adview
googleads.g.doubleclick.net/pagead/ Frame 2AD5 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CwZ6IKA93YMf7F9bk7_UP2dW_iA6H6eSiYtTf6u-GDtrZHhABIOfmoXJglQKgAb_L5oUCyAECqAMByAPJBKoElwJP0NGErk0e2TryTJ48uHg0xcvGSxjcc3_GFexLlqf0Iwewj2fSOy-w0fVj-fxiFTgJ-QvhYJzyj1co_JSiAM77Q7VSEhzkDZlU-1ttuD1ntpfELNPaFB2lIBmmrJpwdh6-DLST--_-tOxNOTJFVPpHNVG0RUENNXw3C9CkW8snAy-2LLOmgvhPMQH6FpywhffLRTOZaYEZR3Mrmz4AwRzTc2SXxb6E9NzZjz0osJJ6UM-6v2UYM3EVqC1gtj1X9Wrd4icsGVCq5kYEI5eWiXnPJHvy6DRdTQgpMqe1gmwe6l487VrXTzKFGmKOPpWMY_wANsLl52IEaDEeFRrg73kLE7tPGbvMC9dUK3ZAFiiQb3Ykq4oUxwTABMWay-a_A5IFBAgEGAGSBQQIBRgEoAYCgAeDuteDAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAfIHBBD4mg_SCAkIgOGAEBABGB-ACgHICwHYEwLQFQGAFwGyFxoKGAgAEhRwdWItOTYxODA2MDY2NDIzNzExMA&sigh=2EgdLwKgYEI
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2083328582&pi=t.aa~a.396022158~i.25~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=1&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280%2C900x280&nras=5&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=2764&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=lfDMdKQ5ky&p=https%3A//www.andreafortuna.org&dtd=22
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2083328582&pi=t.aa~a.396022158~i.25~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=1&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280%2C900x280&nras=5&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=2764&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=lfDMdKQ5ky&p=https%3A//www.andreafortuna.org&dtd=22
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Wed, 14 Apr 2021 15:50:00 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
dpixel
cms.quantserve.com/ Frame C288 		35 B
463 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEH5CKvvrdZdodG8pGf6KShg&google_cver=1&google_push=AQvitUIGLorzS64WoRTC1HYSaTdaNvJgXvsB9e-S48EXZ0m2dDrY935SjMYoCtJl_oifcbkVz_FOkBZFeANyy5f7yuuHQrPcXiQ
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2731915443&pi=t.aa~a.396022158~i.21~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=1&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280&nras=4&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=2047&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=AMYIgr1u32&p=https%3A//www.andreafortuna.org&dtd=19
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:8c6e:cf2c:8d6:9fb5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Apr 2021 15:50:00 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control
private, no-cache, no-store, proxy-revalidate
content-type
image/gif
content-length
35
expires
Fri, 04 Aug 1978 12:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame C288
Redirect Chain
  • https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAQvitUJ4o0kj...
  • https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAQvitUJ4o0kj...
  • https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA0MTQxNTUwMDE5NDc1OTU1Mzc3MjA0OQ%3D%3D&google_push=AQvitUJ4o0kj1NBQhzO4iwwFKKl__gnzUitainWUnDwg8pYJMl6Gctm5-SrOjVYaj-0ZqY...
170 B
213 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA0MTQxNTUwMDE5NDc1OTU1Mzc3MjA0OQ%3D%3D&google_push=AQvitUJ4o0kj1NBQhzO4iwwFKKl__gnzUitainWUnDwg8pYJMl6Gctm5-SrOjVYaj-0ZqYXKuVbX8iOmNWzT9nDB6jdPq1g1rg
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Apr 2021 15:50:02 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA0MTQxNTUwMDE5NDc1OTU1Mzc3MjA0OQ%3D%3D&google_push=AQvitUJ4o0kj1NBQhzO4iwwFKKl__gnzUitainWUnDwg8pYJMl6Gctm5-SrOjVYaj-0ZqYXKuVbX8iOmNWzT9nDB6jdPq1g1rg
Pragma
no-cache
Date
Wed, 14 Apr 2021 15:50:01 GMT
Cache-Control
no-cache
Connection
keep-alive
Content-Length
0
pixel
cm.g.doubleclick.net/ Frame C288
Redirect Chain
  • https://rtb.openx.net/sync/dds?google_gid=CAESECWXcmAyE93OfC9I7XyF0aQ&google_cver=1&google_push=AQvitULbnd63_F_wUhwT_caJSsr5zqzk8TtxyfDVRatthUiTsY_RGpQaGWSZ2Q33GKOEpYS4-DNyJXiBXHBC30h6M7SdndgbWA
  • https://rtb.openx.net/sync/dds?google_gid=CAESECWXcmAyE93OfC9I7XyF0aQ&google_cver=1&google_push=AQvitULbnd63_F_wUhwT_caJSsr5zqzk8TtxyfDVRatthUiTsY_RGpQaGWSZ2Q33GKOEpYS4-DNyJXiBXHBC30h6M7SdndgbWA&ox...
  • https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULbnd63_F_wUhwT_caJSsr5zqzk8TtxyfDVRatthUiTsY_RGpQaGWSZ2Q33GKOEpYS4-DNyJXiBXHBC30h6M7SdndgbWA&google_hm=glNKdVTCyAQsSk8Y0Sv9Pg==
170 B
190 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULbnd63_F_wUhwT_caJSsr5zqzk8TtxyfDVRatthUiTsY_RGpQaGWSZ2Q33GKOEpYS4-DNyJXiBXHBC30h6M7SdndgbWA&google_hm=glNKdVTCyAQsSk8Y0Sv9Pg==
Requested by
Host: www.andreafortuna.org
URL: https://www.andreafortuna.org/2018/06/11/powercat-a-porting-of-netcat-written-in-powershell/
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Apr 2021 15:50:01 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 14 Apr 2021 15:50:00 GMT
via
1.1 google
server
Cowboy
access-control-allow-origin
null
vary
Origin
p3p
CP="CUR ADM OUR NOR STA NID"
location
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULbnd63_F_wUhwT_caJSsr5zqzk8TtxyfDVRatthUiTsY_RGpQaGWSZ2Q33GKOEpYS4-DNyJXiBXHBC30h6M7SdndgbWA&google_hm=glNKdVTCyAQsSk8Y0Sv9Pg==
access-control-expose-headers
cache-control
private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials
true
alt-svc
clear
content-length
0
x-request-id
f163maks3ruuhqva9r9730k3n23dokh1
pixel
cm.g.doubleclick.net/ Frame C288
Redirect Chain
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=8qqEuURcSP2hJjBoxFYhXw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...
170 B
287 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=8qqEuURcSP2hJjBoxFYhXw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUJkBJzcWkSsw46sYh41dcgut9l9u92pPFJJXO5-b19zYVYJwei_BjsyvFkCsR8zMQoIHohn2LkrULRTTtXMewV2s-T2hNc
Requested by
Host: www.andreafortuna.org
URL: https://www.andreafortuna.org/2018/06/11/powercat-a-porting-of-netcat-written-in-powershell/
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Apr 2021 15:50:01 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=8qqEuURcSP2hJjBoxFYhXw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUJkBJzcWkSsw46sYh41dcgut9l9u92pPFJJXO5-b19zYVYJwei_BjsyvFkCsR8zMQoIHohn2LkrULRTTtXMewV2s-T2hNc
Date
Wed, 14 Apr 2021 15:50:00 GMT
P3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length
0
Content-Type
text/html; charset=UTF-8
pixel
cm.g.doubleclick.net/ Frame C288
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEAp5p8K-MLP87DoTwnbZm3k&google_cver=1&google_push=AQvitUJq6LDQpTr3iCpB7C4FoqqzsZmckU9n1jtQr_UaMYrC_bV20i6vIp8dlGB0sTb0_aUB3F8...
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S05ITVFSTVQtMjAtOVlIWQ==&google_push=AQvitUJq6LDQpTr3iCpB7C4FoqqzsZmckU9n1jtQr_UaMYrC_bV20i6vIp8dlGB0sTb0_aUB3F8uA0O-cF1DEeHYU5ZEJTBQhME
170 B
190 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S05ITVFSTVQtMjAtOVlIWQ==&google_push=AQvitUJq6LDQpTr3iCpB7C4FoqqzsZmckU9n1jtQr_UaMYrC_bV20i6vIp8dlGB0sTb0_aUB3F8uA0O-cF1DEeHYU5ZEJTBQhME
Requested by
Host: www.andreafortuna.org
URL: https://www.andreafortuna.org/2018/06/11/powercat-a-porting-of-netcat-written-in-powershell/
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Apr 2021 15:50:01 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S05ITVFSTVQtMjAtOVlIWQ==&google_push=AQvitUJq6LDQpTr3iCpB7C4FoqqzsZmckU9n1jtQr_UaMYrC_bV20i6vIp8dlGB0sTb0_aUB3F8uA0O-cF1DEeHYU5ZEJTBQhME
Cache-Control
no-cache,no-store,must-revalidate
Content-Type
text/html
content-length
0
X-RPHost
37b22a0c36bd84993dd2cda4a5e04b1d
Expires
0
pixel
cm.g.doubleclick.net/ Frame C288
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEHl6s_0Q1A--_UIX8L6_Ogs&google_cver=1&googl...
  • https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEHl6s_0Q1A--_UIX8L6_Ogs&google_push=AQ...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YHcPKaTT5JpaF3Oh03ThrgAAByYAAAAB&google_cver=1&google_push=AQvitUIOCJQ3zWoVpsPg4iu_gyezY_GdjlJfN0vqF0TxXx4bKZ43_4tVMe_MQg-gFZuC0F_fI2ur...
170 B
190 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YHcPKaTT5JpaF3Oh03ThrgAAByYAAAAB&google_cver=1&google_push=AQvitUIOCJQ3zWoVpsPg4iu_gyezY_GdjlJfN0vqF0TxXx4bKZ43_4tVMe_MQg-gFZuC0F_fI2ursZlhMTH7sY9JAdkGIgt7Ew&google_gid=CAESEHl6s_0Q1A--_UIX8L6_Ogs
Requested by
Host: www.andreafortuna.org
URL: https://www.andreafortuna.org/2018/06/11/powercat-a-porting-of-netcat-written-in-powershell/
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Apr 2021 15:50:01 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Wed, 14 Apr 2021 15:50:01 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YHcPKaTT5JpaF3Oh03ThrgAAByYAAAAB&google_cver=1&google_push=AQvitUIOCJQ3zWoVpsPg4iu_gyezY_GdjlJfN0vqF0TxXx4bKZ43_4tVMe_MQg-gFZuC0F_fI2ursZlhMTH7sY9JAdkGIgt7Ew&google_gid=CAESEHl6s_0Q1A--_UIX8L6_Ogs
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
text/html; charset=iso-8859-1
Content-Length
458
Expires
Wed, 14 Apr 2021 15:50:01 GMT
trk
ag.innovid.com/ Frame C288 		43 B
295 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ag.innovid.com/trk?tid=11711&google_gid=CAESELSuiOqcXHOh8CCJn41sgaU&google_cver=1&google_push=AQvitULYlcIyqLgAopQuT1GVn5iRSVTKBQbY0sgBAf-0CiG77w0isknJaSOisKru1ZDAFitTXyfLpt8ODC34E1LtTobako_1KNw
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2731915443&pi=t.aa~a.396022158~i.21~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=1&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280&nras=4&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=2047&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=AMYIgr1u32&p=https%3A//www.andreafortuna.org&dtd=19
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d01c:1d8:8101:ac20:41f1:bf24:9b3 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Apr 2021 15:50:00 GMT
cache-control
no-cache
content-type
image/gif
content-length
43
request-time
0
expires
-1
attr
cm.g.doubleclick.net/pixel/ Frame C288 		0
236 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KFubi6XMcqwQW41adycoEqaxM4DrLcMQxQCCFV0Iy9RBFDBwzoUJGaQL6iQpCgpcgtMpIh
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2731915443&pi=t.aa~a.396022158~i.21~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=1&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280&nras=4&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=2047&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=AMYIgr1u32&p=https%3A//www.andreafortuna.org&dtd=19
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Apr 2021 15:50:01 GMT
server
HTTP server (unknown)
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
content-type
text/html
si
googleads.g.doubleclick.net/pagead/drt/ Frame DAD9
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si
0
110 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2731915443&pi=t.aa~a.396022158~i.21~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=1&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280&nras=4&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=2047&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=AMYIgr1u32&p=https%3A//www.andreafortuna.org&dtd=19
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
safe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/drt/si
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://googleads.g.doubleclick.net/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
IDE=AHWqTUnVQPsWaTOwA7WMZX7K-DgJpUa1gicO8ZKgM4mZAMlDX4FB0JI27oPHctLMSKE
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Wed, 14 Apr 2021 15:50:00 GMT
server
safe
content-length
0
x-xss-protection
0
set-cookie
DSID=NO_DATA; expires=Wed, 14-Apr-2021 16:50:00 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 14 Apr 2021 15:50:00 GMT
cache-control
private

Redirect headers

location
https://googleads.g.doubleclick.net/pagead/drt/si
cache-control
private
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Wed, 14 Apr 2021 15:50:00 GMT
server
safe
content-length
246
x-xss-protection
0
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
s
googleads.g.doubleclick.net/pagead/drt/ Frame BAEC 		143 B
165 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2083328582&pi=t.aa~a.396022158~i.25~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=1&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280%2C900x280&nras=5&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=2764&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=lfDMdKQ5ky&p=https%3A//www.andreafortuna.org&dtd=22
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
safe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/drt/s?v=r20120211
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-origin
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2083328582&pi=t.aa~a.396022158~i.25~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=1&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280%2C900x280&nras=5&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=2764&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=lfDMdKQ5ky&p=https%3A//www.andreafortuna.org&dtd=22
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
IDE=AHWqTUnVQPsWaTOwA7WMZX7K-DgJpUa1gicO8ZKgM4mZAMlDX4FB0JI27oPHctLMSKE
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2083328582&pi=t.aa~a.396022158~i.25~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=1&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280%2C900x280&nras=5&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=2764&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=lfDMdKQ5ky&p=https%3A//www.andreafortuna.org&dtd=22

Response headers

content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Wed, 14 Apr 2021 15:41:26 GMT
server
safe
content-length
145
x-xss-protection
0
cache-control
public, max-age=3600
age
514
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
redir.html
p4-ellcwkfj73ndy-i7s2uv7rlgidq7fo-if-v6exp3-v4.metric.gstatic.com/v6exp3/ Frame 8D7B 		247 B
788 B 		Document
General
Check archive.org
Download Go to
Full URL
https://p4-ellcwkfj73ndy-i7s2uv7rlgidq7fo-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2083328582&pi=t.aa~a.396022158~i.25~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=1&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280%2C900x280&nras=5&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=2764&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=lfDMdKQ5ky&p=https%3A//www.andreafortuna.org&dtd=22
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.99 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f3.1e100.net
Software
sffe /
Resource Hash
9029d813eda865790abd819c49e8bc8d448084b179aeefa854b096eb11a04812
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
p4-ellcwkfj73ndy-i7s2uv7rlgidq7fo-if-v6exp3-v4.metric.gstatic.com
:scheme
https
:path
/v6exp3/redir.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://googleads.g.doubleclick.net/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://googleads.g.doubleclick.net/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-type
text/html
content-security-policy-report-only
script-src 'nonce-_Ek3np1GYDcVOql5ZVheYQ' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none'
cross-origin-resource-policy
cross-origin
content-length
203
date
Wed, 14 Apr 2021 15:50:01 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
last-modified
Mon, 02 Dec 2019 20:15:00 GMT
x-content-type-options
nosniff
content-encoding
gzip
server
sffe
x-xss-protection
0
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame 1A47 		1 KB
750 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2083328582&pi=t.aa~a.396022158~i.25~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=1&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280%2C900x280&nras=5&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=2764&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=lfDMdKQ5ky&p=https%3A//www.andreafortuna.org&dtd=22
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
pagead2.googlesyndication.com
:scheme
https
:path
/pagead/s/cookie_push_onload.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://googleads.g.doubleclick.net/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://googleads.g.doubleclick.net/

Response headers

p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
date
Tue, 13 Apr 2021 16:59:40 GMT
expires
Wed, 14 Apr 2021 16:59:40 GMT
content-type
text/html; charset=UTF-8
etag
48472445140208031
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
724
x-xss-protection
0
cache-control
public, max-age=86400
age
82220
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
UsLlvuITw1lhdTUM-GMkld8y8Djv7Avn-D3pKFbWhiw.js
pagead2.googlesyndication.com/bg/ Frame C4B2 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/UsLlvuITw1lhdTUM-GMkld8y8Djv7Avn-D3pKFbWhiw.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2731915443&pi=t.aa~a.396022158~i.21~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=1&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280&nras=4&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=2047&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=AMYIgr1u32&p=https%3A//www.andreafortuna.org&dtd=19
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
52c2e5bee213c3596175350cf8632495df32f038efec0be7f83de92856d6862c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Apr 2021 13:46:37 GMT
content-encoding
br
x-content-type-options
nosniff
last-modified
Tue, 30 Mar 2021 13:08:00 GMT
server
sffe
age
7403
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5718
x-xss-protection
0
expires
Thu, 14 Apr 2022 13:46:37 GMT
truncated
/ Frame 2AD5 		211 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5b82801e70f767c4ee31e6207746b39b66645777a53a8266f2900bac06e2db73

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
amzn-nsa-sprite-2x.png
wms-na.amazon-adsystem.com/panda/20070822/US/img/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://wms-na.amazon-adsystem.com/panda/20070822/US/img/amzn-nsa-sprite-2x.png
Requested by
Host: www.andreafortuna.org
URL: https://www.andreafortuna.org/2018/06/11/powercat-a-porting-of-netcat-written-in-powershell/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.84.158.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-158-56.txl52.r.cloudfront.net
Software
Server /
Resource Hash
3d363721e733cd455560f59c74cffdb28148623c7c716a23403bd6b85696b4fa

Request headers

Referer
https://www.andreafortuna.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 10 Apr 2021 03:17:59 GMT
via
1.1 b46ec6462593127fefb6ecac53956825.cloudfront.net (CloudFront)
last-modified
Wed, 07 Apr 2021 07:16:38 GMT
server
Server
age
390722
etag
"10ef-5bf5cb63378e5"
x-cache
Hit from cloudfront
content-type
image/png
charset
UTF-8
cache-control
max-age=2592000
x-amz-cf-pop
TXL52-C1
accept-ranges
bytes
content-length
4335
x-amz-cf-id
uGOw2rdILJLTvvBmDfcBsuHqMVFxaO9inKvStew89hkjD2vktPF6_w==
expires
Sat, 17 Apr 2021 03:17:59 GMT
request.php
hal900017.redintelligence.net/ Frame 008F
Redirect Chain
  • https://hal900017.redintelligence.net/request.php?zone=kfm7pdl6j5sw&nw=20&renderingType=javascript&namespace=dab76d1cba&subid=&uid=d41ad68e74c6b32c&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
  • https://hal900017.redintelligence.net/request.php?zone=kfm7pdl6j5sw&nw=20&renderingType=javascript&namespace=dab76d1cba&subid=&uid=d41ad68e74c6b32c&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hal900017.redintelligence.net/request.php?zone=kfm7pdl6j5sw&nw=20&renderingType=javascript&namespace=dab76d1cba&subid=&uid=d41ad68e74c6b32c&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&envData=&gdpr=1&gdpr_consent=BAAAAAAAAAAAAAAAAAluAA%2F%2F%2F%2F%2F%2F%2BABgCeAJ4Ang&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D376565315897179842%26mt_id%3D8675613%26mt_adid%3D242876%26mt_sid%3D7324419%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dc8e46077-0f28-4a01-bd51-e4c9b6355cee%26mt_cid%3Dc8e46077-0f28-4a01-bd51-e4c9b6355cee%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCGVEmKA93YP-kGJHV7_UPwrO_oAnPh46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTk2MTgwNjA2NjQyMzcxMTDIAQmoAwGqBJgCT9BpIiuqqFMr-ABpjoOikEfO1B9c3nGdlLMsBAm-MJm_DihzCc7XfZ3HusUmRWeWDOey7Wiu8Bb4X3sgun9NPoimrk-HjrGUODelYvmbk0q6y9rrx5KKme4FZbkn5XSuJI9v0eK_qt-sYfWnPdjnh0dTNHivY0DrWrFuOOwVu1hdbP_ZChbb7SBbli8Psl06h6_M7wVIvoNoVz-hO_1hap7hdr0CLQn3EaBDifkUTYdST4OPoZ-EoZRtyQ8wktClkEKS4gOJAWjmw1DutRNwp5nC-LZfAPdX3Xsj2VNYFPmCwJ-jWYzPY9SodAO6qjmbgVIPR-v353fPtGMaFN1SdER4fhcCV-3g8oykXIjxU1ropohqt8inRIAG-pm04aTW17RHoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHsJixAtgHANIIBwiA4YAQEAH6CwIIAYAMAQ%2526num%253D1%2526sig%253DAOD64_37VkZhWGCPLKZdCXeIhAST8UAfyg%2526client%253Dca-pub-9618060664237110%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-9618060664237110%26output%3Dhtml%26h%3D90%26adk%3D359448418%26adf%3D723470516%26pi%3Dt.aa~a.3447919909~rp.1%26w%3D900%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1618415400%26rafmt%3D1%26to%3Dqs%26pwprc%3D1462017320%26psa%3D0%26format%3D900x90%26url%3Dhttps%253A%252F%252Fwww.andreafortuna.org%252F2018%252F06%252F11%252Fpowercat-a-porting-of-netcat-written-in-powershell%252F%26flash%3D0%26fwr%3D0%26pra%3D3%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26fa%3D40%26dt%3D1618415400352%26bpp%3D1%26bdt%3D606%26idt%3D0%26shv%3Dr20210412%26cbv%3Dr20190131%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26prev_fmts%3D0x0%252C900x280%252C900x280%252C900x280%252C900x280%26nras%3D6%26correlator%3D5903918754885%26frm%3D20%26pv%3D1%26ga_vid%3D1418355954.1618415400%26ga_sid%3D1618415400%26ga_hid%3D1307222323%26ga_fc%3D0%26u_tz%3D120%26u_his%3D2%26u_java%3D0%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_nplug%3D0%26u_nmime%3D0%26adx%3D350%26ady%3D3804%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44739547%252C44736525%252C44740079%26oid%3D3%26pvsid%3D1459824164229947%26eae%3D0%26fc%3D1920%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257Cs%257C%26abl%3DNS%26fu%3D128%26bc%3D31%26ifi%3D6%26uci%3Da!6%26btvi%3D5%26fsb%3D1%26xpc%3DfuMd5s5CpN%26p%3Dhttps%253A%2F%2Fwww.andreafortuna.org%26dtd%3D26&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fwww.andreafortuna.org&random=9841687780082&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=90&adk=359448418&adf=723470516&pi=t.aa~a.3447919909~rp.1&w=900&fwrn=4&fwrnh=100&lmt=1618415400&rafmt=1&to=qs&pwprc=1462017320&psa=0&format=900x90&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1618415400352&bpp=1&bdt=606&idt=0&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280%2C900x280%2C900x280&nras=6&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=3804&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=fuMd5s5CpN&p=https%3A//www.andreafortuna.org&dtd=26
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
159.69.70.9 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.9.70.69.159.clients.your-server.de
Software
Apache /
Resource Hash
b7fad29d18a5e615a81b33445cd2c99ce573a3ade22a0771e15e98fba0f5c73f

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 14 Apr 2021 15:50:01 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control
no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId
89178800181280102179195011564017
Connection
close
Content-Type
application/x-javascript; charset=utf-8
Content-Length
727
Expires
Wed, 14 Apr 2021 16:50:01 +0200

Redirect headers

Pragma
no-cache
Date
Wed, 14 Apr 2021 15:50:01 GMT
Server
Apache
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location
request.php?zone=kfm7pdl6j5sw&nw=20&renderingType=javascript&namespace=dab76d1cba&subid=&uid=d41ad68e74c6b32c&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&envData=&gdpr=1&gdpr_consent=BAAAAAAAAAAAAAAAAAluAA%2F%2F%2F%2F%2F%2F%2BABgCeAJ4Ang&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D376565315897179842%26mt_id%3D8675613%26mt_adid%3D242876%26mt_sid%3D7324419%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dc8e46077-0f28-4a01-bd51-e4c9b6355cee%26mt_cid%3Dc8e46077-0f28-4a01-bd51-e4c9b6355cee%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCGVEmKA93YP-kGJHV7_UPwrO_oAnPh46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTk2MTgwNjA2NjQyMzcxMTDIAQmoAwGqBJgCT9BpIiuqqFMr-ABpjoOikEfO1B9c3nGdlLMsBAm-MJm_DihzCc7XfZ3HusUmRWeWDOey7Wiu8Bb4X3sgun9NPoimrk-HjrGUODelYvmbk0q6y9rrx5KKme4FZbkn5XSuJI9v0eK_qt-sYfWnPdjnh0dTNHivY0DrWrFuOOwVu1hdbP_ZChbb7SBbli8Psl06h6_M7wVIvoNoVz-hO_1hap7hdr0CLQn3EaBDifkUTYdST4OPoZ-EoZRtyQ8wktClkEKS4gOJAWjmw1DutRNwp5nC-LZfAPdX3Xsj2VNYFPmCwJ-jWYzPY9SodAO6qjmbgVIPR-v353fPtGMaFN1SdER4fhcCV-3g8oykXIjxU1ropohqt8inRIAG-pm04aTW17RHoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHsJixAtgHANIIBwiA4YAQEAH6CwIIAYAMAQ%2526num%253D1%2526sig%253DAOD64_37VkZhWGCPLKZdCXeIhAST8UAfyg%2526client%253Dca-pub-9618060664237110%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-9618060664237110%26output%3Dhtml%26h%3D90%26adk%3D359448418%26adf%3D723470516%26pi%3Dt.aa~a.3447919909~rp.1%26w%3D900%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1618415400%26rafmt%3D1%26to%3Dqs%26pwprc%3D1462017320%26psa%3D0%26format%3D900x90%26url%3Dhttps%253A%252F%252Fwww.andreafortuna.org%252F2018%252F06%252F11%252Fpowercat-a-porting-of-netcat-written-in-powershell%252F%26flash%3D0%26fwr%3D0%26pra%3D3%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26fa%3D40%26dt%3D1618415400352%26bpp%3D1%26bdt%3D606%26idt%3D0%26shv%3Dr20210412%26cbv%3Dr20190131%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26prev_fmts%3D0x0%252C900x280%252C900x280%252C900x280%252C900x280%26nras%3D6%26correlator%3D5903918754885%26frm%3D20%26pv%3D1%26ga_vid%3D1418355954.1618415400%26ga_sid%3D1618415400%26ga_hid%3D1307222323%26ga_fc%3D0%26u_tz%3D120%26u_his%3D2%26u_java%3D0%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_nplug%3D0%26u_nmime%3D0%26adx%3D350%26ady%3D3804%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44739547%252C44736525%252C44740079%26oid%3D3%26pvsid%3D1459824164229947%26eae%3D0%26fc%3D1920%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257Cs%257C%26abl%3DNS%26fu%3D128%26bc%3D31%26ifi%3D6%26uci%3Da!6%26btvi%3D5%26fsb%3D1%26xpc%3DfuMd5s5CpN%26p%3Dhttps%253A%2F%2Fwww.andreafortuna.org%26dtd%3D26&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fwww.andreafortuna.org&random=9841687780082&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Cache-Control
no-store, no-cache, must-revalidate, max-age=0
Connection
close
Content-Type
text/html; charset=UTF-8
Content-Length
0
Expires
Wed, 14 Apr 2021 16:50:01 +0200
pixel
cm.g.doubleclick.net/ Frame 1A47
Redirect Chain
  • https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESELQjnppU-gPN3kAi6Hz6v_c&google_cver=1&google_push=AQvitUJMrlZhwqbb13f5AvP9oiiEBfyK-7_FWYbWXz5pxV9fCbpRq0-RwN...
  • https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitUJMrlZhwqbb13f5AvP9oiiEBfyK-7_FWYbWXz5pxV9fCbpRq0-RwNag9yvrz7fGupZo5MWm9gj1PZsiuIOYWJ62PLi_AFQ&google_hm=Cm5EasL...
170 B
190 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitUJMrlZhwqbb13f5AvP9oiiEBfyK-7_FWYbWXz5pxV9fCbpRq0-RwNag9yvrz7fGupZo5MWm9gj1PZsiuIOYWJ62PLi_AFQ&google_hm=Cm5EasLiiZ2gZI9PdZXzYg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2083328582&pi=t.aa~a.396022158~i.25~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=1&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280%2C900x280&nras=5&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=2764&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=lfDMdKQ5ky&p=https%3A//www.andreafortuna.org&dtd=22
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Apr 2021 15:50:01 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitUJMrlZhwqbb13f5AvP9oiiEBfyK-7_FWYbWXz5pxV9fCbpRq0-RwNag9yvrz7fGupZo5MWm9gj1PZsiuIOYWJ62PLi_AFQ&google_hm=Cm5EasLiiZ2gZI9PdZXzYg
pragma
no-cache
date
Wed, 14 Apr 2021 15:50:01 GMT
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
strict-transport-security
max-age=86400
expires
Fri, 04 Aug 1978 12:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 1A47
Redirect Chain
  • https://d.agkn.com/pixel/2175/?google_gid=CAESENa8ruFZSQzIQypkZ-T87HM&google_cver=1&google_push=AQvitUKe9OWMCdBWifQ83-HVBu-z9YQKRXRDPXHaluCl3z8-8v3tnadJb3Xo6kVejdViSY1jZQFDof85MPc0SOJFw6WxZEFwYFw
  • https://cm.g.doubleclick.net/pixel?google_nid=akneustar_dmp&google_cm&google_hm=Q0FFU0VOYThydUZaU1F6SVF5cGtaLVQ4N0hN
170 B
190 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=akneustar_dmp&google_cm&google_hm=Q0FFU0VOYThydUZaU1F6SVF5cGtaLVQ4N0hN
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2083328582&pi=t.aa~a.396022158~i.25~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=1&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280%2C900x280&nras=5&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=2764&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=lfDMdKQ5ky&p=https%3A//www.andreafortuna.org&dtd=22
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Apr 2021 15:50:01 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Wed, 14 Apr 2021 15:50:00 GMT
Server
Apache-Coyote/1.1
P3P
CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location
https://cm.g.doubleclick.net/pixel?google_nid=akneustar_dmp&google_cm&google_hm=Q0FFU0VOYThydUZaU1F6SVF5cGtaLVQ4N0hN
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
Sat, 01 Jan 2000 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 1A47
Redirect Chain
  • https://rtb.openx.net/sync/dds?google_gid=CAESECSUmcMX_GMpnNEalRSyJ-8&google_cver=1&google_push=AQvitULzNrciO8XuzQimG99FEYik4-Rp7nGbGQQ_gpa73a0aqyUy-QmphBWAQTSxn7GMXVUWGNlI0h_YVszoQFBNFBkZl8KEBA
  • https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULzNrciO8XuzQimG99FEYik4-Rp7nGbGQQ_gpa73a0aqyUy-QmphBWAQTSxn7GMXVUWGNlI0h_YVszoQFBNFBkZl8KEBA&google_hm=glNKdVTCyAQsSk8Y0Sv9Pg==
170 B
190 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULzNrciO8XuzQimG99FEYik4-Rp7nGbGQQ_gpa73a0aqyUy-QmphBWAQTSxn7GMXVUWGNlI0h_YVszoQFBNFBkZl8KEBA&google_hm=glNKdVTCyAQsSk8Y0Sv9Pg==
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2083328582&pi=t.aa~a.396022158~i.25~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=1&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280%2C900x280&nras=5&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=2764&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=lfDMdKQ5ky&p=https%3A//www.andreafortuna.org&dtd=22
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Apr 2021 15:50:01 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 14 Apr 2021 15:50:01 GMT
via
1.1 google
server
Cowboy
access-control-allow-origin
null
vary
Origin
p3p
CP="CUR ADM OUR NOR STA NID"
location
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULzNrciO8XuzQimG99FEYik4-Rp7nGbGQQ_gpa73a0aqyUy-QmphBWAQTSxn7GMXVUWGNlI0h_YVszoQFBNFBkZl8KEBA&google_hm=glNKdVTCyAQsSk8Y0Sv9Pg==
access-control-expose-headers
cache-control
private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials
true
alt-svc
clear
content-length
0
x-request-id
ntuukhso15515619pigs5k4pui7l5nn6
pixel
cm.g.doubleclick.net/ Frame 1A47
Redirect Chain
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=8qqEuURcSP2hJjBoxFYhXw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...
170 B
190 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=8qqEuURcSP2hJjBoxFYhXw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUKwl5ZaOYOJ1eLXaawnDs15hYWbaPHqUkuZ51P_8p-2WZCWwu8rSwyy6uT6rpNaMK6p6w6S8phnOM32tukGSAGgHEUh5Ok
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2083328582&pi=t.aa~a.396022158~i.25~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=1&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280%2C900x280&nras=5&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=2764&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=lfDMdKQ5ky&p=https%3A//www.andreafortuna.org&dtd=22
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Apr 2021 15:50:01 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=8qqEuURcSP2hJjBoxFYhXw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUKwl5ZaOYOJ1eLXaawnDs15hYWbaPHqUkuZ51P_8p-2WZCWwu8rSwyy6uT6rpNaMK6p6w6S8phnOM32tukGSAGgHEUh5Ok
Date
Wed, 14 Apr 2021 15:50:00 GMT
P3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length
0
Content-Type
text/html; charset=UTF-8
pixel
cm.g.doubleclick.net/ Frame 1A47
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEP9Bos4evWcXfgXKy1fbz_k&google_cver=1&google_push=AQvitUIaDeHo-y1PcdfAoY-CMryqZIIad_DB0o5FbfEbGuj2NWTJdjIeZS45HYPTPXgsED7ELDR...
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S05ITVFST1QtMjUtMlk1Qw==&google_push=AQvitUIaDeHo-y1PcdfAoY-CMryqZIIad_DB0o5FbfEbGuj2NWTJdjIeZS45HYPTPXgsED7ELDRkBvCtIoVt-ChVCP2WugwZBw
170 B
190 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S05ITVFST1QtMjUtMlk1Qw==&google_push=AQvitUIaDeHo-y1PcdfAoY-CMryqZIIad_DB0o5FbfEbGuj2NWTJdjIeZS45HYPTPXgsED7ELDRkBvCtIoVt-ChVCP2WugwZBw
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2083328582&pi=t.aa~a.396022158~i.25~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=1&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280%2C900x280&nras=5&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=2764&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=lfDMdKQ5ky&p=https%3A//www.andreafortuna.org&dtd=22
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Apr 2021 15:50:01 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S05ITVFST1QtMjUtMlk1Qw==&google_push=AQvitUIaDeHo-y1PcdfAoY-CMryqZIIad_DB0o5FbfEbGuj2NWTJdjIeZS45HYPTPXgsED7ELDRkBvCtIoVt-ChVCP2WugwZBw
Cache-Control
no-cache,no-store,must-revalidate
Content-Type
text/html
content-length
0
X-RPHost
37b22a0c36bd84993dd2cda4a5e04b1d
Expires
0
pixel
cm.g.doubleclick.net/ Frame 1A47
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEB1dh89-w9QCJ5jnJwvXBh0&google_cver=1&googl...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YHcPKaTT5JpaF3Oh03ThrgAAByYAAAAB&google_gid=CAESEB1dh89-w9QCJ5jnJwvXBh0&google_push=AQvitUJKNoOD2CoiEND6ucHtBHiInZW-viDsPdYWGxWFMfGPlqU...
170 B
190 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YHcPKaTT5JpaF3Oh03ThrgAAByYAAAAB&google_gid=CAESEB1dh89-w9QCJ5jnJwvXBh0&google_push=AQvitUJKNoOD2CoiEND6ucHtBHiInZW-viDsPdYWGxWFMfGPlqUWyHhgAkH3ojJ19iysrEH5OYTZhwBRXsF4S7OvbGB6OEktKQQ&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2083328582&pi=t.aa~a.396022158~i.25~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=1&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280%2C900x280&nras=5&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=2764&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=lfDMdKQ5ky&p=https%3A//www.andreafortuna.org&dtd=22
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Apr 2021 15:50:01 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Wed, 14 Apr 2021 15:50:01 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YHcPKaTT5JpaF3Oh03ThrgAAByYAAAAB&google_gid=CAESEB1dh89-w9QCJ5jnJwvXBh0&google_push=AQvitUJKNoOD2CoiEND6ucHtBHiInZW-viDsPdYWGxWFMfGPlqUWyHhgAkH3ojJ19iysrEH5OYTZhwBRXsF4S7OvbGB6OEktKQQ&google_cver=1
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
text/html; charset=iso-8859-1
Content-Length
459
Expires
Wed, 14 Apr 2021 15:50:01 GMT
pixel
cm.g.doubleclick.net/ Frame 1A47
Redirect Chain
  • https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEP4acdyCMUw1TXY0zKgJaME&google_cver=1&google_push=AQvitUI816dws1bbfWR8Y44w...
  • https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AQvitUI816dws1bbfWR8Y44wUF3osXy_LwThhhI73UgksbCnlv05YRl-u5HRJbcJFpaswZoZb85zEGBjJGbpS3jyVe6yICO5SsgQ&google_hm=
170 B
190 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AQvitUI816dws1bbfWR8Y44wUF3osXy_LwThhhI73UgksbCnlv05YRl-u5HRJbcJFpaswZoZb85zEGBjJGbpS3jyVe6yICO5SsgQ&google_hm=
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2083328582&pi=t.aa~a.396022158~i.25~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=1&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280%2C900x280&nras=5&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=2764&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=lfDMdKQ5ky&p=https%3A//www.andreafortuna.org&dtd=22
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Apr 2021 15:50:01 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 14 Apr 2021 15:50:01 GMT
server
GHC
p3p
CP="NOI DSP COR NID PSAo OUR IND"
location
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AQvitUI816dws1bbfWR8Y44wUF3osXy_LwThhhI73UgksbCnlv05YRl-u5HRJbcJFpaswZoZb85zEGBjJGbpS3jyVe6yICO5SsgQ&google_hm=
cache-control
no-store, no-cache, must-revalidate, max-age=0
accept-ranges
none
content-length
0
expires
Tue, 13 Apr 2021 15:50:01 GMT
attr
cm.g.doubleclick.net/pixel/ Frame 1A47 		0
223 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13J0JUrY3HyHDCAyoabjr_sFrn3k7h8zfnewYtsEU1EJt9A68h8fZnCwKHySyrcUjVyCxjAPNg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2083328582&pi=t.aa~a.396022158~i.25~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=1&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280%2C900x280&nras=5&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=2764&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=lfDMdKQ5ky&p=https%3A//www.andreafortuna.org&dtd=22
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Apr 2021 15:50:01 GMT
server
HTTP server (unknown)
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
content-type
text/html
si
googleads.g.doubleclick.net/pagead/drt/ Frame BAEC
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si
0
283 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2083328582&pi=t.aa~a.396022158~i.25~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=1&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280%2C900x280&nras=5&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=2764&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=lfDMdKQ5ky&p=https%3A//www.andreafortuna.org&dtd=22
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
safe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/drt/si
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://googleads.g.doubleclick.net/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
DSID=NO_DATA; IDE=AHWqTUmy4QMKmDjBf2jSK3nqeLh2ROofQl7o9O_BITMhzvRJfn1Ykoa2dL77WANKWVw
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Wed, 14 Apr 2021 15:50:01 GMT
server
safe
content-length
0
x-xss-protection
0
set-cookie
DSID=NO_DATA; expires=Wed, 14-Apr-2021 16:50:01 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 14 Apr 2021 15:50:01 GMT
cache-control
private

Redirect headers

location
https://googleads.g.doubleclick.net/pagead/drt/si
cache-control
private
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Wed, 14 Apr 2021 15:50:01 GMT
server
safe
content-length
246
x-xss-protection
0
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
15318898951796945373
tpc.googlesyndication.com/daca_images/simgad/ Frame 018B 		78 KB
78 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/daca_images/simgad/15318898951796945373
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2616250793&pi=t.aa~a.396022158~i.19~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=2&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280&nras=3&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=1714&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=5dPVc6M1V9&p=https%3A//www.andreafortuna.org&dtd=16
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f3b3197cb2f740d823672b73658fa3d64a97146359419293a79ace173b5e76e6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Apr 2021 07:35:56 GMT
x-content-type-options
nosniff
age
29645
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
79901
x-xss-protection
0
last-modified
Wed, 14 Apr 2021 06:34:48 GMT
server
sffe
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 14 Apr 2022 07:35:56 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210412/r20110914/ Frame 018B 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210412/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2616250793&pi=t.aa~a.396022158~i.19~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=2&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280&nras=3&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=1714&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=5dPVc6M1V9&p=https%3A//www.andreafortuna.org&dtd=16
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7469bb0c9cf9988f08f24ddadaa9c46a4b49028ed56a7a8a3446bea69401cd79
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Apr 2021 15:44:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
345
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7114
x-xss-protection
0
server
cafe
etag
8830192366576089018
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 28 Apr 2021 15:44:16 GMT
nessie_icon_tiamat_white.png
tpc.googlesyndication.com/pagead/images/ Frame 018B 		225 B
337 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/nessie_icon_tiamat_white.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2616250793&pi=t.aa~a.396022158~i.19~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=2&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280&nras=3&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=1714&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=5dPVc6M1V9&p=https%3A//www.andreafortuna.org&dtd=16
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5719cdd3acdb2b6a5b9ae0bee910fc88fbc0f297f83235c02865d78eeed48446
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 14 Apr 2021 08:05:47 GMT
x-content-type-options
nosniff
server
cafe
age
27854
etag
14085932017949564970
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
content-type
image/png
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
225
x-xss-protection
0
expires
Thu, 15 Apr 2021 08:05:47 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210412/r20110914/client/ Frame 018B 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210412/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2616250793&pi=t.aa~a.396022158~i.19~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=2&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280&nras=3&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=1714&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=5dPVc6M1V9&p=https%3A//www.andreafortuna.org&dtd=16
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Apr 2021 15:49:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
13
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1303
x-xss-protection
0
server
cafe
etag
14729628269804859526
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 28 Apr 2021 15:49:48 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 018B 		118 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2616250793&pi=t.aa~a.396022158~i.19~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=2&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280&nras=3&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=1714&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=5dPVc6M1V9&p=https%3A//www.andreafortuna.org&dtd=16
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
69d435ce4b2fd0eb67edcc8e6f471eced90c210fec4725692a550b807742c00b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Apr 2021 15:50:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1618253573924606"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36714
x-xss-protection
0
expires
Wed, 14 Apr 2021 15:50:01 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210412/r20110914/client/ Frame 018B 		13 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210412/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2616250793&pi=t.aa~a.396022158~i.19~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=2&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280&nras=3&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=1714&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=5dPVc6M1V9&p=https%3A//www.andreafortuna.org&dtd=16
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
231064110361844d6320331a5c35979c2a492a546604d97181eb6cf7aa4ae1cd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Apr 2021 15:46:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
182
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5602
x-xss-protection
0
server
cafe
etag
7525161794280374107
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 28 Apr 2021 15:46:59 GMT
l
www.google.com/ads/measurement/ Frame 018B 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaSOsSkXB8dPOPF1_ztpHJLY2rQz_0vrjQu4_nFyUv1wLWdd5djw85fW3JFP6aiQnjITA-4HKwcLQEK9RTBOBdWEchZ7_g
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2616250793&pi=t.aa~a.396022158~i.19~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=2&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280&nras=3&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=1714&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=5dPVc6M1V9&p=https%3A//www.andreafortuna.org&dtd=16
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers
one_click_handler_one_afma_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210412/r20110914/client/ Frame 018B 		25 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210412/r20110914/client/one_click_handler_one_afma_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2616250793&pi=t.aa~a.396022158~i.19~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=2&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280&nras=3&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=1714&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=5dPVc6M1V9&p=https%3A//www.andreafortuna.org&dtd=16
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
95f66b0fd918f7a6d36f22a9ac49210439d74085bf0fedd1dec6061918f20c1c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Apr 2021 13:03:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
10014
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10490
x-xss-protection
0
server
cafe
etag
4192951226220979311
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 28 Apr 2021 13:03:07 GMT
adview
googleads.g.doubleclick.net/pagead/ Frame 018B 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CGV7OKA93YNLKF97Y7_UP9quKsAGH6eSiYtiJ_MOrDdrZHhABIOfmoXJglQKgAb_L5oUCyAECqAMByAPJBKoEnQJP0EzB3K0ZE_8hAGRTyHaWKEtfmZ8v0cG18IsDpYWCndsrzeLzE1AWZWb8S2uvy8s24Dp7K5fQ6LCnVZkEF6JP_Vlv871NGW8-UxPu9HwjbZ0OgLqhK3fnDnzFIh5cG4eM0-kO39jhSRsVsNxZr9t2rJGXW-ss9cl6-MXPoOaKsnoq2QuXRdoDh1ML9_A-GONC9W04mOd9cS3egKUe75e8_OAYek8hU-w0r-1ENJrlwbD1yErKUvRv7emyuujQWeckh1RylSZKH_NugIdEUr5H8l9a2_66xjI_s3EgeYmamHQadbVncVxYVvSynbsao7QDdxEReQy1axPydp2_Sb0aOTENI97eWfTV9qkDVysq9FcSNIQNy7d5HIpA43vABMWay-a_A5IFBAgEGAGSBQQIBRgEoAYCgAeDuteDAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAfIHBBDOvA_SCAkIgOGAEBABGB-ACgHICwHYEwKyFxoKGAgAEhRwdWItOTYxODA2MDY2NDIzNzExMA&sigh=yAzM4bRWxSA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2616250793&pi=t.aa~a.396022158~i.19~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=2&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280&nras=3&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=1714&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=5dPVc6M1V9&p=https%3A//www.andreafortuna.org&dtd=16
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2616250793&pi=t.aa~a.396022158~i.19~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=2&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280&nras=3&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=1714&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=5dPVc6M1V9&p=https%3A//www.andreafortuna.org&dtd=16
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Wed, 14 Apr 2021 15:50:01 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
index.html
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14751465879233591646/ Frame 0EF0 		72 KB
19 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14751465879233591646/index.html
Requested by
Host: www.andreafortuna.org
URL: https://www.andreafortuna.org/2018/06/11/powercat-a-porting-of-netcat-written-in-powershell/
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c66f73bafe42e4b9f740790484b7e010302898f17eb841f1a29829c5c255742f
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sadbundle/$csp%3Der3$/14751465879233591646/index.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://googleads.g.doubleclick.net/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://googleads.g.doubleclick.net/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-type
text/html
access-control-allow-origin
*
content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
date
Wed, 07 Apr 2021 21:23:40 GMT
expires
Thu, 07 Apr 2022 21:23:40 GMT
last-modified
Wed, 01 Jun 2016 12:54:14 GMT
x-content-type-options
nosniff
x-dns-prefetch-control
off
content-encoding
gzip
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
content-length
17542
age
584781
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
adview
googleads.g.doubleclick.net/pagead/ Frame 7A88 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=Ccw-fKA93YIOlF4KM9u8P0sOqELm69uhNwpzP4bsHkunS4LIBEAEg5-ahcmCVAqAB89PL0wPIAQmpAo85h4CtD7Q-qAMByANIqgScAk_Qi-Qyw9RwQvvlZ8XLHWgxkbludy5yT9EmzYIZiCRyiomwbjtTfmEZVhzM9ihb5nmGl-miLCRl5D2OsvJUZ6cGDl8JKzxJi3bbR1KlSw9Z2Ku7AzJpyY-Z93JgOcdSGBDcWQp6gjDdWN0IDFcyDf4l86NVSpbJ8QxYzMJhrm5Ma3DNOd9juOmpooFYCrSoznH0xMmhcKLwOBqajtU1DppgF0QH5Lg4eZNB7MFttqUIqj9MuTzOaaIMD1MBSgPOocaG23gU2nVhYp2BNCWQao_DBVLMEyDf2RuhKwEBLsgNt9N-YtK_7hzewJI-PJQRP1oH4La-ALN5nYRMp4Ium2eOleUwsWzUjclzW25ZfRwxu-e5hmLpflMc6nxBwATzlNbpgQGSBQQIBBgBkgUECAUYBKAGLoAHz5e6L6gH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAPIHBBCa6Q7SCAkIgOGAEBABGB-ACgHICwHYEwKyFxoKGAgAEhRwdWItOTYxODA2MDY2NDIzNzExMA&sigh=rEgcgAfea5g&template_id=419
Requested by
Host: www.andreafortuna.org
URL: https://www.andreafortuna.org/2018/06/11/powercat-a-porting-of-netcat-written-in-powershell/
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2495636939&pi=t.aa~a.396022158~i.17~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=4&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=1266&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=hM32MCU3M7&p=https%3A//www.andreafortuna.org&dtd=10
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Wed, 14 Apr 2021 15:50:01 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210412/r20110914/ Frame 7A88 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210412/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2495636939&pi=t.aa~a.396022158~i.17~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=4&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=1266&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=hM32MCU3M7&p=https%3A//www.andreafortuna.org&dtd=10
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7469bb0c9cf9988f08f24ddadaa9c46a4b49028ed56a7a8a3446bea69401cd79
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Apr 2021 15:44:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
345
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7114
x-xss-protection
0
server
cafe
etag
8830192366576089018
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 28 Apr 2021 15:44:16 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210412/r20110914/client/ Frame 7A88 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210412/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2495636939&pi=t.aa~a.396022158~i.17~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=4&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=1266&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=hM32MCU3M7&p=https%3A//www.andreafortuna.org&dtd=10
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Apr 2021 15:49:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
13
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1303
x-xss-protection
0
server
cafe
etag
14729628269804859526
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 28 Apr 2021 15:49:48 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 7A88 		118 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2495636939&pi=t.aa~a.396022158~i.17~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=4&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=1266&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=hM32MCU3M7&p=https%3A//www.andreafortuna.org&dtd=10
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
69d435ce4b2fd0eb67edcc8e6f471eced90c210fec4725692a550b807742c00b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Apr 2021 15:50:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1618253573924606"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36714
x-xss-protection
0
expires
Wed, 14 Apr 2021 15:50:01 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210412/r20110914/client/ Frame 7A88 		13 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210412/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2495636939&pi=t.aa~a.396022158~i.17~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=4&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=1266&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=hM32MCU3M7&p=https%3A//www.andreafortuna.org&dtd=10
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
231064110361844d6320331a5c35979c2a492a546604d97181eb6cf7aa4ae1cd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Apr 2021 15:46:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
182
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5602
x-xss-protection
0
server
cafe
etag
7525161794280374107
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 28 Apr 2021 15:46:59 GMT
iframe.html
p4-ellcwkfj73ndy-i7s2uv7rlgidq7fo-if-v6exp3-v4.metric.gstatic.com/v6exp3/ Frame 8D7B 		7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://p4-ellcwkfj73ndy-i7s2uv7rlgidq7fo-if-v6exp3-v4.metric.gstatic.com/v6exp3/iframe.html
Requested by
Host: p4-ellcwkfj73ndy-i7s2uv7rlgidq7fo-if-v6exp3-v4.metric.gstatic.com
URL: https://p4-ellcwkfj73ndy-i7s2uv7rlgidq7fo-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
142.250.185.99 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f3.1e100.net
Software
sffe /
Resource Hash
dc3eaff510b81f11089c9da59e3489c92c0cfb85363b403d1efd0d9e73a56904
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
p4-ellcwkfj73ndy-i7s2uv7rlgidq7fo-if-v6exp3-v4.metric.gstatic.com
:scheme
https
:path
/v6exp3/iframe.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-origin
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://p4-ellcwkfj73ndy-i7s2uv7rlgidq7fo-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://p4-ellcwkfj73ndy-i7s2uv7rlgidq7fo-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-type
text/html
content-security-policy-report-only
script-src 'nonce-vjAbzk99I5Be7-rlBOmzTA' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none'
cross-origin-resource-policy
cross-origin
content-length
2426
date
Wed, 14 Apr 2021 15:50:01 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
last-modified
Thu, 25 Feb 2021 15:45:00 GMT
x-content-type-options
nosniff
content-encoding
gzip
server
sffe
x-xss-protection
0
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
s
googleads.g.doubleclick.net/pagead/drt/ Frame 3617 		143 B
169 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2616250793&pi=t.aa~a.396022158~i.19~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=2&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280&nras=3&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=1714&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=5dPVc6M1V9&p=https%3A//www.andreafortuna.org&dtd=16
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
safe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/drt/s?v=r20120211
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-origin
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2616250793&pi=t.aa~a.396022158~i.19~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=2&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280&nras=3&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=1714&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=5dPVc6M1V9&p=https%3A//www.andreafortuna.org&dtd=16
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
DSID=NO_DATA; IDE=AHWqTUmy4QMKmDjBf2jSK3nqeLh2ROofQl7o9O_BITMhzvRJfn1Ykoa2dL77WANKWVw
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2616250793&pi=t.aa~a.396022158~i.19~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=2&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280&nras=3&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=1714&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=5dPVc6M1V9&p=https%3A//www.andreafortuna.org&dtd=16

Response headers

content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Wed, 14 Apr 2021 15:41:26 GMT
server
safe
content-length
145
x-xss-protection
0
cache-control
public, max-age=3600
age
515
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame B1B2 		1 KB
755 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2616250793&pi=t.aa~a.396022158~i.19~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=2&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280&nras=3&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=1714&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=5dPVc6M1V9&p=https%3A//www.andreafortuna.org&dtd=16
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
pagead2.googlesyndication.com
:scheme
https
:path
/pagead/s/cookie_push_onload.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://googleads.g.doubleclick.net/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://googleads.g.doubleclick.net/

Response headers

p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
date
Tue, 13 Apr 2021 16:59:40 GMT
expires
Wed, 14 Apr 2021 16:59:40 GMT
content-type
text/html; charset=UTF-8
etag
48472445140208031
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
724
x-xss-protection
0
cache-control
public, max-age=86400
age
82221
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
truncated
/ Frame 018B 		214 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a6d17acdd7bbb4656efcea8895893d6f0bb3a01a9866513ffe0e84b7ef767f0a

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
s
googleads.g.doubleclick.net/pagead/drt/ Frame D08B 		143 B
165 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2495636939&pi=t.aa~a.396022158~i.17~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=4&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=1266&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=hM32MCU3M7&p=https%3A//www.andreafortuna.org&dtd=10
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
safe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/drt/s?v=r20120211
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-origin
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2495636939&pi=t.aa~a.396022158~i.17~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=4&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=1266&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=hM32MCU3M7&p=https%3A//www.andreafortuna.org&dtd=10
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
DSID=NO_DATA; IDE=AHWqTUmy4QMKmDjBf2jSK3nqeLh2ROofQl7o9O_BITMhzvRJfn1Ykoa2dL77WANKWVw
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2495636939&pi=t.aa~a.396022158~i.17~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=4&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=1266&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=hM32MCU3M7&p=https%3A//www.andreafortuna.org&dtd=10

Response headers

content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Wed, 14 Apr 2021 15:41:26 GMT
server
safe
content-length
145
x-xss-protection
0
cache-control
public, max-age=3600
age
515
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
gen_csp
pagead2.googlesyndication.com/pagead/ Frame 7A88 		0
433 B 		Other
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CIPZp5iL_u8CFQKG_Qcd0qEKAg&gqi=KA93YPfUFpX23wO1vofACA&layout=/sadbundle/%24csp%253Der3%24/14751465879233591646/index.html
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2495636939&pi=t.aa~a.396022158~i.17~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=4&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=1266&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=hM32MCU3M7&p=https%3A//www.andreafortuna.org&dtd=10
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
application/csp-report

Response headers

pragma
no-cache
date
Wed, 14 Apr 2021 15:50:01 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
truncated
/ Frame 7A88 		213 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
91de7b03c8f9831ca48cada97e9b57c595268d8a9e608847d8fb0462e08d1190

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
Enabler.js
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 0EF0 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14751465879233591646/index.html
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 13 Apr 2021 17:09:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
81636
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5866
x-xss-protection
0
server
cafe
etag
544157900006238945
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=86400
timing-allow-origin
*
expires
Wed, 14 Apr 2021 17:09:25 GMT
addata.js
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 0EF0 		22 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14751465879233591646/index.html
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4634b94630896f1a23c5ce01f743d720847c5f4dd28fb549ed503cb2df4f8e87
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Apr 2021 13:07:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
9751
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8867
x-xss-protection
0
server
cafe
etag
18043545750443934562
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=86400
timing-allow-origin
*
expires
Thu, 15 Apr 2021 13:07:30 GMT
pixel
cm.g.doubleclick.net/ Frame B1B2
Redirect Chain
  • https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEE2N22q8PXwblnDbzI7S6rM&google_cver=1&google_push=AQvitUISD76CnKv_PY-jCz1WU565kW-UmItxm9UoNCNS7uzKjXos0heOjV...
  • https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitUISD76CnKv_PY-jCz1WU565kW-UmItxm9UoNCNS7uzKjXos0heOjVJ4KwtDbzakK9ezU5JKLN-Zt79Lr67mWBUaiGSVzw&google_hm=Cm5EasLi...
170 B
190 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitUISD76CnKv_PY-jCz1WU565kW-UmItxm9UoNCNS7uzKjXos0heOjVJ4KwtDbzakK9ezU5JKLN-Zt79Lr67mWBUaiGSVzw&google_hm=Cm5EasLiiZ2gZI9PdZXzYg
Requested by
Host: www.andreafortuna.org
URL: https://www.andreafortuna.org/2018/06/11/powercat-a-porting-of-netcat-written-in-powershell/
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Apr 2021 15:50:01 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitUISD76CnKv_PY-jCz1WU565kW-UmItxm9UoNCNS7uzKjXos0heOjVJ4KwtDbzakK9ezU5JKLN-Zt79Lr67mWBUaiGSVzw&google_hm=Cm5EasLiiZ2gZI9PdZXzYg
pragma
no-cache
date
Wed, 14 Apr 2021 15:50:01 GMT
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
strict-transport-security
max-age=86400
expires
Fri, 04 Aug 1978 12:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame B1B2
Redirect Chain
  • https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAQvitUKJOVrW...
  • https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAQvitUKJOVrW...
  • https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA0MTQxNTUwMDE5NTY2NDI4MjMyNTkwMw%3D%3D&google_push=AQvitUKJOVrWljIQIRZt8vIuI8aQxXodZn6jeElYh6J-Cy38p1f8q5Hw975J-joGkQbhQ6...
170 B
190 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA0MTQxNTUwMDE5NTY2NDI4MjMyNTkwMw%3D%3D&google_push=AQvitUKJOVrWljIQIRZt8vIuI8aQxXodZn6jeElYh6J-Cy38p1f8q5Hw975J-joGkQbhQ6xSDDV0450wPUwVUcRgvomfE3UZl9k
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Apr 2021 15:50:02 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA0MTQxNTUwMDE5NTY2NDI4MjMyNTkwMw%3D%3D&google_push=AQvitUKJOVrWljIQIRZt8vIuI8aQxXodZn6jeElYh6J-Cy38p1f8q5Hw975J-joGkQbhQ6xSDDV0450wPUwVUcRgvomfE3UZl9k
Pragma
no-cache
Date
Wed, 14 Apr 2021 15:50:01 GMT
Cache-Control
no-cache
Connection
keep-alive
Content-Length
0
sync
odr.mookie1.com/t/v2/ Frame B1B2 		43 B
324 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEAVIE-MjuTPqUvwc4w4rFjM&google_push=AQvitULWaaeRNEiu3gaCJa3FUXKwCY4lc6BubQbRxAx8xk288M6lkZgh5Wt3Q4z-b3iiDIhdJfKzP78c2oHH8K-u3UTyK4vmAFk&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2616250793&pi=t.aa~a.396022158~i.19~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=2&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280&nras=3&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=1714&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=5dPVc6M1V9&p=https%3A//www.andreafortuna.org&dtd=16
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
61.67.98.34.bc.googleusercontent.com
Software
Apache /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Apr 2021 15:50:01 GMT
via
1.1 google
server
Apache
p3p
CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif;charset=UTF-8
alt-svc
clear
content-length
43
x-application-context
application
expires
Thu, 01 Jan 1970 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame B1B2
Redirect Chain
  • https://rtb.openx.net/sync/dds?google_gid=CAESEOromkbSNs8OuKjKewgFcdM&google_cver=1&google_push=AQvitUJ3rOGEpSt--UHGABLMGYz0EpkBQvGf-HdT0O5casyjWPiSpbrRg9CCCfnYgvKxmt0_CBgUDvBbZpaB4qPHeRNZv9q4bew
  • https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUJ3rOGEpSt--UHGABLMGYz0EpkBQvGf-HdT0O5casyjWPiSpbrRg9CCCfnYgvKxmt0_CBgUDvBbZpaB4qPHeRNZv9q4bew&google_hm=glNKdVTCyAQsSk8Y0Sv9Pg==
170 B
190 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUJ3rOGEpSt--UHGABLMGYz0EpkBQvGf-HdT0O5casyjWPiSpbrRg9CCCfnYgvKxmt0_CBgUDvBbZpaB4qPHeRNZv9q4bew&google_hm=glNKdVTCyAQsSk8Y0Sv9Pg==
Requested by
Host: www.andreafortuna.org
URL: https://www.andreafortuna.org/2018/06/11/powercat-a-porting-of-netcat-written-in-powershell/
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Apr 2021 15:50:01 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 14 Apr 2021 15:50:01 GMT
via
1.1 google
server
Cowboy
access-control-allow-origin
null
vary
Origin
p3p
CP="CUR ADM OUR NOR STA NID"
location
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUJ3rOGEpSt--UHGABLMGYz0EpkBQvGf-HdT0O5casyjWPiSpbrRg9CCCfnYgvKxmt0_CBgUDvBbZpaB4qPHeRNZv9q4bew&google_hm=glNKdVTCyAQsSk8Y0Sv9Pg==
access-control-expose-headers
cache-control
private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials
true
alt-svc
clear
content-length
0
x-request-id
i1dd8gmbcs00j5b1qnlmg3tl46ke7fif
pixel
cm.g.doubleclick.net/ Frame B1B2
Redirect Chain
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=8qqEuURcSP2hJjBoxFYhXw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...
170 B
190 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=8qqEuURcSP2hJjBoxFYhXw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUKAiGfilR3BiCWFY1zUxlEs_OFhxchjdwl8RZDOQXxuX3QlGQmFkYGDSMZZMp4LrNo_WYSBGSg5iv2fdcW8LicdGGHIzc4
Requested by
Host: www.andreafortuna.org
URL: https://www.andreafortuna.org/2018/06/11/powercat-a-porting-of-netcat-written-in-powershell/
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Apr 2021 15:50:01 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=8qqEuURcSP2hJjBoxFYhXw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUKAiGfilR3BiCWFY1zUxlEs_OFhxchjdwl8RZDOQXxuX3QlGQmFkYGDSMZZMp4LrNo_WYSBGSg5iv2fdcW8LicdGGHIzc4
Date
Wed, 14 Apr 2021 15:49:59 GMT
P3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length
0
Content-Type
text/html; charset=UTF-8
pixel
cm.g.doubleclick.net/ Frame B1B2
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEAdm4CC9lQ61rriWhTWj9ZU&google_cver=1&google_push=AQvitULYWQPvi6uizpPBLtFWtP9Mk4YdxNn-94dA2XBu0ezPoYTwozDyp1ZHB0uug0Iymdb3Krv...
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S05ITVFSVFYtMTAtQ0IwUA==&google_push=AQvitULYWQPvi6uizpPBLtFWtP9Mk4YdxNn-94dA2XBu0ezPoYTwozDyp1ZHB0uug0Iymdb3KrvgJhHB0T6VKOeoYyoHn6MCFnA
170 B
190 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S05ITVFSVFYtMTAtQ0IwUA==&google_push=AQvitULYWQPvi6uizpPBLtFWtP9Mk4YdxNn-94dA2XBu0ezPoYTwozDyp1ZHB0uug0Iymdb3KrvgJhHB0T6VKOeoYyoHn6MCFnA
Requested by
Host: www.andreafortuna.org
URL: https://www.andreafortuna.org/2018/06/11/powercat-a-porting-of-netcat-written-in-powershell/
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Apr 2021 15:50:01 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S05ITVFSVFYtMTAtQ0IwUA==&google_push=AQvitULYWQPvi6uizpPBLtFWtP9Mk4YdxNn-94dA2XBu0ezPoYTwozDyp1ZHB0uug0Iymdb3KrvgJhHB0T6VKOeoYyoHn6MCFnA
Cache-Control
no-cache,no-store,must-revalidate
Content-Type
text/html
content-length
0
X-RPHost
37b22a0c36bd84993dd2cda4a5e04b1d
Expires
0
pixel
cm.g.doubleclick.net/ Frame B1B2
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEL_2mG-uCEpUpbAMvcR7RFs&google_cver=1&googl...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YHcPKaTT5JpaF3Oh03ThrgAAByYAAAAB&google_gid=CAESEL_2mG-uCEpUpbAMvcR7RFs&google_push=AQvitUJHE0Q-8FHr8UIFxCx1JUgG3H4H8FRGa_StcsJRMT9SPQ3...
170 B
190 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YHcPKaTT5JpaF3Oh03ThrgAAByYAAAAB&google_gid=CAESEL_2mG-uCEpUpbAMvcR7RFs&google_push=AQvitUJHE0Q-8FHr8UIFxCx1JUgG3H4H8FRGa_StcsJRMT9SPQ3B93wV0Y5pGrx1H-P8SJA0dL3pN8Pqeun4U9CES1bH7pP06tk&google_cver=1
Requested by
Host: www.andreafortuna.org
URL: https://www.andreafortuna.org/2018/06/11/powercat-a-porting-of-netcat-written-in-powershell/
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Apr 2021 15:50:01 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Wed, 14 Apr 2021 15:50:01 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YHcPKaTT5JpaF3Oh03ThrgAAByYAAAAB&google_gid=CAESEL_2mG-uCEpUpbAMvcR7RFs&google_push=AQvitUJHE0Q-8FHr8UIFxCx1JUgG3H4H8FRGa_StcsJRMT9SPQ3B93wV0Y5pGrx1H-P8SJA0dL3pN8Pqeun4U9CES1bH7pP06tk&google_cver=1
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
text/html; charset=iso-8859-1
Content-Length
459
Expires
Wed, 14 Apr 2021 15:50:01 GMT
attr
cm.g.doubleclick.net/pixel/ Frame B1B2 		0
16 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JyhBUAjZlHe6uD08ymhd1oSMgDvgKC07D3wI04kZobICa8Ph6tISTpbdG0dQu_o1KvEG3h
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2616250793&pi=t.aa~a.396022158~i.19~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=2&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280&nras=3&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=1714&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=5dPVc6M1V9&p=https%3A//www.andreafortuna.org&dtd=16
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Apr 2021 15:50:01 GMT
server
HTTP server (unknown)
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
content-type
text/html
si
googleads.g.doubleclick.net/pagead/drt/ Frame 3617
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si
0
21 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2616250793&pi=t.aa~a.396022158~i.19~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=2&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280&nras=3&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=1714&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=5dPVc6M1V9&p=https%3A//www.andreafortuna.org&dtd=16
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
safe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/drt/si
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://googleads.g.doubleclick.net/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
DSID=NO_DATA; IDE=AHWqTUmy4QMKmDjBf2jSK3nqeLh2ROofQl7o9O_BITMhzvRJfn1Ykoa2dL77WANKWVw
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Wed, 14 Apr 2021 15:50:01 GMT
server
safe
content-length
0
x-xss-protection
0
set-cookie
DSID=NO_DATA; expires=Wed, 14-Apr-2021 16:50:01 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 14 Apr 2021 15:50:01 GMT
cache-control
private

Redirect headers

location
https://googleads.g.doubleclick.net/pagead/drt/si
cache-control
private
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Wed, 14 Apr 2021 15:50:01 GMT
server
safe
content-length
246
x-xss-protection
0
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
UsLlvuITw1lhdTUM-GMkld8y8Djv7Avn-D3pKFbWhiw.js
pagead2.googlesyndication.com/bg/ Frame B3F5 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/UsLlvuITw1lhdTUM-GMkld8y8Djv7Avn-D3pKFbWhiw.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2616250793&pi=t.aa~a.396022158~i.19~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=2&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280&nras=3&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=1714&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=5dPVc6M1V9&p=https%3A//www.andreafortuna.org&dtd=16
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
52c2e5bee213c3596175350cf8632495df32f038efec0be7f83de92856d6862c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Apr 2021 13:46:37 GMT
content-encoding
br
x-content-type-options
nosniff
last-modified
Tue, 30 Mar 2021 13:08:00 GMT
server
sffe
age
7404
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5718
x-xss-protection
0
expires
Thu, 14 Apr 2022 13:46:37 GMT
si
googleads.g.doubleclick.net/pagead/drt/ Frame D08B
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si
0
21 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2495636939&pi=t.aa~a.396022158~i.17~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=4&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=1266&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=hM32MCU3M7&p=https%3A//www.andreafortuna.org&dtd=10
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
safe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/drt/si
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://googleads.g.doubleclick.net/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
DSID=NO_DATA; IDE=AHWqTUmy4QMKmDjBf2jSK3nqeLh2ROofQl7o9O_BITMhzvRJfn1Ykoa2dL77WANKWVw
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Wed, 14 Apr 2021 15:50:01 GMT
server
safe
content-length
0
x-xss-protection
0
set-cookie
DSID=NO_DATA; expires=Wed, 14-Apr-2021 16:50:01 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 14 Apr 2021 15:50:01 GMT
cache-control
private

Redirect headers

location
https://googleads.g.doubleclick.net/pagead/drt/si
cache-control
private
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Wed, 14 Apr 2021 15:50:01 GMT
server
safe
content-length
246
x-xss-protection
0
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
UsLlvuITw1lhdTUM-GMkld8y8Djv7Avn-D3pKFbWhiw.js
pagead2.googlesyndication.com/bg/ Frame 4EA5 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/UsLlvuITw1lhdTUM-GMkld8y8Djv7Avn-D3pKFbWhiw.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=280&adk=1501611605&adf=2083328582&pi=t.aa~a.396022158~i.25~rp.4&w=900&fwrn=4&fwrnh=100&lmt=1618415400&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1462017320&psa=0&ad_type=text_image&format=900x280&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rh=200&rw=900&rpe=1&resp_fmts=3&wgl=1&fa=27&dt=1618415400352&bpp=1&bdt=606&idt=-M&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280%2C900x280&nras=5&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=2764&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=lfDMdKQ5ky&p=https%3A//www.andreafortuna.org&dtd=22
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
52c2e5bee213c3596175350cf8632495df32f038efec0be7f83de92856d6862c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Apr 2021 13:46:37 GMT
content-encoding
br
x-content-type-options
nosniff
last-modified
Tue, 30 Mar 2021 13:08:00 GMT
server
sffe
age
7404
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5718
x-xss-protection
0
expires
Thu, 14 Apr 2022 13:46:37 GMT
UsLlvuITw1lhdTUM-GMkld8y8Djv7Avn-D3pKFbWhiw.js
pagead2.googlesyndication.com/bg/ Frame 0EF0 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/UsLlvuITw1lhdTUM-GMkld8y8Djv7Avn-D3pKFbWhiw.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
52c2e5bee213c3596175350cf8632495df32f038efec0be7f83de92856d6862c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Apr 2021 13:46:37 GMT
content-encoding
br
x-content-type-options
nosniff
last-modified
Tue, 30 Mar 2021 13:08:00 GMT
server
sffe
age
7404
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5718
x-xss-protection
0
expires
Thu, 14 Apr 2022 13:46:37 GMT
request_content.php
hal900017.redintelligence.net/ Frame A217 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://hal900017.redintelligence.net/request_content.php?s=89178800181280102179195011564017&a=4d081671
Requested by
Host: hal900017.redintelligence.net
URL: https://hal900017.redintelligence.net/request.php?zone=kfm7pdl6j5sw&nw=20&renderingType=javascript&namespace=dab76d1cba&subid=&uid=d41ad68e74c6b32c&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&envData=&gdpr=1&gdpr_consent=BAAAAAAAAAAAAAAAAAluAA%2F%2F%2F%2F%2F%2F%2BABgCeAJ4Ang&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fmt_aid%3D376565315897179842%26mt_id%3D8675613%26mt_adid%3D242876%26mt_sid%3D7324419%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3Dc8e46077-0f28-4a01-bd51-e4c9b6355cee%26mt_cid%3Dc8e46077-0f28-4a01-bd51-e4c9b6355cee%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCGVEmKA93YP-kGJHV7_UPwrO_oAnPh46bXMCG2YLGAsCNtwEQASAAYJUCggEXY2EtcHViLTk2MTgwNjA2NjQyMzcxMTDIAQmoAwGqBJgCT9BpIiuqqFMr-ABpjoOikEfO1B9c3nGdlLMsBAm-MJm_DihzCc7XfZ3HusUmRWeWDOey7Wiu8Bb4X3sgun9NPoimrk-HjrGUODelYvmbk0q6y9rrx5KKme4FZbkn5XSuJI9v0eK_qt-sYfWnPdjnh0dTNHivY0DrWrFuOOwVu1hdbP_ZChbb7SBbli8Psl06h6_M7wVIvoNoVz-hO_1hap7hdr0CLQn3EaBDifkUTYdST4OPoZ-EoZRtyQ8wktClkEKS4gOJAWjmw1DutRNwp5nC-LZfAPdX3Xsj2VNYFPmCwJ-jWYzPY9SodAO6qjmbgVIPR-v353fPtGMaFN1SdER4fhcCV-3g8oykXIjxU1ropohqt8inRIAG-pm04aTW17RHoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHsJixAtgHANIIBwiA4YAQEAH6CwIIAYAMAQ%2526num%253D1%2526sig%253DAOD64_37VkZhWGCPLKZdCXeIhAST8UAfyg%2526client%253Dca-pub-9618060664237110%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-9618060664237110%26output%3Dhtml%26h%3D90%26adk%3D359448418%26adf%3D723470516%26pi%3Dt.aa~a.3447919909~rp.1%26w%3D900%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1618415400%26rafmt%3D1%26to%3Dqs%26pwprc%3D1462017320%26psa%3D0%26format%3D900x90%26url%3Dhttps%253A%252F%252Fwww.andreafortuna.org%252F2018%252F06%252F11%252Fpowercat-a-porting-of-netcat-written-in-powershell%252F%26flash%3D0%26fwr%3D0%26pra%3D3%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26fa%3D40%26dt%3D1618415400352%26bpp%3D1%26bdt%3D606%26idt%3D0%26shv%3Dr20210412%26cbv%3Dr20190131%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26prev_fmts%3D0x0%252C900x280%252C900x280%252C900x280%252C900x280%26nras%3D6%26correlator%3D5903918754885%26frm%3D20%26pv%3D1%26ga_vid%3D1418355954.1618415400%26ga_sid%3D1618415400%26ga_hid%3D1307222323%26ga_fc%3D0%26u_tz%3D120%26u_his%3D2%26u_java%3D0%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_nplug%3D0%26u_nmime%3D0%26adx%3D350%26ady%3D3804%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44739547%252C44736525%252C44740079%26oid%3D3%26pvsid%3D1459824164229947%26eae%3D0%26fc%3D1920%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257Cs%257C%26abl%3DNS%26fu%3D128%26bc%3D31%26ifi%3D6%26uci%3Da!6%26btvi%3D5%26fsb%3D1%26xpc%3DfuMd5s5CpN%26p%3Dhttps%253A%2F%2Fwww.andreafortuna.org%26dtd%3D26&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fwww.andreafortuna.org&random=9841687780082&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
159.69.70.9 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.9.70.69.159.clients.your-server.de
Software
Apache /
Resource Hash
bd51928079945008cd6c6456888b0fb4da2c09565ed7fe9665ae4d8ca7b6c826

Request headers

Host
hal900017.redintelligence.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://googleads.g.doubleclick.net/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
8lcfmzhxc8d6_uid=28a727dad3ef3dd0
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://googleads.g.doubleclick.net/

Response headers

Date
Wed, 14 Apr 2021 15:50:01 GMT
Server
Apache
Cache-Control
no-store, no-cache, must-revalidate, max-age=0
Expires
Wed, 14 Apr 2021 16:50:01 +0200
Pragma
no-cache
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
1341
Connection
close
Content-Type
text/html; charset=utf-8
cshow.php
www.awin1.com/ Frame 008F 		43 B
705 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.awin1.com/cshow.php?s=2846676&v=14098&q=409715&r=296283&pref1=89178800181280102179195011564017&pv=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=90&adk=359448418&adf=723470516&pi=t.aa~a.3447919909~rp.1&w=900&fwrn=4&fwrnh=100&lmt=1618415400&rafmt=1&to=qs&pwprc=1462017320&psa=0&format=900x90&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1618415400352&bpp=1&bdt=606&idt=0&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280%2C900x280%2C900x280&nras=6&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=3804&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=fuMd5s5CpN&p=https%3A//www.andreafortuna.org&dtd=26
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
104.111.239.217 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-239-217.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 14 Apr 2021 15:50:01 GMT
Strict-Transport-Security
max-age=86400
P3P
policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control
no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set
default
Node
Helix
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
0
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame AF14 		1 KB
750 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=90&adk=359448418&adf=723470516&pi=t.aa~a.3447919909~rp.1&w=900&fwrn=4&fwrnh=100&lmt=1618415400&rafmt=1&to=qs&pwprc=1462017320&psa=0&format=900x90&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1618415400352&bpp=1&bdt=606&idt=0&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280%2C900x280%2C900x280&nras=6&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=3804&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=fuMd5s5CpN&p=https%3A//www.andreafortuna.org&dtd=26
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
pagead2.googlesyndication.com
:scheme
https
:path
/pagead/s/cookie_push_onload.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://googleads.g.doubleclick.net/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://googleads.g.doubleclick.net/

Response headers

p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
date
Tue, 13 Apr 2021 16:59:40 GMT
expires
Wed, 14 Apr 2021 16:59:40 GMT
content-type
text/html; charset=UTF-8
etag
48472445140208031
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
724
x-xss-protection
0
cache-control
public, max-age=86400
age
82221
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
truncated
/ Frame 008F 		216 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b9c6229e5ab24ed40ba66561cbe37a28149e54a9fb4bc11bcd2e84720580bab8

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
pixel
cm.g.doubleclick.net/ Frame AF14
Redirect Chain
  • https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEDxzj04BWN-5jvqEvNutPtI&google_cver=1&google_push=AQvitULJYDxdvyttpsRy3ku_4rI5LHZEZXggljBFwPbvbKHHJJx9RyP-Qx...
  • https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitULJYDxdvyttpsRy3ku_4rI5LHZEZXggljBFwPbvbKHHJJx9RyP-QxhxvumSIWwbqZVOAzIvQ9ZFOYZDJEcJ8Pt-T_ib_KS5&google_hm=Cm5Eas...
170 B
190 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitULJYDxdvyttpsRy3ku_4rI5LHZEZXggljBFwPbvbKHHJJx9RyP-QxhxvumSIWwbqZVOAzIvQ9ZFOYZDJEcJ8Pt-T_ib_KS5&google_hm=Cm5EasLiiZ2gZI9PdZXzYg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=90&adk=359448418&adf=723470516&pi=t.aa~a.3447919909~rp.1&w=900&fwrn=4&fwrnh=100&lmt=1618415400&rafmt=1&to=qs&pwprc=1462017320&psa=0&format=900x90&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1618415400352&bpp=1&bdt=606&idt=0&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280%2C900x280%2C900x280&nras=6&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=3804&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=fuMd5s5CpN&p=https%3A//www.andreafortuna.org&dtd=26
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Apr 2021 15:50:01 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitULJYDxdvyttpsRy3ku_4rI5LHZEZXggljBFwPbvbKHHJJx9RyP-QxhxvumSIWwbqZVOAzIvQ9ZFOYZDJEcJ8Pt-T_ib_KS5&google_hm=Cm5EasLiiZ2gZI9PdZXzYg
pragma
no-cache
date
Wed, 14 Apr 2021 15:50:01 GMT
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
strict-transport-security
max-age=86400
expires
Fri, 04 Aug 1978 12:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame AF14
Redirect Chain
  • https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAQvitUKGcIKIK7AQVyJg9MZn8sp851Zr5j7rDAfP2lj...
  • https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUhjUEtRQUFBWHh3eERoaw&google_push=AQvitUKGcIKIK7AQVyJg9MZn8sp851Zr5j7rDAfP2lj4Gu2ldp3sBQyraho1CL-M6YRYV6qlUhCmBvyODCxZ0-5wwaW-BN8eWf6e
170 B
190 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUhjUEtRQUFBWHh3eERoaw&google_push=AQvitUKGcIKIK7AQVyJg9MZn8sp851Zr5j7rDAfP2lj4Gu2ldp3sBQyraho1CL-M6YRYV6qlUhCmBvyODCxZ0-5wwaW-BN8eWf6e
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=90&adk=359448418&adf=723470516&pi=t.aa~a.3447919909~rp.1&w=900&fwrn=4&fwrnh=100&lmt=1618415400&rafmt=1&to=qs&pwprc=1462017320&psa=0&format=900x90&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1618415400352&bpp=1&bdt=606&idt=0&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280%2C900x280%2C900x280&nras=6&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=3804&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=fuMd5s5CpN&p=https%3A//www.andreafortuna.org&dtd=26
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Apr 2021 15:50:01 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUhjUEtRQUFBWHh3eERoaw&google_push=AQvitUKGcIKIK7AQVyJg9MZn8sp851Zr5j7rDAfP2lj4Gu2ldp3sBQyraho1CL-M6YRYV6qlUhCmBvyODCxZ0-5wwaW-BN8eWf6e
Date
Wed, 14 Apr 2021 15:50:01 GMT
Server
Apache
Connection
keep-alive
Content-Length
391
Content-Type
text/html; charset=iso-8859-1
pixel
cm.g.doubleclick.net/ Frame AF14
Redirect Chain
  • https://id.rlcdn.com/466606.gif?cparams=google_push%3DAQvitUIGCe5SPbI-t__kxTC9YFFAIDOuZs8tU62Xhq7qPDN9_7OuAKBaWlrEbVharGwUbStyp57mPwRDulT0YYU7AKk6ys17n7Mj&google_gid=CAESEJ8raPmhudBWx5wUQ96ZPn4&goo...
  • https://id.rlcdn.com/1000.gif?memo=CK69HBoNCKme3IMGEgUI6AcQAEIASnBnb29nbGVfcHVzaD1BUXZpdFVJR0NlNVNQYkktdF9fa3hUQzlZRkZBSURPdVpzOHRVNjJYaHE3cVBETjlfN091QUtCYVdsckViVmhhckd3VWJTdHlwNTdtUHdSRHVsVDBZWV...
  • https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwQUZLZDhWNllPNDhHUUlxS0gycFBWQjJ3Uk8xNFlOeWdOY1Ztb19pSER4bw==&google_push
170 B
190 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwQUZLZDhWNllPNDhHUUlxS0gycFBWQjJ3Uk8xNFlOeWdOY1Ztb19pSER4bw==&google_push
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=90&adk=359448418&adf=723470516&pi=t.aa~a.3447919909~rp.1&w=900&fwrn=4&fwrnh=100&lmt=1618415400&rafmt=1&to=qs&pwprc=1462017320&psa=0&format=900x90&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1618415400352&bpp=1&bdt=606&idt=0&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280%2C900x280%2C900x280&nras=6&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=3804&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=fuMd5s5CpN&p=https%3A//www.andreafortuna.org&dtd=26
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Apr 2021 15:50:01 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Wed, 14 Apr 2021 15:50:01 GMT
via
1.1 google
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwQUZLZDhWNllPNDhHUUlxS0gycFBWQjJ3Uk8xNFlOeWdOY1Ztb19pSER4bw==&google_push
cache-control
no-cache, no-store
timing-allow-origin
*
alt-svc
clear
content-length
0
pixel
cm.g.doubleclick.net/ Frame AF14
Redirect Chain
  • https://rtb.openx.net/sync/dds?google_gid=CAESEAHrcHNc2wvMPU0YHwhuAqE&google_cver=1&google_push=AQvitULc-q14Ub0Kz7mTU6C2pT2WFJaLZirfZtUPT411nAf2tRv54HCvOrM_Am9q_GOergNKqpK_A98goBLP3cUJGB5lrIwPkefL
  • https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULc-q14Ub0Kz7mTU6C2pT2WFJaLZirfZtUPT411nAf2tRv54HCvOrM_Am9q_GOergNKqpK_A98goBLP3cUJGB5lrIwPkefL&google_hm=glNKdVTCyAQsSk8Y0Sv9Pg==
170 B
190 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULc-q14Ub0Kz7mTU6C2pT2WFJaLZirfZtUPT411nAf2tRv54HCvOrM_Am9q_GOergNKqpK_A98goBLP3cUJGB5lrIwPkefL&google_hm=glNKdVTCyAQsSk8Y0Sv9Pg==
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=90&adk=359448418&adf=723470516&pi=t.aa~a.3447919909~rp.1&w=900&fwrn=4&fwrnh=100&lmt=1618415400&rafmt=1&to=qs&pwprc=1462017320&psa=0&format=900x90&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1618415400352&bpp=1&bdt=606&idt=0&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280%2C900x280%2C900x280&nras=6&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=3804&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=fuMd5s5CpN&p=https%3A//www.andreafortuna.org&dtd=26
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Apr 2021 15:50:01 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 14 Apr 2021 15:50:01 GMT
via
1.1 google
server
Cowboy
access-control-allow-origin
null
vary
Origin
p3p
CP="CUR ADM OUR NOR STA NID"
location
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULc-q14Ub0Kz7mTU6C2pT2WFJaLZirfZtUPT411nAf2tRv54HCvOrM_Am9q_GOergNKqpK_A98goBLP3cUJGB5lrIwPkefL&google_hm=glNKdVTCyAQsSk8Y0Sv9Pg==
access-control-expose-headers
cache-control
private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials
true
alt-svc
clear
content-length
0
x-request-id
gd3gufg432b69uvbeep0c6mhsi9h32t0
pixel
cm.g.doubleclick.net/ Frame AF14
Redirect Chain
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=8qqEuURcSP2hJjBoxFYhXw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...
170 B
190 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=8qqEuURcSP2hJjBoxFYhXw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUJHWJx1g2ETkEnpHxz-_lByf9-qpz0xhXVVN7dGww-JCRjonlTYWaw5BsxstTdltcEB1b1XbZ7hrcbb4-kAERkwViEJ_ibi
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=90&adk=359448418&adf=723470516&pi=t.aa~a.3447919909~rp.1&w=900&fwrn=4&fwrnh=100&lmt=1618415400&rafmt=1&to=qs&pwprc=1462017320&psa=0&format=900x90&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1618415400352&bpp=1&bdt=606&idt=0&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280%2C900x280%2C900x280&nras=6&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=3804&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=fuMd5s5CpN&p=https%3A//www.andreafortuna.org&dtd=26
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Apr 2021 15:50:01 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=8qqEuURcSP2hJjBoxFYhXw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUJHWJx1g2ETkEnpHxz-_lByf9-qpz0xhXVVN7dGww-JCRjonlTYWaw5BsxstTdltcEB1b1XbZ7hrcbb4-kAERkwViEJ_ibi
Date
Wed, 14 Apr 2021 15:50:00 GMT
P3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length
0
Content-Type
text/html; charset=UTF-8
pixel
cm.g.doubleclick.net/ Frame AF14
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEDDf4ZoXdYoOsP3JgnSjGoY&google_cver=1&google_push=AQvitUIVLYUm-T0dUw1_8jKCHamDaM4HDwT2u--4LK-XL2_9ZAGRln959IHPnN93L74CADQFgzZ...
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S05ITVFTMkYtWS1CSkQy&google_push=AQvitUIVLYUm-T0dUw1_8jKCHamDaM4HDwT2u--4LK-XL2_9ZAGRln959IHPnN93L74CADQFgzZwbuqB770-xlmHX_fVysa8lQWK
170 B
190 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S05ITVFTMkYtWS1CSkQy&google_push=AQvitUIVLYUm-T0dUw1_8jKCHamDaM4HDwT2u--4LK-XL2_9ZAGRln959IHPnN93L74CADQFgzZwbuqB770-xlmHX_fVysa8lQWK
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=90&adk=359448418&adf=723470516&pi=t.aa~a.3447919909~rp.1&w=900&fwrn=4&fwrnh=100&lmt=1618415400&rafmt=1&to=qs&pwprc=1462017320&psa=0&format=900x90&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1618415400352&bpp=1&bdt=606&idt=0&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280%2C900x280%2C900x280&nras=6&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=3804&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=fuMd5s5CpN&p=https%3A//www.andreafortuna.org&dtd=26
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Apr 2021 15:50:01 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S05ITVFTMkYtWS1CSkQy&google_push=AQvitUIVLYUm-T0dUw1_8jKCHamDaM4HDwT2u--4LK-XL2_9ZAGRln959IHPnN93L74CADQFgzZwbuqB770-xlmHX_fVysa8lQWK
Cache-Control
no-cache,no-store,must-revalidate
Content-Type
text/html
content-length
0
X-RPHost
37b22a0c36bd84993dd2cda4a5e04b1d
Expires
0
pixel
cm.g.doubleclick.net/ Frame AF14
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESECmTb_9H1f-gjpS9LhAwMZE&google_cver=1&googl...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YHcPKaTT5JpaF3Oh03ThrgAAByYAAAAB&google_cver=1&google_gid=CAESECmTb_9H1f-gjpS9LhAwMZE&google_push=AQvitUJ5PuvI9j_uJbYnwLKTSQiOGj4SktUOB...
170 B
190 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YHcPKaTT5JpaF3Oh03ThrgAAByYAAAAB&google_cver=1&google_gid=CAESECmTb_9H1f-gjpS9LhAwMZE&google_push=AQvitUJ5PuvI9j_uJbYnwLKTSQiOGj4SktUOBlZJnptQtfJjOCNLUqMUF5vXI78-SKDvlTcf-pQ1PdpVq03C-zVr6DvTc7b86W8
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=90&adk=359448418&adf=723470516&pi=t.aa~a.3447919909~rp.1&w=900&fwrn=4&fwrnh=100&lmt=1618415400&rafmt=1&to=qs&pwprc=1462017320&psa=0&format=900x90&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1618415400352&bpp=1&bdt=606&idt=0&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280%2C900x280%2C900x280&nras=6&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=3804&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=fuMd5s5CpN&p=https%3A//www.andreafortuna.org&dtd=26
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Apr 2021 15:50:01 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Wed, 14 Apr 2021 15:50:01 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YHcPKaTT5JpaF3Oh03ThrgAAByYAAAAB&google_cver=1&google_gid=CAESECmTb_9H1f-gjpS9LhAwMZE&google_push=AQvitUJ5PuvI9j_uJbYnwLKTSQiOGj4SktUOBlZJnptQtfJjOCNLUqMUF5vXI78-SKDvlTcf-pQ1PdpVq03C-zVr6DvTc7b86W8
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
text/html; charset=iso-8859-1
Content-Length
459
Expires
Wed, 14 Apr 2021 15:50:01 GMT
attr
cm.g.doubleclick.net/pixel/ Frame AF14 		0
16 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LYN4YANUG_wO4NtQ9s-sopZzWMXW-4F7cBUTemtE_pWMPnV_ghPb33MUx5WoiYEHZd6Sn_
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9618060664237110&output=html&h=90&adk=359448418&adf=723470516&pi=t.aa~a.3447919909~rp.1&w=900&fwrn=4&fwrnh=100&lmt=1618415400&rafmt=1&to=qs&pwprc=1462017320&psa=0&format=900x90&url=https%3A%2F%2Fwww.andreafortuna.org%2F2018%2F06%2F11%2Fpowercat-a-porting-of-netcat-written-in-powershell%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1618415400352&bpp=1&bdt=606&idt=0&shv=r20210412&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C900x280%2C900x280%2C900x280%2C900x280&nras=6&correlator=5903918754885&frm=20&pv=1&ga_vid=1418355954.1618415400&ga_sid=1618415400&ga_hid=1307222323&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=350&ady=3804&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44739547%2C44736525%2C44740079&oid=3&pvsid=1459824164229947&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=fuMd5s5CpN&p=https%3A//www.andreafortuna.org&dtd=26
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Apr 2021 15:50:01 GMT
server
HTTP server (unknown)
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
content-type
text/html
kl_kts_728x90px.gif
cdn.contentspread.net/24i/advertiser/3839/creativesup/ Frame A217
Redirect Chain
  • https://www.awin1.com/cshow.php?s=2846676&v=14098&q=409715&r=296283&pref1=89178800181280102179195011564017&pv=0
  • https://cdn.contentspread.net/24i/advertiser/3839/creativesup/kl_kts_728x90px.gif
26 KB
26 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.contentspread.net/24i/advertiser/3839/creativesup/kl_kts_728x90px.gif
Requested by
Host: hal900017.redintelligence.net
URL: https://hal900017.redintelligence.net/request_content.php?s=89178800181280102179195011564017&a=4d081671
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
88.99.69.161 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.161.69.99.88.clients.your-server.de
Software
nginx /
Resource Hash
1506a76dcd6d608d22a2318266a6c9260639b5a5bb0729ec5df390784a708b28

Request headers

Referer
https://hal900017.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Wed, 14 Apr 2021 15:50:01 GMT
Last-Modified
Mon, 29 Mar 2021 07:44:26 GMT
Server
nginx
ETag
"6061855a-679b"
Content-Type
image/gif
Connection
close
Accept-Ranges
bytes
Content-Length
26523

Redirect headers

Date
Wed, 14 Apr 2021 15:50:01 GMT
Strict-Transport-Security
max-age=86400
P3P
policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Location
https://cdn.contentspread.net/24i/advertiser/3839/creativesup/kl_kts_728x90px.gif
Awin-Akamai-Rule-Set
default
Node
Helix
Connection
keep-alive
Content-Length
0
viewability
hal900017.redintelligence.net/ Frame A217 		0
150 B 		Script
General
Check archive.org
Download Go to
Full URL
https://hal900017.redintelligence.net/viewability?s=89178800181280102179195011564017&a=8e6ae088&vb=m
Requested by
Host: hal900017.redintelligence.net
URL: https://hal900017.redintelligence.net/request_content.php?s=89178800181280102179195011564017&a=4d081671
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
159.69.70.9 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.9.70.69.159.clients.your-server.de
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://hal900017.redintelligence.net/request_content.php?s=89178800181280102179195011564017&a=4d081671
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Wed, 14 Apr 2021 15:50:01 GMT
Server
Apache
Connection
close
Content-Length
0
Content-Type
text/html; charset=UTF-8
truncated
/ Frame A217 		43 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif
addDoubleBorder.js
cdn.contentspread.net/24i/tools/js/ Frame A217 		851 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.contentspread.net/24i/tools/js/addDoubleBorder.js
Requested by
Host: hal900017.redintelligence.net
URL: https://hal900017.redintelligence.net/request_content.php?s=89178800181280102179195011564017&a=4d081671
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
88.99.69.161 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.161.69.99.88.clients.your-server.de
Software
nginx /
Resource Hash
abaa484421865309a7781e540844f1b5260ed131080f8dd9f083d8f18beea107

Request headers

Referer
https://hal900017.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Wed, 14 Apr 2021 15:50:01 GMT
Last-Modified
Tue, 03 May 2016 20:54:50 GMT
Server
nginx
ETag
"5729101a-353"
Content-Type
application/javascript
Connection
close
Accept-Ranges
bytes
Content-Length
851
sodar
pagead2.googlesyndication.com/getconfig/ 		8 KB
7 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210412&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210412/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9618060664237110&plah=www.andreafortuna.org&amaexp=1
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
576008a57138bca272c65c8f4d5cc56141dc947ddf923ebb7094fc39a2cffc16
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.andreafortuna.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 14 Apr 2021 15:50:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6586
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210412/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9618060664237110&plah=www.andreafortuna.org&amaexp=1
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.andreafortuna.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Apr 2021 15:50:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1616005470650935"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6437
x-xss-protection
0
expires
Wed, 14 Apr 2021 15:50:01 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/222/ Frame 7C8F 		12 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/222/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.andreafortuna.org/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://www.andreafortuna.org/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
content-length
5022
date
Wed, 14 Apr 2021 15:21:06 GMT
expires
Thu, 14 Apr 2022 15:21:06 GMT
last-modified
Wed, 20 Jan 2021 19:23:06 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
1735
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
UsLlvuITw1lhdTUM-GMkld8y8Djv7Avn-D3pKFbWhiw.js
pagead2.googlesyndication.com/bg/ Frame 7C8F 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/UsLlvuITw1lhdTUM-GMkld8y8Djv7Avn-D3pKFbWhiw.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
52c2e5bee213c3596175350cf8632495df32f038efec0be7f83de92856d6862c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Apr 2021 13:46:37 GMT
content-encoding
br
x-content-type-options
nosniff
last-modified
Tue, 30 Mar 2021 13:08:00 GMT
server
sffe
age
7404
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5718
x-xss-protection
0
expires
Thu, 14 Apr 2022 13:46:37 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
111 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=222&t=2&li=gda_r20210412&jk=1459824164229947&bg=!Y2ClYCTNAAb2K53n9is7ACkAdvg8Wk4OslKQ5yCJr-HPs1KWeo3Vb7CvQ5Cq_1T6MAF6gokGfkOTqQIAAABiUgAAAAtoAQcKAK3WHmcKeJ-uhwIPNFYkt2lsSDX-dCLAVlNZSUV5oB4Jj1kMAuhGJ_vU8e06BGzv2lkqapfZ7DaWpoDbc87wtxLDxC8Pb4atpOa6oUh6_ZCFGVgJYlHSqbD2vqI2tmVeNAAALwiILZTgmk7dx37CdcKcLH-Tmd7sOa26igi6gkqiir-2F-_5kvHCFmBWgoU0rWWiyD3c2CSI1zcHKiTI0eEIin7aBItjoLpp2tSWD5kB4s86oqh0VOwwghDiM5HHjrQFqdKs5AUb1VkRDxI_n-Uzvqo9QUOdW9vImSVJ22QpJbPJeN3TdqTsSU7FFwyZjImlXv723tKyLBWiFrG_foFGcupIjqc2dGbB4-zT3qw3idfOWZtWsm45NqtjExKkQv7OE2lGGqtnmEC16IAEXqRZWGaZ8Y4PfeuImahiEw5HdYqvwgDA6WFt2OIlSl1o0ePksBSSgLNOV1QzoWJUQsV3KLzwnkBNbuRFlj51gkPycm-hW8ZurjisiSNFD5ju9zJ-okaSPkqwj8FH0WUAFwS4ncgJn40pKKNRsW-luEl8xfSq7CbBroEsrU8EsuV-1tV-OTjqkm8kwTu0CECo95s1FYIh6-ZHiTrsNWtrpW1hYo2r8TTfIfjlxKdo4CHj66AsdDByTqHBn9-kvYZEBmmoL9vPEBZBNvjUAYXjbxtNWKqOcj8iyR1nMdNihoGdBH5QaOuWH2u1Vl2QWUoHvrn7U5rEZt3dh048bY7gCTv3kE6om6nAqBfEqJMHfRE8iXghmHNX4nDLBWBaB2HogpSjzYzUFG7iY2ByBik8OpNKxxKTEdtwPt1evZSe_jOViHbxEsfL2lnlN-K8pZDQW9XRYQdF3R70ovSO8AkWpwzpCFZb
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.andreafortuna.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Apr 2021 15:50:02 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
1.gif
p4-ellcwkfj73ndy-i7s2uv7rlgidq7fo-261923-i1-bogus-dnssec-vd.gexperiments2.com/dnssec/ Frame 8D7B 		35 B
410 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p4-ellcwkfj73ndy-i7s2uv7rlgidq7fo-261923-i1-bogus-dnssec-vd.gexperiments2.com/dnssec/1.gif
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::37 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://p4-ellcwkfj73ndy-i7s2uv7rlgidq7fo-if-v6exp3-v4.metric.gstatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Apr 2021 15:50:11 GMT
x-content-type-options
nosniff
last-modified
Thu, 03 Oct 2019 10:15:00 GMT
server
sffe
content-type
image/gif
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
1.gif
p4-ellcwkfj73ndy-i7s2uv7rlgidq7fo-261923-i2-bogus-dnssec-bd.gexperiments3.com/dnssec/ Frame 8D7B 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
p4-ellcwkfj73ndy-i7s2uv7rlgidq7fo-261923-i2-bogus-dnssec-bd.gexperiments3.com
URL
https://p4-ellcwkfj73ndy-i7s2uv7rlgidq7fo-261923-i2-bogus-dnssec-bd.gexperiments3.com/dnssec/1.gif

Verdicts & Comments Add Verdict or Comment

90 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| cnArgs object| jetpackLazyImagesL10n object| _stq function| st_go function| linktracker_init object| wpcom object| google_js_reporting_queue number| google_srt object| google_ad_modifications object| google_logging_queue object| ggeac boolean| google_measure_js_timing object| google_reactive_ads_global_state object| adsbygoogle boolean| _gfp_a_ object| google_sa_queue object| google_sl_win function| google_process_slots function| google_spfd number| google_unique_id object| google_sv_map function| Goog_AdSense_getAdAdapterInstance function| Goog_AdSense_OsdAdapter function| google_sa_impl object| google_persistent_state_async object| __google_ad_urls number| google_global_correlator number| __google_ad_urls_id object| googleToken object| googleIMState boolean| _gfp_p_ function| processGoogleToken object| google_prev_clients object| gaGlobal object| google_jobrunner object| ampInaboxIframes object| ampInaboxPendingMessages boolean| google_osd_loaded boolean| google_onload_fired function| Goog_Osd_UnloadAdBlock function| Goog_Osd_UpdateElementToMeasure function| google_osd_amcb number| google_lpabyc function| amazon_assoc_ir_f_call_associates_ads function| amazon_assoc_ir_f_call function| amzn_assoc_ad_spec_type object| amzn_assoc_ad_spec object| amzn_assoc_ad_async_spec object| adUnitDeliveryNetwork object| slotCounter function| cmManager object| amzn_assoc_cm boolean| amzn_assoc_enable_abs object| amzn_assoc_internal_params function| assocUtilsMaker object| amzn_assoc_utils object| nativeAdLayoutComputer object| amzn_assoc_ad object| blockedMarketPlacesJson object| blockedViewerCountriesJson function| amzn_assoc_jsonp_callback_adunit0_0 function| amzn_assoc_client_cb_0 object| amznAssocFallbackMode_0 object| amznAssocEstimatedPerformance_0 object| callbacks function| nativeAdFeedback object| amznassoccsm function| asinHandler function| trackingUtils function| nativeAdLoader function| nativeAd object| GoogleGcLKhOms object| google_image_requests

5 Cookies

Domain/Path Name / Value
.redintelligence.net/ Name: 8lcfmzhxc8d6_uid
Value: 28a727dad3ef3dd0
.doubleclick.net/ Name: IDE
Value: AHWqTUmy4QMKmDjBf2jSK3nqeLh2ROofQl7o9O_BITMhzvRJfn1Ykoa2dL77WANKWVw
.doubleclick.net/ Name: DSID
Value: NO_DATA
.andreafortuna.org/ Name: __gads
Value: ID=af5a32a356ce400b-22e7d77385a700f1:T=1618415400:RT=1618415400:S=ALNI_MbckBgu_T9w3r8kSH0o5LeJNiQl6A
.andreafortuna.org/ Name: __cfduid
Value: d7fdc52974b2179874eab20d4543901bf1618415399

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aax-us-east.amazon-adsystem.com
adservice.google.com
adservice.google.de
ag.innovid.com
c0.wp.com
cdn.contentspread.net
cm.g.doubleclick.net
cms.quantserve.com
d.agkn.com
e.dlx.addthis.com
googleads.g.doubleclick.net
googlecm.hit.gemius.pl
hal9000.redintelligence.net
hal900017.redintelligence.net
id.rlcdn.com
image6.pubmatic.com
odr.mookie1.com
p4-ellcwkfj73ndy-i7s2uv7rlgidq7fo-261923-i1-bogus-dnssec-vd.gexperiments2.com
p4-ellcwkfj73ndy-i7s2uv7rlgidq7fo-261923-i2-bogus-dnssec-bd.gexperiments3.com
p4-ellcwkfj73ndy-i7s2uv7rlgidq7fo-if-v6exp3-v4.metric.gstatic.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.everesttech.net
pixel.mathtag.com
pixel.rubiconproject.com
pixel.wp.com
rtb.openx.net
ssum-sec.casalemedia.com
stats.wp.com
tags.mathtag.com
tpc.googlesyndication.com
wms-na.amazon-adsystem.com
www.andreafortuna.org
www.awin1.com
www.google.com
www.googletagservices.com
z-na.amazon-adsystem.com
p4-ellcwkfj73ndy-i7s2uv7rlgidq7fo-261923-i2-bogus-dnssec-bd.gexperiments3.com
104.111.239.217
138.201.135.164
142.250.185.66
142.250.185.99
142.250.186.34
159.69.70.9
185.29.135.190
185.64.189.115
192.0.76.3
192.0.77.37
2.18.233.201
2.18.234.21
2001:4860:4802:32::37
217.182.200.19
2606:4700:3035::6815:5061
2620:116:800d:21:8c6e:cf2c:8d6:9fb5
2a00:1450:4001:801::2002
2a00:1450:4001:802::2002
2a00:1450:4001:803::2002
2a00:1450:4001:808::2001
2a00:1450:4001:808::2002
2a00:1450:4001:80f::2002
2a00:1450:4001:811::2002
2a00:1450:4001:813::2002
2a00:1450:4001:813::2004
2a00:1450:4001:82b::2002
2a05:d01c:1d8:8101:ac20:41f1:bf24:9b3
34.98.67.61
35.227.252.103
35.244.174.68
52.39.207.175
52.46.143.150
52.57.98.174
69.173.144.138
88.99.69.161
99.80.199.35
99.84.158.236
99.84.158.56
07bd948064ab3e555dfe5d77d13a68e78bdc34b49277ec894945b5997dff903f
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2
1506a76dcd6d608d22a2318266a6c9260639b5a5bb0729ec5df390784a708b28
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1cbf795228d8cb1c10bf096928d7e62bf69bcd8cd2458e4e536c8c6e76680370
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944
231064110361844d6320331a5c35979c2a492a546604d97181eb6cf7aa4ae1cd
28386ec55cba2024564d8347ddd9aa707ff853e58fde6ca86374a1ebdfa68987
29778a6252b89c79ad8a313692c3f4b8ff5e300c463858732f28da488dd2cc05
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
3d363721e733cd455560f59c74cffdb28148623c7c716a23403bd6b85696b4fa
4473c2e866897469ee5711853faf588f2fcec7b80fe8ee5d5896c43d071b4806
4568c17f79b7277b823f402bd9bb4e447f5d939acccbf34881bcd5bb7e878176
4634b94630896f1a23c5ce01f743d720847c5f4dd28fb549ed503cb2df4f8e87
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
51e78e904c795ed5b0154a9995d1ab0b7e3667f5aede719bda86ba38236c5989
52c2e5bee213c3596175350cf8632495df32f038efec0be7f83de92856d6862c
555e1d4f855fb9208dbfd8d02071c7379027ac30e6c537719187436465354ef8
5719cdd3acdb2b6a5b9ae0bee910fc88fbc0f297f83235c02865d78eeed48446
576008a57138bca272c65c8f4d5cc56141dc947ddf923ebb7094fc39a2cffc16
5b82801e70f767c4ee31e6207746b39b66645777a53a8266f2900bac06e2db73
5ef13c4cbe6218ca03fb2d616d902a58ca53ae886a99d05324d9449fb75a0ba7
5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f
6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc
69d435ce4b2fd0eb67edcc8e6f471eced90c210fec4725692a550b807742c00b
703eb26efb38355353185b3fb1be9bac0d61df64baf6e1fb0b11c602a5047dee
731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233
7469bb0c9cf9988f08f24ddadaa9c46a4b49028ed56a7a8a3446bea69401cd79
764fce4e57ffe5d57dfb1cb47ff3aed29cfb557d61c01c26499ae6d82870fd0d
7ac082b1f9460d1b3d1b07c0ad8c4ccbebce27d98b8d577b7450824073e1eeed
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
88264adf3d3193fb56c229f0b92e2a6096770eb76996d1fedc95f5bcb208ccda
8b6579aeee2888bb3a619d1d7704338f1fc48a3b33a497d89ee6a63df4d3ec7c
8dbb3fbf6b9f43e7b8910762718dbae04c9a3bf59d129f400985defe7447e0dd
9029d813eda865790abd819c49e8bc8d448084b179aeefa854b096eb11a04812
91de7b03c8f9831ca48cada97e9b57c595268d8a9e608847d8fb0462e08d1190
922f5b01ad677c26f7bc020ca83219159438eb8d82168073c56a7ebc752f948d
95f66b0fd918f7a6d36f22a9ac49210439d74085bf0fedd1dec6061918f20c1c
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a459521ca55dd14359675a6d33c8b203a766185238e3dcb74c8b0bc1882b4157
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5cb642ef22434a24612329870579fbb272cb9fa7475360035596ea56fb0431a
a6d17acdd7bbb4656efcea8895893d6f0bb3a01a9866513ffe0e84b7ef767f0a
abaa484421865309a7781e540844f1b5260ed131080f8dd9f083d8f18beea107
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b17a1dde76cbfa8f7e19a7121ecde1ad3d2cc9fca6bbd795042d3f484b53d2a3
b7fad29d18a5e615a81b33445cd2c99ce573a3ade22a0771e15e98fba0f5c73f
b9c6229e5ab24ed40ba66561cbe37a28149e54a9fb4bc11bcd2e84720580bab8
bd51928079945008cd6c6456888b0fb4da2c09565ed7fe9665ae4d8ca7b6c826
c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645
c66f73bafe42e4b9f740790484b7e010302898f17eb841f1a29829c5c255742f
c84f7f99e22a2d9e8afaadb5c6d7a6e0ef11e672ac4c49b35e288bc1a150564b
cff638e995d587699ee00246ce73d00428599c1f842bf63228698bf2e7f8532c
dc3eaff510b81f11089c9da59e3489c92c0cfb85363b403d1efd0d9e73a56904
dc51ed5137587b9033d06b65d9456d6d69dc52a4005cc51b2d23f85e69d4f8c8
e1b0066bc1972444c0a15e1778be06ed7bf36c55d597c065b5e79041bcda291e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e72a583c11cca50e892b65b03a32b8d9cbb5d7c075776b0fe053f30701ceecd9
e8b0d2ee262785fb4bfb4e4717d4e5cf7536e52f0821c091dc84f10b42e69df4
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f3b3197cb2f740d823672b73658fa3d64a97146359419293a79ace173b5e76e6
f3cdb75ee550e01cdc573411f6aea5eee14f5cee9a3f79f80da590a8d7e6404d