meterpreter.org Open in urlscan Pro
3.126.196.163 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://t.co/Gz6FIXReoN
Effective URL:
https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
Submission: On March 04 via api (March 4th 2021, 2:12:38 pm UTC) from US

Summary HTTP 360 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 64 IPs in 11 countries across 67 domains to perform 360 HTTP transactions. The main IP is 3.126.196.163, located in Frankfurt am Main, Germany and belongs to AMAZON-02, US. The main domain is meterpreter.org.
TLS certificate: Issued by R3 on January 16th 2021. Valid for: 3 months.

This is the only time meterpreter.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	104.244.42.69 104.244.42.69	13414 (TWITTER) (TWITTER)
82	3.126.196.163 3.126.196.163	16509 (AMAZON-02) (AMAZON-02)
15	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
3	2606:4700:303... 2606:4700:3030::ac43:ce7a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:827::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
46	142.250.186.34 142.250.186.34	15169 (GOOGLE) (GOOGLE)
1	2600:9000:214... 2600:9000:214f:3400:2:cb38:840:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6812:e234	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:803::2003	15169 (GOOGLE) (GOOGLE)
1 3	2a02:2638::1c 2a02:2638::1c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	178.250.2.146 178.250.2.146	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	185.64.189.112 185.64.189.112	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	136.144.59.88 136.144.59.88	54825 (PACKET) (PACKET)
3 6	185.33.220.242 185.33.220.242	29990 (ASN-APPNEX) (ASN-APPNEX)
1	184.31.84.150 184.31.84.150	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	213.19.147.210 213.19.147.210	3356 (LEVEL3) (LEVEL3)
1	178.250.2.131 178.250.2.131	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	216.52.2.39 216.52.2.39	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
1	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c00::9a	15169 (GOOGLE) (GOOGLE)
6 19	2a00:1450:400... 2a00:1450:4001:80e::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
19	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:800::2001	15169 (GOOGLE) (GOOGLE)
56	2a00:1450:400... 2a00:1450:4001:802::2001	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:811::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:829::200e	15169 (GOOGLE) (GOOGLE)
2	2a02:2638:1::3 2a02:2638:1::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	51.89.7.199 51.89.7.199	16276 (OVH) (OVH)
2	23.218.208.200 23.218.208.200	16625 (AKAMAI-AS) (AKAMAI-AS)
1	23.218.208.187 23.218.208.187	16625 (AKAMAI-AS) (AKAMAI-AS)
4 12	23.218.208.246 23.218.208.246	16625 (AKAMAI-AS) (AKAMAI-AS)
16	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
1	185.64.190.78 185.64.190.78	62713 (AS-PUBMATIC) (AS-PUBMATIC)
7 14	142.250.185.98 142.250.185.98	15169 (GOOGLE) (GOOGLE)
3 4	34.246.156.173 34.246.156.173	16509 (AMAZON-02) (AMAZON-02)
1 2	54.239.17.112 54.239.17.112	16509 (AMAZON-02) (AMAZON-02)
1 2	52.30.234.204 52.30.234.204	16509 (AMAZON-02) (AMAZON-02)
1 1	193.0.160.129 193.0.160.129	54312 (ROCKETFUEL) (ROCKETFUEL)
1	35.241.40.233 35.241.40.233	15169 (GOOGLE) (GOOGLE)
1 2	34.249.128.36 34.249.128.36	16509 (AMAZON-02) (AMAZON-02)
1	178.250.2.151 178.250.2.151	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	213.155.156.164 213.155.156.164	1299 (TELIANET ...) (TELIANET Telia Carrier)
2 2	52.49.193.31 52.49.193.31	16509 (AMAZON-02) (AMAZON-02)
1 21	185.64.190.80 185.64.190.80	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	85.114.159.93 85.114.159.93	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1 1	94.23.73.243 94.23.73.243	16276 (OVH) (OVH)
3 3	213.19.147.151 213.19.147.151	26120 (RHYTHMONE) (RHYTHMONE)
1	173.231.180.197 173.231.180.197	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
1 2	2606:4700::68... 2606:4700::6812:d05	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	198.148.27.140 198.148.27.140	19189 (PULSEPOINT) (PULSEPOINT)
1 2	199.232.137.44 199.232.137.44	54113 (FASTLY) (FASTLY)
2 2	18.185.192.106 18.185.192.106	16509 (AMAZON-02) (AMAZON-02)
1 2	35.227.248.159 35.227.248.159	15169 (GOOGLE) (GOOGLE)
1	2606:4700:10:... 2606:4700:10::6816:1957	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	77.243.60.138 77.243.60.138	42697 (NETIC-AS) (NETIC-AS)
1 2	35.201.96.126 35.201.96.126	15169 (GOOGLE) (GOOGLE)
1	159.253.128.188 159.253.128.188	36351 (SOFTLAYER) (SOFTLAYER)
2 2	37.157.2.237 37.157.2.237	198622 (ADFORM) (ADFORM)
1 1	185.29.133.58 185.29.133.58	30419 (MEDIAMATH...) (MEDIAMATH-INC)
2 2	18.156.0.31 18.156.0.31	16509 (AMAZON-02) (AMAZON-02)
2	185.64.189.114 185.64.189.114	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	2a00:1288:110... 2a00:1288:110:c305::8000	34010 (YAHOO-IRD) (YAHOO-IRD)
1 1	2001:678:cb4:... 2001:678:cb4:bbbb::11	56396 (TURN) (TURN)
3 3	52.58.182.33 52.58.182.33	16509 (AMAZON-02) (AMAZON-02)
2 2	52.17.151.21 52.17.151.21	16509 (AMAZON-02) (AMAZON-02)
1 1	2620:116:800d... 2620:116:800d:21:36a9:ecb:e518:b308	16509 (AMAZON-02) (AMAZON-02)
2 2	151.101.14.49 151.101.14.49	54113 (FASTLY) (FASTLY)
1 1	66.155.71.150 66.155.71.150	13768 (COGECO-PEER1) (COGECO-PEER1)
1	2a02:fa8:8806... 2a02:fa8:8806:12::1400	41041 (VCLK-EU-SE) (VCLK-EU-SE)
1 1	159.65.197.210 159.65.197.210	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1 1	34.98.107.212 34.98.107.212	15169 (GOOGLE) (GOOGLE)
1 1	34.250.193.151 34.250.193.151	16509 (AMAZON-02) (AMAZON-02)
7	3.127.76.126 3.127.76.126	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4009:80d::2003	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
2	172.217.18.98 172.217.18.98	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:801::2006	15169 (GOOGLE) (GOOGLE)
2 2	184.31.91.75 184.31.91.75	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2 2	35.227.252.103 35.227.252.103	15169 (GOOGLE) (GOOGLE)
2 2	64.202.112.63 64.202.112.63	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
1 1	80.64.106.148 80.64.106.148	20764 (RASCOM-AS...) (RASCOM-AS CJSC RASCOM ISP)
1	52.17.188.230 52.17.188.230	16509 (AMAZON-02) (AMAZON-02)
2 2	18.185.200.55 18.185.200.55	16509 (AMAZON-02) (AMAZON-02)
360	64

1 104.244.42.69 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

82 3.126.196.163 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com

meterpreter.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:3030::ac43:ce7a (United States)

ASN13335 (CLOUDFLARENET, US)

go.ezodn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ezodn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
g.ezodn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

46 142.250.186.34 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:214f:3400:2:cb38:840:93a1 (United States)

ASN16509 (AMAZON-02, US)

go.ezoic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:e234 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:2638::1c (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.2.146 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 136.144.59.88 (Secaucus, United States)

ASN54825 (PACKET, US)

prebid.a-mo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 185.33.220.242 (Amsterdam, Netherlands) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 724.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.31.84.150 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a184-31-84-150.deploy.static.akamaitechnologies.com

htlb.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.19.147.210 (United Kingdom)

ASN3356 (LEVEL3, US)

tag.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.2.131 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: bidder.am5.vip.prod.criteo.com

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.52.2.39 (United States)

ASN29791 (VOXEL-DOT-NET, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2a00:1450:4001:80e::2004 (Frankfurt am Main, Germany) 6 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.cz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:800::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

56 2a00:1450:4001:802::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:811::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cse.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

clients1.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:1::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.89.7.199 (London, United Kingdom)

ASN16276 (OVH, FR)

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.218.208.200 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-218-208-200.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.218.208.187 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-218-208-187.deploy.static.akamaitechnologies.com

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 23.218.208.246 (Frankfurt am Main, Germany) 4 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-218-208-246.deploy.static.akamaitechnologies.com

js-sec.indexww.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.cz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.190.78 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 142.250.185.98 (United States) 7 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.246.156.173 (Dublin, Ireland) 3 redirects

ASN16509 (AMAZON-02, US)

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.239.17.112 (Ashburn, United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.30.234.204 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.0.160.129 (United States) 1 redirects

ASN54312 (ROCKETFUEL, US)

p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.40.233 (Kansas City, United States)

ASN15169 (GOOGLE, US)

dmp.brand-display.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.249.128.36 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.2.151 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.155.156.164 (Sweden)

ASN1299 (TELIANET Telia Carrier, SE)
PTR: 213-155-156-164.teliacarrier-cust.com

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.49.193.31 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 185.64.190.80 (United Kingdom) 1 redirects

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.159.93 (Germany) 1 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 94.23.73.243 (Lisbon, Portugal) 1 redirects

ASN16276 (OVH, FR)

green.erne.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 213.19.147.151 (United Kingdom) 3 redirects

ASN26120 (RHYTHMONE, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 173.231.180.197 (United States)

ASN29791 (VOXEL-DOT-NET, US)

cm.adgrx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:d05 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.148.27.140 (New York, United States) 1 redirects

ASN19189 (PULSEPOINT, US)

bh.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 199.232.137.44 (Frankfurt am Main, Germany) 1 redirects

ASN54113 (FASTLY, US)

trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
match.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.185.192.106 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.227.248.159 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:1957 (United States)

ASN13335 (CLOUDFLARENET, US)

mwzeom.zeotap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 77.243.60.138 (Aalborg, Denmark) 1 redirects

ASN42697 (NETIC-AS, DK)

uipglob.semasio.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.201.96.126 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)

visitor.fiftyt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 159.253.128.188 (Amsterdam, Netherlands)

ASN36351 (SOFTLAYER, US)
PTR: bc.80.fd9f.ip4.static.sl-reverse.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.2.237 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.133.58 (United Kingdom) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.156.0.31 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.189.114 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
simage4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:110:c305::8000 (United Kingdom)

ASN34010 (YAHOO-IRD, GB)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:678:cb4:bbbb::11 (United Kingdom) 1 redirects

ASN56396 (TURN, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.58.182.33 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.17.151.21 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)

ads.avct.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:36a9:ecb:e518:b308 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.14.49 (Frankfurt am Main, Germany) 2 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.155.71.150 (Portsmouth, United Kingdom) 1 redirects

ASN13768 (COGECO-PEER1, CA)

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:12::1400 (United States)

ASN41041 (VCLK-EU-SE, US)

pubmatic-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 159.65.197.210 (Amsterdam, Netherlands) 1 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

match.adsby.bidtheatre.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.107.212 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)

ads.playground.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.250.193.151 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

rtb.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 3.127.76.126 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)

g.ezoic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4009:80d::2003 (United States)

ASN15169 (GOOGLE, US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.18.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s42-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:801::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 184.31.91.75 (Frankfurt am Main, Germany) 2 redirects

ASN20940 (AKAMAI-ASN1, NL)
PTR: a184-31-91-75.deploy.static.akamaitechnologies.com

tracking.m6r.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.227.252.103 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 64.202.112.63 (United States) 2 redirects

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 80.64.106.148 (Russian Federation) 1 redirects

ASN20764 (RASCOM-AS CJSC RASCOM ISP, RU)

google-sync.rutarget.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.17.188.230 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

ads.yieldmo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.185.200.55 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-185-200-55.eu-central-1.compute.amazonaws.com

match.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
82	meterpreter.org meterpreter.org	644 KB
70	doubleclick.net 7 redirects securepubads.g.doubleclick.net stats.g.doubleclick.net cm.g.doubleclick.net googleads.g.doubleclick.net googleads4.g.doubleclick.net	243 KB
50	googlesyndication.com 03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com	607 KB
37	google.com 6 redirects adservice.google.com www.google.com cse.google.com clients1.google.com	172 KB
27	pubmatic.com 1 redirects hbopenbid.pubmatic.com ads.pubmatic.com image6.pubmatic.com image2.pubmatic.com simage2.pubmatic.com image4.pubmatic.com simage4.pubmatic.com	49 KB
25	ampproject.org cdn.ampproject.org	488 KB
14	google.cz adservice.google.cz	3 KB
11	casalemedia.com 4 redirects htlb.casalemedia.com ssum-sec.casalemedia.com dsum-sec.casalemedia.com	11 KB
8	ezoic.net go.ezoic.net g.ezoic.net	2 KB
7	adnxs.com 3 redirects ib.adnxs.com acdn.adnxs.com secure.adnxs.com	22 KB
7	criteo.com 1 redirects gum.criteo.com mug.criteo.com bidder.criteo.com dis.criteo.com	2 KB
4	adsrvr.org 3 redirects match.adsrvr.org	2 KB
4	gstatic.com fonts.gstatic.com csi.gstatic.com	41 KB
3	googletagservices.com www.googletagservices.com	95 KB
3	bidswitch.net 3 redirects x.bidswitch.net	1 KB
3	yahoo.com 2 redirects ups.analytics.yahoo.com pr-bh.ybp.yahoo.com	2 KB
3	1rx.io 2 redirects tag.1rx.io sync.1rx.io	2 KB
3	ezodn.com go.ezodn.com ezodn.com g.ezodn.com	169 KB
2	360yield.com 2 redirects match.360yield.com	788 B
2	zemanta.com 2 redirects b1sync.zemanta.com	1 KB
2	openx.net 2 redirects rtb.openx.net	761 B
2	m6r.eu 2 redirects tracking.m6r.eu	1 KB
2	2mdn.net s0.2mdn.net	55 KB
2	everesttech.net 2 redirects sync-tm.everesttech.net	725 B
2	avct.cloud 2 redirects ads.avct.cloud	894 B
2	adform.net 2 redirects c1.adform.net	821 B
2	fiftyt.com 1 redirects visitor.fiftyt.com	909 B
2	semasio.net 1 redirects uipglob.semasio.net	1 KB
2	tapad.com 1 redirects pixel.tapad.com	616 B
2	w55c.net 2 redirects pm.w55c.net	2 KB
2	taboola.com 1 redirects trc.taboola.com match.taboola.com	583 B
2	tribalfusion.com 1 redirects a.tribalfusion.com s.tribalfusion.com	1 KB
2	bidr.io 2 redirects match.prod.bidr.io	1 KB
2	demdex.net 1 redirects dpm.demdex.net	2 KB
2	crwdcntrl.net 1 redirects bcp.crwdcntrl.net	976 B
2	amazon-adsystem.com 1 redirects s.amazon-adsystem.com	1 KB
2	indexww.com js-sec.indexww.com	2 KB
2	criteo.net static.criteo.net	51 KB
2	google-analytics.com www.google-analytics.com	19 KB
1	yieldmo.com ads.yieldmo.com	35 B
1	rutarget.ru 1 redirects google-sync.rutarget.ru	579 B
1	gumgum.com 1 redirects rtb.gumgum.com	335 B
1	playground.xyz 1 redirects ads.playground.xyz	485 B
1	bidtheatre.com 1 redirects match.adsby.bidtheatre.com	550 B
1	dotomi.com pubmatic-match.dotomi.com	104 B
1	sitescout.com 1 redirects pixel-sync.sitescout.com	337 B
1	quantserve.com 1 redirects pixel.quantserve.com	542 B
1	turn.com 1 redirects ad.turn.com	518 B
1	mathtag.com 1 redirects sync.mathtag.com	680 B
1	simpli.fi um.simpli.fi	609 B
1	zeotap.com mwzeom.zeotap.com	596 B
1	contextweb.com 1 redirects bh.contextweb.com	461 B
1	adgrx.com cm.adgrx.com	408 B
1	unrulymedia.com 1 redirects sync.targeting.unrulymedia.com	650 B
1	erne.co 1 redirects green.erne.co	324 B
1	adition.com 1 redirects dsp.adfarm1.adition.com	501 B
1	de17a.com d5p.de17a.com	134 B
1	brand-display.com dmp.brand-display.com	253 B
1	rfihub.com 1 redirects p.rfihub.com	741 B
1	id5-sync.com id5-sync.com	927 B
1	google.de www.google.de	107 B
1	lijit.com ap.lijit.com	759 B
1	a-mo.net prebid.a-mo.net	762 B
1	onesignal.com cdn.onesignal.com	3 KB
1	googleapis.com fonts.googleapis.com	843 B
1	googletagmanager.com www.googletagmanager.com	39 KB
1	t.co t.co	535 B
360	67

	Domain	Requested by
82	meterpreter.org	t.co meterpreter.org
46	securepubads.g.doubleclick.net	meterpreter.org securepubads.g.doubleclick.net t.co
31	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com meterpreter.org cdn.ampproject.org t.co 03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com googleads.g.doubleclick.net
25	cdn.ampproject.org	securepubads.g.doubleclick.net
19	www.google.com	6 redirects meterpreter.org www.google.com 03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com t.co
16	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com t.co googleads.g.doubleclick.net 03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com
15	adservice.google.com	meterpreter.org securepubads.g.doubleclick.net
14	simage2.pubmatic.com	1 redirects image6.pubmatic.com ads.pubmatic.com
14	cm.g.doubleclick.net	7 redirects googleads.g.doubleclick.net 03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com
14	adservice.google.cz	securepubads.g.doubleclick.net
7	googleads.g.doubleclick.net	meterpreter.org t.co
7	g.ezoic.net	meterpreter.org
7	image2.pubmatic.com	image6.pubmatic.com ads.pubmatic.com
7	dsum-sec.casalemedia.com	3 redirects ssum-sec.casalemedia.com googleads.g.doubleclick.net
5	ib.adnxs.com	2 redirects go.ezodn.com acdn.adnxs.com
4	match.adsrvr.org	3 redirects ssum-sec.casalemedia.com
3	www.googletagservices.com	securepubads.g.doubleclick.net 03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com t.co
3	x.bidswitch.net	3 redirects
3	ssum-sec.casalemedia.com	1 redirects js-sec.indexww.com ssum-sec.casalemedia.com
3	03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
3	gum.criteo.com	1 redirects static.criteo.net
3	fonts.gstatic.com	fonts.googleapis.com
2	match.360yield.com	2 redirects
2	b1sync.zemanta.com	2 redirects
2	rtb.openx.net	2 redirects
2	tracking.m6r.eu	2 redirects
2	s0.2mdn.net	03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com
2	googleads4.g.doubleclick.net	googleads.g.doubleclick.net
2	sync-tm.everesttech.net	2 redirects
2	ads.avct.cloud	2 redirects
2	ups.analytics.yahoo.com	2 redirects
2	c1.adform.net	2 redirects
2	visitor.fiftyt.com	1 redirects ads.pubmatic.com
2	uipglob.semasio.net	1 redirects ads.pubmatic.com
2	pixel.tapad.com	1 redirects image6.pubmatic.com
2	pm.w55c.net	2 redirects
2	sync.1rx.io	2 redirects
2	match.prod.bidr.io	2 redirects
2	dpm.demdex.net	1 redirects ssum-sec.casalemedia.com
2	bcp.crwdcntrl.net	1 redirects ssum-sec.casalemedia.com
2	s.amazon-adsystem.com	1 redirects ssum-sec.casalemedia.com
2	js-sec.indexww.com	go.ezodn.com ssum-sec.casalemedia.com
2	ads.pubmatic.com	go.ezodn.com ads.pubmatic.com
2	static.criteo.net	go.ezodn.com static.criteo.net
2	cse.google.com	meterpreter.org www.google.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	mug.criteo.com	meterpreter.org
1	ads.yieldmo.com	03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com
1	google-sync.rutarget.ru	1 redirects
1	simage4.pubmatic.com	ads.pubmatic.com
1	csi.gstatic.com	cdn.ampproject.org
1	rtb.gumgum.com	1 redirects
1	secure.adnxs.com	1 redirects
1	ads.playground.xyz	1 redirects
1	match.adsby.bidtheatre.com	1 redirects
1	pubmatic-match.dotomi.com	ads.pubmatic.com
1	pixel-sync.sitescout.com	1 redirects
1	pixel.quantserve.com	1 redirects
1	ad.turn.com	1 redirects
1	pr-bh.ybp.yahoo.com	ads.pubmatic.com
1	image4.pubmatic.com	ads.pubmatic.com
1	sync.mathtag.com	1 redirects
1	um.simpli.fi	ads.pubmatic.com
1	mwzeom.zeotap.com	ads.pubmatic.com
1	match.taboola.com	image6.pubmatic.com
1	trc.taboola.com	1 redirects
1	bh.contextweb.com	1 redirects
1	s.tribalfusion.com	image6.pubmatic.com
1	a.tribalfusion.com	1 redirects
1	cm.adgrx.com	image6.pubmatic.com
1	sync.targeting.unrulymedia.com	1 redirects
1	green.erne.co	1 redirects
1	dsp.adfarm1.adition.com	1 redirects
1	d5p.de17a.com	image6.pubmatic.com
1	dis.criteo.com	image6.pubmatic.com
1	dmp.brand-display.com	ssum-sec.casalemedia.com
1	p.rfihub.com	1 redirects
1	image6.pubmatic.com	ads.pubmatic.com
1	acdn.adnxs.com	go.ezodn.com
1	id5-sync.com	go.ezodn.com
1	clients1.google.com	meterpreter.org
1	g.ezodn.com	ezodn.com
1	www.google.de	meterpreter.org
1	stats.g.doubleclick.net	www.google-analytics.com
1	ap.lijit.com	go.ezodn.com
1	bidder.criteo.com	go.ezodn.com
1	tag.1rx.io	go.ezodn.com
1	htlb.casalemedia.com	go.ezodn.com
1	prebid.a-mo.net	go.ezodn.com
1	hbopenbid.pubmatic.com	go.ezodn.com
1	ezodn.com	meterpreter.org
1	cdn.onesignal.com	meterpreter.org
1	go.ezoic.net	meterpreter.org
1	fonts.googleapis.com	meterpreter.org
1	www.googletagmanager.com	meterpreter.org
1	go.ezodn.com	meterpreter.org
1	t.co
360	97

This site contains links to these domains. Also see Links.

Domain
chromereleases.googleblog.com
www.facebook.com
twitter.com
www.youtube.com
www.ezoic.com
g.ezoic.net

Subject Issuer	Validity	Valid
t.co DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
meterpreter.org R3	`2021-01-16` - `2021-04-16`	3 months	crt.sh
*.google.com GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-05` - `2021-08-05`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2021-02-17` - `2021-05-12`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2021-02-17` - `2021-05-12`	3 months	crt.sh
*.ezoic.net Amazon	`2021-02-15` - `2022-03-16`	a year	crt.sh
*.gstatic.com GTS CA 1O1	`2021-02-17` - `2021-05-12`	3 months	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-01-30` - `2021-04-28`	3 months	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2020-12-07` - `2021-12-14`	a year	crt.sh
*.a-mo.net R3	`2021-01-11` - `2021-04-11`	3 months	crt.sh
*.adnxs.com DigiCert ECC Secure Server CA	`2019-01-23` - `2021-03-08`	2 years	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2020-03-02` - `2021-04-01`	a year	crt.sh
*.1rx.io Sectigo RSA Domain Validation Secure Server CA	`2019-06-28` - `2021-06-27`	2 years	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2020-03-11` - `2021-05-10`	a year	crt.sh
www.google.com GTS CA 1O1	`2021-02-17` - `2021-05-12`	3 months	crt.sh
www.google.de GTS CA 1O1	`2021-02-17` - `2021-05-12`	3 months	crt.sh
*.google.cz GTS CA 1O1	`2021-02-17` - `2021-05-12`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-01-30` - `2021-04-28`	3 months	crt.sh
*.id5-sync.com R3	`2020-12-26` - `2021-03-26`	3 months	crt.sh
cdn.adnxs.com GeoTrust RSA CA 2018	`2020-01-02` - `2021-04-02`	a year	crt.sh
*.adsrvr.org Trustwave Organization Validation SHA256 CA, Level 1	`2019-03-07` - `2021-04-19`	2 years	crt.sh
s.amazon-adsystem.com Amazon	`2020-08-28` - `2021-08-20`	a year	crt.sh
*.crwdcntrl.net Go Daddy Secure Certificate Authority - G2	`2019-06-13` - `2021-06-28`	2 years	crt.sh
*.brand-display.com GeoTrust RSA CA 2018	`2020-06-24` - `2022-06-24`	2 years	crt.sh
*.demdex.net DigiCert TLS RSA SHA256 2020 CA1	`2020-12-02` - `2022-01-02`	a year	crt.sh
*.de17a.com Sectigo ECC Domain Validation Secure Server CA	`2020-11-25` - `2021-12-25`	a year	crt.sh
public1.adgear.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-24` - `2022-03-26`	a year	crt.sh
*.taboola.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-25` - `2021-12-26`	a year	crt.sh
*.tapad.com DigiCert SHA2 Secure Server CA	`2020-10-05` - `2021-11-06`	a year	crt.sh
*.semasio.net Sectigo ECC Domain Validation Secure Server CA	`2020-03-09` - `2021-03-27`	a year	crt.sh
visitor.fiftyt.com GTS CA 1D2	`2021-02-07` - `2021-05-08`	3 months	crt.sh
*.simpli.fi DigiCert SHA2 Secure Server CA	`2019-09-18` - `2021-12-12`	2 years	crt.sh
*.ybp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2020-10-30` - `2021-04-27`	6 months	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2019-06-19` - `2021-08-31`	2 years	crt.sh
misc-sni.google.com GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
ezoic.net R3	`2021-01-23` - `2021-04-23`	3 months	crt.sh
*.doubleclick.net GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
*.yieldmo.com Amazon	`2020-06-23` - `2021-07-23`	a year	crt.sh

This page contains 31 frames:

Primary Page: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
Frame ID: DF5544319EC318685E969A022653C133
Requests: 199 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html
Frame ID: 04D2AA941E381CE56B79A09DCE60DA30
Requests: 2 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?topUrl=meterpreter.org
Frame ID: 2464FD63A6C25E196F93FED6918C472D
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: B4986041C0981BD1BA5859E5886E366B
Requests: 25 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: FD6DFCF0369F565CB15972A4159D05A1
Requests: 3 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 89E6D7A06F3212702A8676266D24DC1E
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?d=https://meterpreter.org/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Frame ID: 671568AE36F8B9A66DF095AA7C7BF903
Requests: 10 HTTP requests in this frame

Frame: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Frame ID: DD1F1B42915DD367FAB79ADFADAF51EC
Requests: 1 HTTP requests in this frame

Frame: https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
Frame ID: B275871ADAC7C546E549098799780264
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAJgIk7AgdYAABFiiBf9Vw
Frame ID: 61F04F3B4FF1ECF8E1DB4EF36BC8D5B9
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6935801570892707979
Frame ID: E90388CFE800ADCF144DCB382A0D7309
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=ysWrmRt1G1GsbhIh46x7WalU
Frame ID: D072BE3EF158795E74AFFC41B75EB208
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-77fbafd5-1403-43dd-acd8-bfa9ffc90062-003
Frame ID: 213F8104FF4FD904F3DD7646EA280BAE
Requests: 1 HTTP requests in this frame

Frame: https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
Frame ID: 34F84AA30C9B5E7926ABA1D4703BD070
Requests: 1 HTTP requests in this frame

Frame: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Frame ID: 4BC1BA841F2E88BEB033390CF539EF94
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMxOSZ0bD0xMjk2MDA=&ev=1&ev=1&piggybackCookie=xXvPgLIPo2uL&pid=557219
Frame ID: 162EF61DB1D01F6083C607F24EA42711
Requests: 1 HTTP requests in this frame

Frame: https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=cee80d4e-025b-4491-886b-480cc1ecaa2e-tuct73a7048&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Frame ID: C6C46CDC655575C3D15AF511FF4C69A7
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:wmYFkSWx1LhOIg5&gdpr=0&gdpr_consent=
Frame ID: F47423C28D5532F2E3A03938071BCCE8
Requests: 1 HTTP requests in this frame

Frame: https://pixel.tapad.com/idsync/ex/receive/check?partner_id=PUBMATIC_RTB
Frame ID: 180CE80844B380D4EF354B521D9DB59C
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs
Frame ID: 0661463E47247A331FDBD08C48DF7105
Requests: 13 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs
Frame ID: 82DCD1497232F7B7E780754B46182653
Requests: 17 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs
Frame ID: 4A1473EF20CBA8AB6B747CF644474A58
Requests: 14 HTTP requests in this frame

Frame: https://03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Frame ID: C63A9F4E499F52612127D973ACDF0D16
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4703873448072277699/336x280/336x280.html
Frame ID: 7D47424842E7061EE1D71F3B824CA248
Requests: 6 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs
Frame ID: 4C850513E3D6AA87DC06FC2E938212E2
Requests: 13 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs
Frame ID: C5D705950EE1186C37911F61F1F3B929
Requests: 13 HTTP requests in this frame

Frame: https://03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Frame ID: F3337315E7C46CFD150AEC577E40CCC7
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPjl5QIQzM6ziAIYhKCAmgEwAQ&v=APEucNUn7Wm-UkCK7jIKOTHq5sYnQ6dWbEl-xwr7Arp9uUFV6biJ3_f5yJtQynJLb5IhS5Bg7DOvPYYZ84jv-5s0i8yc0ZU1AUdmNrkTKwGLW5k7TZ1WMcRmtojrJ4os3wU6dqO7D90DWqo5YxLimXFrRIWBXxeUyBx0599s_Hl8XitkHFUSogeS7jxq2C0PBN6LKy7wdKXq_tldIWEBe9i2oD5_NR8wo4yx9XlK8IFinNLwS60Fggc
Frame ID: DB804C887E05727E9B4D844A5E1C36CA
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D0AwB-kNbetvEcvZoGQbiz2YPT-kstgP4n6nYj2ZZxRylEmyJGKiLE3LHM9gRSwerD7hx40Pwm11sEO1DDlBT-EVsaW7FoYWIMwWzG_ZToPrTpJRUXZ5ZwqS3dVVNoFMkYe9hJ-6euaqN_wxXAMnS2VThbYw&dbm_d=AKAmf-D79rb2AUElPKh6ruyp3lvoeYVmIp_oI99Tkl3GAV2nUX0tTfp_bddH6URBtgPpZU-tXyCOx80u9xiq5Sl4TZRBdViB53qSz4nfCTRwwpkGZwg30EpV9Jm4tcqMwr40PZjI08txRLJIQG9jPO3X4guAH4pm1gOV9X36RNZ9acIpiX1rEf66SxHGSQhmw39rGblkMLr5FNd9bafTMFqZBOud6MVC-ouRvf4O2A6bNeBVHfW3ZtJv98loP4V1O1FlkKuDoMzV-EztHTqHTSHIdDo6GXOvaM42Qfhf-8BD5URRVfB0NhLPbT-F2jufsiLEgtwLLe1reiJFnaV8yqKqYU7re_FLO3KYovWcfdWtoxDwhZS9wjqNWJm3usbILwFq7jgFAniszhJBs3HfXZdi8s1QzFO9jSmtmGJMZGzsO5mgybFiLeED_Gqcz5RSYQN5Z8-H4eI2ieD_AWz0IlbptIBk_p2pQ8ElkJ3KBrUuKHqt1tCgWevOK5klrE1aax6gjTJjG9HdqiKftR5RwpbDfubw8l5MESDzmkefDos-0G-8Sp2VctwtBeTaLzTGcY2IejZGNMW9BKpzbE43HCri2ET0fWhsD4FR7wXM18Xzub0NjVLfoA2W4ScsqqaNwELohSALgOJDgn9adlBU9qWpEI5jWvZ9Cb-5IKRR6jWx2dTYnZ69KpJgWTXAO6UB4kKW8mA0UsgnKJi3d3GC_yxgSTcY97G2l1C8Nt_xgA7ZPwvqrL6-uSTne4Bg0_nLx7wih38FtX8fhkC-NA0eWsMfOT8HIf3yB15olZ6qRr6uEeZdajr1kq29seMVNswCNtGYr4jGaNFUHRrRwJAQw9uq6i_WQGQzOwByB2MDxJC2wO0KT49JanO0BisMd7O6Tk_763VUlBnMqKnzutTmGNfngybV9J5DhcDaiuZYCiGqUElyG7Y7Nz8CNVNfn3mMtCoZCVjhwPYBMZfMEAOlNmw1E_K-3x1HATavBZ1jCv6XTd2GCqoWNwaeS7vVX7kD6UqSCoovE205Nm_oyjDxOkVcIKf4KArXPu-mIAOYCkIqL-9vPLUYiM7TgD1DcniCnKL8G8KVuqoa45_RBy91LQFuTFl27epC_SjUEgAW7ViIsZJH8Pw1lkT7BRFz8FoX3cgD1ZpeminTlBK3lePrxhqBeQBb_KGzMYcVcZ9kSQGYQKxK5Oc-GWOBUFauOmmO2OF869DMuo1V_5yNIcmk9twnfMl67kQ4aituFIM5frVArmAyKr9syoJSTAwjMM9hSwXIswCaR3rMQtdYoXk6BLEYKThj8XtS1iSXs3FDfOyNbWHQUonzasBQaonUg9dJklQMcjcwPSZBmXY2MxfZV3WTXbPBKPuiIdKWuerorYNC47u0D1YFvCbuczL0eqS4SgFY_uetzyWxjW_7DPbujVTi56X0rwl3ANXDm3FM3cyk2YlGAo4ePck-nUa9JBznmAEIfgyoAKwQp3QDyGO3dMH80BGzZZ6XFgwBaBDopmAWVxnFiXoyKRIBu7WOUGp4w7uzsujM8kYq98Jph4hrbXTdWxOf7mKKoH1Nu9pwomC_SHbuohsd1uVYYTZ7ZPf1qBkFSZU2EA53Lv3WT2G5LxeknGVJtOaxMEz_3_MQW8GXlSeUR5Tw8QnVDMnPu1w5PJ3QdNKXJy0KE0fiZAHoRzoN4145Wgyv0Z0XU1fOG5r_6TJ91s3lsRMNyh_eCf5azMtNemwSC4bXLGpwVeDNhcfvd7865QyKhExpC-_xV9gOZhA9lH8SczjNDFLB4nv28WRCUrplVsLVa-9Py6Wa472d0xbitoGIVeg984oUYu7Vg-fmkPPu3yubpiaKtfAVrtdEpGEQ1IvyoQ5cP8wx82NUQ6ryylzLoBqWlTSvHVHk508lfjfVAHgxbcFSEST0aZz4fwxKHqA2BMTKiAvtePs0cni3EVcxwbd0BZ3LSSud8O_cWHaj93oEHjozNu8Ks1GTSCtGiftbo5IbvZE4Kc3Un6hludP9YWV9Guy5gnGtyt0sPBub1YuaFs2Iwxg_UWBJcGXl9curO4c8fquVxP2EX-wgEqwiS8Y2IhsdxbTJ7gksK-krX7dL29TSBMGgePwcA2kqhLwdwJzw1KsOpzrQsYUgZMSu5YvTMCXfkgZivnQ2SBWgf6LCHNl-yZ81ZvLBedkD9tk7UgiFav-D7WoYFB5t-usbXo0PZtxbvbgn3clO5p6aqY8mLJCTvhCDqiVpKj8FnVmQ-PCcSsymSYDgtqaNdezoO9rZ_MMdW8rvsFOCi2bJXLvEw6ETGJhvM7VB4XUcOHje7hBFK1LVeBdHyDopfx820CB-QNp01omvoCtia27eTd5aawfqWgTG8xjzmAzZACZfNECO_o6E2yzd_cf5DDJeCteXEnNt6pW1svoid8zbO0JvDr9xde3Xax0jV14v-HhLhht7eHbGpPZfHEPLSzFBgJfZeliVybY3OkAO_rNQcV8rHYoGWgbmzV8IWxA9fX_9Tlmxp9bESPYlVhEz-vuECteSRwtXnHmEp9SeqFBVLSZ-gwdRQWNkxWT8Xc2davT8UZrZJyDvPPLcCgGm74dEMdDYRy-R4rR4ezsF8fVo5JK_Z9kMihgu__qcmyP4O_zqymYAinl7lzp7nm4povnLoQssL2I9s9Gnl4AwCZJsKqYkD6ZDYJQNA7jBB6xIl1c-04uUHGXbOuiyxj6GZlONBZGEfQ1dX5G6RjGvOT41gZvbalc2Dm8-txaw8Ghe2v639al91WXEFkIxyjNthKmsSDN8yTUCmzZFzPZ_bMzwidUc5UisLoBfVz9UOgUXxRNQKOe7METonDvW5lZuwzGvdiyoiHhKRX-oivLVCOfL6q1zmTXrFXfys8hR-XEH6QxOxngW0eEh0qYYtnADJpXtaRiSgrmpOLQlTsHWWIwbp-_9XGVCevfwFXOR7Wm3zAeEJEvOsg5GuokrDDD6TTLa2S_XKHpqV-CJA9BMrCdej0zWf1OsjunG8_h4z0gVGItJ-8mL_YNWxJzJ05GO_S6ienkuwOcs-hcnxH1ZL1yHUlk&cid=CAASEuRoclr6OwOTLIRQ49xiv-Qa0Q&rfl=2%2Chttps%253A%252F%252Fmeterpreter.org%252F%240
Frame ID: 95946EB7ADE70A5B8FC7DB0509BAAB62
Requests: 14 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: C6D7528A6ECAA9B0608A5EE0521C75FD
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: C72607B2DD4FEDEC85612C7E15434D54
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://t.co/Gz6FIXReoN Page URL
https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/ Page URL

Detected technologies

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

360
Requests

100 %
HTTPS

34 %
IPv6

67
Domains

97
Subdomains

64
IPs

11
Countries

2720 kB
Transfer

6590 kB
Size

22
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
Title: released

Search URL Search Domain Scan URL

URL: https://www.facebook.com/haking.cracking.tutorial/

Search URL Search Domain Scan URL

URL: https://twitter.com/the_yellow_fall

Search URL Search Domain Scan URL

URL: https://www.youtube.com/c/penetrationtestingwithddos

Search URL Search Domain Scan URL

URL: https://www.ezoic.com/what-is-ezoic/

Search URL Search Domain Scan URL

URL: https://g.ezoic.net/privacy/meterpreter.org
Title: Privacy Policy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://t.co/Gz6FIXReoN Page URL
https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 39

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fmeterpreter.org%2F&domain=meterpreter.org&cw=1 HTTP 302
https://mug.criteo.com/sid?cpp=Rz8Ld3w0VVJPOWF0QzcyWktwMS9yYzdlY3FleENSdDNIbWNsS0l3MUNERXJLMU10QW5IeGlFMERIZmxsVm94WGFNdXdscURMOUtNdzFpOThpaXEzTFZZTDdsQnlCSUg2ZUNvVHRVdE9vOTZTNG5kTzQrMW9BZnlnb3E2eVVHRWR2OXlqV1lHeHd0dGpQNXpSSmhBek1Mc25lNktHQnJjcENGY3Zpbis3K3k4bVZ0dmRMTkd3SldZenI2cXlNOE9FV3BTQVFGNmM3VVo4VTNWWGR4UUZEZWRxeEc2dWs3KytQcVhoZDROaVAzMExSTkJnPXw&cppv=2

Request Chain 65

https://www.google.com/cse/cse.js?cx=007773713793312903889:1c7xnub6ehg HTTP 301
https://cse.google.com/cse/cse.js?cx=007773713793312903889:1c7xnub6ehg

Request Chain 118

https://ib.adnxs.com/async_usersync?cbfn=queuePixels HTTP 307
https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

Request Chain 119

https://ssum-sec.casalemedia.com/usermatch?d=https://meterpreter.org/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F HTTP 302
https://ssum-sec.casalemedia.com/usermatch?d=https://meterpreter.org/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Request Chain 121

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YEDqyHxzRUX6Dggvuhp61wAA HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESENmM8bbIJgddO2UbSqkpp8c&google_cver=1

Request Chain 123

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YEDqyHxzRUX6Dggvuhp61wAABMEAAAAB HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&google_gid=CAESENesI9G5aUBmdmqB74_if9Q&google_cver=1

Request Chain 124

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&id=YEDqyHxzRUX6Dggvuhp61wAABMEAAAAB HTTP 302
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&id=YEDqyHxzRUX6Dggvuhp61wAABMEAAAAB&dcc=t

Request Chain 125

https://bcp.crwdcntrl.net/map/c=6725/tp=INDX/tpid=YEDqyHxzRUX6Dggvuhp61wAA%261217 HTTP 302
https://bcp.crwdcntrl.net/map/ct=y/c=6725/tp=INDX/tpid=YEDqyHxzRUX6Dggvuhp61wAA%261217

Request Chain 126

https://p.rfihub.com/cm?in=1&pub=2079 HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=2159827869073573150

Request Chain 128

https://dpm.demdex.net/ibs:dpid=23728&dpuuid=YEDqyHxzRUX6Dggvuhp61wAA%261217 HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=23728&dpuuid=YEDqyHxzRUX6Dggvuhp61wAA%261217

Request Chain 132

https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent= HTTP 303
https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1 HTTP 303
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAJgIk7AgdYAABFiiBf9Vw

Request Chain 133

https://dsp.adfarm1.adition.com/cookie/?ssp=9 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6935801570892707979

Request Chain 134

https://green.erne.co/pubmatic/cm HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=ysWrmRt1G1GsbhIh46x7WalU

Request Chain 135

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=8343696619 HTTP 302
https://sync.1rx.io/usersync/tradedesk/1a00fe01-675e-46f9-9533-1feca494e009 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-77fbafd5-1403-43dd-acd8-bfa9ffc90062-003?redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA%3D%26piggybackCookie%3DRX-77fbafd5-1403-43dd-acd8-bfa9ffc90062-003 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-77fbafd5-1403-43dd-acd8-bfa9ffc90062-003

Request Chain 137

https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID} HTTP 302
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}

Request Chain 138

https://bh.contextweb.com/bh/rtset?pid=557219&ev=1&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMxOSZ0bD0xMjk2MDA=&ev=1&piggybackCookie=%%VGUID%% HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMxOSZ0bD0xMjk2MDA=&ev=1&ev=1&piggybackCookie=xXvPgLIPo2uL&pid=557219

Request Chain 139

https://trc.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=uid:$UID HTTP 302
https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=cee80d4e-025b-4491-886b-480cc1ecaa2e-tuct73a7048&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0

Request Chain 140

https://pm.w55c.net/ping_match.gif?ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent= HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:wmYFkSWx1LhOIg5&gdpr=0&gdpr_consent=

Request Chain 141

https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxODQmdGw9MTU3NjgwMA==&r=https://pixel.tapad.com/idsync/ex/receive?partner_id=PUBMATIC_RTB&partner_device_id=${PUBMATIC_UID} HTTP 302
https://pixel.tapad.com/idsync/ex/receive?partner_id=PUBMATIC_RTB HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=PUBMATIC_RTB

Request Chain 142

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=rHaq9xLBQc6Wbzzn45wXdw%3D%3D HTTP 302
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=

Request Chain 144

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=AC76AAF7-12C1-41CE-966F-3CE7E39C1777&sInitiator=external&gdpr=0&gdpr_consent= HTTP 302
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=AC76AAF7-12C1-41CE-966F-3CE7E39C1777&sInitiator=external&gdpr=0&gdpr_consent=

Request Chain 145

https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=AC76AAF7-12C1-41CE-966F-3CE7E39C1777&gdpr= HTTP 302
https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=AC76AAF7-12C1-41CE-966F-3CE7E39C1777&gdpr=&fbounce=1

Request Chain 146

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=QUM3NkFBRjctMTJDMS00MUNFLTk2NkYtM0NFN0UzOUMxNzc3&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

Request Chain 147

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEMFpClem4JuBSBYD9_XqkuQ&google_cver=1

Request Chain 149

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=131519792326032743

Request Chain 150

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:9e966040-eac8-4a00-90d8-9a35d7bcb893&gdpr=0&gdpr_consent=

Request Chain 151

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=1a00fe01-675e-46f9-9533-1feca494e009

Request Chain 152

https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=2316828148236591238&gdpr=0&gdpr_consent=

Request Chain 153

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=AC76AAF7-12C1-41CE-966F-3CE7E39C1777&redir=true&gdpr=0&gdpr_consent= HTTP 302
https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=AC76AAF7-12C1-41CE-966F-3CE7E39C1777&redir=true&gdpr=0&gdpr_consent=&verify=true HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-KjFVlAB1l2LLYETBk9ESKqXj7qxyews-&gdpr=0&gdpr_consent=

Request Chain 155

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=7866377884267309013&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 156

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://ads.avct.cloud/getuid?url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Dpubmatic HTTP 302
https://ads.avct.cloud/getuid?bounce=true&url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Dpubmatic HTTP 302
https://x.bidswitch.net/sync?dsp_id=59&user_id=e03d9768-41b7-46ed-84af-f2e9fcac96ae&ssp=pubmatic HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=05bfa50d-0886-46c4-9d02-fc7edb838539&gdpr=&gdpr_consent=&gdpr_pd=

Request Chain 157

https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=cAJw3CNTJ9RrVyCKJwJpiSBUfdRrBSaJIARUAdi3

Request Chain 158

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D&_test=YEDqyQAAAJJamjoG HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YEDqyQAAAJJamjoG&gdpr=0&gdpr_consent=&_test=YEDqyQAAAJJamjoG

Request Chain 159

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=no-consent&gdpr=1&gdpr_consent=

Request Chain 161

https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:d4175ca0-1002-4489-b8f6-f04eafe5b8df&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw

Request Chain 162

https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=2316828148236591238

Request Chain 163

https://rtb.gumgum.com/getuid/d1ba4609?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw%26piggybackCookie%3D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw&piggybackCookie=e_b61d98e7-04c1-4156-ac1d-5d78f9ae0ca1

Request Chain 198

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 202

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 226

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 301

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 322

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 339

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_sc&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDKOwP1pSKIe63hPJyLWhvs&google_cver=1

Request Chain 340

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_sc%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_sc%26google_hm%3D&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_sc&google_hm=YEDqzARr.XedvY6FCEeLKAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDKOwP1pSKIe63hPJyLWhvs&google_cver=1&google_hm=2

Request Chain 352

https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESEPcQ9PLz3JbAg8ReCCJ88UI&google_cver=1&google_push=AQvitUIDWGYrC3kTUj5_i1IuJ8_MOveu4wWiU_9N3cUHiR4fdkVxYj1PI-yMYwX3n8905J1FyE2IGyHfIER9F3eg0lRWLhJobNMB HTTP 302
https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESEPcQ9PLz3JbAg8ReCCJ88UI&google_cver=1&google_push=AQvitUIDWGYrC3kTUj5_i1IuJ8_MOveu4wWiU_9N3cUHiR4fdkVxYj1PI-yMYwX3n8905J1FyE2IGyHfIER9F3eg0lRWLhJobNMB&checkcookies=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=R0OjV5axm1wM_gZhy0ab7g&google_push=AQvitUIDWGYrC3kTUj5_i1IuJ8_MOveu4wWiU_9N3cUHiR4fdkVxYj1PI-yMYwX3n8905J1FyE2IGyHfIER9F3eg0lRWLhJobNMB

Request Chain 353

https://rtb.openx.net/sync/dds?google_gid=CAESELinSSSmUrUDd_slJoIQ6aU&google_cver=1&google_push=AQvitUJl1ebhNA2SSSJKPJwRizMRdaOhQsBSw4c4dKHbBahC-dKIXMtpVWU4_uLBFUHRljCqUp8yE2WvXZwX4XcC35rl1q1hBkw HTTP 302
https://rtb.openx.net/sync/dds?google_gid=CAESELinSSSmUrUDd_slJoIQ6aU&google_cver=1&google_push=AQvitUJl1ebhNA2SSSJKPJwRizMRdaOhQsBSw4c4dKHbBahC-dKIXMtpVWU4_uLBFUHRljCqUp8yE2WvXZwX4XcC35rl1q1hBkw&ox_sc=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUJl1ebhNA2SSSJKPJwRizMRdaOhQsBSw4c4dKHbBahC-dKIXMtpVWU4_uLBFUHRljCqUp8yE2WvXZwX4XcC35rl1q1hBkw&google_hm=uM3dR6Ohwn8qDZmW92p0Aw==

Request Chain 354

https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEBBaOXQFL1Dmbl1PVXBC_ls&google_cver=1&google_push=AQvitUJRsOuEaKLejfWdja9Vqc9HTFBqSZabwN9Eb0z5mUCpg2qE5v6mYs4GDFwlOe8kV7cpLpHGle7JbTEUIOjBeQOVu2C8pFxM HTTP 302
https://b1sync.zemanta.com/usersync/googleadx/?google_cver=1&google_gid=CAESEBBaOXQFL1Dmbl1PVXBC_ls&google_push=AQvitUJRsOuEaKLejfWdja9Vqc9HTFBqSZabwN9Eb0z5mUCpg2qE5v6mYs4GDFwlOe8kV7cpLpHGle7JbTEUIOjBeQOVu2C8pFxM&s=2 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AQvitUJRsOuEaKLejfWdja9Vqc9HTFBqSZabwN9Eb0z5mUCpg2qE5v6mYs4GDFwlOe8kV7cpLpHGle7JbTEUIOjBeQOVu2C8pFxM&google_hm=SnFEaUlxMU1QV2NscFI2RWJ0OFM=

Request Chain 355

https://google-sync.rutarget.ru/sync?google_gid=CAESECXJyge3p_3RPxjEl25YHyg&google_cver=1&google_push=AQvitUJZSGwGx6AZPVvtHdT6KQeLbhoioGw31zOhygVNWptL_g0qPRPaSfyHhkXMiiEukUKCE4g9usWPLvk0XAnMmGJ-2kb2L7FQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=segmentoru&google_hm=WXhRTm4xQTBmX2Fl&google_ula=2046794&google_push=AQvitUJZSGwGx6AZPVvtHdT6KQeLbhoioGw31zOhygVNWptL_g0qPRPaSfyHhkXMiiEukUKCE4g9usWPLvk0XAnMmGJ-2kb2L7FQ

Request Chain 357

https://match.360yield.com/match/ebda?google_gid=CAESEDpMiJA4hAcWbM7eZQuFASo&google_cver=1&google_push=AQvitUJjKVSfb8a8uNNNbvuRPem8g2hHE1mA723WyHB0L6gzOZf4suHar4CYnGQMm8cHkgUhdNzxhdqwjVMvD32uwyiJEjwZRLy0 HTTP 302
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEDpMiJA4hAcWbM7eZQuFASo&google_cver=1&google_push=AQvitUJjKVSfb8a8uNNNbvuRPem8g2hHE1mA723WyHB0L6gzOZf4suHar4CYnGQMm8cHkgUhdNzxhdqwjVMvD32uwyiJEjwZRLy0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=c15d-dWCQy-3FbJHIzTEQA&google_push=AQvitUJjKVSfb8a8uNNNbvuRPem8g2hHE1mA723WyHB0L6gzOZf4suHar4CYnGQMm8cHkgUhdNzxhdqwjVMvD32uwyiJEjwZRLy0

360 HTTP transactions
11 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Gz6FIXReoN
t.co/ 411 B
535 B 258ms
164ms Document
text/html 104.244.42.69
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://t.co/Gz6FIXReoN

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.69 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Request headers

:method: GET
:authority: t.co
:scheme: https
:path: /Gz6FIXReoN
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

cache-control: private,max-age=300
content-encoding: gzip
content-length: 227
content-type: text/html; charset=utf-8
date: Thu, 04 Mar 2021 14:12:17 GMT
expires: Thu, 04 Mar 2021 14:17:17 GMT
server: tsa_o
set-cookie: muc=2933b5a5-ce60-4a07-8f2e-316879342075; Max-Age=63072000; Expires=Sat, 04 Mar 2023 14:12:17 GMT; Domain=t.co; Secure; SameSite=None
strict-transport-security: max-age=0
vary: Origin
x-connection-hash: 4278af84459eaa8145f97249e6a36e41
x-response-time: 118
x-xss-protection: 0

GET
H2 200 Primary Request / Show response
meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/ 149 KB
34 KB 1235ms
1112ms Document
text/html 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/

Requested by

Host: t.co
URL: https://t.co/Gz6FIXReoN

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-126-196-163.eu-central-1.compute.amazonaws.com

Software

nginx/1.16.0 /

Resource Hash

dbe61ded3e9d029313c41f30a7b5aec6b7c9255b98e30af0aebc28873e1838e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:method: GET
:authority: meterpreter.org
:scheme: https
:path: /google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://t.co/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://t.co/

Response headers

cache-control: max-age=0, must-revalidate, no-cache, no-store
content-encoding: br
content-type: text/html; charset=UTF-8
date: Thu, 04 Mar 2021 14:12:19 GMT
display: pub_site_sol
expires: Wed, 03 Mar 2021 14:12:19 GMT
link: <https://meterpreter.org/?p=56097>; rel=shortlink
pagespeed: off
response: 200
server: nginx/1.16.0
set-cookie: ezoadgid_133025=-1; Path=/; Domain=meterpreter.org; Expires=Thu, 04 Mar 2021 14:42:18 UTC ezoref_133025=t.co; Path=/; Domain=meterpreter.org; Expires=Thu, 04 Mar 2021 16:12:18 UTC ezoab_133025=mod51; Path=/; Domain=meterpreter.org; Expires=Thu, 04 Mar 2021 16:12:18 UTC active_template::133025=pub_site.1614867138; Path=/; Domain=meterpreter.org; Expires=Sat, 06 Mar 2021 14:12:18 UTC ezopvc_133025=1; Path=/; Domain=meterpreter.org; Expires=Thu, 04 Mar 2021 14:42:19 UTC ezepvv=0; Path=/; Domain=meterpreter.org; Expires=Fri, 05 Mar 2021 14:12:19 UTC lp_133025=https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/; Path=/; Domain=meterpreter.org; Expires=Thu, 04 Mar 2021 16:12:19 UTC ezovid_133025=1757105521; Path=/; Domain=meterpreter.org; Expires=Thu, 04 Mar 2021 14:42:19 UTC ezovuuidtime_133025=1614867139; Path=/; Domain=meterpreter.org; Expires=Sat, 06 Mar 2021 14:12:19 UTC ezovuuid_133025=9f33d6e1-fcd3-4bc2-4e33-e881a2f7bb7a; Path=/; Domain=meterpreter.org; Expires=Thu, 04 Mar 2021 14:42:19 UTC ezCMPCCS=false; Path=/; Domain=meterpreter.org; Expires=Fri, 04 Mar 2022 14:12:19 GMT
strict-transport-security: max-age=31536000
vary: Accept-Encoding Accept-Encoding
x-middleton-display: pub_site_sol
x-middleton-response: 200
x-pingback: https://meterpreter.org/xmlrpc.php
x-sol: pub_site

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 15ms
14ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=meterpreter.org

Requested by

Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 14:12:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 dall.js Show response
go.ezodn.com/hb/ 255 KB
75 KB 73ms
34ms Script
application/javascript 2606:4700:3030::ac43:ce7a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go.ezodn.com/hb/dall.js?b=amx,criteo,ix,oftmedia,pubmatic,rhythmone,sovrn&cb=192-0-11
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::ac43:ce7a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 87dcdcee04743c81d03acccbe4a165c85c57387983c06690bb387e4c5863cc45

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:19 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 8707
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=A9Xwi%2FmlVMSKJtJ53sFhS0Nfsg%2B3BxVWOA7uU7qSw4OSTFHD4olSibXG6ialXJge5tnQKJZ3Vqo9m%2FwtrgwUUd3i4FORS3IBQyFIpclgB44qnGcj8YH%2FVnQ%3D"}]}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 62abb2e3aef0c2ea-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 089f2e22450000c2eae7813000000001

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 98 KB
39 KB 26ms
19ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-63315582-3

Requested by

Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

58771723962eb6f05d0624df6033c9330d7a52b78ea1047320b216cc651dcf1d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:20 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39416
x-xss-protection: 0
last-modified: Thu, 04 Mar 2021 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 04 Mar 2021 14:12:20 GMT

GET
H2 200 boise.js Show response
meterpreter.org/detroitchicago/ 983 B
501 B 42ms
35ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/detroitchicago/boise.js?gcb=192-0&cb=1
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 41eb9054d5d5527274926b32631be8eb22dd6254f15a4d9d14cfe2688ea4f538

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:20 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
x-middleton-display: sol-js
cache-control: max-age=31536000, public
x-robots-tag: noindex
content-length: 426

GET
H2 200 css
fonts.googleapis.com/ 8 KB
843 B 21ms
16ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Ubuntu:400,400italic,300italic,300,700&subset=latin,latin-ext

Requested by

Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2774305aa70674b8fab2a2d8267f9f40559016e3fcfe441f39b2155f4062a72d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 04 Mar 2021 14:12:19 GMT
server: ESF
date: Thu, 04 Mar 2021 14:12:19 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 04 Mar 2021 14:12:19 GMT

GET
H2 200 87uyk.css
meterpreter.org/wp-content/cache/wpfc-minified/8js4f8s1/ 144 KB
24 KB 835ms
829ms Stylesheet
text/css 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/wp-content/cache/wpfc-minified/8js4f8s1/87uyk.css
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: cf93d7c78e37ef5f9e9a566954af1fe8891ae8cf5716246e6ad71da77a045c05

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Thu, 04 Mar 2021 14:12:19 GMT
content-encoding: br
response: 200
last-modified: Thu, 04 Mar 2021 07:11:26 GMT
server: nginx/1.16.0
display: staticcontent_sol, orig_site_sol
etag: W/"602b8944-241f6-gzip"
vary: Accept-Encoding, Accept-Encoding,Origin
content-type: text/css
x-middleton-display: staticcontent_sol, orig_site_sol
cache-control: public, max-age=31536000
x-middleton-response: 200
x-sol: orig
expires: Sat, 03 Apr 2021 14:12:19 GMT

GET
H2 200 87tia.css
meterpreter.org/wp-content/cache/wpfc-minified/1z5vhnk8/ 6 KB
1 KB 653ms
647ms Stylesheet
text/css 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/wp-content/cache/wpfc-minified/1z5vhnk8/87tia.css
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 8fc838f87d1a22cfa3a03c6956e04cc0e9f7a2759d975630109aa6eb5e1d06eb

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:19 GMT
content-encoding: br
x-sol: orig
display: staticcontent_sol, orig_site_sol
x-middleton-display: staticcontent_sol, orig_site_sol
x-middleton-response: 200
content-length: 1099
pragma: public
response: 200
last-modified: Thu, 04 Mar 2021 10:11:15 GMT
server: nginx/1.16.0
etag: W/"602b878a-184d-gzip"
vary: Accept-Encoding, Accept-Encoding,Origin
content-type: text/css
cache-control: public, max-age=31536000
expires: Sat, 03 Apr 2021 14:12:19 GMT

GET
H2 200 87uyk.js Show response
meterpreter.org/wp-content/cache/wpfc-minified/fte4ivyr/ 126 KB
45 KB 960ms
955ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/wp-content/cache/wpfc-minified/fte4ivyr/87uyk.js
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 07c93785b4b4e235d0a2dbe280b950972a576c5d711c5015fc0b0584096bef51

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Thu, 04 Mar 2021 14:12:20 GMT
content-encoding: br
response: 200
last-modified: Thu, 04 Mar 2021 05:47:25 GMT
server: nginx/1.16.0
display: staticcontent_sol, staticcontent_sol
etag: W/"602b8944-1f66e-gzip"
vary: Accept-Encoding, Accept-Encoding,Origin
content-type: application/javascript
x-middleton-display: staticcontent_sol, staticcontent_sol
cache-control: public, max-age=31536000
x-middleton-response: 200
expires: Sat, 03 Apr 2021 14:12:19 GMT

GET
H2 200 87tia.js Show response
meterpreter.org/wp-content/cache/wpfc-minified/fgbvo1eh/ 9 KB
2 KB 635ms
630ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/wp-content/cache/wpfc-minified/fgbvo1eh/87tia.js
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 4e0361b3921d2a4c4f9f59192af39878acb387b85107d22a76057bb258d0ebb7

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Thu, 04 Mar 2021 14:12:19 GMT
content-encoding: br
response: 200
last-modified: Thu, 04 Mar 2021 05:47:35 GMT
server: nginx/1.16.0
display: staticcontent_sol, staticcontent_sol
etag: W/"602b878a-24d8-gzip"
vary: Accept-Encoding, Accept-Encoding,Origin
content-type: application/javascript
x-middleton-display: staticcontent_sol, staticcontent_sol
cache-control: public, max-age=31536000
x-middleton-response: 200
content-length: 2136
expires: Sat, 03 Apr 2021 14:12:19 GMT

GET
H2 200 87teg.js Show response
meterpreter.org/wp-content/cache/wpfc-minified/7ja94poc/ 1 KB
650 B 639ms
633ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/wp-content/cache/wpfc-minified/7ja94poc/87teg.js
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 263a21226b77bf3507291136648fcd6fa84ae86e469fcd74623200964d57a6b4

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Thu, 04 Mar 2021 14:12:19 GMT
content-encoding: br
response: 200
last-modified: Wed, 03 Mar 2021 20:35:53 GMT
server: nginx/1.16.0
display: staticcontent_sol, staticcontent_sol
etag: W/"602b8746-55b-gzip"
vary: Accept-Encoding, Accept-Encoding,Origin
content-type: application/javascript
x-middleton-display: staticcontent_sol, staticcontent_sol
cache-control: public, max-age=31536000
x-middleton-response: 200
content-length: 570
expires: Sat, 03 Apr 2021 14:12:19 GMT

GET
H2 200 fa-brands-400.woff2
meterpreter.org/wp-content/themes/hueman/assets/front/webfonts/ 77 KB
77 KB 906ms
901ms Font
font/woff2 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://meterpreter.org/wp-content/themes/hueman/assets/front/webfonts/fa-brands-400.woff2?v=5.15.2

Requested by

Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-126-196-163.eu-central-1.compute.amazonaws.com

Software

nginx/1.16.0 /

Resource Hash

529d0a7b3944929222155bca3272ba1a87acc2faa09b2ed26a713872b7ff8794

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Origin: https://meterpreter.org
Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:20 GMT
content-encoding: br
vary: Accept-Encoding, Origin,Accept-Encoding
display: staticcontent_sol, staticcontent_sol
x-middleton-display: staticcontent_sol, staticcontent_sol
access-control-allow-methods: POST, GET, OPTIONS
x-middleton-response: 200
response: 200
last-modified: Thu, 04 Mar 2021 07:11:23 GMT
server: nginx/1.16.0
etag: "602b876d-13288-gzip"
access-control-max-age: 1728000
strict-transport-security: max-age=31536000
content-type: font/woff2
access-control-allow-origin: https://meterpreter.org
cache-control: public, max-age=31536000

GET
H2 200 fa-regular-400.woff2
meterpreter.org/wp-content/themes/hueman/assets/front/webfonts/ 13 KB
13 KB 644ms
639ms Font
font/woff2 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://meterpreter.org/wp-content/themes/hueman/assets/front/webfonts/fa-regular-400.woff2?v=5.15.2

Requested by

Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-126-196-163.eu-central-1.compute.amazonaws.com

Software

nginx/1.16.0 /

Resource Hash

b3b8c21edfe6c5e402fdc607366fd8d15949a65914f58134733dc68922bc8d61

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Origin: https://meterpreter.org
Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:19 GMT
content-encoding: br
vary: Accept-Encoding, Origin,Accept-Encoding
display: staticcontent_sol, staticcontent_sol
x-middleton-display: staticcontent_sol, staticcontent_sol
access-control-allow-methods: POST, GET, OPTIONS
x-middleton-response: 200
response: 200
last-modified: Thu, 04 Mar 2021 04:11:21 GMT
server: nginx/1.16.0
etag: "602b876d-3514-gzip"
access-control-max-age: 1728000
strict-transport-security: max-age=31536000
content-type: font/woff2
access-control-allow-origin: https://meterpreter.org
cache-control: public, max-age=31536000

GET
H2 200 fa-solid-900.woff2
meterpreter.org/wp-content/themes/hueman/assets/front/webfonts/ 78 KB
78 KB 934ms
929ms Font
font/woff2 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://meterpreter.org/wp-content/themes/hueman/assets/front/webfonts/fa-solid-900.woff2?v=5.15.2

Requested by

Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-126-196-163.eu-central-1.compute.amazonaws.com

Software

nginx/1.16.0 /

Resource Hash

6c916669cf923b4f1b2db5c5107c83b6ca205e7ad0dcd840b251e63f0c8d28a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Origin: https://meterpreter.org
Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:20 GMT
content-encoding: br
vary: Accept-Encoding, Origin,Accept-Encoding
display: staticcontent_sol, staticcontent_sol
x-middleton-display: staticcontent_sol, staticcontent_sol
access-control-allow-methods: POST, GET, OPTIONS
x-middleton-response: 200
response: 200
last-modified: Thu, 04 Mar 2021 08:11:32 GMT
server: nginx/1.16.0
etag: "602b876d-1397c-gzip"
access-control-max-age: 1728000
strict-transport-security: max-age=31536000
content-type: font/woff2
access-control-allow-origin: https://meterpreter.org
cache-control: public, max-age=31536000

GET
H2 200 houston.js Show response
meterpreter.org/detroitchicago/ 3 KB
1 KB 44ms
37ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/detroitchicago/houston.js?gcb=0&cb=36
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 08375cebca0d36f2fa3ec9e027a974146af7161553e4319a418d4cee6b38bed7

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:20 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
x-middleton-display: sol-js
cache-control: max-age=31536000, public
x-robots-tag: noindex
content-length: 1153

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 57 KB
20 KB 128ms
41ms Script
text/javascript 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

sffe /

Resource Hash

9856f73af78d7ce7e6d5a2d2794d9723bb952445e0640ca39893a10a5947b52c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "801 / 525 of 1000 / last-modified: 1614859934"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19575
x-xss-protection: 0
expires: Thu, 04 Mar 2021 14:12:20 GMT

GET
H2 200 tulsa.js Show response
meterpreter.org/detroitchicago/ 16 KB
5 KB 46ms
39ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/detroitchicago/tulsa.js?gcb=192-0&cb=5
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 636e5f5b2eebe0800656a171c6ee9d34ee67cbae3d745983c48d4a5474421d53

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:20 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
x-middleton-display: sol-js
cache-control: max-age=31536000, public
x-robots-tag: noindex

GET
H2 200 banger.js Show response
meterpreter.org/porpoiseant/ 49 KB
11 KB 52ms
45ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/porpoiseant/banger.js?cb=192-0&bv=7&v=45&PageSpeed=off
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 9b866ab8771a0bd4580ef6113e672f48119b938475a9da5f87ad516b6e71957b

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:20 GMT
content-encoding: br
server: nginx/1.16.0
cache-control: max-age=31536000, public
x-robots-tag: noindex
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript

GET
H2 200 memphis.js Show response
meterpreter.org/detroitchicago/ 5 KB
2 KB 44ms
38ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/detroitchicago/memphis.js?gcb=192-0&cb=5
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 1b68431bd479f66f60cca8fef9520547c0f28390680174d8b36c5591085e8393

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:20 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
x-middleton-display: sol-js
cache-control: max-age=31536000, public
x-robots-tag: noindex
content-length: 1514

GET
H2 200 minneapolis.js Show response
meterpreter.org/detroitchicago/ 864 B
452 B 53ms
39ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/detroitchicago/minneapolis.js?gcb=192-0&cb=3
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 5578a62b81f315375d072cfe506fc13813e844f94c910bdb15ce20e1fc3ef50a

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:20 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
x-middleton-display: sol-js
cache-control: max-age=31536000, public
x-robots-tag: noindex
content-length: 419

GET
H2 200 rochester.js Show response
meterpreter.org/detroitchicago/ 2 KB
793 B 53ms
39ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/detroitchicago/rochester.js?gcb=192-0&cb=2
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 9d09e0a7a1dd10d174fcf8cab650952432c1fd1b65dd811c1ab75fb7b6cb45c0

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:20 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
x-middleton-display: sol-js
cache-control: max-age=31536000, public
x-robots-tag: noindex
content-length: 760

GET
H2 200 raleigh.js Show response
meterpreter.org/detroitchicago/ 2 KB
804 B 52ms
39ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/detroitchicago/raleigh.js?gcb=192-0&cb=5
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: f69dfe383fe0ef66df2c8de098fda546a826801c150ec22e7e09b8020b221dae

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:20 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
x-middleton-display: sol-js
cache-control: max-age=31536000, public
x-robots-tag: noindex
content-length: 771

GET
H2 200 tampa.js Show response
meterpreter.org/detroitchicago/ 773 B
440 B 53ms
40ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/detroitchicago/tampa.js?gcb=192-0&cb=3
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: c80203c7eae413cecc09a4ed0974e31a8538060cddd5bc1f1a5bfa53db672c9e

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:20 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
x-middleton-display: sol-js
cache-control: max-age=31536000, public
x-robots-tag: noindex
content-length: 407

GET
H2 200 ezoic.png
go.ezoic.net/utilcave_com/img/ 1 KB
2 KB 52ms
8ms Image
image/png 2600:9000:214f:3400:2:cb38:840:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://go.ezoic.net/utilcave_com/img/ezoic.png
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:3400:2:cb38:840:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: e1a156c3daa4ae0c41f21ef266131ca5a34d56695e3d860b232da142ef031234

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 02:36:22 GMT
via: 1.1 c714e4f593454d65f62cf3fecf756a4c.cloudfront.net (CloudFront)
x-sol: middleton
age: 387358
x-cache: Hit from cloudfront
x-middleton-display: staticcontent_sol, staticcontent_sol
content-length: 1181
x-amz-cf-id: XjhjsvFKEINN5NYV0PdRjn-9IdsNm77Fd0opiYj8O17yXRBXOW4xNA==
last-modified: Sat, 27 Feb 2021 23:05:31 GMT
server: nginx/1.16.0
etag: "49d-5ac9ecc7b5bc0-gzip-gzip"
vary: Accept-Encoding,Accept-Encoding
content-type: image/png
cache-control: max-age=604800
x-amz-cf-pop: FRA53-C1
display: staticcontent_sol, staticcontent_sol
expires: Sun, 07 Mar 2021 02:36:22 GMT

GET
H2 200 google_cse_v2.js Show response
meterpreter.org/wp-content/plugins/wp-google-search/assets/js/ 468 B
415 B 626ms
625ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/wp-content/plugins/wp-google-search/assets/js/google_cse_v2.js
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: fae2dc10eaa5b7644e8f58c84f7fa0641b6a12b0bea27684105675f6bc45895e

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Thu, 04 Mar 2021 14:12:20 GMT
content-encoding: br
response: 200
last-modified: Thu, 04 Mar 2021 07:11:24 GMT
server: nginx/1.16.0
display: staticcontent_sol, staticcontent_sol
etag: W/"5eb280f8-1d4-gzip"
vary: Accept-Encoding, Accept-Encoding,Origin
content-type: application/javascript
x-middleton-display: staticcontent_sol, staticcontent_sol
cache-control: public, max-age=31536000
x-middleton-response: 200
content-length: 219
expires: Sat, 03 Apr 2021 14:12:20 GMT

GET
H2 200 underscore.min.js Show response
meterpreter.org/wp-includes/js/ 16 KB
6 KB 616ms
616ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/wp-includes/js/underscore.min.js
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 33d67bf0263f1ecd4790e6d1384de8066c349067f0167c36b8292dfc6665972f

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Thu, 04 Mar 2021 14:12:20 GMT
content-encoding: br
response: 200
last-modified: Wed, 03 Mar 2021 20:35:51 GMT
server: nginx/1.16.0
display: staticcontent_sol, staticcontent_sol
etag: W/"601b5fcf-3eba-gzip"
vary: Accept-Encoding, Accept-Encoding,Origin
content-type: application/javascript
x-middleton-display: staticcontent_sol, staticcontent_sol
cache-control: max-age=2592000, public, must-revalidate, proxy-revalidate
x-middleton-response: 200
expires: Sat, 03 Apr 2021 14:12:20 GMT

GET
H2 200 scripts.min.js Show response
meterpreter.org/wp-content/themes/hueman/assets/front/js/ 75 KB
20 KB 800ms
789ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/wp-content/themes/hueman/assets/front/js/scripts.min.js
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 398f165fb90ea53788cd1a05817c7d5c093ea3b2f4aee44a4e823ed48c8a555a

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Thu, 04 Mar 2021 14:12:20 GMT
content-encoding: br
response: 200
last-modified: Thu, 04 Mar 2021 07:16:25 GMT
server: nginx/1.16.0
display: staticcontent_sol, staticcontent_sol
etag: W/"602b876d-12b78-gzip"
vary: Accept-Encoding, Accept-Encoding,Origin
content-type: application/javascript
x-middleton-display: staticcontent_sol, staticcontent_sol
cache-control: public, max-age=31536000
x-middleton-response: 200
expires: Sat, 03 Apr 2021 14:12:20 GMT

GET
H2 200 jQuerySharrre.min.js Show response
meterpreter.org/wp-content/plugins/hueman-addons/addons/assets/front/js/ 11 KB
3 KB 648ms
647ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/wp-content/plugins/hueman-addons/addons/assets/front/js/jQuerySharrre.min.js
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 92309f0b0ea89dea580afcb1c5e5db384274c5b13823f2101b574641cfb152c3

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Thu, 04 Mar 2021 14:12:20 GMT
content-encoding: br
response: 200
last-modified: Thu, 04 Mar 2021 07:11:23 GMT
server: nginx/1.16.0
display: staticcontent_sol, staticcontent_sol
etag: W/"602b8df1-2dcc-gzip"
vary: Accept-Encoding, Accept-Encoding,Origin
content-type: application/javascript
x-middleton-display: staticcontent_sol, staticcontent_sol
cache-control: public, max-age=31536000
x-middleton-response: 200
content-length: 2911
expires: Sat, 03 Apr 2021 14:12:20 GMT

GET
H2 200 wp-embed.min.js Show response
meterpreter.org/wp-includes/js/ 1 KB
743 B 641ms
641ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/wp-includes/js/wp-embed.min.js
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Thu, 04 Mar 2021 14:12:20 GMT
content-encoding: br
response: 200
last-modified: Thu, 04 Mar 2021 13:11:34 GMT
server: nginx/1.16.0
display: staticcontent_sol, staticcontent_sol
etag: W/"601b5fcf-592-gzip"
vary: Accept-Encoding, Accept-Encoding,Origin
content-type: application/javascript
x-middleton-display: staticcontent_sol, staticcontent_sol
cache-control: max-age=2592000, public, must-revalidate, proxy-revalidate
x-middleton-response: 200
content-length: 663
expires: Sat, 03 Apr 2021 14:12:20 GMT

GET
H2 200 OneSignalSDK.js Show response
cdn.onesignal.com/sdks/ 9 KB
3 KB 14ms
13ms Script
application/javascript 2606:4700::6812:e234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6812:e234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f877a798b0af17fb62564cc4a3b2c8f1fb76398c7e3156eae984fafe175bf4c3

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:20 GMT
content-encoding: gzip
cf-cache-status: HIT
server: cloudflare
age: 1405
etag: W/"29e3b92597e716694def18b1f85abbfb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=3600
cf-ray: 62abb2e9cbf74e8c-FRA
cf-request-id: 089f2e261d00004e8c47a25000000001
expires: Thu, 04 Mar 2021 15:12:20 GMT

GET
H2 200 augusta.js Show response
meterpreter.org/detroitchicago/ 1 KB
601 B 41ms
39ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/detroitchicago/augusta.js?cb=3
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: d996911a48456da047197d69d725c4903c52e1388cb421f04c7e5a184766faf5

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:20 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
x-middleton-display: sol-js
cache-control: max-age=31536000, public
x-robots-tag: noindex
content-length: 568

GET
H2 200 altconsent.js Show response
ezodn.com/cmp/ 396 KB
93 KB 41ms
39ms Script
application/javascript 2606:4700:3030::ac43:ce7a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ezodn.com/cmp/altconsent.js?v=8
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::ac43:ce7a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f2b92530616ddbefbed0e825e094cd914f17ae899b42152f17028a0073f5eb62

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:20 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 02 Dec 2020 23:21:46 GMT
server: cloudflare
age: 51063
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=vSfzFFKkO272VVlFFuyru0VbvQt4%2F0BaLruM4LtShYHCNRroYwbBz%2F8FW3cfBN4e%2BZsMPpZj%2Bxeap94%2BtMPog2PcLhIA7K6OJUZ5KdWVeXINMELTrVQ%3D"}]}
content-type: application/javascript
cache-control: public, max-age=604800
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 62abb2e9cd0fc2ea-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 089f2e261d0000c2eac5160000000001

GET
H2 200 ezcl.webp Show response
meterpreter.org/utilcave_com/inc/ 1 KB
687 B 63ms
61ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/utilcave_com/inc/ezcl.webp?cb=4
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 1c5ad2fd42dffdf04a0f1d757c1cccb4d840218d7ecada79d6cc9db33ca40319

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:20 GMT
content-encoding: br
x-sol: middleton
server: nginx/1.16.0
display: staticcontent_sol
vary: Accept-Encoding, Accept-Encoding,Origin
content-type: application/javascript
x-middleton-display: staticcontent_sol
cache-control: max-age=86400
content-length: 605

GET
H2 200 4iCv6KVjbNBYlgoCxCvjsGyNPYZvgw.woff2
fonts.gstatic.com/s/ubuntu/v15/ 14 KB
14 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ubuntu/v15/4iCv6KVjbNBYlgoCxCvjsGyNPYZvgw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Ubuntu:400,400italic,300italic,300,700&subset=latin,latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

251e8e864140d9a7ceacce3371ff692595dd0a455ad000de4041d8a313618bd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://meterpreter.org
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 02 Mar 2021 22:43:05 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 Sep 2020 17:03:11 GMT
server: sffe
age: 142155
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14096
x-xss-protection: 0
expires: Wed, 02 Mar 2022 22:43:05 GMT

GET
H2 200 4iCv6KVjbNBYlgoC1CzjsGyNPYZvgw.woff2
fonts.gstatic.com/s/ubuntu/v15/ 13 KB
13 KB 9ms
8ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ubuntu/v15/4iCv6KVjbNBYlgoC1CzjsGyNPYZvgw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Ubuntu:400,400italic,300italic,300,700&subset=latin,latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

12deb5082d9a265422916da8c3f6b1db8636ff8a5a72e0cad6cdf62f1ef5fc93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://meterpreter.org
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 02 Mar 2021 22:35:02 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 Sep 2020 17:02:49 GMT
server: sffe
age: 142638
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13588
x-xss-protection: 0
expires: Wed, 02 Mar 2022 22:35:02 GMT

GET
H3-Q050 200 4iCs6KVjbNBYlgoKfw72nU6AFw.woff2
fonts.gstatic.com/s/ubuntu/v15/ 13 KB
13 KB 10ms
10ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ubuntu/v15/4iCs6KVjbNBYlgoKfw72nU6AFw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Ubuntu:400,400italic,300italic,300,700&subset=latin,latin-ext

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

943a150e9577247cc5e8e493065795ca77a35485b4169f33a4d6f570c209b010

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://meterpreter.org
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 27 Feb 2021 06:49:54 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 Sep 2020 17:03:01 GMT
server: sffe
age: 458546
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13720
x-xss-protection: 0
expires: Sun, 27 Feb 2022 06:49:54 GMT

GET
DATA 200
OK truncated
/ 42 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 imp.gif Show response
meterpreter.org/detroitchicago/ 43 B
128 B 42ms
42ms XHR
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/detroitchicago/imp.gif?e=%7B%22ad_cache_level%22%3A1%2C%22ad_count_adjustment%22%3A1%2C%22ad_lazyload_version%22%3A2%2C%22ad_location_ids%22%3A%2237%2C1%2C1%2C1%2C5%2C0%2C2%22%2C%22ad_transform_level%22%3A0%2C%22adx_ad_count%22%3A7%2C%22bidder_method%22%3A1%2C%22bidder_version%22%3A2%2C%22city%22%3A%22Prague%22%2C%22country%22%3A%22CZ%22%2C%22days_since_last_visit%22%3A-1%2C%22display_ad_count%22%3A4%2C%22domain_id%22%3A133025%2C%22ds_adsize_opt_id%22%3A-1%2C%22engaged_time_visit%22%3A0%2C%22ezcache_level%22%3A0%2C%22ezcache_skip_code%22%3A0%2C%22form_factor_id%22%3A1%2C%22framework_id%22%3A1%2C%22has_bad_image%22%3A0%2C%22has_bad_words%22%3A0%2C%22iab_category%22%3A%22%22%2C%22iab_category_0%22%3A%22596%22%2C%22is_from_recommended_pages%22%3Afalse%2C%22is_return_visitor%22%3Afalse%2C%22is_sitespeed%22%3A1%2C%22last_page_load%22%3A%22%22%2C%22last_pageview_id%22%3A%22%22%2C%22lt_cache_level%22%3A0%2C%22max_ads%22%3A4%2C%22metro_code%22%3A0%2C%22optimization_version%22%3A1%2C%22page_ad_positions%22%3A%221100%2C1105%2C1110%2C1110%2C1110%2C1114%2C1140%22%2C%22page_view_count%22%3A0%2C%22page_view_id%22%3A%225acd1328-ffa6-4bd0-728d-41ac976a0c91%22%2C%22position_selection_id%22%3A39%2C%22postal_code%22%3A%22130%2000%22%2C%22pv_event_count%22%3A0%2C%22response_size_orig%22%3A48129%2C%22response_time_orig%22%3A718%2C%22serverid%22%3A%2218.192.205.60%3A24147%22%2C%22state%22%3A%2210%22%2C%22sub_page_ad_positions%22%3A%221100%2C1105%2C1110%2C1110%2C1110%2C1114%2C1140%22%2C%22t_epoch%22%3A1614867138%2C%22template_id%22%3A134%2C%22time_on_site_visit%22%3A0%2C%22url%22%3A%22https%3A%2F%2Fmeterpreter.org%2Fgoogle-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome%2F%22%2C%22user_id%22%3A0%2C%22word_count%22%3A419%2C%22worst_bad_word_level%22%3A0%7D
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/detroitchicago/rochester.js?gcb=192-0&cb=2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:20 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/gif
x-middleton-display: imp_sol
cache-control: no-cache, no-store, must-revalidate, max-age=0
content-length: 47

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 68ms
22ms Preflight
application/json 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fmeterpreter.org%2F&domain=meterpreter.org&cw=1

Protocol

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://meterpreter.org
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
strict-transport-security: max-age=31536000
access-control-allow-origin: https://meterpreter.org
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1492
date: Thu, 04 Mar 2021 14:12:19 GMT
content-encoding: gzip
vary: Accept-Encoding

GET
H2

200

sid Show response
mug.criteo.com/
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fmeterpreter.org%2F&domain=meterpreter.org&cw=1
https://mug.criteo.com/sid?cpp=Rz8Ld3w0VVJPOWF0QzcyWktwMS9yYzdlY3FleENSdDNIbWNsS0l3MUNERXJLMU10QW5IeGlFMERIZmxsVm94WGFNdXdscURMOUtNdzFpOThpaXEzTFZZTDdsQnlCSUg2ZUNvVHRVdE9vOTZTNG5kTzQrMW9BZnlnb3E2eV...

347 B
629 B

153ms
48ms

XHR
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=Rz8Ld3w0VVJPOWF0QzcyWktwMS9yYzdlY3FleENSdDNIbWNsS0l3MUNERXJLMU10QW5IeGlFMERIZmxsVm94WGFNdXdscURMOUtNdzFpOThpaXEzTFZZTDdsQnlCSUg2ZUNvVHRVdE9vOTZTNG5kTzQrMW9BZnlnb3E2eVVHRWR2OXlqV1lHeHd0dGpQNXpSSmhBek1Mc25lNktHQnJjcENGY3Zpbis3K3k4bVZ0dmRMTkd3SldZenI2cXlNOE9FV3BTQVFGNmM3VVo4VTNWWGR4UUZEZWRxeEc2dWs3KytQcVhoZDROaVAzMExSTkJnPXw&cppv=2

Requested by

Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

39d124d995c711c4748c338713459f9bf94841d6f3c722ffbea7711a82cba53e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
content-encoding: gzip
date: Thu, 04 Mar 2021 14:12:21 GMT
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 7871
expires: 0

Redirect headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Thu, 04 Mar 2021 14:12:19 GMT
location: https://mug.criteo.com/sid?cpp=Rz8Ld3w0VVJPOWF0QzcyWktwMS9yYzdlY3FleENSdDNIbWNsS0l3MUNERXJLMU10QW5IeGlFMERIZmxsVm94WGFNdXdscURMOUtNdzFpOThpaXEzTFZZTDdsQnlCSUg2ZUNvVHRVdE9vOTZTNG5kTzQrMW9BZnlnb3E2eVVHRWR2OXlqV1lHeHd0dGpQNXpSSmhBek1Mc25lNktHQnJjcENGY3Zpbis3K3k4bVZ0dmRMTkd3SldZenI2cXlNOE9FV3BTQVFGNmM3VVo4VTNWWGR4UUZEZWRxeEc2dWs3KytQcVhoZDROaVAzMExSTkJnPXw&cppv=2
access-control-allow-methods: GET
content-type: text/html; charset=utf-8
access-control-allow-origin: https://meterpreter.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 2858
content-length: 482
expires: 0

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
116 B 249ms
143ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=amx,criteo,ix,oftmedia,pubmatic,rhythmone,sovrn&cb=192-0-11
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://meterpreter.org
date: Thu, 04 Mar 2021 14:02:46 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 200 c Show response
prebid.a-mo.net/a/ 773 B
762 B 1065ms
153ms XHR
application/json 136.144.59.88
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=amx,criteo,ix,oftmedia,pubmatic,rhythmone,sovrn&cb=192-0-11
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 136.144.59.88 Secaucus, United States, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: f79402250c6ccc3dedce3ce00ef34de36521c73c79003c703316af58800494a5

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 04 Mar 2021 14:12:20 GMT
content-encoding: gzip
server: envoy
vary: origin, accept-encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://meterpreter.org
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
x-envoy-upstream-service-time: 33
content-length: 333

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 19 B
713 B 142ms
47ms XHR
application/json 185.33.220.242
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=amx,criteo,ix,oftmedia,pubmatic,rhythmone,sovrn&cb=192-0-11

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.242 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

724.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 04 Mar 2021 14:12:20 GMT
X-Proxy-Origin: 89.238.186.243; 89.238.186.243; 724.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.230:80
AN-X-Request-Uuid: d80c68bf-d0d2-4552-88f1-9dcc581918ec
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://meterpreter.org
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 19
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 25 B
372 B 132ms
44ms XHR
application/json 184.31.84.150
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=305149&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%22347baa90134aaa1%22%2C%22site%22%3A%7B%22ref%22%3A%22https%3A%2F%2Ft.co%2F%22%2C%22page%22%3A%22https%3A%2F%2Fmeterpreter.org%2Fgoogle-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22mfu%22%3A0%2C%22bu%22%3A7%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allU%22%3A7%2C%22ren%22%3Afalse%2C%22version%22%3A%224.27.0%22%2C%22msd%22%3A6%2C%22msi%22%3A6%7D%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22ezoic.ai%22%2C%22sid%22%3A%22a9ccdf3fce314cc6bf462e0b27a4138d%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2235e054842aecdd1%22%2C%22ext%22%3A%7B%22siteID%22%3A%22305149%22%2C%22sid%22%3A%22336x280%22%7D%2C%22banner%22%3A%7B%22w%22%3A336%2C%22h%22%3A280%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%223635df4d5c42294%22%2C%22ext%22%3A%7B%22siteID%22%3A%22305137%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22370b78dfbde6f8%22%2C%22ext%22%3A%7B%22siteID%22%3A%22305137%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22385a39d2c93cbef%22%2C%22ext%22%3A%7B%22siteID%22%3A%22305137%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2239795c8c503b532%22%2C%22ext%22%3A%7B%22siteID%22%3A%22305141%22%2C%22sid%22%3A%22970x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2240b7c9652958543%22%2C%22ext%22%3A%7B%22siteID%22%3A%22305141%22%2C%22sid%22%3A%22970x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22419ec866a0bbd17%22%2C%22ext%22%3A%7B%22siteID%22%3A%22305136%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2235e054842aecdd1%22%2C%22ext%22%3A%7B%22siteID%22%3A%22305149%22%2C%22sid%22%3A%22250x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A250%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2235e054842aecdd1%22%2C%22ext%22%3A%7B%22siteID%22%3A%22305149%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2239795c8c503b532%22%2C%22ext%22%3A%7B%22siteID%22%3A%22305141%22%2C%22sid%22%3A%22728x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2240b7c9652958543%22%2C%22ext%22%3A%7B%22siteID%22%3A%22305141%22%2C%22sid%22%3A%22728x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22419ec866a0bbd17%22%2C%22ext%22%3A%7B%22siteID%22%3A%22305136%22%2C%22sid%22%3A%22336x280%22%7D%2C%22banner%22%3A%7B%22w%22%3A336%2C%22h%22%3A280%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22419ec866a0bbd17%22%2C%22ext%22%3A%7B%22siteID%22%3A%22305136%22%2C%22sid%22%3A%22160x600%22%7D%2C%22banner%22%3A%7B%22w%22%3A160%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%7D%5D%7D
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=amx,criteo,ix,oftmedia,pubmatic,rhythmone,sovrn&cb=192-0-11
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.31.84.150 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a184-31-84-150.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: e880cfb00660243746094719aac8116005e3a566de645602d2230d5160faeafe

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:12:20 GMT
content-encoding: gzip
x-ak-initial-geo: CC:[CZ], RC:[], CN:[EU], CIP:[89.238.186.243], XFF:[]
server: Apache
vary: Is-Traffic-Invalid,Accept-Encoding
content-type: application/json
access-control-allow-origin: https://meterpreter.org
x-cs-client-geo: 09
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 45
x-ak-client-geo: 09
expires: Thu, 04 Mar 2021 14:12:20 GMT

POST
H/1.1 204
No Content mvo Show response
tag.1rx.io/rmp/215626/0/ 0
272 B 197ms
50ms XHR
text/plain 213.19.147.210
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.1rx.io/rmp/215626/0/mvo?z=1r&hbv=4.27,2.1
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=amx,criteo,ix,oftmedia,pubmatic,rhythmone,sovrn&cb=192-0-11
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 213.19.147.210 , United Kingdom, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Tengine /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://meterpreter.org
Pragma: no-cache
Date: Thu, 04 Mar 2021 14:12:20 GMT
Cache-Control: private, max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Server: Tengine
Connection: keep-alive

POST
H2 204 cdb Show response
bidder.criteo.com/ 0
145 B 155ms
46ms XHR
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?profileId=207&av=33&wv=4.27.0&cb=31402670769
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=amx,criteo,ix,oftmedia,pubmatic,rhythmone,sovrn&cb=192-0-11
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: bidder.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://meterpreter.org
date: Thu, 04 Mar 2021 14:12:19 GMT
access-control-allow-credentials: true
server: Finatra
timing-allow-origin: *
vary: Origin

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ 24 B
759 B 163ms
51ms XHR
application/json 216.52.2.39
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_4.27.0
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=amx,criteo,ix,oftmedia,pubmatic,rhythmone,sovrn&cb=192-0-11
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx /
Resource Hash: 55b47e27e2141d34d02e1ee2ba98c3013bdbb4be13767fb4ef85f788415fe743

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Date: Thu, 04 Mar 2021 14:12:20 GMT
Content-Encoding: gzip
Server: nginx
Transfer-Encoding: chunked
Vary: Accept-Encoding, Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://meterpreter.org
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap7ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 46 KB
19 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-63315582-3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

0f3be44690ae9914ae3e47b7752e1bdea316f09938e9094f99e0de19ccd8987a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 05 Feb 2021 21:33:27 GMT
server: Golfe2
age: 584
date: Thu, 04 Mar 2021 14:02:36 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18980
expires: Thu, 04 Mar 2021 16:02:36 GMT

GET
H2 200 nmash.js
meterpreter.org/porpoiseant/ 33 KB
9 KB 39ms
38ms Other
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/porpoiseant/nmash.js?v=7
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 311a42892bf475bb07fdef468183033b4ed1279be748f72784859988fbd023c6

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:20 GMT
content-encoding: br
last-modified: Sat, 27 Feb 2021 22:40:54 GMT
server: nginx/1.16.0
etag: "8548-5bc5913cf0980;5bcaad003410a-gzip"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000, public
accept-ranges: bytes
x-robots-tag: noindex

GET
H3-Q050 200 pubads_impl_2021030301.js Show response
securepubads.g.doubleclick.net/gpt/ 283 KB
100 KB 93ms
54ms Script
text/javascript 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

sffe /

Resource Hash

29aec720e772d77058fbe8aa0081fc3f1474ab2ea2ecbe5b0df5eeb70ea5905f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 03 Mar 2021 09:40:10 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 101815
x-xss-protection: 0
expires: Thu, 04 Mar 2021 14:12:20 GMT

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 2 B
66 B 14ms
13ms XHR
text/plain 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j88&a=963913986&t=pageview&_s=1&dl=https%3A%2F%2Fmeterpreter.org%2Fgoogle-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome%2F&dr=https%3A%2F%2Ft.co%2F&ul=en-us&de=UTF-8&dt=Google%20fixes%20zero-day%20vulnerability%20(CVE-2021-21166)%20in%20Chrome&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUABAAAAAC~&jid=1524353382&gjid=262526680&cid=1657587250.1614867140&tid=UA-63315582-3&_gid=1522224621.1614867140&_r=1&gtm=2ou2o0&z=1708611847

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:12:20 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://meterpreter.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 840ms
48ms Preflight
application/json 178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: null
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
strict-transport-security: max-age=31536000
access-control-allow-origin: null
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1100
date: Thu, 04 Mar 2021 14:12:20 GMT
content-encoding: gzip
vary: Accept-Encoding

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
88 B 14ms
14ms XHR
text/plain 2a00:1450:400c:c00::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j88&tid=UA-63315582-3&cid=1657587250.1614867140&jid=1524353382&gjid=262526680&_gid=1522224621.1614867140&_u=IEBAAUAAAAAAAC~&z=558531048

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 04 Mar 2021 14:12:20 GMT
content-type: text/plain
access-control-allow-origin: https://meterpreter.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 29ms
29ms Image
image/gif 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j88&tid=UA-63315582-3&cid=1657587250.1614867140&jid=1524353382&_u=IEBAAUAAAAAAAC~&z=766758918

Requested by

Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:12:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 17ms
16ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j88&tid=UA-63315582-3&cid=1657587250.1614867140&jid=1524353382&_u=IEBAAUAAAAAAAC~&z=766758918

Requested by

Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:12:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 integrator.js Show response
adservice.google.cz/adsid/ 107 B
799 B 646ms
15ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.cz/adsid/integrator.js?domain=meterpreter.org

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 14:12:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
146 B 15ms
15ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=meterpreter.org

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 14:12:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 458 B
698 B 363ms
362ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4438153568304686&correlator=2559600852162973&output=ldjh&impl=fif&eid=31060337&vrg=2021030301&ptt=17&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cmeterpreter_org-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&prev_scp=iid8%3D747215%26t%3D134%26d%3D133025%26t1%3D134%26pvc%3D0%26ap%3D1110%26sap%3D1110%26a%3D%257C1%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod51%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26gala%3D2709606%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dmeterpreter_org-box-2-747215%26eb_br%3D58ef7bddb438af5e257c4377f32c243a%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4493741254%26bv%3D19%26bvm%3D0%26bvr%3D9%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D120%26br2%3D60%26ezoic%3D1%26nmau%3D3%26mau%3D0%26stl%3D34%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D17%2C20%2C21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1614867140&dt=1614867140624&dlt=1614867139095&idt=1477&frm=20&biw=1600&bih=1200&oid=3&adxs=145&adys=319&adks=1009712993&ucis=1&ifi=1&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fmeterpreter.org%2Fgoogle-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome%2F&ref=https%3A%2F%2Ft.co%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=323x250&msz=323x250&ga_vid=1657587250.1614867140&ga_sid=1614867141&ga_hid=963913986&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

51f4ee4a75846d5e2bbdeebb7f89834a8e71b4bde9b8634682a3840791f8c146

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:20 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 232
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://meterpreter.org
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com/safeframe/1-0-37/html/ 0
0 97ms
43ms Other
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ 0
0 11ms
11ms Other
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 458 B
285 B 418ms
418ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4438153568304686&correlator=2675373205529282&output=ldjh&impl=fif&eid=31060337&vrg=2021030301&ptt=17&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cmeterpreter_org-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&prev_scp=iid8%3D747215%26t%3D134%26d%3D133025%26t1%3D134%26pvc%3D0%26ap%3D1110%26sap%3D1110%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod51%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D2%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26gala%3D2709606%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dmeterpreter_org-box-2-747215%26eb_br%3D58ef7bddb438af5e257c4377f32c243a%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4493741254%26bv%3D19%26bvm%3D0%26bvr%3D9%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D120%26br2%3D60%26ezoic%3D1%26nmau%3D3%26mau%3D1%26stl%3D34%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D17%2C20%2C21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1614867140&dt=1614867140637&dlt=1614867139095&idt=1477&frm=20&biw=1600&bih=1200&oid=3&adxs=469&adys=319&adks=4043077312&ucis=2&ifi=2&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fmeterpreter.org%2Fgoogle-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome%2F&ref=https%3A%2F%2Ft.co%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=323x250&msz=323x250&ga_vid=1657587250.1614867140&ga_sid=1614867141&ga_hid=963913986&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

03e76be9d6de0361803e0dc135d29ddcd0f44c1de6ee721298395b5a3733db81

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:21 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 231
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://meterpreter.org
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 458 B
263 B 348ms
347ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4438153568304686&correlator=3425466818418881&output=ldjh&impl=fif&eid=31060337&vrg=2021030301&ptt=17&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cmeterpreter_org-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&prev_scp=iid8%3D747215%26t%3D134%26d%3D133025%26t1%3D134%26pvc%3D0%26ap%3D1110%26sap%3D1110%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod51%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D3%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26gala%3D2709606%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dmeterpreter_org-box-2-747215%26eb_br%3D58ef7bddb438af5e257c4377f32c243a%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4493741254%26bv%3D19%26bvm%3D0%26bvr%3D9%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D120%26br2%3D60%26ezoic%3D1%26nmau%3D3%26mau%3D2%26stl%3D34%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D17%2C20%2C21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1614867140&dt=1614867140646&dlt=1614867139095&idt=1477&frm=20&biw=1600&bih=1200&oid=3&adxs=792&adys=319&adks=721207144&ucis=3&ifi=3&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fmeterpreter.org%2Fgoogle-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome%2F&ref=https%3A%2F%2Ft.co%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=323x250&msz=323x250&ga_vid=1657587250.1614867140&ga_sid=1614867141&ga_hid=963913986&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

6bcd339f66d32a3f5d92cfb855088beda577eadeb31f29f8b934533ac6ca0586

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:20 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 232
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://meterpreter.org
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 457 B
268 B 346ms
346ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4438153568304686&correlator=4320557767201140&output=ldjh&impl=fif&eid=31060337&vrg=2021030301&ptt=17&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cmeterpreter_org-box-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&prev_scp=iid7%3D681215%26t%3D134%26d%3D133025%26t1%3D134%26pvc%3D0%26ap%3D1105%26sap%3D1105%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod51%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D6%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26gala%3D2709606%26rid%3D99998%26pt%3D2%26al%3D1002%26compid%3D0%26tap%3Dmeterpreter_org-box-3-681215%26eb_br%3D58ef7bddb438af5e257c4377f32c243a%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4493741254%26bv%3D0%26bvm%3D2%26bvr%3D9%26shp%3D1%26ftsn%3D3%26br1%3D120%26br2%3D60%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D17%2C20%2C21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1614867140&dt=1614867140653&dlt=1614867139095&idt=1477&frm=20&biw=1600&bih=1200&oid=3&adxs=216&adys=722&adks=2796858326&ucis=4&ifi=4&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fmeterpreter.org%2Fgoogle-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome%2F&ref=https%3A%2F%2Ft.co%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=880x90&msz=728x90&ga_vid=1657587250.1614867140&ga_sid=1614867141&ga_hid=963913986&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

ba74e3617286affe0b6f1076406ae6a46f9872d3e967ce3dea23d85f940aa455

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:20 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 233
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://meterpreter.org
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 461 B
265 B 353ms
353ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4438153568304686&correlator=1409698350554265&output=ldjh&impl=fif&eid=31060337&vrg=2021030301&ptt=17&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cmeterpreter_org-leader-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=336x280&prev_scp=iid7%3D693365%26t%3D134%26d%3D133025%26t1%3D134%26pvc%3D0%26ap%3D1140%26sap%3D1140%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod51%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26gala%3D2709606%26rid%3D99998%26pt%3D37%26al%3D1037%26compid%3D0%26tap%3Dmeterpreter_org-leader-1-693365%26eb_br%3D9ae587f95e95c876b7b76fd4c72a3838%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4493741254%26bv%3D0%26bvm%3D3%26bvr%3D6%26shp%3D1%26ftsn%3D3%26br1%3D180%26br2%3D90%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D20%2C21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1614867140&dt=1614867140659&dlt=1614867139095&idt=1477&frm=20&biw=1600&bih=1200&oid=3&adxs=140&adys=1044&adks=3122800426&ucis=5&ifi=5&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fmeterpreter.org%2Fgoogle-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome%2F&ref=https%3A%2F%2Ft.co%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=880x280&msz=880x280&ga_vid=1657587250.1614867140&ga_sid=1614867141&ga_hid=963913986&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

552024450f0fcfad3372158dd3bc59f40c7e271a239dced34850c43970744bfe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:20 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 231
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://meterpreter.org
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 458 B
269 B 319ms
319ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4438153568304686&correlator=611917092513996&output=ldjh&impl=fif&eid=31060337&vrg=2021030301&ptt=17&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cmeterpreter_org-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=336x280&prev_scp=iid8%3D723215%26t%3D134%26d%3D133025%26t1%3D134%26pvc%3D0%26ap%3D1114%26sap%3D1114%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod51%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D5%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26gala%3D2709606%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dmeterpreter_org-box-1-723215%26eb_br%3D43aa1607a0c08c74b14a9039e7b909b4%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4493741254%26bv%3D0%26bvm%3D1%26bvr%3D4%26shp%3D2%26ftsn%3D3%26acptad%3D1%26br1%3D220%26br2%3D100%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%252C0%252C28%252C38%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D20%2C21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1614867140&dt=1614867140673&dlt=1614867139095&idt=1477&frm=20&biw=1600&bih=1200&oid=3&adxs=1180&adys=681&adks=1478526462&ucis=6&ifi=6&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fmeterpreter.org%2Fgoogle-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome%2F&ref=https%3A%2F%2Ft.co%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=336x294&msz=336x280&ga_vid=1657587250.1614867140&ga_sid=1614867141&ga_hid=963913986&ga_fc=false&fws=4&ohw=340&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

e104681a4421fe4449fa7f626fdecdeaf941b883136ca286e78a360e7d67d399

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:20 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 234
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://meterpreter.org
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

cse.js Show response
cse.google.com/cse/
Redirect Chain

https://www.google.com/cse/cse.js?cx=007773713793312903889:1c7xnub6ehg
https://cse.google.com/cse/cse.js?cx=007773713793312903889:1c7xnub6ehg

7 KB
3 KB

67ms
39ms

Script
text/javascript

2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/cse/cse.js?cx=007773713793312903889:1c7xnub6ehg

Requested by

Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gws /

Resource Hash

89d96e935e962271387ae8052ff88d0e159ab7607609506f2cfbc2ac5669e92f

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:21 GMT
content-encoding: br
server: gws
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2905
x-xss-protection: 0
expires: Thu, 04 Mar 2021 14:12:21 GMT

Redirect headers

date: Thu, 04 Mar 2021 14:12:20 GMT
x-content-type-options: nosniff
server: sffe
content-type: text/html; charset=UTF-8
location: https://cse.google.com/cse/cse.js?cx=007773713793312903889:1c7xnub6ehg
cache-control: public, max-age=1800
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 267
x-xss-protection: 0
expires: Thu, 04 Mar 2021 14:42:20 GMT

GET
H2 200 anchorfix.js Show response
meterpreter.org/ezoic/ 879 B
453 B 41ms
40ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/ezoic/anchorfix.js?cb=192-0
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 15f0626dd31e3e991a1c21d6304f2e370b92b3c91650de3d7ed8a38f1159a457

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:20 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
x-robots-tag: noindex, noindex
content-length: 383
expires: Fri, 04 Mar 2022 14:12:20 GMT

GET
H2 200 edmonton.webp Show response
meterpreter.org/detroitchicago/ 14 KB
4 KB 40ms
39ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/detroitchicago/edmonton.webp?a=a&cb=192-0&shcb=34
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 997e1fbf8331c9f3af1ff0ace8c73754cbfce4c143c785b7bc44dbcead23576e

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:20 GMT
content-encoding: br
server: nginx/1.16.0
cache-control: max-age=31536000
x-robots-tag: noindex
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript

GET
H2 200 jellyfish.webp Show response
meterpreter.org/porpoiseant/ 58 KB
11 KB 80ms
79ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/porpoiseant/jellyfish.webp?a=a&cb=192-0&shcb=34
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 0001e893552b1e9805eaf2cfe9b6867ddb916e2213083d8d1513aa3e2ee2dd78

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:20 GMT
content-encoding: br
server: nginx/1.16.0
cache-control: max-age=31536000
x-robots-tag: noindex
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript

GET
H2 200 vitals.js Show response
meterpreter.org/tardisrocinante/ 5 KB
2 KB 40ms
40ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/tardisrocinante/vitals.js?gcb=0&cb=3
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 26b4485584314aa0850427462143a6a28b66c982db28deb42766214fad7744c7

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:20 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
x-middleton-display: sol-js
cache-control: max-age=31536000, public
x-robots-tag: noindex
content-length: 1701

GET
H2 200 style.css
g.ezodn.com/cmp/ 13 KB
2 KB 21ms
13ms Stylesheet
text/css 2606:4700:3030::ac43:ce7a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezodn.com/cmp/style.css?domainId=133025&version=0&cv=5fa624ffffff000000
Requested by: Host: ezodn.com
URL: https://ezodn.com/cmp/altconsent.js?v=8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::ac43:ce7a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 38e22a9da44d362f72a06246a2653d10f24cb3c8062ab3d63c93273cb41f212f

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:20 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 30 Jan 2021 00:32:46 GMT
server: cloudflare
age: 255771
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=7s4ibA%2BDdtwRNCTDNN6mZaZ76C62pczOsm1ITdtzpsjgX7LXiYYJ%2FtDGmzeMGwX5ymU7ZZVWzT0oWL1DMZj1xsxz5UXm5y851p%2FjAkQ424ikHNr0GlP%2BeQ%3D%3D"}]}
content-type: text/css; charset=utf-8
cache-control: public, max-age=604800
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 62abb2ee49d0c2ea-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 089f2e28ed0000c2eac708f000000001

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 466 B
279 B 459ms
458ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4438153568304686&correlator=1179115170451445&output=ldjh&impl=fif&eid=31060337&vrg=2021030301&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cmeterpreter_org-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90&prev_scp=iid7%3D681215%26t%3D134%26d%3D133025%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26a%3D%257C253%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod51%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D4%26reft%3Dn%26refs%3D30%26ga%3D2497208%26gala%3D2709606%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dmeterpreter_org-medrectangle-2-681215%26eb_br%3D43aa1607a0c08c74b14a9039e7b909b4%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4493741254%26bv%3D0%26bvm%3D1%26bvr%3D7%26shp%3D1%26ftsn%3D3%26br1%3D220%26br2%3D100%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%252C36%252C28%252C67%252C45%252C0%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D20%2C21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1614867140&dt=1614867140942&dlt=1614867139095&idt=1477&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=1104&adks=428325072&ucis=7&ifi=7&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fmeterpreter.org%2Fgoogle-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome%2F&ref=https%3A%2F%2Ft.co%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x-1&msz=970x-1&ga_vid=1657587250.1614867140&ga_sid=1614867141&ga_hid=963913986&ga_fc=false&fws=512&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

bcbc4a26d8334f3263f379e0d3efc4ea53b731c5153ba75e51b2cf9958b9aa7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:21 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 244
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://meterpreter.org
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 font-awesome.min.css
meterpreter.org/wp-content/themes/hueman/assets/front/css/ 58 KB
12 KB 634ms
632ms Stylesheet
text/css 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/wp-content/themes/hueman/assets/front/css/font-awesome.min.css
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/wp-content/cache/wpfc-minified/7ja94poc/87teg.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 3a745b09fda10e4f43d03673945b7062173ffc1bf48a709328fa5aeafd572d71

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Thu, 04 Mar 2021 14:12:21 GMT
content-encoding: br
response: 200
last-modified: Thu, 04 Mar 2021 06:11:20 GMT
server: nginx/1.16.0
display: staticcontent_sol, orig_site_sol
etag: W/"602b876d-e877-gzip"
vary: Accept-Encoding, Accept-Encoding,Origin
content-type: text/css
x-middleton-display: staticcontent_sol, orig_site_sol
cache-control: public, max-age=31536000
x-middleton-response: 200
x-sol: orig
expires: Sat, 03 Apr 2021 14:12:21 GMT

GET
H2 200 cyberpunk.jpg
meterpreter.org/wp-content/uploads/2020/12/ 108 KB
108 KB 1120ms
1120ms Image
image/jpeg 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://meterpreter.org/wp-content/uploads/2020/12/cyberpunk.jpg
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 0f9214f2d695e2d0ef095adb0db78e1d96a19c7b8bd40bbf9727b3c690e4cbb7

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Thu, 04 Mar 2021 14:12:22 GMT
content-encoding: br
response: 200
last-modified: Thu, 04 Mar 2021 13:12:12 GMT
server: nginx/1.16.0
display: staticcontent_sol, staticcontent_sol
etag: "5fd6d0f9-1ae45-gzip"
vary: Accept-Encoding, Origin,Accept-Encoding
content-type: image/jpeg
x-middleton-display: staticcontent_sol, staticcontent_sol
cache-control: public, max-age=31536000
x-middleton-response: 200
expires: Sat, 03 Apr 2021 14:12:21 GMT

GET
H2 200 greenoaks.gif Show response
meterpreter.org/detroitchicago/ 0
127 B 41ms
41ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI1YWNkMTMyOC1mZmE2LTRiZDAtNzI4ZC00MWFjOTc2YTBjOTEiLCJkb21haW5faWQiOiIxMzMwMjUiLCJ0X2Vwb2NoIjoxNjE0ODY3MTM4LCJkYXRhIjpbeyJuYW1lIjoidGltZXJfZmlyc3RfYWRfcmVxdWVzdCIsInZhbCI6IjIxNjkifV19XQ==
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/detroitchicago/memphis.js?gcb=192-0&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:21 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 03 Mar 2021 14:12:21 UTC

GET
H2 200 greenoaks.gif Show response
meterpreter.org/detroitchicago/ 0
19 B 41ms
39ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI1YWNkMTMyOC1mZmE2LTRiZDAtNzI4ZC00MWFjOTc2YTBjOTEiLCJkb21haW5faWQiOiIxMzMwMjUiLCJ0X2Vwb2NoIjoxNjE0ODY3MTM4LCJkYXRhIjpbeyJuYW1lIjoiZGV2aWNlX3dpZHRoIiwidmFsIjoiMTYwMCJ9LHsibmFtZSI6ImRldmljZV9oZWlnaHQiLCJ2YWwiOiIxMjAwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiNWFjZDEzMjgtZmZhNi00YmQwLTcyOGQtNDFhYzk3NmEwYzkxIiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidF9lcG9jaCI6MTYxNDg2NzEzOCwiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjEtMDMtMDQifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiIxNSJ9LHsibmFtZSI6InRfbG9jYWxfZGF5X29mX3dlZWsiLCJ2YWwiOiI0In0seyJuYW1lIjoidF9sb2NhbF90aW1lem9uZSIsInZhbCI6Ii02MCJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjVhY2QxMzI4LWZmYTYtNGJkMC03MjhkLTQxYWM5NzZhMGM5MSIsImRvbWFpbl9pZCI6IjEzMzAyNSIsInRfZXBvY2giOjE2MTQ4NjcxMzgsImRhdGEiOlt7Im5hbWUiOiJsYW5ndWFnZV90YWciLCJ2YWwiOiJlbi1VUyJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjVhY2QxMzI4LWZmYTYtNGJkMC03MjhkLTQxYWM5NzZhMGM5MSIsImRvbWFpbl9pZCI6IjEzMzAyNSIsInRfZXBvY2giOjE2MTQ4NjcxMzgsImRhdGEiOlt7Im5hbWUiOiJsYW5ndWFnZV9wcmltYXJ5X3N1YnRhZyIsInZhbCI6ImVuIn1dfV0=
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/detroitchicago/memphis.js?gcb=192-0&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:21 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 03 Mar 2021 14:12:21 UTC

GET
H3-Q050 200 cse_element__en.js Show response
www.google.com/cse/static/element/323d4b81541ddb5b/ 274 KB
90 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/323d4b81541ddb5b/cse_element__en.js?usqp=CAI%3D

Requested by

Host: www.google.com
URL: https://www.google.com/cse/cse.js?cx=007773713793312903889:1c7xnub6ehg

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca752586777d1f855a56edaaf5a718b562a36a8d6b5b990f6cc7e590009bc3e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 02 Mar 2021 16:20:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 27 Jan 2021 19:23:46 GMT
server: sffe
age: 165115
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 92213
x-xss-protection: 0
expires: Wed, 02 Mar 2022 16:20:26 GMT

GET
H3-Q050 200 default+en.css
www.google.com/cse/static/element/323d4b81541ddb5b/ 41 KB
9 KB 8ms
7ms Stylesheet
text/css 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/323d4b81541ddb5b/default+en.css

Requested by

Host: www.google.com
URL: https://www.google.com/cse/cse.js?cx=007773713793312903889:1c7xnub6ehg

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4c1355d27b14881a055e00a4a2afa4608b452c9780ac5c61e1b8f9fd55fa3e1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 02 Mar 2021 16:20:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 27 Jan 2021 19:23:46 GMT
server: sffe
age: 165115
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9032
x-xss-protection: 0
expires: Wed, 02 Mar 2022 16:20:26 GMT

GET
H3-Q050 200 default.css
www.google.com/cse/static/style/look/v4/ 4 KB
1 KB 7ms
6ms Stylesheet
text/css 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/style/look/v4/default.css

Requested by

Host: www.google.com
URL: https://www.google.com/cse/cse.js?cx=007773713793312903889:1c7xnub6ehg

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dcec22bbcb68119d6c7d6d5e088fb82183a9826d0c9e3403f1386fd837f06a89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 13:57:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 17 Jun 2020 00:00:00 GMT
server: sffe
age: 887
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=3000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1345
x-xss-protection: 0
expires: Thu, 04 Mar 2021 14:47:34 GMT

GET
H3-Q050 200 async-ads.js Show response
cse.google.com/adsense/search/ 182 KB
63 KB 40ms
23ms Script
text/javascript 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/adsense/search/async-ads.js

Requested by

Host: www.google.com
URL: https://www.google.com/cse/static/element/323d4b81541ddb5b/cse_element__en.js?usqp=CAI%3D

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9a63460e2a00420b4c87494c91e768e3555e7e098f359fcdf3b8b8f04fc690f6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "12323727059942095146"
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Thu, 04 Mar 2021 14:12:21 GMT

GET
H3-Q050 200 clear.png
www.google.com/cse/static/css/v2/ 1018 B
1 KB 13ms
7ms Image
image/png 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/cse/static/css/v2/clear.png

Requested by

Host: www.google.com
URL: https://www.google.com/cse/static/element/323d4b81541ddb5b/default+en.css

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

329d1a750114920332eadc55c129957d9dbe5a1b25745e2f7e0ed4fad75e04cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/cse/static/element/323d4b81541ddb5b/default+en.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 02 Mar 2021 07:15:33 GMT
x-content-type-options: nosniff
last-modified: Mon, 25 May 2020 08:30:00 GMT
server: sffe
age: 197808
content-type: image/png
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1018
x-xss-protection: 0
expires: Wed, 02 Mar 2022 07:15:33 GMT

GET
H3-Q050 200 branding.png
www.google.com/cse/static/images/1x/en/ 1 KB
1 KB 18ms
6ms Image
image/png 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/cse/static/images/1x/en/branding.png

Requested by

Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

331b2b1241f1f2a53744bdca867c5b76954d9431970e91f490f64c707fc24a16

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 25 Feb 2021 19:41:27 GMT
x-content-type-options: nosniff
last-modified: Mon, 25 May 2020 08:30:00 GMT
server: sffe
age: 585054
content-type: image/png
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1372
x-xss-protection: 0
expires: Fri, 25 Feb 2022 19:41:27 GMT

GET
H2 204 generate_204
clients1.google.com/ 0
182 B 43ms
6ms Image
text/plain 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://clients1.google.com/generate_204
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:21 GMT
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 8 KB
7 KB 20ms
19ms XHR
application/json 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021030301&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eafea11c1e8693278d254b8964e8746c913952d9a582ff6fc89e5040830e15ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 14:12:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6560
x-xss-protection: 0

GET
H2 200 greenoaks.gif Show response
meterpreter.org/detroitchicago/ 0
29 B 36ms
35ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI1YWNkMTMyOC1mZmE2LTRiZDAtNzI4ZC00MWFjOTc2YTBjOTEiLCJkb21haW5faWQiOiIxMzMwMjUiLCJ0X2Vwb2NoIjoxNjE0ODY3MTM4LCJkYXRhIjpbeyJuYW1lIjoibmF2aWdhdGlvbl90eXBlIiwidmFsIjoiMCJ9LHsibmFtZSI6InJlZGlyZWN0X2NvdW50IiwidmFsIjoiMCJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjVhY2QxMzI4LWZmYTYtNGJkMC03MjhkLTQxYWM5NzZhMGM5MSIsImRvbWFpbl9pZCI6IjEzMzAyNSIsInRfZXBvY2giOjE2MTQ4NjcxMzgsImRhdGEiOlt7Im5hbWUiOiJwZXJmX2lzX3RyYWNrZWQiLCJ2YWwiOiIxIn0seyJuYW1lIjoicGVyZl9uYXZfdG9fY29ubmVjdCIsInZhbCI6IjEyNCJ9LHsibmFtZSI6InBlcmZfY29ubmVjdF90b19yZXNwX3N0YXJ0IiwidmFsIjoiMTIzNiJ9LHsibmFtZSI6InBlcmZfcmVzcF90aW1lIiwidmFsIjoiMzEifSx7Im5hbWUiOiJwZXJmX2ludGVyYWN0aXZlIiwidmFsIjoiMTcyNSJ9LHsibmFtZSI6InBlcmZfY29udGVudGxvYWRlZCIsInZhbCI6IjE4NjYifSx7Im5hbWUiOiJwZXJmX2NvbXBsZXRlIiwidmFsIjoiMjUxNCJ9XX1d
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/detroitchicago/memphis.js?gcb=192-0&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:21 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 03 Mar 2021 14:12:21 UTC

GET
H2 200 greenoaks.gif Show response
meterpreter.org/detroitchicago/ 0
19 B 37ms
36ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI1YWNkMTMyOC1mZmE2LTRiZDAtNzI4ZC00MWFjOTc2YTBjOTEiLCJkb21haW5faWQiOiIxMzMwMjUiLCJ0X2Vwb2NoIjoxNjE0ODY3MTM4LCJkYXRhIjpbeyJuYW1lIjoiZmlyc3RfcGFpbnQiLCJ2YWwiOiIyMzc2In1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiNWFjZDEzMjgtZmZhNi00YmQwLTcyOGQtNDFhYzk3NmEwYzkxIiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidF9lcG9jaCI6MTYxNDg2NzEzOCwiZGF0YSI6W3sibmFtZSI6ImZpcnN0X2NvbnRlbnRmdWxfcGFpbnQiLCJ2YWwiOiIyMzc2In1dfV0=
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/detroitchicago/memphis.js?gcb=192-0&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:21 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 03 Mar 2021 14:12:21 UTC

GET
H2 200 greenoaks.gif Show response
meterpreter.org/detroitchicago/ 0
19 B 36ms
35ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI1YWNkMTMyOC1mZmE2LTRiZDAtNzI4ZC00MWFjOTc2YTBjOTEiLCJkb21haW5faWQiOiIxMzMwMjUiLCJ0X2Vwb2NoIjoxNjE0ODY3MTM4LCJkYXRhIjpbeyJuYW1lIjoiY29ubmVjdGlvbl9lZmZlY3RpdmVfdHlwZSIsInZhbCI6IjRnIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiNWFjZDEzMjgtZmZhNi00YmQwLTcyOGQtNDFhYzk3NmEwYzkxIiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidF9lcG9jaCI6MTYxNDg2NzEzOCwiZGF0YSI6W3sibmFtZSI6ImNvbm5lY3Rpb25fZG93bmxpbmsiLCJ2YWwiOiIxMCJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjVhY2QxMzI4LWZmYTYtNGJkMC03MjhkLTQxYWM5NzZhMGM5MSIsImRvbWFpbl9pZCI6IjEzMzAyNSIsInRfZXBvY2giOjE2MTQ4NjcxMzgsImRhdGEiOlt7Im5hbWUiOiJjb25uZWN0aW9uX3J0dCIsInZhbCI6IjAifV19XQ==
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/detroitchicago/memphis.js?gcb=192-0&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:21 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 03 Mar 2021 14:12:21 UTC

GET
H2 200 font-awesome.min.css
meterpreter.org/wp-content/themes/hueman/assets/front/css/ 58 KB
12 KB 637ms
632ms Stylesheet
text/css 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/wp-content/themes/hueman/assets/front/css/font-awesome.min.css
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/wp-content/cache/wpfc-minified/7ja94poc/87teg.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 3a745b09fda10e4f43d03673945b7062173ffc1bf48a709328fa5aeafd572d71

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Thu, 04 Mar 2021 14:12:22 GMT
content-encoding: br
response: 200
last-modified: Wed, 03 Mar 2021 20:35:48 GMT
server: nginx/1.16.0
display: staticcontent_sol, orig_site_sol
etag: W/"602b876d-e877-gzip"
vary: Accept-Encoding, Accept-Encoding,Origin
content-type: text/css
x-middleton-display: staticcontent_sol, orig_site_sol
cache-control: public, max-age=31536000
x-middleton-response: 200
x-sol: orig
expires: Sat, 03 Apr 2021 14:12:22 GMT

GET
H3-Q050 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 17ms
16ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d9cebb89ed3e16a74386f743f3fc12fe98cb4fc5c11f03af5febdf1141ca6a39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1611170586013198"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6403
x-xss-protection: 0
expires: Thu, 04 Mar 2021 14:12:21 GMT

GET
H3-Q050 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/221/ Frame 04D2 12 KB
5 KB 7ms
7ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

49e1dcef611a905b866974d135554059ecd77a0ae022553178ec359ea0b64504

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/221/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://meterpreter.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://meterpreter.org/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 4984
date: Thu, 04 Mar 2021 13:23:24 GMT
expires: Fri, 04 Mar 2022 13:23:24 GMT
last-modified: Tue, 08 Dec 2020 21:41:15 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 2937
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 cBiyZrE2vwbFPBS6sT95jOp0NaMCoy8g5L57SNLHBl8.js Show response
pagead2.googlesyndication.com/bg/ Frame 04D2 14 KB
6 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/cBiyZrE2vwbFPBS6sT95jOp0NaMCoy8g5L57SNLHBl8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7018b266b136bf06c53c14bab13f798cea7435a302a32f20e4be7b48d2c7065f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 10:25:02 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 01 Mar 2021 10:45:00 GMT
server: sffe
age: 13639
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5702
x-xss-protection: 0
expires: Fri, 04 Mar 2022 10:25:02 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
56 B 41ms
40ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=221&t=2&li=gpt_2021030301&jk=4438153568304686&bg=!fn2lfT7NAAWsVXnBrDsAKQB2-Dxas2xCiliGVGLj9n4OoXhFRhrOdZ0FQobi5DaFEyj8D3Rw9rReAgAAAJlSAAAACmgBBwoBhd4KtNnbwCEj5eH3TWnDMPQLljP0XCPs0Mp-N0hGvR1sHs0aY5T5FOuTtov3rMX011KxaNWxqeWvnajrV1A2KOUT94C8NP60VbrafzXdrgdmp4NMmr2V4io2h5yN6WnIVp1ED_4ofxcK8ELUgPPeDuxrIjzSYuiSONw5OKGGS2iAqQysLeUHNtLsp_1iQDMbJk5XhLFgrLcY5NXdEpogj0dHPX_4WutaviDbS37zklHvAvzr8SI5XmII0XGDQTqfPK3PqN8NOuyDqQswfjHsZFNmvQbptTQp-3fY-k_rEXvw-XDLT5-ho9OhPVqdNcW1tm489SMIBvW_KrNa-YuTIMSTyyruQHm4JGRSlVLm24y9UAYY2jH5byksEKk1U715_S0Lj8jVkw16PMc37wd2ZMhFmY7I-RNPxAlnFmijnlCLALJgcqUImj4kIlHT8x457zrjytiXRks0-m3qL2yEUHD0jYE9Jlz104Ge7wxSvnBnVd_cOb_bkDqP-bGQ_XsCxjIJzF6emQHMGMdFNvuL8yt43EXL_X699tFwrh9CmKiUYibYA0RYQGON6Zmb33TSgMDvGd0hyEGvuDd4GFBIajZGa5QZsf9HfjtWvB5tSrPC5i5oxB04JWKLRZSHSwprDvaW6AUXucnoaam7rGCNPmnnOrmrl85KFeJr2qrCJQW_h9Qx9xjXEjFsTZYkrgprWW3GU54CR1Bg6MxtgGX1lo-QHLFO-X8OQqkwRCo50Nn8AZbq_zbVa1QmcrnfEwtzFAZ1kel2VikvqiN1yw7UItnZcTLBgQBMroEkFiG9rXSkZkVLaXBLsy3jT4mS1RhaNgeeGIIhSAYo4i6whnrQ-Rd1vcnwyzVDG4F4J3NJtuhrCIv9Yf2oCnQl4W7H1GtMW7KuCwntyaWhx55N64k9Rf197aC_VWxawkVFgH10yntMr327TMozLlxOluGO-Bnms-tauipk-vECV4bcTAJkPhg2YZamr2ph6aEcbPJCE_ZYvvblamniprfPtN7k2QF1zAGgiEFEkwopB33Nb16gjkOickKAY3BXEbKLDns8lN0vbu7xwmMi9a1xVxvd_OyYNhOPAkVqYxnw6vGP0ajoidu_Ryck_DTszHumOT3TwsgXI49diw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:12:22 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 fa-solid-900.woff2
meterpreter.org/wp-content/themes/hueman/assets/front/webfonts/ 78 KB
78 KB 980ms
979ms Font
font/woff2 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://meterpreter.org/wp-content/themes/hueman/assets/front/webfonts/fa-solid-900.woff2?v=5.15.2

Requested by

Host: meterpreter.org
URL: https://meterpreter.org/wp-content/themes/hueman/assets/front/css/font-awesome.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-126-196-163.eu-central-1.compute.amazonaws.com

Software

nginx/1.16.0 /

Resource Hash

6c916669cf923b4f1b2db5c5107c83b6ca205e7ad0dcd840b251e63f0c8d28a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Origin: https://meterpreter.org
Referer: https://meterpreter.org/wp-content/themes/hueman/assets/front/css/font-awesome.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:23 GMT
content-encoding: br
vary: Accept-Encoding, Origin,Accept-Encoding
display: staticcontent_sol, staticcontent_sol
x-middleton-display: staticcontent_sol, staticcontent_sol
access-control-allow-methods: POST, GET, OPTIONS
x-middleton-response: 200
response: 200
last-modified: Thu, 04 Mar 2021 07:11:23 GMT
server: nginx/1.16.0
etag: "602b876d-1397c-gzip"
access-control-max-age: 1728000
strict-transport-security: max-age=31536000
content-type: font/woff2
access-control-allow-origin: https://meterpreter.org
cache-control: public, max-age=31536000

GET
H2 200 fa-brands-400.woff2
meterpreter.org/wp-content/themes/hueman/assets/front/webfonts/ 77 KB
77 KB 941ms
941ms Font
font/woff2 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://meterpreter.org/wp-content/themes/hueman/assets/front/webfonts/fa-brands-400.woff2?v=5.15.2

Requested by

Host: meterpreter.org
URL: https://meterpreter.org/wp-content/themes/hueman/assets/front/css/font-awesome.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-126-196-163.eu-central-1.compute.amazonaws.com

Software

nginx/1.16.0 /

Resource Hash

529d0a7b3944929222155bca3272ba1a87acc2faa09b2ed26a713872b7ff8794

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Origin: https://meterpreter.org
Referer: https://meterpreter.org/wp-content/themes/hueman/assets/front/css/font-awesome.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:23 GMT
content-encoding: br
vary: Accept-Encoding, Origin,Accept-Encoding
display: staticcontent_sol, staticcontent_sol
x-middleton-display: staticcontent_sol, staticcontent_sol
access-control-allow-methods: POST, GET, OPTIONS
x-middleton-response: 200
response: 200
last-modified: Thu, 04 Mar 2021 13:11:31 GMT
server: nginx/1.16.0
etag: "602b876d-13288-gzip"
access-control-max-age: 1728000
strict-transport-security: max-age=31536000
content-type: font/woff2
access-control-allow-origin: https://meterpreter.org
cache-control: public, max-age=31536000

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ 80 KB
26 KB 61ms
26ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=amx,criteo,ix,oftmedia,pubmatic,rhythmone,sovrn&cb=192-0-11
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 83bcdfa5df8e5f84aa8715b0aefb06e9909b30290843475a0ecc6887650f811f

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:23 GMT
content-encoding: gzip
last-modified: Tue, 23 Feb 2021 11:00:28 GMT
server: nginx
etag: W/"6034e04c-14008"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
timing-allow-origin: *
expires: Fri, 05 Mar 2021 14:12:23 GMT

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 2464 0
150 B 23ms
23ms Document
text/html 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?topUrl=meterpreter.org

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:method: GET
:authority: gum.criteo.com
:scheme: https
:path: /syncframe?topUrl=meterpreter.org
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://meterpreter.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://meterpreter.org/

Response headers

cache-control: private, max-age=0
content-type: text/html; charset=utf-8
strict-transport-security: max-age=31536000
server-processing-duration-in-ticks: 2385
date: Thu, 04 Mar 2021 14:12:23 GMT
content-length: 0

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ 80 KB
26 KB 50ms
24ms XHR
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by: Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 83bcdfa5df8e5f84aa8715b0aefb06e9909b30290843475a0ecc6887650f811f

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:23 GMT
content-encoding: gzip
last-modified: Tue, 23 Feb 2021 11:00:28 GMT
server: nginx
etag: W/"6034e04c-14008"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
timing-allow-origin: *
expires: Fri, 05 Mar 2021 14:12:23 GMT

GET
H2 200 integrator.js Show response
adservice.google.cz/adsid/ 107 B
165 B 14ms
14ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.cz/adsid/integrator.js?domain=meterpreter.org

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 14:12:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 15ms
15ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=meterpreter.org

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 14:12:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 473 B
425 B 346ms
346ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4438153568304686&correlator=1616953322557953&output=ldjh&impl=fif&eid=31060337&vrg=2021030301&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cmeterpreter_org-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90&ris=3&rcs=1&prev_scp=iid7%3D681215%26t%3D134%26d%3D133025%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26a%3D%257C253%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod51%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D4%26reft%3Dn%26refs%3D30%26ga%3D2497208%26gala%3D2709606%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dmeterpreter_org-medrectangle-2-681215%26eb_br%3D9ae587f95e95c876b7b76fd4c72a3838%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4493741254%26bv%3D0%26bvm%3D1%26bvr%3D7%26shp%3D1%26ftsn%3D3%26br1%3D180%26br2%3D100%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%252C36%252C28%252C67%252C45%252C0%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D20%2C21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082%26lb%3D220%26reqt%3D1614867143951&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1614867143&dt=1614867143955&dlt=1614867139095&idt=1477&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=1104&adks=428325072&ucis=8&ifi=8&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fmeterpreter.org%2Fgoogle-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome%2F&ref=https%3A%2F%2Ft.co%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x-1&msz=970x-1&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1657587250.1614867140&ga_sid=1614867141&ga_hid=963913986&ga_fc=false&fws=512&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

67e97e60b88272b3515686dea7331e7ec8302021bfcdf66ec69f219118276e07

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:24 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 247
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://meterpreter.org
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 458 B
411 B 310ms
307ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4438153568304686&correlator=4368575522411406&output=ldjh&impl=fif&eid=31060337&vrg=2021030301&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cmeterpreter_org-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=336x280&ris=3&rcs=1&prev_scp=iid8%3D723215%26t%3D134%26d%3D133025%26t1%3D134%26pvc%3D0%26ap%3D1114%26sap%3D1114%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod51%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D5%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26gala%3D2709606%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dmeterpreter_org-box-1-723215%26eb_br%3D9ae587f95e95c876b7b76fd4c72a3838%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4493741254%26bv%3D0%26bvm%3D1%26bvr%3D4%26shp%3D2%26ftsn%3D3%26acptad%3D1%26br1%3D180%26br2%3D100%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%252C0%252C28%252C38%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D20%2C21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082%26lb%3D220%26reqt%3D1614867143957&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1614867143&dt=1614867143959&dlt=1614867139095&idt=1477&frm=20&biw=1600&bih=1200&oid=3&adxs=1180&adys=713&adks=1478526462&ucis=9&ifi=9&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fmeterpreter.org%2Fgoogle-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome%2F&ref=https%3A%2F%2Ft.co%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=336x294&msz=336x280&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1657587250.1614867140&ga_sid=1614867141&ga_hid=963913986&ga_fc=false&fws=4&ohw=340&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

84d19a0b2a602b2a370c744e0a5ac703d9b5d30ef90e592462bcc1143742089e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:24 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 233
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://meterpreter.org
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 468 B
421 B 354ms
353ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4438153568304686&correlator=760831422964357&output=ldjh&impl=fif&eid=31060337&vrg=2021030301&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cmeterpreter_org-leader-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=336x280&ris=3&rcs=1&prev_scp=iid7%3D693365%26t%3D134%26d%3D133025%26t1%3D134%26pvc%3D0%26ap%3D1140%26sap%3D1140%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod51%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26gala%3D2709606%26rid%3D99998%26pt%3D37%26al%3D1037%26compid%3D0%26tap%3Dmeterpreter_org-leader-1-693365%26eb_br%3D9ae587f95e95c876b7b76fd4c72a3838%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4493741254%26bv%3D0%26bvm%3D3%26bvr%3D6%26shp%3D1%26ftsn%3D3%26br1%3D180%26br2%3D90%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D20%2C21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082%26lb%3D180%26reqt%3D1614867143968&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1614867143&dt=1614867143971&dlt=1614867139095&idt=1477&frm=20&biw=1600&bih=1200&oid=3&adxs=140&adys=1044&adks=3122800426&ucis=a&ifi=10&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fmeterpreter.org%2Fgoogle-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome%2F&ref=https%3A%2F%2Ft.co%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=880x280&msz=880x280&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1657587250.1614867140&ga_sid=1614867141&ga_hid=963913986&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

d7626d62aedca576eecae6b99df9850dde5b33a8cd6d9fb74ebf713432ac3101

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:24 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 243
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://meterpreter.org
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 457 B
771 B 275ms
275ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4438153568304686&correlator=4004908866785886&output=ldjh&impl=fif&eid=31060337&vrg=2021030301&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cmeterpreter_org-box-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ris=3&rcs=1&prev_scp=iid7%3D681215%26t%3D134%26d%3D133025%26t1%3D134%26pvc%3D0%26ap%3D1105%26sap%3D1105%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod51%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D6%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26gala%3D2709606%26rid%3D99998%26pt%3D2%26al%3D1002%26compid%3D0%26tap%3Dmeterpreter_org-box-3-681215%26eb_br%3Dc352ba581bd3ffd8cea608cf2d55f519%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4493741254%26bv%3D0%26bvm%3D2%26bvr%3D9%26shp%3D1%26ftsn%3D3%26br1%3D60%26br2%3D60%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D17%2C20%2C21%2C22%2C23%2C24%2C25%2C26%2C19%26ax_ssid%3D10082%26lb%3D120%26reqt%3D1614867143975&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1614867143&dt=1614867143977&dlt=1614867139095&idt=1477&frm=20&biw=1600&bih=1200&oid=3&adxs=216&adys=722&adks=2796858326&ucis=b&ifi=11&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fmeterpreter.org%2Fgoogle-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome%2F&ref=https%3A%2F%2Ft.co%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=880x90&msz=728x90&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1657587250.1614867140&ga_sid=1614867141&ga_hid=963913986&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

d91161e688cde586a80ad7378b5f3f56372397ca27c4c8b1ee3276d8d0313cbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:24 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 231
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://meterpreter.org
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 458 B
413 B 301ms
298ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4438153568304686&correlator=1149097378215085&output=ldjh&impl=fif&eid=31060337&vrg=2021030301&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cmeterpreter_org-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=3&rcs=1&prev_scp=iid8%3D747215%26t%3D134%26d%3D133025%26t1%3D134%26pvc%3D0%26ap%3D1110%26sap%3D1110%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod51%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D3%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26gala%3D2709606%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dmeterpreter_org-box-2-747215%26eb_br%3Dc352ba581bd3ffd8cea608cf2d55f519%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4493741254%26bv%3D19%26bvm%3D0%26bvr%3D9%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D60%26br2%3D60%26ezoic%3D1%26nmau%3D3%26mau%3D2%26stl%3D34%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D17%2C20%2C21%2C22%2C23%2C24%2C25%2C26%2C19%26ax_ssid%3D10082%26lb%3D120%26reqt%3D1614867143981&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1614867143&dt=1614867143983&dlt=1614867139095&idt=1477&frm=20&biw=1600&bih=1200&oid=3&adxs=792&adys=319&adks=721207144&ucis=c&ifi=12&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fmeterpreter.org%2Fgoogle-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome%2F&ref=https%3A%2F%2Ft.co%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=323x250&msz=323x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1657587250.1614867140&ga_sid=1614867141&ga_hid=963913986&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

88127529619989a58d185d1417f7999d0cc3aaf325f73acdbc01520ff9809787

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:24 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 235
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://meterpreter.org
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 458 B
407 B 329ms
329ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4438153568304686&correlator=1764912534442095&output=ldjh&impl=fif&eid=31060337&vrg=2021030301&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cmeterpreter_org-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=3&rcs=1&prev_scp=iid8%3D747215%26t%3D134%26d%3D133025%26t1%3D134%26pvc%3D0%26ap%3D1110%26sap%3D1110%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod51%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D2%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26gala%3D2709606%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dmeterpreter_org-box-2-747215%26eb_br%3Dc352ba581bd3ffd8cea608cf2d55f519%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4493741254%26bv%3D19%26bvm%3D0%26bvr%3D9%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D60%26br2%3D60%26ezoic%3D1%26nmau%3D3%26mau%3D1%26stl%3D34%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D17%2C20%2C21%2C22%2C23%2C24%2C25%2C26%2C19%26ax_ssid%3D10082%26lb%3D120%26reqt%3D1614867143987&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1614867143&dt=1614867143992&dlt=1614867139095&idt=1477&frm=20&biw=1600&bih=1200&oid=3&adxs=469&adys=319&adks=4043077312&ucis=d&ifi=13&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fmeterpreter.org%2Fgoogle-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome%2F&ref=https%3A%2F%2Ft.co%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=323x250&msz=323x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1657587250.1614867140&ga_sid=1614867141&ga_hid=963913986&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

d43f851f9dd3ebcbc7fb4c4c83219c68d6d9caefedbecb64fea688097c57b002

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:24 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 230
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://meterpreter.org
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 458 B
404 B 386ms
385ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4438153568304686&correlator=3882049389939198&output=ldjh&impl=fif&eid=31060337&vrg=2021030301&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cmeterpreter_org-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=3&rcs=1&prev_scp=iid8%3D747215%26t%3D134%26d%3D133025%26t1%3D134%26pvc%3D0%26ap%3D1110%26sap%3D1110%26a%3D%257C1%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod51%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26gala%3D2709606%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dmeterpreter_org-box-2-747215%26eb_br%3Dc352ba581bd3ffd8cea608cf2d55f519%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4493741254%26bv%3D19%26bvm%3D0%26bvr%3D9%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D60%26br2%3D60%26ezoic%3D1%26nmau%3D3%26mau%3D0%26stl%3D34%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D17%2C20%2C21%2C22%2C23%2C24%2C25%2C26%2C19%26ax_ssid%3D10082%26lb%3D120%26reqt%3D1614867143997&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1614867143&dt=1614867143999&dlt=1614867139095&idt=1477&frm=20&biw=1600&bih=1200&oid=3&adxs=145&adys=319&adks=1009712993&ucis=e&ifi=14&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fmeterpreter.org%2Fgoogle-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome%2F&ref=https%3A%2F%2Ft.co%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=323x250&msz=323x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1657587250.1614867140&ga_sid=1614867141&ga_hid=963913986&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

ef18e0a1a378ef74f83020ff7484e3d66d685d67bb4d5538a420722120b33f15

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:24 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 230
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://meterpreter.org
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200 457.json Show response
id5-sync.com/g/v2/ 606 B
927 B 126ms
36ms XHR
application/json 51.89.7.199
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/457.json

Requested by

Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=amx,criteo,ix,oftmedia,pubmatic,rhythmone,sovrn&cb=192-0-11

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

51.89.7.199 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

c87d52d2073a604a0b34963d121bd4c5c7564cf71a8004c63e0f372a30247a3a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://meterpreter.org
Date: Thu, 04 Mar 2021 14:12:22 GMT
Access-Control-Allow-Credentials: true
Vary: Origin
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Type: application/json;charset=UTF-8

GET
H/1.1 200
OK showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame B498 37 KB
14 KB 115ms
41ms Document
text/html 23.218.208.200
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=amx,criteo,ix,oftmedia,pubmatic,rhythmone,sovrn&cb=192-0-11
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.218.208.200 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-208-200.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: e70f46ce29bc22961327a3240b545cf419346d8c52316f774c7a7b2685914b8e

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://meterpreter.org/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://meterpreter.org/

Response headers

Last-Modified: Wed, 21 Oct 2020 18:57:52 GMT
ETag: "13006b6-94f8-5b232eca8cf5e"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 13837
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=71343
Expires: Fri, 05 Mar 2021 10:01:27 GMT
Date: Thu, 04 Mar 2021 14:12:24 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame FD6D 52 KB
17 KB 107ms
39ms Document
text/html 23.218.208.187
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=amx,criteo,ix,oftmedia,pubmatic,rhythmone,sovrn&cb=192-0-11
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.218.208.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-208-187.deploy.static.akamaitechnologies.com
Software: nginx/1.13.10 /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://meterpreter.org/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://meterpreter.org/

Response headers

Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: "5fc7ff8f-cf34"
Server: nginx/1.13.10
Access-Control-Allow-Origin: *
Content-Type: text/html
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 17053
Cache-Control: max-age=86402
Expires: Fri, 05 Mar 2021 14:12:26 GMT
Date: Thu, 04 Mar 2021 14:12:24 GMT
Connection: keep-alive

GET
H/1.1 200
OK ixmatch.html Show response
js-sec.indexww.com/um/ Frame 89E6 2 KB
1 KB 110ms
36ms Document
text/html 23.218.208.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=amx,criteo,ix,oftmedia,pubmatic,rhythmone,sovrn&cb=192-0-11
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.218.208.246 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-208-246.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7eca7977c6ade416c20775a7fd7cfa2291c5752cd1225d5c4342b057c37a000c

Request headers

Host: js-sec.indexww.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://meterpreter.org/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://meterpreter.org/

Response headers

Server: Apache
Last-Modified: Thu, 11 Feb 2021 16:12:45 GMT
ETag: "e20015-90b-5bb11ca420f07"
Accept-Ranges: bytes
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Thu, 04 Mar 2021 14:12:24 GMT
Content-Length: 1151
Connection: keep-alive

GET
H3-Q050 200 integrator.js Show response
adservice.google.cz/adsid/ 107 B
777 B 47ms
29ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.cz/adsid/integrator.js?domain=meterpreter.org

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 14:12:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
146 B 17ms
16ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=meterpreter.org

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 14:12:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 441 B
504 B 325ms
324ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4438153568304686&correlator=2930974293221831&output=ldjh&impl=fif&eid=31060337&vrg=2021030301&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cmeterpreter_org-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=336x280&ris=1&rcs=2&prev_scp=iid8%3D723215%26t%3D134%26d%3D133025%26t1%3D134%26pvc%3D0%26ap%3D1114%26sap%3D1114%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod51%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D5%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26gala%3D2709606%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dmeterpreter_org-box-1-723215%26eb_br%3D3530fcb6bcc13dc3c1712eaef7d92700%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4493741254%26bv%3D0%26bvm%3D1%26bvr%3D4%26shp%3D2%26ftsn%3D3%26acptad%3D1%26br1%3D160%26br2%3D100%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%252C0%252C28%252C38%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D20%2C21%2C22%2C23%2C24%2C25%2C26%2C17%26ax_ssid%3D10082%26lb%3D180%26reqt%3D1614867144469&eri=1&cookie=ID%3D9d0115fec06010e5-229d3538adba0022%3AT%3D1614867144%3AS%3DALNI_MbbvFvtsEI-AjaW_f1GlBg--3MnQQ&bc=31&abxe=1&lmt=1614867144&dt=1614867144475&dlt=1614867139095&idt=1477&frm=20&biw=1600&bih=1200&oid=3&adxs=1180&adys=713&adks=1478526462&ucis=f&ifi=15&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fmeterpreter.org%2Fgoogle-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome%2F&ref=https%3A%2F%2Ft.co%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=336x294&msz=336x280&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1657587250.1614867140&ga_sid=1614867141&ga_hid=963913986&ga_fc=false&fws=4&ohw=340&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

d2a0d5b73323093c1af631e62392cd029093f9fb422095ae1071cc421ffa5a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:24 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 221
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://meterpreter.org
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 444 B
391 B 365ms
365ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4438153568304686&correlator=1636952146027126&output=ldjh&impl=fif&eid=31060337&vrg=2021030301&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cmeterpreter_org-leader-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=336x280&ris=1&rcs=2&prev_scp=iid7%3D693365%26t%3D134%26d%3D133025%26t1%3D134%26pvc%3D0%26ap%3D1140%26sap%3D1140%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod51%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26gala%3D2709606%26rid%3D99998%26pt%3D37%26al%3D1037%26compid%3D0%26tap%3Dmeterpreter_org-leader-1-693365%26eb_br%3Daf063c244089b52ec5a0423a258f1f8e%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4493741254%26bv%3D0%26bvm%3D3%26bvr%3D6%26shp%3D1%26ftsn%3D3%26br1%3D140%26br2%3D90%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D20%2C21%2C22%2C23%2C24%2C25%2C26%2C17%26ax_ssid%3D10082%26lb%3D180%26reqt%3D1614867144486&eri=1&cookie=ID%3D9d0115fec06010e5-229d3538adba0022%3AT%3D1614867144%3AS%3DALNI_MbbvFvtsEI-AjaW_f1GlBg--3MnQQ&bc=31&abxe=1&lmt=1614867144&dt=1614867144489&dlt=1614867139095&idt=1477&frm=20&biw=1600&bih=1200&oid=3&adxs=140&adys=1044&adks=3122800426&ucis=g&ifi=16&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fmeterpreter.org%2Fgoogle-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome%2F&ref=https%3A%2F%2Ft.co%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=880x280&msz=880x280&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1657587250.1614867140&ga_sid=1614867141&ga_hid=963913986&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

204ad78630019e9a1263d012d9aeb90c470998b77d2414e53ab4306d2389588d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:24 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 219
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://meterpreter.org
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 43 KB
11 KB 388ms
388ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4438153568304686&correlator=1083591066266029&output=ldjh&impl=fif&eid=31060337&vrg=2021030301&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cmeterpreter_org-box-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ris=1&rcs=2&prev_scp=iid7%3D681215%26t%3D134%26d%3D133025%26t1%3D134%26pvc%3D0%26ap%3D1105%26sap%3D1105%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod51%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D6%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26gala%3D2709606%26rid%3D99998%26pt%3D2%26al%3D1002%26compid%3D0%26tap%3Dmeterpreter_org-box-3-681215%26eb_br%3D8c5ffefb122f59a66a8b7672d4452af2%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4493741254%26bv%3D0%26bvm%3D2%26bvr%3D9%26shp%3D1%26ftsn%3D3%26br1%3D36%26br2%3D60%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D17%2C20%2C21%2C22%2C23%2C24%2C25%2C26%2C19%2C19%26ax_ssid%3D10082%26lb%3D60%26reqt%3D1614867144493&eri=1&cookie=ID%3D9d0115fec06010e5-229d3538adba0022%3AT%3D1614867144%3AS%3DALNI_MbbvFvtsEI-AjaW_f1GlBg--3MnQQ&bc=31&abxe=1&lmt=1614867144&dt=1614867144496&dlt=1614867139095&idt=1477&frm=20&biw=1600&bih=1200&oid=3&adxs=216&adys=722&adks=2796858326&ucis=h&ifi=17&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fmeterpreter.org%2Fgoogle-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome%2F&ref=https%3A%2F%2Ft.co%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=880x90&msz=728x90&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1657587250.1614867140&ga_sid=1614867141&ga_hid=963913986&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

fafbd8b5cf40757d8ea0fe36a5052c9fd39d37186571282db54dbf1fc91010e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:24 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10979
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://meterpreter.org
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 441 B
390 B 335ms
335ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4438153568304686&correlator=2046292669899703&output=ldjh&impl=fif&eid=31060337&vrg=2021030301&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cmeterpreter_org-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=2&prev_scp=iid8%3D747215%26t%3D134%26d%3D133025%26t1%3D134%26pvc%3D0%26ap%3D1110%26sap%3D1110%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod51%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D3%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26gala%3D2709606%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dmeterpreter_org-box-2-747215%26eb_br%3Da928cf2c3ad36f5e9ed2d90f655c1dc9%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4493741254%26bv%3D19%26bvm%3D0%26bvr%3D9%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D44%26br2%3D60%26ezoic%3D1%26nmau%3D3%26mau%3D2%26stl%3D34%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D17%2C20%2C21%2C22%2C23%2C24%2C25%2C26%2C19%2C19%26ax_ssid%3D10082%26lb%3D60%26reqt%3D1614867144503&eri=1&cookie=ID%3D9d0115fec06010e5-229d3538adba0022%3AT%3D1614867144%3AS%3DALNI_MbbvFvtsEI-AjaW_f1GlBg--3MnQQ&bc=31&abxe=1&lmt=1614867144&dt=1614867144505&dlt=1614867139095&idt=1477&frm=20&biw=1600&bih=1200&oid=3&adxs=792&adys=319&adks=721207144&ucis=i&ifi=18&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fmeterpreter.org%2Fgoogle-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome%2F&ref=https%3A%2F%2Ft.co%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=323x250&msz=323x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1657587250.1614867140&ga_sid=1614867141&ga_hid=963913986&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

4f8407621352728eaadc7f18cf6cdd49686b4df4e5ee45247c92336ec3ec733b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:24 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 221
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://meterpreter.org
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 441 B
390 B 411ms
410ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4438153568304686&correlator=1366514114652810&output=ldjh&impl=fif&eid=31060337&vrg=2021030301&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cmeterpreter_org-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=2&prev_scp=iid8%3D747215%26t%3D134%26d%3D133025%26t1%3D134%26pvc%3D0%26ap%3D1110%26sap%3D1110%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod51%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D2%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26gala%3D2709606%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dmeterpreter_org-box-2-747215%26eb_br%3Da928cf2c3ad36f5e9ed2d90f655c1dc9%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4493741254%26bv%3D19%26bvm%3D0%26bvr%3D9%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D44%26br2%3D60%26ezoic%3D1%26nmau%3D3%26mau%3D1%26stl%3D34%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D17%2C20%2C21%2C22%2C23%2C24%2C25%2C26%2C19%2C19%26ax_ssid%3D10082%26lb%3D60%26reqt%3D1614867144508&eri=1&cookie=ID%3D9d0115fec06010e5-229d3538adba0022%3AT%3D1614867144%3AS%3DALNI_MbbvFvtsEI-AjaW_f1GlBg--3MnQQ&bc=31&abxe=1&lmt=1614867144&dt=1614867144510&dlt=1614867139095&idt=1477&frm=20&biw=1600&bih=1200&oid=3&adxs=469&adys=319&adks=4043077312&ucis=j&ifi=19&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fmeterpreter.org%2Fgoogle-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome%2F&ref=https%3A%2F%2Ft.co%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=323x250&msz=323x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1657587250.1614867140&ga_sid=1614867141&ga_hid=963913986&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

99081672b1e89a59c64a76d797570c507ec89f20d7c51bc09863381a91d40a38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:24 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 221
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://meterpreter.org
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 44 KB
11 KB 423ms
423ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4438153568304686&correlator=116786586185874&output=ldjh&impl=fif&eid=31060337&vrg=2021030301&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cmeterpreter_org-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=2&prev_scp=iid8%3D747215%26t%3D134%26d%3D133025%26t1%3D134%26pvc%3D0%26ap%3D1110%26sap%3D1110%26a%3D%257C1%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod51%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26gala%3D2709606%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dmeterpreter_org-box-2-747215%26eb_br%3Da928cf2c3ad36f5e9ed2d90f655c1dc9%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4493741254%26bv%3D19%26bvm%3D0%26bvr%3D9%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D44%26br2%3D60%26ezoic%3D1%26nmau%3D3%26mau%3D0%26stl%3D34%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D17%2C20%2C21%2C22%2C23%2C24%2C25%2C26%2C19%2C19%26ax_ssid%3D10082%26lb%3D60%26reqt%3D1614867144523&eri=1&cookie=ID%3D9d0115fec06010e5-229d3538adba0022%3AT%3D1614867144%3AS%3DALNI_MbbvFvtsEI-AjaW_f1GlBg--3MnQQ&bc=31&abxe=1&lmt=1614867144&dt=1614867144526&dlt=1614867139095&idt=1477&frm=20&biw=1600&bih=1200&oid=3&adxs=145&adys=319&adks=1009712993&ucis=k&ifi=20&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fmeterpreter.org%2Fgoogle-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome%2F&ref=https%3A%2F%2Ft.co%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=323x250&msz=323x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1657587250.1614867140&ga_sid=1614867141&ga_hid=963913986&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

c1302ecfd543bee11849dcf4b5c6b5f380718535acb24f28ca37d2c457bf0470

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:24 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11353
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://meterpreter.org
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

bounce Show response
ib.adnxs.com/ Frame FD6D
Redirect Chain

https://ib.adnxs.com/async_usersync?cbfn=queuePixels
https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

0
817 B

49ms
48ms

Script
text/html

185.33.220.242
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.242 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

724.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 04 Mar 2021 14:12:24 GMT
X-Proxy-Origin: 89.238.186.243; 89.238.186.243; 724.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.221.9:80
AN-X-Request-Uuid: f31d8dfe-f474-47d1-a3cf-04e9b02d58bf
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 04 Mar 2021 14:12:24 GMT
X-Proxy-Origin: 89.238.186.243; 89.238.186.243; 724.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.133:80
AN-X-Request-Uuid: db4483c4-b0bd-4ab4-b406-0129ec0eef43
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

Cookie set usermatch Show response
ssum-sec.casalemedia.com/ Frame 6715
Redirect Chain

https://ssum-sec.casalemedia.com/usermatch?d=https://meterpreter.org/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
https://ssum-sec.casalemedia.com/usermatch?d=https://meterpreter.org/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

2 KB
3 KB

51ms
51ms

Document
text/html

23.218.208.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?d=https://meterpreter.org/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/um/ixmatch.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.218.208.246 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-208-246.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: ebb2d64043ae045680e9ee3ef0d0054f2c205130332efef52696dfbedf92e56e

Request headers

Host: ssum-sec.casalemedia.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://js-sec.indexww.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: CMID=YEDqyHxzRUX6Dggvuhp61wAA; CMPS=5173
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://js-sec.indexww.com/

Response headers

Server: Apache
Content-Type: text/html
Dropped-Udsids: 45|39|230|241|221|57|191|218
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary: Is-Traffic-Usersync
Content-Length: 1633
Expires: Thu, 04 Mar 2021 14:12:24 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 04 Mar 2021 14:12:24 GMT
Connection: keep-alive
Set-Cookie: CMID=YEDqyHxzRUX6Dggvuhp61wAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Fri, 04 Mar 2022 14:12:24 GMT CMPS=5173;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Wed, 02 Jun 2021 14:12:24 GMT CMPRO=1217;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Wed, 02 Jun 2021 14:12:24 GMT CMST=YEDqyGBA6sgA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Fri, 05 Mar 2021 14:12:24 GMT CMRUM3=276040eac80b40&bf6040eac805a0&da6040eac827600&f16040eac805a00&2d6040eac805a0&396040eac805a00&dd6040eac827600&e66040eac827600;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Fri, 04 Mar 2022 14:12:24 GMT

Redirect headers

Server: Apache
Content-Length: 338
Content-Type: text/html; charset=iso-8859-1
Location: https://ssum-sec.casalemedia.com/usermatch?d=https://meterpreter.org/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Expires: Thu, 04 Mar 2021 14:12:24 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 04 Mar 2021 14:12:24 GMT
Connection: keep-alive
Set-Cookie: CMID=YEDqyHxzRUX6Dggvuhp61wAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Fri, 04 Mar 2022 14:12:24 GMT CMPS=5173;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Wed, 02 Jun 2021 14:12:24 GMT

GET
H/1.1 200
OK PugMaster Show response
image6.pubmatic.com/AdServer/ Frame B498 8 KB
9 KB 250ms
77ms Script
text/html 185.64.190.78
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=26435190&p=156983&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: cddfb4bf9e99a2630e505f8aa4e5794e350511331fcfa562acdb770df2473428

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 04 Mar 2021 14:12:24 GMT
P3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 6715
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YEDqyHxzRUX6Dggvuhp61wAA
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESENmM8bbIJgddO2UbSqkpp8c&google_cver=1

43 B
1 KB

131ms
80ms

Image
image/gif

23.218.208.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESENmM8bbIJgddO2UbSqkpp8c&google_cver=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://meterpreter.org/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.218.208.246 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-208-246.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 04 Mar 2021 14:12:25 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 04 Mar 2021 14:12:25 GMT

Redirect headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:12:24 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESENmM8bbIJgddO2UbSqkpp8c&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 314
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 casale
match.adsrvr.org/track/cmf/ Frame 6715 70 B
265 B 186ms
56ms Image
image/gif 34.246.156.173
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/casale?cm_dsp_id=70&cm_user_id=YEDqyHxzRUX6Dggvuhp61wAA&cm_callback_url=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://meterpreter.org/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.246.156.173 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:12:24 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

200
OK

usermatchredir
ssum-sec.casalemedia.com/ Frame 6715
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YEDqyHxzRUX6Dggvuhp61wAABMEAAAAB
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&google_gid=CAESENesI9G5aUBmdmqB74_if9Q&google_cver=1

43 B
315 B

41ms
38ms

Image
image/gif

23.218.208.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&google_gid=CAESENesI9G5aUBmdmqB74_if9Q&google_cver=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://meterpreter.org/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.218.208.246 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-208-246.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 04 Mar 2021 14:12:24 GMT
Server: Apache
Vary: Is-Traffic-Usersync
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Thu, 04 Mar 2021 14:12:24 GMT

Redirect headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:12:24 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&google_gid=CAESENesI9G5aUBmdmqB74_if9Q&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 314
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame 6715
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&id=YEDqyHxzRUX6Dggvuhp61wAABMEAAAAB
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&id=YEDqyHxzRUX6Dggvuhp61wAABMEAAAAB&dcc=t

43 B
720 B

146ms
146ms

Image
image/gif

54.239.17.112
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&id=YEDqyHxzRUX6Dggvuhp61wAABMEAAAAB&dcc=t
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://meterpreter.org/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.239.17.112 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 04 Mar 2021 14:12:25 GMT
Server: Server
Vary: User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 04 Mar 2021 14:12:25 GMT
Server: Server
Vary: User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&id=YEDqyHxzRUX6Dggvuhp61wAABMEAAAAB&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

tpid=YEDqyHxzRUX6Dggvuhp61wAA%261217
bcp.crwdcntrl.net/map/ct=y/c=6725/tp=INDX/ Frame 6715
Redirect Chain

https://bcp.crwdcntrl.net/map/c=6725/tp=INDX/tpid=YEDqyHxzRUX6Dggvuhp61wAA%261217
https://bcp.crwdcntrl.net/map/ct=y/c=6725/tp=INDX/tpid=YEDqyHxzRUX6Dggvuhp61wAA%261217

49 B
711 B

66ms
66ms

Image
image/gif

52.30.234.204
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bcp.crwdcntrl.net/map/ct=y/c=6725/tp=INDX/tpid=YEDqyHxzRUX6Dggvuhp61wAA%261217
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://meterpreter.org/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.30.234.204 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:12:24 GMT
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.45.11.61
content-type: image/gif
content-length: 49
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:12:24 GMT
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location: https://bcp.crwdcntrl.net/map/ct=y/c=6725/tp=INDX/tpid=YEDqyHxzRUX6Dggvuhp61wAA%261217
cache-control: no-cache
x-server: 10.45.10.103
content-length: 0
expires: 0

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 6715
Redirect Chain

https://p.rfihub.com/cm?in=1&pub=2079
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=2159827869073573150

43 B
995 B

46ms
45ms

Image
image/gif

23.218.208.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=2159827869073573150
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://meterpreter.org/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.218.208.246 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-208-246.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 04 Mar 2021 14:12:24 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 04 Mar 2021 14:12:24 GMT

Redirect headers

Location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=2159827869073573150
Server: Jetty(9.0.6.v20130930)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 200 index
dmp.brand-display.com/cm/api/ Frame 6715 43 B
253 B 3207ms
3111ms Image
image/gif 35.241.40.233
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dmp.brand-display.com/cm/api/index?cm_dsp_id=191&cm_user_id=%3CIndex_user_id%3E&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://meterpreter.org/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.40.233 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:12:27 GMT
via: 1.1 google
last-modified: Thu, 04 Mar 2021 14:12:27 GMT
server: nginx/1.18.0
content-type: image/gif
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
alt-svc: clear
content-length: 43
expires: Thu, 04 Mar 2021 14:12:28 GMT

GET
H/1.1

200
OK

demconf.jpg
dpm.demdex.net/ Frame 6715
Redirect Chain

https://dpm.demdex.net/ibs:dpid=23728&dpuuid=YEDqyHxzRUX6Dggvuhp61wAA%261217
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=23728&dpuuid=YEDqyHxzRUX6Dggvuhp61wAA%261217

42 B
915 B

60ms
58ms

Image
image/gif

34.249.128.36
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=23728&dpuuid=YEDqyHxzRUX6Dggvuhp61wAA%261217

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://meterpreter.org/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.249.128.36 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

DCS: dcs-prod-irl1-v089-047c5b1bd.edge-irl1.demdex.com 5.80.6.20210202104731 0ms (+1ms)
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: JTKOwVgSTj8=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 42
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: epXhOPEAQ2k=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=23728&dpuuid=YEDqyHxzRUX6Dggvuhp61wAA%261217
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK htw-pixel.gif
js-sec.indexww.com/ht/ Frame 6715 43 B
425 B 52ms
51ms Image
image/gif 23.218.208.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://js-sec.indexww.com/ht/htw-pixel.gif?YEDqyHxzRUX6Dggvuhp61wAA%261217
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://meterpreter.org/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.218.208.246 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-208-246.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 04 Mar 2021 14:12:24 GMT
Last-Modified: Tue, 24 Jan 2017 19:36:04 GMT
Server: Apache
ETag: "761e21-2b-546dc3a097100"
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=1628
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 04 Mar 2021 14:39:32 GMT

GET
H2 200 usersync.aspx Show response
dis.criteo.com/dis/ Frame DD1F 43 B
326 B 140ms
43ms Document
image/gif 178.250.2.151
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Requested by: Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=26435190&p=156983&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.151 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

:method: GET
:authority: dis.criteo.com
:scheme: https
:path: /dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

cache-control: no-cache
pragma: no-cache
content-type: image/gif
expires: Thu, 04 Mar 2021 00:00:00 GMT
server: Microsoft-IIS/10.0
x-errorlevel: 0
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
server-processing-duration-in-ticks: 1100
x-powered-by: ASP.NET
date: Thu, 04 Mar 2021 14:12:24 GMT
content-length: 43

GET
H2 200 pubmatic Show response
d5p.de17a.com/getuid/ Frame B275 35 B
134 B 157ms
51ms Document
image/gif 213.155.156.164
TELIANET Telia Ca...

General

Check archive.org

Show headers Download Go to

Full URL: https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
Requested by: Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=26435190&p=156983&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 213.155.156.164 , Sweden, ASN1299 (TELIANET Telia Carrier, SE),
Reverse DNS: 213-155-156-164.teliacarrier-cust.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

:method: GET
:authority: d5p.de17a.com
:scheme: https
:path: /getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

content-length: 35
content-type: image/gif
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H/1.1

200
OK

Cookie set Pug Show response
image2.pubmatic.com/AdServer/ Frame 61F0
Redirect Chain

https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=
https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAJgIk7AgdYAABFiiBf9Vw

42 B
977 B

91ms
55ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAJgIk7AgdYAABFiiBf9Vw
Requested by: Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=26435190&p=156983&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6 /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Host: image2.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: KTPCACOOKIE=YES; pi=156983:2; KADUSERCOOKIE=AC76AAF7-12C1-41CE-966F-3CE7E39C1777; chkChromeAb67Sec=1; DPSync3=1616025600%3A221_201_227_226; SyncRTB3=1616025600%3A56_99_176_71_78_7_21_13_8_88_222_220_204_165_54_166_22_5_3_55_81_189_161%7C1617408000%3A203%7C1615680000%3A63%7C1616112000%3A35%7C1615420800%3A223_2_15_67; PUBMDCID=3; KRTBCOOKIE_409=22966-ysWrmRt1G1GsbhIh46x7WalU&KRTB&23212-ysWrmRt1G1GsbhIh46x7WalU; KRTBCOOKIE_1101=23040-6935801570892707979; PugT=1614867143
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

Date: Thu, 04 Mar 2021 14:12:23 GMT
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6
Set-Cookie: KRTBCOOKIE_699=22727-AAJgIk7AgdYAABFiiBf9Vw; domain=pubmatic.com; SameSite=None; secure; expires=Sat, 03-Apr-2021 14:12:23 GMT; path=/ PugT=1614867143; domain=pubmatic.com; SameSite=None; secure; expires=Sat, 03-Apr-2021 14:12:23 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Wed, 02-Jun-2021 14:12:23 GMT; path=/
X-lat: Pug23034:0:351
Content-Length: 42
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC" CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
X-Cnection: close
Content-Type: image/gif; charset=utf-8

Redirect headers

Date: Thu, 04 Mar 2021 14:12:25 GMT
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAJgIk7AgdYAABFiiBf9Vw
Server: nginx
set-cookie: bito=AAJgIk7AgdYAABFiiBf9Vw; Domain=bidr.io; expires=Sun, 03 Apr 2022 09:12:25 GMT; Path=/; SameSite=None; Secure bitoIsSecure=ok; Domain=bidr.io; expires=Sun, 03 Apr 2022 09:12:25 GMT; Path=/; SameSite=None; Secure checkForPermission=""; Domain=bidr.io; expires=Thu, 01 May 2008 00:00:00 GMT; Path=/; SameSite=None; Secure
strict-transport-security: max-age=2592000; includeSubDomains
Content-Length: 0
Connection: keep-alive

GET
H/1.1

200
OK

Cookie set Pug Show response
simage2.pubmatic.com/AdServer/ Frame E903
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=9
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6935801570892707979

42 B
975 B

182ms
57ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6935801570892707979
Requested by: Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=26435190&p=156983&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6 /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Host: simage2.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: KTPCACOOKIE=YES; pi=156983:2; KADUSERCOOKIE=AC76AAF7-12C1-41CE-966F-3CE7E39C1777; chkChromeAb67Sec=1; DPSync3=1616025600%3A221_201_227_226; SyncRTB3=1616025600%3A56_99_176_71_78_7_21_13_8_88_222_220_204_165_54_166_22_5_3_55_81_189_161%7C1617408000%3A203%7C1615680000%3A63%7C1616112000%3A35%7C1615420800%3A223_2_15_67
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

Date: Thu, 04 Mar 2021 14:12:23 GMT
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6
Set-Cookie: KRTBCOOKIE_1101=23040-6935801570892707979; domain=pubmatic.com; SameSite=None; secure; expires=Sat, 03-Apr-2021 14:12:23 GMT; path=/ PugT=1614867143; domain=pubmatic.com; SameSite=None; secure; expires=Sat, 03-Apr-2021 14:12:23 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Wed, 02-Jun-2021 14:12:23 GMT; path=/
X-lat: Pug23043:0:275
Content-Length: 42
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC" CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
X-Cnection: close
Content-Type: image/gif; charset=utf-8

Redirect headers

Server: nginx
Date: Thu, 04 Mar 2021 14:12:24 GMT
Transfer-Encoding: chunked
Connection: keep-alive
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
Set-Cookie: UserID1=6935801570892707979; Max-Age=7776000; domain=.adfarm1.adition.com; Path=/; SameSite=None; Secure
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6935801570892707979

GET
H/1.1

200
OK

Cookie set Pug Show response
image2.pubmatic.com/AdServer/ Frame D072
Redirect Chain

https://green.erne.co/pubmatic/cm?
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=ysWrmRt1G1GsbhIh46x7WalU

42 B
811 B

188ms
57ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=ysWrmRt1G1GsbhIh46x7WalU
Requested by: Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=26435190&p=156983&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Host: image2.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: KTPCACOOKIE=YES; pi=156983:2; KADUSERCOOKIE=AC76AAF7-12C1-41CE-966F-3CE7E39C1777; chkChromeAb67Sec=1; DPSync3=1616025600%3A221_201_227_226; SyncRTB3=1616025600%3A56_99_176_71_78_7_21_13_8_88_222_220_204_165_54_166_22_5_3_55_81_189_161%7C1617408000%3A203%7C1615680000%3A63%7C1616112000%3A35%7C1615420800%3A223_2_15_67
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

Server: nginx
Date: Thu, 04 Mar 2021 14:12:25 GMT
Content-Type: image/gif; charset=utf-8
Content-Length: 42
Connection: keep-alive
Set-Cookie: KRTBCOOKIE_409=22966-ysWrmRt1G1GsbhIh46x7WalU&KRTB&23212-ysWrmRt1G1GsbhIh46x7WalU; domain=pubmatic.com; SameSite=None; secure; expires=Sat, 03-Apr-2021 14:12:25 GMT; path=/ PugT=1614867145; domain=pubmatic.com; SameSite=None; secure; expires=Sat, 03-Apr-2021 14:12:25 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Wed, 02-Jun-2021 14:12:25 GMT; path=/
X-lat: lhrpug014:0:469
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private

Redirect headers

server: openresty
date: Thu, 04 Mar 2021 14:12:24 GMT
content-length: 0
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
set-cookie: u=ysWrmRt1G1GsbhIh46x7WalU; Max-Age=63072000; Domain=.erne.co; Path=/; Secure; SameSite=None
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=ysWrmRt1G1GsbhIh46x7WalU
strict-transport-security: max-age=0; includeSubDomains;

GET
H/1.1

200
OK

Cookie set Pug Show response
simage2.pubmatic.com/AdServer/ Frame 213F
Redirect Chain

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=8343696619
https://sync.1rx.io/usersync/tradedesk/1a00fe01-675e-46f9-9533-1feca494e009
https://sync.targeting.unrulymedia.com/csync/RX-77fbafd5-1403-43dd-acd8-bfa9ffc90062-003?redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-77fbafd5-1403-43dd-acd8-bfa9ffc90062-003

42 B
1 KB

59ms
55ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-77fbafd5-1403-43dd-acd8-bfa9ffc90062-003
Requested by: Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=26435190&p=156983&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6 /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Host: simage2.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: KTPCACOOKIE=YES; pi=156983:2; KADUSERCOOKIE=AC76AAF7-12C1-41CE-966F-3CE7E39C1777; chkChromeAb67Sec=1; DPSync3=1616025600%3A221_201_227_226; SyncRTB3=1616025600%3A56_99_176_71_78_7_21_13_8_88_222_220_204_165_54_166_22_5_3_55_81_189_161%7C1617408000%3A203%7C1615680000%3A63%7C1616112000%3A35%7C1615420800%3A223_2_15_67; PUBMDCID=3; KRTBCOOKIE_409=22966-ysWrmRt1G1GsbhIh46x7WalU&KRTB&23212-ysWrmRt1G1GsbhIh46x7WalU; KRTBCOOKIE_1101=23040-6935801570892707979; KRTBCOOKIE_57=22776-2316828148236591238; KRTBCOOKIE_107=1471-uid:wmYFkSWx1LhOIg5; KRTBCOOKIE_699=22727-AAJgIk7AgdYAABFiiBf9Vw; KRTBCOOKIE_22=14911-7866377884267309013; PugT=1614867144; KRTBCOOKIE_27=16735-uid:9e966040-eac8-4a00-90d8-9a35d7bcb893&KRTB&16736-uid:9e966040-eac8-4a00-90d8-9a35d7bcb893&KRTB&23019-uid:9e966040-eac8-4a00-90d8-9a35d7bcb893&KRTB&23114-uid:9e966040-eac8-4a00-90d8-9a35d7bcb893; KRTBCOOKIE_80=16514-CAESEMFpClem4JuBSBYD9_XqkuQ&KRTB&22987-CAESEMFpClem4JuBSBYD9_XqkuQ&KRTB&23025-CAESEMFpClem4JuBSBYD9_XqkuQ
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

Date: Thu, 04 Mar 2021 14:12:25 GMT
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6
Set-Cookie: KRTBCOOKIE_594=17105-RX-77fbafd5-1403-43dd-acd8-bfa9ffc90062-003&KRTB&17107-RX-77fbafd5-1403-43dd-acd8-bfa9ffc90062-003; domain=pubmatic.com; SameSite=None; secure; expires=Wed, 02-Jun-2021 14:12:25 GMT; path=/ PugT=1614867145; domain=pubmatic.com; SameSite=None; secure; expires=Sat, 03-Apr-2021 14:12:25 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Wed, 02-Jun-2021 14:12:25 GMT; path=/
X-lat: Pug23029:0:305
Content-Length: 42
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC" CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
X-Cnection: close
Content-Type: image/gif; charset=utf-8

Redirect headers

Server: Tengine
Date: Thu, 04 Mar 2021 14:12:25 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: _rxuuid=%7B%22rx_uuid%22%3A%22RX-77fbafd5-1403-43dd-acd8-bfa9ffc90062-003%22%7D; path=/; expires=Fri, 04 Mar 2022 14:12:25 GMT; domain=.targeting.unrulymedia.com; samesite=none; secure; httponly
P3P: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-77fbafd5-1403-43dd-acd8-bfa9ffc90062-003
ETag: RX77fbafd5140343ddacd8bfa9ffc90062003

GET
H/1.1 200
OK bridge Show response
cm.adgrx.com/ Frame 34F8 43 B
408 B 158ms
46ms Document
image/gif 173.231.180.197
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
Requested by: Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=26435190&p=156983&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 173.231.180.197 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: Cowboy /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Host: cm.adgrx.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

Date: Thu, 04 Mar 2021 14:12:24 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
server: Cowboy
X-RealServer-NX: ams-delivery-1
Cache-Control: no-cache, no-store, must-revalidate, proxy-revalidate
Pragma: no-cache
Expires: Thu, 23 Sep 2004 17:42:04 GMT
P3P: CP="NOI OTC OTP OUR NOR"
Access-Control-Allow-Origin: *

GET
H2

200

i.match Show response
s.tribalfusion.com/z/ Frame 4BC1
Redirect Chain

https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATI...
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMA...

43 B
556 B

177ms
174ms

Document
image/gif

2606:4700::6812:d05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Requested by: Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=26435190&p=156983&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f49e616d278a16d9cd55a6d5fe19c99ebd37d7d3848d14422190618b67011e0

Request headers

:method: GET
:authority: s.tribalfusion.com
:scheme: https
:path: /z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: ANON_ID=aCnoeUO5nPp7PRodVFY37R1q2n2Gb2vEqNHTy7I5
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

date: Thu, 04 Mar 2021 14:12:25 GMT
content-type: image/gif; charset=utf-8
content-length: 43
set-cookie: __cfduid=d763a8073590b3438ec8bd9125484f0ed1614867145; expires=Sat, 03-Apr-21 14:12:25 GMT; path=/; domain=.tribalfusion.com; HttpOnly; SameSite=Lax ANON_ID=aWntmIujieFo7YxU36hTOZc5T3NZdY68FHlGFbJVYajL5kXpQEmAiFUsy7odmyTKi5DlVUA42FfaRsIINv2EUZaO3WH; path=/; domain=.tribalfusion.com; expires=Wed, 02-Jun-2021 14:12:25 GMT; SameSite=None; Secure; ANON_ID_old=aWntmIujieFo7YxU36hTOZc5T3NZdY68FHlGFbJVYajL5kXpQEmAiFUsy7odmyTKi5DlVUA42FfaRsIINv2EUZaO3WH; path=/; domain=.tribalfusion.com; expires=Wed, 02-Jun-2021 14:12:25 GMT;
p3p: CP="NOI DEVo TAIa OUR BUS"
x-function: 302
cache-control: no-cache private
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
cf-cache-status: DYNAMIC
cf-request-id: 089f2e39410000647f77293000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 62abb3086ff4647f-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

date: Thu, 04 Mar 2021 14:12:25 GMT
content-type: text/html
set-cookie: __cfduid=da8ad7934dd3f54e2b43a6d55f1b865fe1614867144; expires=Sat, 03-Apr-21 14:12:24 GMT; path=/; domain=.tribalfusion.com; HttpOnly; SameSite=Lax ANON_ID=aCnoeUO5nPp7PRodVFY37R1q2n2Gb2vEqNHTy7I5; path=/; domain=.tribalfusion.com; expires=Wed, 02-Jun-2021 14:12:24 GMT; SameSite=None; Secure; ANON_ID_old=aCnoeUO5nPp7PRodVFY37R1q2n2Gb2vEqNHTy7I5; path=/; domain=.tribalfusion.com; expires=Wed, 02-Jun-2021 14:12:24 GMT;
p3p: CP="NOI DEVo TAIa OUR BUS"
x-function: 206
x-reuse-index: 954
cache-control: no-cache private
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
location: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
cf-cache-status: DYNAMIC
cf-request-id: 089f2e388c0000647f833b9000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 62abb3074fcf647f-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H/1.1

200
OK

Cookie set Pug Show response
simage2.pubmatic.com/AdServer/ Frame 162E
Redirect Chain

https://bh.contextweb.com/bh/rtset?pid=557219&ev=1&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMxOSZ0bD0xMjk2MDA=&ev=1&piggybackCookie=%%VGUID%%
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMxOSZ0bD0xMjk2MDA=&ev=1&ev=1&piggybackCookie=xXvPgLIPo2uL&pid=557219

1 B
463 B

92ms
55ms

Document
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMxOSZ0bD0xMjk2MDA=&ev=1&ev=1&piggybackCookie=xXvPgLIPo2uL&pid=557219
Requested by: Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=26435190&p=156983&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Host: simage2.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: KTPCACOOKIE=YES; pi=156983:2; KADUSERCOOKIE=AC76AAF7-12C1-41CE-966F-3CE7E39C1777; chkChromeAb67Sec=1; DPSync3=1616025600%3A221_201_227_226; SyncRTB3=1616025600%3A56_99_176_71_78_7_21_13_8_88_222_220_204_165_54_166_22_5_3_55_81_189_161%7C1617408000%3A203%7C1615680000%3A63%7C1616112000%3A35%7C1615420800%3A223_2_15_67; PUBMDCID=3; KRTBCOOKIE_409=22966-ysWrmRt1G1GsbhIh46x7WalU&KRTB&23212-ysWrmRt1G1GsbhIh46x7WalU; KRTBCOOKIE_1101=23040-6935801570892707979; KRTBCOOKIE_57=22776-2316828148236591238; PugT=1614867144; KRTBCOOKIE_107=1471-uid:wmYFkSWx1LhOIg5
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

Server: nginx
Date: Thu, 04 Mar 2021 14:12:25 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1
Connection: keep-alive
Set-Cookie: PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Wed, 02-Jun-2021 14:12:25 GMT; path=/
X-lat: lhrpug015:0:402
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private

Redirect headers

p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cw-server: bh-deployment-568ff9c7d-hwhkp
cache-control: private, max-age=0, no-cache, no-store
expires: -1
content-language: en-US
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMxOSZ0bD0xMjk2MDA=&ev=1&ev=1&piggybackCookie=xXvPgLIPo2uL&pid=557219
server: Jetty(9.4.14.v20181114)
strict-transport-security: max-age=15768000
set-cookie: INGRESSCOOKIE=40aa8524f074ec1b; path=/; HttpOnly; Secure; SameSite=None

GET
H2

200

rtb-h Show response
match.taboola.com/sg/pubmatic-ssp-network/1/ Frame C6C4
Redirect Chain

https://trc.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=uid:$UID
https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=cee80d4e-025b-4491-886b-480cc1ecaa2e-tuct73a7048&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdSe...

0
77 B

77ms
69ms

Document
text/plain

199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=cee80d4e-025b-4491-886b-480cc1ecaa2e-tuct73a7048&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Requested by: Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=26435190&p=156983&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method: GET
:authority: match.taboola.com
:scheme: https
:path: /sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=cee80d4e-025b-4491-886b-480cc1ecaa2e-tuct73a7048&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: t_gid=cee80d4e-025b-4491-886b-480cc1ecaa2e-tuct73a7048
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
accept-ranges: bytes
date: Thu, 04 Mar 2021 14:12:25 GMT
via: 1.1 varnish
x-served-by: cache-hhn11563-HHN
x-cache: MISS
x-cache-hits: 0
x-timer: S1614867145.060079,VS0,VE11
content-length: 0

Redirect headers

server: nginx
set-cookie: t_gid=cee80d4e-025b-4491-886b-480cc1ecaa2e-tuct73a7048;Version=1;Path=/;Domain=.taboola.com;Expires=Fri, 04-Mar-2022 14:12:24 GMT;Max-Age=31536000;Secure;SameSite=None
location: https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=cee80d4e-025b-4491-886b-480cc1ecaa2e-tuct73a7048&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
accept-ranges: bytes
date: Thu, 04 Mar 2021 14:12:24 GMT
via: 1.1 varnish
x-served-by: cache-hhn11563-HHN
x-cache: MISS
x-cache-hits: 0
x-timer: S1614867145.924576,VS0,VE59
x-vcl-time-ms: 59
content-length: 0

GET
H/1.1

200
OK

Cookie set Pug Show response
simage2.pubmatic.com/AdServer/ Frame F474
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent=
https://pm.w55c.net/ping_match.gif?scc=1&ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:wmYFkSWx1LhOIg5&gdpr=0&gdpr_consent=

42 B
973 B

169ms
55ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:wmYFkSWx1LhOIg5&gdpr=0&gdpr_consent=
Requested by: Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=26435190&p=156983&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6 /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Host: simage2.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: KTPCACOOKIE=YES; pi=156983:2; KADUSERCOOKIE=AC76AAF7-12C1-41CE-966F-3CE7E39C1777; chkChromeAb67Sec=1; DPSync3=1616025600%3A221_201_227_226; SyncRTB3=1616025600%3A56_99_176_71_78_7_21_13_8_88_222_220_204_165_54_166_22_5_3_55_81_189_161%7C1617408000%3A203%7C1615680000%3A63%7C1616112000%3A35%7C1615420800%3A223_2_15_67
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

Date: Thu, 04 Mar 2021 14:12:24 GMT
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6
Set-Cookie: KRTBCOOKIE_107=1471-uid:wmYFkSWx1LhOIg5; domain=pubmatic.com; SameSite=None; secure; expires=Wed, 02-Jun-2021 14:12:24 GMT; path=/ PugT=1614867144; domain=pubmatic.com; SameSite=None; secure; expires=Sat, 03-Apr-2021 14:12:24 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Wed, 02-Jun-2021 14:12:24 GMT; path=/
X-lat: Pug23038:0:296
Content-Length: 42
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC" CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
X-Cnection: close
Content-Type: image/gif; charset=utf-8

Redirect headers

Cache-Control: no-cache, must-revalidate
Date: Thu, 04 Mar 2021 14:12:24 GMT
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:wmYFkSWx1LhOIg5&gdpr=0&gdpr_consent=
P3P: policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
Pragma: no-cache
Server: PingMatch/v2.0.30-619-g1028223#rel-ec2-master i-0ae06fec161a2bbf2@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Set-Cookie: wfivefivec=wmYFkSWx1LhOIg5; Domain=.w55c.net; Expires=Mon, 04-Apr-2022 14:12:24 GMT; Path=/; SameSite=None; Secure matchpubmatic=5; Domain=.w55c.net; Expires=Sat, 03-Apr-2021 14:12:24 GMT; Path=/; SameSite=None; Secure
Content-Length: 0
Connection: keep-alive

GET
H2

200

check Show response
pixel.tapad.com/idsync/ex/receive/ Frame 180C
Redirect Chain

https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxODQmdGw9MTU3NjgwMA==&r=https://pixel.tapad.com/idsync/ex/receive?partner_id=PUBMATIC_RTB&partner_device_id=${PUBMATIC_UID}
https://pixel.tapad.com/idsync/ex/receive?partner_id=PUBMATIC_RTB
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=PUBMATIC_RTB

95 B
165 B

44ms
44ms

Document
image/png

35.227.248.159
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pixel.tapad.com/idsync/ex/receive/check?partner_id=PUBMATIC_RTB

Requested by

Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=26435190&p=156983&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.227.248.159 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Jetty(9.4.28.v20200408) /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:method: GET
:authority: pixel.tapad.com
:scheme: https
:path: /idsync/ex/receive/check?partner_id=PUBMATIC_RTB
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: TapAd_TS=1614867146451; TapAd_DID=a5bdd232-7cf3-11eb-83de-9a066f71e87b
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

date: Thu, 04 Mar 2021 14:12:26 GMT
strict-transport-security: max-age=31536000
content-type: image/png
content-length: 95
server: Jetty(9.4.28.v20200408)
via: 1.1 google
alt-svc: clear

Redirect headers

date: Thu, 04 Mar 2021 14:12:26 GMT
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
set-cookie: TapAd_TS=1614867146451;Expires=Mon, 03 May 2021 14:12:26 GMT;Path=/;Domain=.tapad.com;Secure;SameSite=None TapAd_DID=a5bdd232-7cf3-11eb-83de-9a066f71e87b;Expires=Mon, 03 May 2021 14:12:26 GMT;Path=/;Domain=.tapad.com;Secure;SameSite=None
location: https://pixel.tapad.com/idsync/ex/receive/check?partner_id=PUBMATIC_RTB
content-length: 0
server: Jetty(9.4.28.v20200408)
via: 1.1 google
alt-svc: clear

GET
H/1.1

200
OK

user_sync.html
ads.pubmatic.com/AdServer/js/ Frame B498
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=rHaq9xLBQc6Wbzzn45wXdw%3D%3D
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=

8 KB
8 KB

39ms
37ms

Image
text/html

23.218.208.200
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.218.208.200 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-208-200.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 04 Mar 2021 14:12:24 GMT
Content-Encoding: gzip
Last-Modified: Wed, 21 Oct 2020 18:57:29 GMT
Server: Apache/2.2.15 (CentOS)
ETag: "1300708-1f78-5b232eb4914bb"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: max-age=37728
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: text/html; charset=UTF-8
Content-Length: 2654
Expires: Fri, 05 Mar 2021 00:41:12 GMT

Redirect headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:12:24 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 272
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 mw
mwzeom.zeotap.com/ Frame B498 95 B
596 B 52ms
28ms Image
image/png 2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?zpartnerid=1384&env=mWeb&gdpr=0&gdpr_consent=&cid=AC76AAF7-12C1-41CE-966F-3CE7E39C1777
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:24 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://ads.pubmatic.com
access-control-allow-credentials: true
cf-ray: 62abb3074ae305b7-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 089f2e388f000005b77208c000000001

GET
H/1.1

200
OK

info2
uipglob.semasio.net/pubmatic/1/ Frame B498
Redirect Chain

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=AC76AAF7-12C1-41CE-966F-3CE7E39C1777&sInitiator=external&gdpr=0&gdpr_consent=
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=AC76AAF7-12C1-41CE-966F-3CE7E39C1777&sInitiator=external&gdpr=0&gdpr_consent=

42 B
603 B

75ms
74ms

Image
image/gif

77.243.60.138
NETIC-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=AC76AAF7-12C1-41CE-966F-3CE7E39C1777&sInitiator=external&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 77.243.60.138 Aalborg, Denmark, ASN42697 (NETIC-AS, DK),
Reverse DNS
Software: /
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:12:23 GMT
frontend-id: 7
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
access-control-allow-origin: *
uip-response-status: Ok
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type: image/gif
content-length: 42
routing-server-id: -1
expires: Sat, 01 Jan 2011 12:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:12:23 GMT
frontend-id: 8
location: /pubmatic/1/info2?sType=sync&sExtCookieId=AC76AAF7-12C1-41CE-966F-3CE7E39C1777&sInitiator=external&gdpr=0&gdpr_consent=
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
access-control-allow-origin: *
uip-response-status: Ok
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 0
routing-server-id: -1
expires: Sat, 01 Jan 2011 12:00:00 GMT

GET
H2

200

p.gif
visitor.fiftyt.com/ Frame B498
Redirect Chain

https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=AC76AAF7-12C1-41CE-966F-3CE7E39C1777&gdpr=
https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=AC76AAF7-12C1-41CE-966F-3CE7E39C1777&gdpr=&fbounce=1

0
336 B

45ms
45ms

Image
text/plain

35.201.96.126
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=AC76AAF7-12C1-41CE-966F-3CE7E39C1777&gdpr=&fbounce=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.96.126 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:24 GMT
via: 1.1 google
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: clear
content-length: 0
p3p: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

Redirect headers

date: Thu, 04 Mar 2021 14:12:24 GMT
via: 1.1 google
p3p: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
location: https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=AC76AAF7-12C1-41CE-966F-3CE7E39C1777&gdpr=&fbounce=1
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-type: text/html; charset=utf-8
alt-svc: clear
content-length: 144

GET
H/1.1

200
OK

Pug
image2.pubmatic.com/AdServer/ Frame B498
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=QUM3NkFBRjctMTJDMS00MUNFLTk2NkYtM0NFN0UzOUMxNzc3&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

42 B
505 B

403ms
55ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 04 Mar 2021 14:12:25 GMT
X-lat: lhrpug014:0:338
Server: nginx
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:12:24 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

Pug
image2.pubmatic.com/AdServer/ Frame B498
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEMFpClem4JuBSBYD9_XqkuQ&google_cver=1

42 B
1 KB

347ms
55ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEMFpClem4JuBSBYD9_XqkuQ&google_cver=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Cnection: close
Pragma: no-cache
Date: Thu, 04 Mar 2021 14:12:24 GMT
X-lat: Pug23046:0:353
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:12:24 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEMFpClem4JuBSBYD9_XqkuQ&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 379
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubmatic
um.simpli.fi/ Frame B498 43 B
609 B 125ms
36ms Image
image/gif 159.253.128.188
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.253.128.188 Amsterdam, Netherlands, ASN36351 (SOFTLAYER, US),

Reverse DNS

bc.80.fd9f.ip4.static.sl-reverse.com

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:24 GMT
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43
expires: Wed, 03 Mar 2021 14:12:24 GMT

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/ Frame B498
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=131519792326032743

42 B
973 B

143ms
55ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=131519792326032743
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Cnection: close
Pragma: no-cache
Date: Thu, 04 Mar 2021 14:12:25 GMT
X-lat: Pug23022:0:366
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:12:25 GMT
server: nginx
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=131519792326032743
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 0
expires: -1

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/ Frame B498
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:9e966040-eac8-4a00-90d8-9a35d7bcb893&gdpr=0&gdpr_consent=

42 B
1 KB

156ms
55ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:9e966040-eac8-4a00-90d8-9a35d7bcb893&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Cnection: close
Pragma: no-cache
Date: Thu, 04 Mar 2021 14:12:24 GMT
X-lat: Pug23030:0:345
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

Date: Thu, 04 Mar 2021 14:12:20 GMT
Server: MT3 3518 2f03077 master zrh-pixel-x14
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:9e966040-eac8-4a00-90d8-9a35d7bcb893&gdpr=0&gdpr_consent=
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Thu, 04 Mar 2021 14:12:19 GMT

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/ Frame B498
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmb/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=1a00fe01-675e-46f9-9533-1feca494e009

42 B
1 KB

213ms
56ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=1a00fe01-675e-46f9-9533-1feca494e009
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Cnection: close
Pragma: no-cache
Date: Thu, 04 Mar 2021 14:12:23 GMT
X-lat: Pug23044:0:590
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:12:24 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=1a00fe01-675e-46f9-9533-1feca494e009
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 313

GET
H/1.1

200
OK

Pug
image2.pubmatic.com/AdServer/ Frame B498
Redirect Chain

https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=2316828148236591238&gdpr=0&gdpr_consent=

42 B
973 B

307ms
55ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=2316828148236591238&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Cnection: close
Pragma: no-cache
Date: Thu, 04 Mar 2021 14:12:24 GMT
X-lat: Pug23050:0:274
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

Pragma: no-cache
Date: Thu, 04 Mar 2021 14:12:24 GMT
X-Proxy-Origin: 89.238.186.243; 89.238.186.243; 724.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.180:80
AN-X-Request-Uuid: 1abe43a6-afed-40c7-800c-d46452c2acad
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=2316828148236591238&gdpr=0&gdpr_consent=
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

SPug
image4.pubmatic.com/AdServer/ Frame B498
Redirect Chain

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=AC76AAF7-12C1-41CE-966F-3CE7E39C1777&redir=true&gdpr=0&gdpr_consent=
https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=AC76AAF7-12C1-41CE-966F-3CE7E39C1777&redir=true&gdpr=0&gdpr_consent=&verify=true
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-KjFVlAB1l2LLYETBk9ESKqXj7qxyews-&gdpr=0&gdpr_consent=

0
587 B

1467ms
50ms

Image
text/plain

185.64.189.114
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-KjFVlAB1l2LLYETBk9ESKqXj7qxyews-&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.114 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Cnection: close
Date: Thu, 04 Mar 2021 14:12:26 GMT
Content-Encoding: gzip
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-cache
Transfer-Encoding: chunked
Content-Type: text/plain; charset=utf-8

Redirect headers

Date: Thu, 04 Mar 2021 14:12:24 GMT
Server: ATS/7.1.2.128
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-KjFVlAB1l2LLYETBk9ESKqXj7qxyews-&gdpr=0&gdpr_consent=
Connection: keep-alive
Content-Length: 0

GET
H2 200 AC76AAF7-12C1-41CE-966F-3CE7E39C1777
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame B498 43 B
842 B 113ms
34ms Image
image/gif 2a00:1288:110:c305::8000
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/pubmatic/AC76AAF7-12C1-41CE-966F-3CE7E39C1777?gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1288:110:c305::8000 , United Kingdom, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:24 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
content-type: image/gif
x-xss-protection: 1; mode=block
content-length: 43
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/ Frame B498
Redirect Chain

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=7866377884267309013&gdpr=0&gdpr_consent=&us_privacy=

1 B
931 B

297ms
55ms

Image
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=7866377884267309013&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Cnection: close
Pragma: no-cache
Date: Thu, 04 Mar 2021 14:12:24 GMT
X-lat: Pug23042:0:293
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Content-Type: text/html; charset=utf-8
Content-Length: 1

Redirect headers

location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=7866377884267309013&gdpr=0&gdpr_consent=&us_privacy=
pragma: no-cache
date: Thu, 04 Mar 2021 14:12:24 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/ Frame B498
Redirect Chain

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
https://x.bidswitch.net/ul_cb/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
https://ads.avct.cloud/getuid?url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Dpubmatic
https://ads.avct.cloud/getuid?bounce=true&url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Dpubmatic
https://x.bidswitch.net/sync?dsp_id=59&user_id=e03d9768-41b7-46ed-84af-f2e9fcac96ae&ssp=pubmatic
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=05bfa50d-0886-46c4-9d02-fc7edb838539&gdpr=&gdpr_consent=&gdpr_pd=

1 B
745 B

58ms
55ms

Image
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=05bfa50d-0886-46c4-9d02-fc7edb838539&gdpr=&gdpr_consent=&gdpr_pd=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 04 Mar 2021 14:12:25 GMT
X-lat: lhrpug005:0:552
Server: nginx
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 1

Redirect headers

location: //simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=05bfa50d-0886-46c4-9d02-fc7edb838539&gdpr=&gdpr_consent=&gdpr_pd=
date: Thu, 04 Mar 2021 14:12:25 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H/1.1

200
OK

Pug
image2.pubmatic.com/AdServer/ Frame B498
Redirect Chain

https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=cAJw3CNTJ9RrVyCKJwJpiSBUfdRrBSaJIARUAdi3

42 B
1 KB

393ms
55ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=cAJw3CNTJ9RrVyCKJwJpiSBUfdRrBSaJIARUAdi3
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Cnection: close
Pragma: no-cache
Date: Thu, 04 Mar 2021 14:12:23 GMT
X-lat: Pug23048:0:371
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:12:24 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=cAJw3CNTJ9RrVyCKJwJpiSBUfdRrBSaJIARUAdi3
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/ Frame B498
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%...
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YEDqyQAAAJJamjoG&gdpr=0&gdpr_consent=&_test=YEDqyQAAAJJamjoG

1 B
809 B

56ms
55ms

Image
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YEDqyQAAAJJamjoG&gdpr=0&gdpr_consent=&_test=YEDqyQAAAJJamjoG
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 04 Mar 2021 14:12:25 GMT
X-lat: lhrpug001:0:464
Server: nginx
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 1

Redirect headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:12:25 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1614867145.332464,VS0,VE0
x-served-by: cache-fra19133-FRA
x-cache: HIT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YEDqyQAAAJJamjoG&gdpr=0&gdpr_consent=&_test=YEDqyQAAAJJamjoG
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H/1.1

200
OK

Pug
image2.pubmatic.com/AdServer/ Frame B498
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=no-consent&gdpr=1&gdpr_consent=

42 B
760 B

55ms
55ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=no-consent&gdpr=1&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 04 Mar 2021 14:12:25 GMT
X-lat: lhrpug012:0:426
Server: nginx
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:12:25 GMT
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=no-consent&gdpr=1&gdpr_consent=
cache-control: max-age=0,no-cache,no-store
content-length: 0
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H2 204 current
pubmatic-match.dotomi.com/match/bounce/ Frame B498 0
104 B 92ms
64ms Image
text/plain 2a02:fa8:8806:12::1400
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=AC76AAF7-12C1-41CE-966F-3CE7E39C1777&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1400 , United States, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:12:25 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/ Frame B498
Redirect Chain

https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:d4175ca0-1002-4489-b8f6-f04eafe5b8df&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw

42 B
505 B

55ms
55ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:d4175ca0-1002-4489-b8f6-f04eafe5b8df&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 04 Mar 2021 14:12:25 GMT
X-lat: lhrpug019:0:467
Server: nginx
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

Location: https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:d4175ca0-1002-4489-b8f6-f04eafe5b8df&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Date: Thu, 04 Mar 2021 14:12:25 GMT
Server: Apache/2.4.41 (Ubuntu)
Connection: Keep-Alive
Keep-Alive: timeout=5, max=3000
Content-Length: 0
P3P: policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/ Frame B498
Redirect Chain

https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=2316828148236591238

42 B
709 B

56ms
55ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=2316828148236591238
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Cnection: close
Pragma: no-cache
Date: Thu, 04 Mar 2021 14:12:25 GMT
X-lat: Pug23029:0:224
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

Pragma: no-cache
Date: Thu, 04 Mar 2021 14:12:25 GMT
X-Proxy-Origin: 89.238.186.243; 89.238.186.243; 724.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.135:80
AN-X-Request-Uuid: 4d248b2c-efbe-4c2e-bf75-a8569d0cb984
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=2316828148236591238
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/ Frame B498
Redirect Chain

https://rtb.gumgum.com/getuid/d1ba4609?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw%26piggybackCookie%3D
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw&piggybackCookie=e_b61d98e7-04c1-4156-ac1d-5d78f9ae0ca1

42 B
790 B

56ms
55ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw&piggybackCookie=e_b61d98e7-04c1-4156-ac1d-5d78f9ae0ca1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 04 Mar 2021 14:12:25 GMT
X-lat: lhrpug007:0:530
Server: nginx
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw&piggybackCookie=e_b61d98e7-04c1-4156-ac1d-5d78f9ae0ca1
date: Thu, 04 Mar 2021 14:12:25 GMT
p3p: CP="This is not a P3P policy"
server: nginx
timing-allow-origin: *
content-length: 0
content-language: en-US

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012101070013000/ Frame 0661 185 KB
53 KB 13ms
10ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0812a00aee80133b732c5cb2e0362ee2a52ae9f50c126d43e73f98163db9711f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 181131
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53820
x-xss-protection: 0
server: sffe
date: Tue, 02 Mar 2021 11:53:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "ee5348f2de7cdf64"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Mar 2022 11:53:33 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012101070013000/v0/ Frame 0661 12 KB
5 KB 10ms
7ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

981f6ac4a0eed80f6a40eef39d86ce7876f6e360d8b3a2f57f2617bb12895dc3

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 181131
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4559
x-xss-protection: 0
server: sffe
date: Tue, 02 Mar 2021 11:53:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "c3a321a15743f406"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Mar 2022 11:53:33 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012101070013000/v0/ Frame 0661 87 KB
27 KB 15ms
13ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c4024d5169b2506f3421052b45f5d66154de796baf2443d9326ac40107ce5cfb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 181131
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27206
x-xss-protection: 0
server: sffe
date: Tue, 02 Mar 2021 11:53:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1f991b6a8daa2b14"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Mar 2022 11:53:33 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012101070013000/v0/ Frame 0661 3 KB
1 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c7fa743da4cd37829cd0e7c02e877f094400036be87c8e1fd9d2c3f5f68a8fa5

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 181131
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1376
x-xss-protection: 0
server: sffe
date: Tue, 02 Mar 2021 11:53:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "512b909f94eb26fb"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Mar 2022 11:53:33 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012101070013000/v0/ Frame 0661 40 KB
13 KB 13ms
12ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

194a2819816bb760d4c5ba2ba825cf1926b853c821842697c3024ec74a36f66c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 181131
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12793
x-xss-protection: 0
server: sffe
date: Tue, 02 Mar 2021 11:53:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1e3ef417618f7e28"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Mar 2022 11:53:33 GMT

GET
DATA 200
OK truncated
/ Frame 0661 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ade84315e37d81262f9d447b70a0b44b84e24248626e11eca812d034348fda97

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 13797134990640235563
tpc.googlesyndication.com/simgad/ Frame 0661 50 KB
50 KB 13ms
9ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/13797134990640235563?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qkJdMhJHVKROjp5Rh5XJn1sAPItvQ

Requested by

Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ab6aeb86edbeff320da69ae4fbb0a3791dfe3107c17ac03737204b33232218d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 27 Feb 2021 15:24:45 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Feb 2021 14:11:08 GMT
server: sffe
age: 427659
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51113
x-xss-protection: 0
expires: Sun, 27 Feb 2022 15:24:45 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 0661 2 KB
3 KB 15ms
12ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 08:22:57 GMT
x-content-type-options: nosniff
server: cafe
age: 20967
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Fri, 05 Mar 2021 08:22:57 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 0661 295 B
424 B 12ms
9ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 03 Mar 2021 23:24:51 GMT
x-content-type-options: nosniff
server: cafe
age: 53253
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 04 Mar 2021 23:24:51 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 0661 0
0 18ms
15ms Image
text/html 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRYl_iWZMkk8rjw3J-E_9uvt5jzpgzWe2IpzgwGbaxzbyYypz9bOcxP93NrZ0PPkunk3Pk7DWHzMWCybVlmpQP332LA_w
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 0661 0
0 71ms
68ms Image
text/html 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CHA__yOpAYNaeI_7C7_UPw9uDaP_7g8xh_PHph50N4JrSr50SEAEg9PnGJWDM4e2B_C6gAePPmb8DyAEC4AIAqAMByAMIqgSfAk_QqE02CB0U3UViC7lNcnsgthmVGJ9E--XKOe61-Y9UDpfID-HY9G-CH-ypsbXCHb4vLpY3GHm2EZHdqVq4IZqEersZQDCryXAwrVYaNAY4JNC9nL0nZONsnAVo9Qa33OKF6FtledlREdfzCgW3JowidU7ildS4Ch-ABfpzl5vPaRdaWV7w9qRFr8ypmLk__d9AJvAr2lL3KeL0A67SCRjH2m7RsyP1ckQulGAwVmOabdzSZBaW5T16lGFjMW2oXItEjZfcpp4KRwBBF2X6OKl5cEolyo8V5CkGRwWIAnr7BFju7wSJLP8HqUCUspo57iockZ_scBIxLftcOlItbXx00SsZC4o4GMvQkiyE-A4S9uHujMCTSIloKvdp0yvpwATj3JeTxQLgBAGSBQQIBBgBkgUECAUYBKAGAoAH3faTMKgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAfIHBBCohBbSCAkIgOGAEBABGB3yCBthZHgtc3Vic3luLTQ0MTIzOTYxNzk1OTE3NDiACgPICwHYEwyyFxoKGAgAEhRwdWItNjM5Njg0NDc0MjQ5NzIwOA&sigh=Mkky8HPp3Fs&tpd=AGWhJmuKMSN0TvIBFMQuLlOYWGIOCPmObkYWykTqVXyTwBwcqQ
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s04-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 greenoaks.gif Show response
meterpreter.org/detroitchicago/ 0
65 B 36ms
34ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI1YWNkMTMyOC1mZmE2LTRiZDAtNzI4ZC00MWFjOTc2YTBjOTEiLCJkb21haW5faWQiOiIxMzMwMjUiLCJ0X2Vwb2NoIjoxNjE0ODY3MTM4LCJkYXRhIjpbeyJuYW1lIjoidGltZXJfZmlyc3RfYWRfbG9hZCIsInZhbCI6IjU4MzkifV19XQ==
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/detroitchicago/memphis.js?gcb=192-0&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:24 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 03 Mar 2021 14:12:24 UTC

GET
H2 200 army.gif Show response
meterpreter.org/porpoiseant/ 0
19 B 38ms
36ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjgxMjE1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLWJveC0zLTAiLCJ0X2Vwb2NoIjoxNjE0ODY3MTM4LCJhZF9wb3NpdGlvbiI6MTEwNSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNaIiwicGFnZXZpZXdfaWQiOiI1YWNkMTMyOC1mZmE2LTRiZDAtNzI4ZC00MWFjOTc2YTBjOTEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDQzNTUwLCJkYXRhIjpbeyJuYW1lIjoicmVmcmVzaF9jb3VudCIsInZhbCI6IjMifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY4MTIxNSIsImRvbWFpbl9pZCI6IjEzMzAyNSIsInVuaXQiOiJkaXYtZ3B0LWFkLW1ldGVycHJldGVyX29yZy1ib3gtMy0wIiwidF9lcG9jaCI6MTYxNDg2NzEzOCwiYWRfcG9zaXRpb24iOjExMDUsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDWiIsInBhZ2V2aWV3X2lkIjoiNWFjZDEzMjgtZmZhNi00YmQwLTcyOGQtNDFhYzk3NmEwYzkxIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzU1MCwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9iaWRfaGFzaCIsInZhbCI6IjhjNWZmZWZiMTIyZjU5YTY2YThiNzY3MmQ0NDUyYWYyIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2ODEyMTUiLCJkb21haW5faWQiOiIxMzMwMjUiLCJ1bml0IjoiZGl2LWdwdC1hZC1tZXRlcnByZXRlcl9vcmctYm94LTMtMCIsInRfZXBvY2giOjE2MTQ4NjcxMzgsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDM2LCJhZF9wb3NpdGlvbiI6MTEwNSwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAuMDAwMzYsImJpZF9mbG9vcl9wcmV2IjowLjAwMDYsInN0YXRfc291cmNlX2lkIjozNSwiY291bnRyeV9jb2RlIjoiQ1oiLCJwYWdldmlld19pZCI6IjVhY2QxMzI4LWZmYTYtNGJkMC03MjhkLTQxYWM5NzZhMGM5MSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1NTAsImRhdGEiOlt7Im5hbWUiOiJsb2FkZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2ODEyMTUiLCJkb21haW5faWQiOiIxMzMwMjUiLCJ1bml0IjoiZGl2LWdwdC1hZC1tZXRlcnByZXRlcl9vcmctYm94LTMtMCIsInRfZXBvY2giOjE2MTQ4NjcxMzgsImFkX3Bvc2l0aW9uIjoxMTA1LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ1oiLCJwYWdldmlld19pZCI6IjVhY2QxMzI4LWZmYTYtNGJkMC03MjhkLTQxYWM5NzZhMGM5MSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1NTAsImRhdGEiOlt7Im5hbWUiOiJjcmVhdGl2ZV9pZCIsInZhbCI6IjEzODMxMDA0MzU1MCJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjgxMjE1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLWJveC0zLTAiLCJ0X2Vwb2NoIjoxNjE0ODY3MTM4LCJhZF9wb3NpdGlvbiI6MTEwNSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNaIiwicGFnZXZpZXdfaWQiOiI1YWNkMTMyOC1mZmE2LTRiZDAtNzI4ZC00MWFjOTc2YTBjOTEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDQzNTUwLCJkYXRhIjpbeyJuYW1lIjoibGluZWl0ZW1faWQiLCJ2YWwiOiIyODY4NzI3NCJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/detroitchicago/memphis.js?gcb=192-0&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:24 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 03 Mar 2021 14:12:25 UTC

GET
H2 200 28687274 Show response
g.ezoic.net/dac/ 0
17 B 768ms
35ms XHR
text/plain 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/28687274
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/porpoiseant/banger.js?cb=192-0&bv=7&v=45&PageSpeed=off
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 04 Mar 2021 14:12:25 GMT
cache-control: max-age=3600, public
server: nginx/1.16.0
content-length: 0
vary: Accept-Encoding
content-type: text/plain

GET
H2 200 army.gif Show response
meterpreter.org/porpoiseant/ 0
19 B 37ms
37ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjgxMjE1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLWJveC0zLTAiLCJ0X2Vwb2NoIjoxNjE0ODY3MTM4LCJhZF9wb3NpdGlvbiI6MTEwNSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNaIiwicGFnZXZpZXdfaWQiOiI1YWNkMTMyOC1mZmE2LTRiZDAtNzI4ZC00MWFjOTc2YTBjOTEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDQzNTUwLCJkYXRhIjpbeyJuYW1lIjoidF9sb2NhbF9kYXRlIiwidmFsIjoiMjAyMS0wMy0wNCJ9LHsibmFtZSI6InRfbG9jYWxfaG91ciIsInZhbCI6IjE1In0seyJuYW1lIjoidF9sb2NhbF9kYXlfb2Zfd2VlayIsInZhbCI6IjQifSx7Im5hbWUiOiJ0X2xvY2FsX3RpbWV6b25lIiwidmFsIjoiLTYwIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/detroitchicago/memphis.js?gcb=192-0&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:24 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 03 Mar 2021 14:12:24 UTC

GET
H2 200 army.gif Show response
meterpreter.org/porpoiseant/ 0
42 B 36ms
35ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNjgxMjE1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLWJveC0zLTAiLCJ0X2Vwb2NoIjoxNjE0ODY3MTM4LCJhdWN0aW9uX2Vwb2NoIjoxNjE0ODY3MTQ1LCJhZF9wb3NpdGlvbiI6MTEwNSwiY291bnRyeV9jb2RlIjoiQ1oiLCJwYWdldmlld19pZCI6IjVhY2QxMzI4LWZmYTYtNGJkMC03MjhkLTQxYWM5NzZhMGM5MSIsImJpZF9mbG9vcl9pbml0aWFsIjoxMjAsImJpZF9mbG9vcl9wcmV2Ijo2MCwiYmlkX2Zsb29yX2ZpbGxlZCI6MzYsImF1Y3Rpb25fY291bnQiOjMsInJlZnJlc2hfYWRfY291bnQiOjAsImF1Y3Rpb25fZHVyYXRpb24iOjQxNiwibXVsdGlfYWRfdW5pdCI6MCwibXVsdGlfYWRfY291bnQiOjAsIm5ldHdvcmtfY29kZSI6MTI1NDE0NCwiZGF0YSI6W3sibmFtZSI6IiIsInZhbCI6IiJ9XSwibGluZV9pdGVtX2lkIjoyODY4NzI3NH1d
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/detroitchicago/memphis.js?gcb=192-0&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:24 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 03 Mar 2021 14:12:25 UTC

GET
H3-Q050 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012101070013000/ Frame 82DC 185 KB
53 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0812a00aee80133b732c5cb2e0362ee2a52ae9f50c126d43e73f98163db9711f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 181131
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53820
x-xss-protection: 0
server: sffe
date: Tue, 02 Mar 2021 11:53:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "ee5348f2de7cdf64"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Mar 2022 11:53:33 GMT

GET
H3-Q050 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012101070013000/v0/ Frame 82DC 12 KB
5 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

981f6ac4a0eed80f6a40eef39d86ce7876f6e360d8b3a2f57f2617bb12895dc3

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 181131
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4559
x-xss-protection: 0
server: sffe
date: Tue, 02 Mar 2021 11:53:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "c3a321a15743f406"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Mar 2022 11:53:33 GMT

GET
H3-Q050 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012101070013000/v0/ Frame 82DC 87 KB
27 KB 19ms
15ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c4024d5169b2506f3421052b45f5d66154de796baf2443d9326ac40107ce5cfb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 181131
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27206
x-xss-protection: 0
server: sffe
date: Tue, 02 Mar 2021 11:53:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1f991b6a8daa2b14"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Mar 2022 11:53:33 GMT

GET
H3-Q050 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012101070013000/v0/ Frame 82DC 3 KB
1 KB 10ms
8ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c7fa743da4cd37829cd0e7c02e877f094400036be87c8e1fd9d2c3f5f68a8fa5

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 181131
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1376
x-xss-protection: 0
server: sffe
date: Tue, 02 Mar 2021 11:53:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "512b909f94eb26fb"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Mar 2022 11:53:33 GMT

GET
H3-Q050 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012101070013000/v0/ Frame 82DC 40 KB
13 KB 21ms
19ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

194a2819816bb760d4c5ba2ba825cf1926b853c821842697c3024ec74a36f66c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 181131
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12793
x-xss-protection: 0
server: sffe
date: Tue, 02 Mar 2021 11:53:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1e3ef417618f7e28"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Mar 2022 11:53:33 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 82DC 2 KB
3 KB 11ms
9ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 08:22:57 GMT
x-content-type-options: nosniff
server: cafe
age: 20967
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Fri, 05 Mar 2021 08:22:57 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 82DC 295 B
389 B 11ms
8ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 03 Mar 2021 23:24:51 GMT
x-content-type-options: nosniff
server: cafe
age: 53253
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 04 Mar 2021 23:24:51 GMT

GET
DATA 200
OK truncated
/ Frame 82DC 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 90640f2d7240a0bafef3efc8d6675f01585e3e058bdaca9a0e1cd51b2a505927

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 7960997849757990645
tpc.googlesyndication.com/simgad/ Frame 82DC 63 KB
63 KB 35ms
13ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/7960997849757990645?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qlMCyr1SJ6Cfi36RJ6Z7P1O1S89Uw

Requested by

Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

014c30ebd662310c5d2686360b66afbfc9a64eb577329778da489b28b64f71e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 05:13:22 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Feb 2021 14:11:32 GMT
server: sffe
age: 291543
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 64071
x-xss-protection: 0
expires: Tue, 01 Mar 2022 05:13:22 GMT

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame 82DC 0
0 38ms
16ms Image
text/html 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRyMXojsTBt-UBicwzvSblnVImcY_b24rh_8oFCI_TBcqEua8N4C_vcnV9uoFkOVrY9iBa_3knJduSkoGVSCa2Yy2sLgg
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 82DC 0
0 88ms
68ms Image
text/html 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CF0V3yOpAYPi5I7Xd7_UP05GkwAr_-4PMYdz_6YedDeCa0q-dEhABIPT5xiVgzOHtgfwuoAHjz5m_A8gBAuACAKgDAcgDCKoEpAJP0LSq9iuPXm6eg0iVd6gO9KF-TNITB2zocKXIJCtRTlYoojaAu5srgf_UBL2JL7jwkreSHjlge6oH4cxpqRDynp8ioDPtEdZNb6qzWX-P5JJlSTQH856JJkaNL7B1-WMjomSuLoa9CViRLPU8yg7DsrpzyUtW0MZk1yKo0HA2xeTG4g8xkYHt5BUp2r6614NZ1NXe8ykncAS8W7pNJrh3CMawh9wjNgWAHZUyewjRWNwfcynI3qX9azAYo2rdc8azMKTaVEFnW-9NkqYnmd_sWrvZw7hwUZegmovHXI1s15FIPTGRSGNipBzAucoicgZurgUGL9s4RgFUqpcdokUGQhm36yL7TpsRRw5M70GeuM8-IfRZOkpybKHfchbXaoX-V7m3wATj3JeTxQLgBAGSBQQIBBgBkgUECAUYBKAGAoAH3faTMKgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAfIHBBCn9RrSCAkIgOGAEBABGB3yCBthZHgtc3Vic3luLTQ0MTIzOTYxNzk1OTE3NDiACgPICwHYEwyyFxoKGAgAEhRwdWItNjM5Njg0NDc0MjQ5NzIwOA&sigh=9esWWCUaPMw&tpd=AGWhJmvXOq-6rayhdbYNQIxsc4KOg0FKmxWU9BetwLzmin-qGg
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s04-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 army.gif Show response
meterpreter.org/porpoiseant/ 0
42 B 65ms
57ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzQ3MjE1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLWJveC0yLTAiLCJ0X2Vwb2NoIjoxNjE0ODY3MTM4LCJhZF9wb3NpdGlvbiI6MTExMCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNaIiwicGFnZXZpZXdfaWQiOiI1YWNkMTMyOC1mZmE2LTRiZDAtNzI4ZC00MWFjOTc2YTBjOTEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MjA4NjExMDk1LCJkYXRhIjpbeyJuYW1lIjoicmVmcmVzaF9jb3VudCIsInZhbCI6IjMifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6Ijc0NzIxNSIsImRvbWFpbl9pZCI6IjEzMzAyNSIsInVuaXQiOiJkaXYtZ3B0LWFkLW1ldGVycHJldGVyX29yZy1ib3gtMi0wIiwidF9lcG9jaCI6MTYxNDg2NzEzOCwiYWRfcG9zaXRpb24iOjExMTAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDWiIsInBhZ2V2aWV3X2lkIjoiNWFjZDEzMjgtZmZhNi00YmQwLTcyOGQtNDFhYzk3NmEwYzkxIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODIwODYxMTA5NSwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9iaWRfaGFzaCIsInZhbCI6ImE5MjhjZjJjM2FkMzZmNWU5ZWQyZDkwZjY1NWMxZGM5In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3NDcyMTUiLCJkb21haW5faWQiOiIxMzMwMjUiLCJ1bml0IjoiZGl2LWdwdC1hZC1tZXRlcnByZXRlcl9vcmctYm94LTItMCIsInRfZXBvY2giOjE2MTQ4NjcxMzgsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDQ0LCJhZF9wb3NpdGlvbiI6MTExMCwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAuMDAwNDQsImJpZF9mbG9vcl9wcmV2IjowLjAwMDYsInN0YXRfc291cmNlX2lkIjozNSwiY291bnRyeV9jb2RlIjoiQ1oiLCJwYWdldmlld19pZCI6IjVhY2QxMzI4LWZmYTYtNGJkMC03MjhkLTQxYWM5NzZhMGM5MSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgyMDg2MTEwOTUsImRhdGEiOlt7Im5hbWUiOiJsb2FkZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3NDcyMTUiLCJkb21haW5faWQiOiIxMzMwMjUiLCJ1bml0IjoiZGl2LWdwdC1hZC1tZXRlcnByZXRlcl9vcmctYm94LTItMCIsInRfZXBvY2giOjE2MTQ4NjcxMzgsImFkX3Bvc2l0aW9uIjoxMTEwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ1oiLCJwYWdldmlld19pZCI6IjVhY2QxMzI4LWZmYTYtNGJkMC03MjhkLTQxYWM5NzZhMGM5MSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgyMDg2MTEwOTUsImRhdGEiOlt7Im5hbWUiOiJjcmVhdGl2ZV9pZCIsInZhbCI6IjEzODIwODYxMTA5NSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzQ3MjE1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLWJveC0yLTAiLCJ0X2Vwb2NoIjoxNjE0ODY3MTM4LCJhZF9wb3NpdGlvbiI6MTExMCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNaIiwicGFnZXZpZXdfaWQiOiI1YWNkMTMyOC1mZmE2LTRiZDAtNzI4ZC00MWFjOTc2YTBjOTEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MjA4NjExMDk1LCJkYXRhIjpbeyJuYW1lIjoibGluZWl0ZW1faWQiLCJ2YWwiOiIyODY4NzI3NCJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/detroitchicago/memphis.js?gcb=192-0&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:25 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 03 Mar 2021 14:12:25 UTC

GET
H2 200 28687274 Show response
g.ezoic.net/dac/ 0
93 B 693ms
34ms XHR
text/plain 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/28687274
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/porpoiseant/banger.js?cb=192-0&bv=7&v=45&PageSpeed=off
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 04 Mar 2021 14:12:25 GMT
cache-control: max-age=3600, public
server: nginx/1.16.0
content-length: 0
vary: Accept-Encoding
content-type: text/plain

GET
H2 200 army.gif Show response
meterpreter.org/porpoiseant/ 0
19 B 62ms
57ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzQ3MjE1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLWJveC0yLTAiLCJ0X2Vwb2NoIjoxNjE0ODY3MTM4LCJhZF9wb3NpdGlvbiI6MTExMCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNaIiwicGFnZXZpZXdfaWQiOiI1YWNkMTMyOC1mZmE2LTRiZDAtNzI4ZC00MWFjOTc2YTBjOTEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MjA4NjExMDk1LCJkYXRhIjpbeyJuYW1lIjoidF9sb2NhbF9kYXRlIiwidmFsIjoiMjAyMS0wMy0wNCJ9LHsibmFtZSI6InRfbG9jYWxfaG91ciIsInZhbCI6IjE1In0seyJuYW1lIjoidF9sb2NhbF9kYXlfb2Zfd2VlayIsInZhbCI6IjQifSx7Im5hbWUiOiJ0X2xvY2FsX3RpbWV6b25lIiwidmFsIjoiLTYwIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/detroitchicago/memphis.js?gcb=192-0&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:25 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 03 Mar 2021 14:12:25 UTC

GET
H2 200 army.gif Show response
meterpreter.org/porpoiseant/ 0
19 B 61ms
57ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNzQ3MjE1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLWJveC0yLTAiLCJ0X2Vwb2NoIjoxNjE0ODY3MTM4LCJhdWN0aW9uX2Vwb2NoIjoxNjE0ODY3MTQ1LCJhZF9wb3NpdGlvbiI6MTExMCwiY291bnRyeV9jb2RlIjoiQ1oiLCJwYWdldmlld19pZCI6IjVhY2QxMzI4LWZmYTYtNGJkMC03MjhkLTQxYWM5NzZhMGM5MSIsImJpZF9mbG9vcl9pbml0aWFsIjoxMjAsImJpZF9mbG9vcl9wcmV2Ijo2MCwiYmlkX2Zsb29yX2ZpbGxlZCI6NDQsImF1Y3Rpb25fY291bnQiOjMsInJlZnJlc2hfYWRfY291bnQiOjAsImF1Y3Rpb25fZHVyYXRpb24iOjQ1MCwibXVsdGlfYWRfdW5pdCI6MCwibXVsdGlfYWRfY291bnQiOjMsIm5ldHdvcmtfY29kZSI6MTI1NDE0NCwiZGF0YSI6W3sibmFtZSI6IiIsInZhbCI6IiJ9XSwibGluZV9pdGVtX2lkIjoyODY4NzI3NH1d
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/detroitchicago/memphis.js?gcb=192-0&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:25 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 03 Mar 2021 14:12:24 UTC

GET
H3-Q050 200 integrator.js Show response
adservice.google.cz/adsid/ 107 B
146 B 23ms
22ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.cz/adsid/integrator.js?domain=meterpreter.org

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 14:12:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
146 B 23ms
21ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=meterpreter.org

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 14:12:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 337 B
171 B 328ms
319ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4438153568304686&correlator=1433752327992334&output=ldjh&impl=fif&eid=31060337&vrg=2021030301&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cmeterpreter_org-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=336x280&ris=1&rcs=3&prev_scp=iid8%3D723215%26t%3D134%26d%3D133025%26t1%3D134%26pvc%3D0%26ap%3D1114%26sap%3D1114%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod51%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D5%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26gala%3D2709606%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dmeterpreter_org-box-1-723215%26eb_br%3Daf063c244089b52ec5a0423a258f1f8e%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4493741254%26bv%3D0%26bvm%3D1%26bvr%3D4%26shp%3D2%26ftsn%3D3%26acptad%3D1%26br1%3D140%26br2%3D100%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%252C0%252C28%252C38%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D20%2C21%2C22%2C23%2C24%2C25%2C26%2C17%2C17%26ax_ssid%3D10082%26lb%3D160%26reqt%3D1614867145054&eri=1&cookie=ID%3D9d0115fec06010e5%3AT%3D1614867144%3AS%3DALNI_MZZay_yPihGuKyzBagw9KCXvi0y6w&bc=31&abxe=1&lmt=1614867145&dt=1614867145061&dlt=1614867139095&idt=1477&frm=20&biw=1600&bih=1200&oid=3&adxs=1180&adys=713&adks=1478526462&ucis=l&ifi=21&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fmeterpreter.org%2Fgoogle-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome%2F&ref=https%3A%2F%2Ft.co%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=336x294&msz=336x280&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1657587250.1614867140&ga_sid=1614867141&ga_hid=963913986&ga_fc=false&fws=4&ohw=340&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

84e9bc00d0fb6c585eb8e5bb05d7e12bc6d10b794a9d5554cd9606fef43408d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:25 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 137
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://meterpreter.org
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 0661
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

40ms
40ms

Image
text/html

2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Redirect headers

date: Thu, 04 Mar 2021 14:12:25 GMT
x-content-type-options: nosniff
server: safe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 340 B
350 B 343ms
342ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4438153568304686&correlator=3969085443783594&output=ldjh&impl=fif&eid=31060337&vrg=2021030301&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cmeterpreter_org-leader-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=336x280&ris=1&rcs=3&prev_scp=iid7%3D693365%26t%3D134%26d%3D133025%26t1%3D134%26pvc%3D0%26ap%3D1140%26sap%3D1140%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod51%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26gala%3D2709606%26rid%3D99998%26pt%3D37%26al%3D1037%26compid%3D0%26tap%3Dmeterpreter_org-leader-1-693365%26eb_br%3Daf063c244089b52ec5a0423a258f1f8e%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4493741254%26bv%3D0%26bvm%3D3%26bvr%3D6%26shp%3D1%26ftsn%3D3%26br1%3D140%26br2%3D90%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D20%2C21%2C22%2C23%2C24%2C25%2C26%2C17%2C17%26ax_ssid%3D10082%26lb%3D140%26reqt%3D1614867145123&eri=1&cookie=ID%3D9d0115fec06010e5%3AT%3D1614867144%3AS%3DALNI_MZZay_yPihGuKyzBagw9KCXvi0y6w&bc=31&abxe=1&lmt=1614867145&dt=1614867145127&dlt=1614867139095&idt=1477&frm=20&biw=1600&bih=1200&oid=3&adxs=140&adys=1044&adks=3122800426&ucis=m&ifi=22&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fmeterpreter.org%2Fgoogle-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome%2F&ref=https%3A%2F%2Ft.co%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=880x280&msz=880x280&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1657587250.1614867140&ga_sid=1614867141&ga_hid=963913986&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

3c225772f0000aaa760411d6e17b761db5b82c0d06c77b3b34635cd13c88f5a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:25 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 138
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://meterpreter.org
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 337 B
298 B 382ms
380ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4438153568304686&correlator=3153669387842441&output=ldjh&impl=fif&eid=31060337&vrg=2021030301&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cmeterpreter_org-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=3&prev_scp=iid8%3D747215%26t%3D134%26d%3D133025%26t1%3D134%26pvc%3D0%26ap%3D1110%26sap%3D1110%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod51%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D3%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26gala%3D2709606%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dmeterpreter_org-box-2-747215%26eb_br%3D674294a1b21a1e89fc99c14c9b17be44%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4493741254%26bv%3D19%26bvm%3D0%26bvr%3D9%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D28%26br2%3D60%26ezoic%3D1%26nmau%3D3%26mau%3D2%26stl%3D34%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D17%2C20%2C21%2C22%2C23%2C24%2C25%2C26%2C19%2C19%2C19%26ax_ssid%3D10082%26lb%3D44%26reqt%3D1614867145132&eri=1&cookie=ID%3D9d0115fec06010e5%3AT%3D1614867144%3AS%3DALNI_MZZay_yPihGuKyzBagw9KCXvi0y6w&bc=31&abxe=1&lmt=1614867145&dt=1614867145136&dlt=1614867139095&idt=1477&frm=20&biw=1600&bih=1200&oid=3&adxs=792&adys=319&adks=721207144&ucis=n&ifi=23&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fmeterpreter.org%2Fgoogle-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome%2F&ref=https%3A%2F%2Ft.co%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=323x250&msz=323x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1657587250.1614867140&ga_sid=1614867141&ga_hid=963913986&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

2e91355fb3ae5659978874f80fe6ac0723d7156499e9a48cac8fa4e0a86dd478

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:25 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 138
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://meterpreter.org
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 43 KB
11 KB 351ms
350ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4438153568304686&correlator=391064843287841&output=ldjh&impl=fif&eid=31060337&vrg=2021030301&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cmeterpreter_org-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=3&prev_scp=iid8%3D747215%26t%3D134%26d%3D133025%26t1%3D134%26pvc%3D0%26ap%3D1110%26sap%3D1110%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod51%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D2%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26gala%3D2709606%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dmeterpreter_org-box-2-747215%26eb_br%3D674294a1b21a1e89fc99c14c9b17be44%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4493741254%26bv%3D19%26bvm%3D0%26bvr%3D9%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D28%26br2%3D60%26ezoic%3D1%26nmau%3D3%26mau%3D1%26stl%3D34%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D17%2C20%2C21%2C22%2C23%2C24%2C25%2C26%2C19%2C19%2C19%26ax_ssid%3D10082%26lb%3D44%26reqt%3D1614867145148&eri=1&cookie=ID%3D9d0115fec06010e5%3AT%3D1614867144%3AS%3DALNI_MZZay_yPihGuKyzBagw9KCXvi0y6w&bc=31&abxe=1&lmt=1614867145&dt=1614867145151&dlt=1614867139095&idt=1477&frm=20&biw=1600&bih=1200&oid=3&adxs=469&adys=319&adks=4043077312&ucis=o&ifi=24&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fmeterpreter.org%2Fgoogle-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome%2F&ref=https%3A%2F%2Ft.co%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=323x250&msz=323x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1657587250.1614867140&ga_sid=1614867141&ga_hid=963913986&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

96054c09a65a26e54f43e6ffd6c4776ce18a6ed3e3e556223300769f753df110

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:25 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10782
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://meterpreter.org
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 82DC
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

15ms
14ms

Image
text/html

2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Redirect headers

date: Thu, 04 Mar 2021 14:12:25 GMT
x-content-type-options: nosniff
server: safe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0

GET
H3-Q050 200 7960997849757990645
tpc.googlesyndication.com/simgad/ Frame 82DC 63 KB
63 KB 7ms
6ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/7960997849757990645?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qlMCyr1SJ6Cfi36RJ6Z7P1O1S89Uw

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

014c30ebd662310c5d2686360b66afbfc9a64eb577329778da489b28b64f71e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 05:13:22 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Feb 2021 14:11:32 GMT
server: sffe
age: 291543
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 64071
x-xss-protection: 0
expires: Tue, 01 Mar 2022 05:13:22 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 82DC 2 KB
2 KB 7ms
7ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 08:22:57 GMT
x-content-type-options: nosniff
server: cafe
age: 20968
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Fri, 05 Mar 2021 08:22:57 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 82DC 295 B
326 B 7ms
7ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 03 Mar 2021 23:24:51 GMT
x-content-type-options: nosniff
server: cafe
age: 53254
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 04 Mar 2021 23:24:51 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 82DC 0
331 B 441ms
126ms Other
image/gif 2607:f8b0:4009:80d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?s=ampad&ctx=2&puid=1~1614867145328&qqid=CPi9jPTolu8CFbXuuwgd0wgJqA&rt=any.link.4.u.k.9.0.0.15kc.15j0~any.script.5.c.3.8.0.0.3ld.3in~any.script.5.u.b.f.0.0.l12.kzq~any.script.5.j.7.8.0.0.13j.128~any.script.6.t.6.j.0.0.9wp.9vd~any.img.7.j.7.9.0.0.205.1xi~any.img.7.j.7.8.0.0.at.87~any.img.9.18.7.d.0.0.1diq.1dfr~any.img.a.14.1e.0.0.0.0.0~any.img.a.2k.2u.0.0.0.0.0~any.img.7s.9.2.6.0.0.1dhs.1dfr~any.img.7s.9.1.7.0.0.1yc.1xi~any.img.7t.9.1.7.0.0.92.87~any.img.8i.f.8x.0.0.0.0.0&met.a4a=dcl.0~ol.256~nvs.1614867144968~ini.1614867145329
Requested by: Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012101070013000/v0/amp-analytics-0.1.mjs
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4009:80d::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:12:25 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 integrator.js Show response
adservice.google.cz/adsid/ 107 B
123 B 15ms
15ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.cz/adsid/integrator.js?domain=meterpreter.org

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 14:12:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
123 B 16ms
15ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=meterpreter.org

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 14:12:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 345 B
179 B 248ms
247ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4438153568304686&correlator=3115592760745609&output=ldjh&impl=fif&eid=31060337&vrg=2021030301&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cmeterpreter_org-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90&ris=2&rcs=2&prev_scp=iid7%3D681215%26t%3D134%26d%3D133025%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26a%3D%257C253%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod51%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D4%26reft%3Dn%26refs%3D30%26ga%3D2497208%26gala%3D2709606%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dmeterpreter_org-medrectangle-2-681215%26eb_br%3D3530fcb6bcc13dc3c1712eaef7d92700%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4493741254%26bv%3D0%26bvm%3D1%26bvr%3D7%26shp%3D1%26ftsn%3D3%26br1%3D160%26br2%3D100%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%252C36%252C28%252C67%252C45%252C0%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D20%2C21%2C22%2C23%2C24%2C25%2C26%2C17%26ax_ssid%3D10082%26lb%3D180%26reqt%3D1614867144457&eri=1&cookie=ID%3D9d0115fec06010e5%3AT%3D1614867144%3AS%3DALNI_MZZay_yPihGuKyzBagw9KCXvi0y6w&bc=31&abxe=1&lmt=1614867145&dt=1614867145461&dlt=1614867139095&idt=1477&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=1104&adks=428325072&ucis=p&ifi=25&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fmeterpreter.org%2Fgoogle-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome%2F&ref=https%3A%2F%2Ft.co%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x-1&msz=970x-1&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1657587250.1614867140&ga_sid=1614867141&ga_hid=963913986&ga_fc=false&fws=512&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

5e23f5e776f642a389256a65023919d6abec2ca6b77c8260bd58579f4a146889

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:25 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 145
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://meterpreter.org
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012101070013000/ Frame 4A14 185 KB
53 KB 12ms
9ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0812a00aee80133b732c5cb2e0362ee2a52ae9f50c126d43e73f98163db9711f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 181132
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53820
x-xss-protection: 0
server: sffe
date: Tue, 02 Mar 2021 11:53:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "ee5348f2de7cdf64"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Mar 2022 11:53:33 GMT

GET
H3-Q050 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012101070013000/v0/ Frame 4A14 12 KB
4 KB 10ms
7ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

981f6ac4a0eed80f6a40eef39d86ce7876f6e360d8b3a2f57f2617bb12895dc3

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 181132
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4559
x-xss-protection: 0
server: sffe
date: Tue, 02 Mar 2021 11:53:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "c3a321a15743f406"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Mar 2022 11:53:33 GMT

GET
H3-Q050 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012101070013000/v0/ Frame 4A14 87 KB
27 KB 13ms
11ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c4024d5169b2506f3421052b45f5d66154de796baf2443d9326ac40107ce5cfb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 181132
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27206
x-xss-protection: 0
server: sffe
date: Tue, 02 Mar 2021 11:53:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1f991b6a8daa2b14"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Mar 2022 11:53:33 GMT

GET
H3-Q050 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012101070013000/v0/ Frame 4A14 3 KB
1 KB 12ms
10ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c7fa743da4cd37829cd0e7c02e877f094400036be87c8e1fd9d2c3f5f68a8fa5

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 181132
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1376
x-xss-protection: 0
server: sffe
date: Tue, 02 Mar 2021 11:53:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "512b909f94eb26fb"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Mar 2022 11:53:33 GMT

GET
H3-Q050 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012101070013000/v0/ Frame 4A14 40 KB
13 KB 12ms
11ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

194a2819816bb760d4c5ba2ba825cf1926b853c821842697c3024ec74a36f66c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 181132
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12793
x-xss-protection: 0
server: sffe
date: Tue, 02 Mar 2021 11:53:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1e3ef417618f7e28"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Mar 2022 11:53:33 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 4A14 2 KB
2 KB 9ms
8ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 08:22:57 GMT
x-content-type-options: nosniff
server: cafe
age: 20968
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Fri, 05 Mar 2021 08:22:57 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 4A14 295 B
321 B 9ms
9ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 03 Mar 2021 23:24:51 GMT
x-content-type-options: nosniff
server: cafe
age: 53254
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 04 Mar 2021 23:24:51 GMT

GET
DATA 200
OK truncated
/ Frame 4A14 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8724b0dd1b2ea8421b456b51bb1594abaf4ae961d9ef7f80e19ae215cd826085

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 456464991977996881
tpc.googlesyndication.com/simgad/ Frame 4A14 52 KB
52 KB 11ms
10ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/456464991977996881?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qny4X8Dmn5g0DUahYXjDgRRqs5YfA

Requested by

Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

db992becefd2fd7f128735611af655c1a01d5fd8b26edf010cd10afaf1ba4755

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 05:50:15 GMT
x-content-type-options: nosniff
last-modified: Mon, 01 Feb 2021 15:58:50 GMT
server: sffe
age: 30130
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52839
x-xss-protection: 0
expires: Fri, 04 Mar 2022 05:50:15 GMT

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame 4A14 0
0 15ms
14ms Image
text/html 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTd3B1XrmRxj4z9B1hOAT3_5r0hCDzPpIbSiO_EJvsAYRfE_DM7xAA0_GNqABtjUm_hapnB9QfZlgXRnuVuuvQc0HEv2Q
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 4A14 0
0 71ms
66ms Image
text/html 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CQZBEyepAYOurDJ3P7_UP7OuCsAr-xJawYcuA3vmWDcjwze6rCRABIPT5xiVgzOHtgfwuoAHVvtTUA8gBAqkCNaJgRDy8aD7gAgCoAwHIAwiqBKYCT9D2_dOkKi0BoPCqHWmaHtYHNNzEK0pwMnI34RGWntRrYStFsRyYrH_8vsMErBkEWllpmJQlvtXqFroJZilwF-dsxMUn34eG9CZzN1uw-joJ-tWsmxXHtCVl4Y2PjJyaa6l5-vxXkC4GtVOGMZEOjgrrD6d8qW3GOb_OInLOVmiD3nBoK__7R5ko4iZst9uOVbwBM0o3rg117y5BuHO0FqDuEbxxTkJhPXlW4e2fcycHdg4i45PzbxAjqK8GcqB7FXf6p8N5xU_CQuWuaAQAM-9ivJplLNtdDyTh52WNUuF9fNdd0Vp8yZzKV3aBR5ZatoXZm0-ZvhBehYmGr46xPEzsntFq61q-gyUOido9Pt6GuUPB1tMwXGTimVL2JgzwptMhedsHwAS-kcKusAPgBAGgBgKAB5PBqyuoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwHyBwQQp5MR0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi00NDEyMzk2MTc5NTkxNzQ4gAoDyAsB2BMDmBYBshcaChgIABIUcHViLTYzOTY4NDQ3NDI0OTcyMDg&sigh=f1KdCXCJ6uk&tpd=AGWhJmtoLbeSH_ZIpPTZfaNXnTnBTyg7XpJYw_4tLRAYKOYj2g
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s04-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 army.gif Show response
meterpreter.org/porpoiseant/ 0
19 B 37ms
35ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzQ3MjE1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLWJveC0yLTBfMSIsInRfZXBvY2giOjE2MTQ4NjcxMzgsImFkX3Bvc2l0aW9uIjoxMTEwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ1oiLCJwYWdldmlld19pZCI6IjVhY2QxMzI4LWZmYTYtNGJkMC03MjhkLTQxYWM5NzZhMGM5MSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgyMDg2MTEwOTUsImRhdGEiOlt7Im5hbWUiOiJyZWZyZXNoX2NvdW50IiwidmFsIjoiNCJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzQ3MjE1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLWJveC0yLTBfMSIsInRfZXBvY2giOjE2MTQ4NjcxMzgsImFkX3Bvc2l0aW9uIjoxMTEwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ1oiLCJwYWdldmlld19pZCI6IjVhY2QxMzI4LWZmYTYtNGJkMC03MjhkLTQxYWM5NzZhMGM5MSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgyMDg2MTEwOTUsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfYmlkX2hhc2giLCJ2YWwiOiI2NzQyOTRhMWIyMWExZTg5ZmM5OWMxNGM5YjE3YmU0NCJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzQ3MjE1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLWJveC0yLTBfMSIsInRfZXBvY2giOjE2MTQ4NjcxMzgsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDI4LCJhZF9wb3NpdGlvbiI6MTExMCwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAuMDAwMjgsImJpZF9mbG9vcl9wcmV2IjowLjAwMDQ0LCJzdGF0X3NvdXJjZV9pZCI6MzUsImNvdW50cnlfY29kZSI6IkNaIiwicGFnZXZpZXdfaWQiOiI1YWNkMTMyOC1mZmE2LTRiZDAtNzI4ZC00MWFjOTc2YTBjOTEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MjA4NjExMDk1LCJkYXRhIjpbeyJuYW1lIjoibG9hZGVkIiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzQ3MjE1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLWJveC0yLTBfMSIsInRfZXBvY2giOjE2MTQ4NjcxMzgsImFkX3Bvc2l0aW9uIjoxMTEwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ1oiLCJwYWdldmlld19pZCI6IjVhY2QxMzI4LWZmYTYtNGJkMC03MjhkLTQxYWM5NzZhMGM5MSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgyMDg2MTEwOTUsImRhdGEiOlt7Im5hbWUiOiJjcmVhdGl2ZV9pZCIsInZhbCI6IjEzODIwODYxMTA5NSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzQ3MjE1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLWJveC0yLTBfMSIsInRfZXBvY2giOjE2MTQ4NjcxMzgsImFkX3Bvc2l0aW9uIjoxMTEwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ1oiLCJwYWdldmlld19pZCI6IjVhY2QxMzI4LWZmYTYtNGJkMC03MjhkLTQxYWM5NzZhMGM5MSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgyMDg2MTEwOTUsImRhdGEiOlt7Im5hbWUiOiJsaW5laXRlbV9pZCIsInZhbCI6IjI4Njg3Mjc0In1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/detroitchicago/memphis.js?gcb=192-0&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:25 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 03 Mar 2021 14:12:25 UTC

GET
H2 200 28687274 Show response
g.ezoic.net/dac/ 0
17 B 168ms
36ms XHR
text/plain 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/28687274
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/porpoiseant/banger.js?cb=192-0&bv=7&v=45&PageSpeed=off
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 04 Mar 2021 14:12:25 GMT
cache-control: max-age=3600, public
server: nginx/1.16.0
content-length: 0
vary: Accept-Encoding
content-type: text/plain

GET
H2 200 army.gif Show response
meterpreter.org/porpoiseant/ 0
19 B 39ms
38ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzQ3MjE1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLWJveC0yLTBfMSIsInRfZXBvY2giOjE2MTQ4NjcxMzgsImFkX3Bvc2l0aW9uIjoxMTEwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ1oiLCJwYWdldmlld19pZCI6IjVhY2QxMzI4LWZmYTYtNGJkMC03MjhkLTQxYWM5NzZhMGM5MSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgyMDg2MTEwOTUsImRhdGEiOlt7Im5hbWUiOiJ0X2xvY2FsX2RhdGUiLCJ2YWwiOiIyMDIxLTAzLTA0In0seyJuYW1lIjoidF9sb2NhbF9ob3VyIiwidmFsIjoiMTUifSx7Im5hbWUiOiJ0X2xvY2FsX2RheV9vZl93ZWVrIiwidmFsIjoiNCJ9LHsibmFtZSI6InRfbG9jYWxfdGltZXpvbmUiLCJ2YWwiOiItNjAifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/detroitchicago/memphis.js?gcb=192-0&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:25 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 03 Mar 2021 14:12:25 UTC

GET
H2 200 army.gif Show response
meterpreter.org/porpoiseant/ 0
19 B 38ms
37ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNzQ3MjE1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLWJveC0yLTBfMSIsInRfZXBvY2giOjE2MTQ4NjcxMzgsImF1Y3Rpb25fZXBvY2giOjE2MTQ4NjcxNDYsImFkX3Bvc2l0aW9uIjoxMTEwLCJjb3VudHJ5X2NvZGUiOiJDWiIsInBhZ2V2aWV3X2lkIjoiNWFjZDEzMjgtZmZhNi00YmQwLTcyOGQtNDFhYzk3NmEwYzkxIiwiYmlkX2Zsb29yX2luaXRpYWwiOjEyMCwiYmlkX2Zsb29yX3ByZXYiOjQ0LCJiaWRfZmxvb3JfZmlsbGVkIjoyOCwiYXVjdGlvbl9jb3VudCI6NCwicmVmcmVzaF9hZF9jb3VudCI6MCwiYXVjdGlvbl9kdXJhdGlvbiI6Mzc1LCJtdWx0aV9hZF91bml0IjoxLCJtdWx0aV9hZF9jb3VudCI6MywibmV0d29ya19jb2RlIjoxMjU0MTQ0LCJkYXRhIjpbeyJuYW1lIjoiIiwidmFsIjoiIn1dLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0fV0=
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/detroitchicago/memphis.js?gcb=192-0&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:25 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 03 Mar 2021 14:12:25 UTC

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame FD6D 0
747 B 47ms
46ms Script
text/html 185.33.220.242
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.242 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

724.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 04 Mar 2021 14:12:25 GMT
X-Proxy-Origin: 89.238.186.243; 89.238.186.243; 724.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.155:80
AN-X-Request-Uuid: ced72be4-c4e0-4c08-a6d6-098ecb037e72
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3-Q050

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 4A14
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

15ms
15ms

Image
text/html

2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Redirect headers

date: Thu, 04 Mar 2021 14:12:25 GMT
x-content-type-options: nosniff
server: safe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.cz/adsid/ 107 B
123 B 20ms
18ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.cz/adsid/integrator.js?domain=meterpreter.org

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 14:12:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
123 B 18ms
17ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=meterpreter.org

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 14:12:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 337 B
167 B 227ms
227ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4438153568304686&correlator=2198176316344134&output=ldjh&impl=fif&eid=31060337&vrg=2021030301&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cmeterpreter_org-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=336x280&ris=1&rcs=4&prev_scp=iid8%3D723215%26t%3D134%26d%3D133025%26t1%3D134%26pvc%3D0%26ap%3D1114%26sap%3D1114%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod51%26ic%3D5%26at%3Dmbf%26adr%3D399%26ezosn%3D5%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26gala%3D2709606%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dmeterpreter_org-box-1-723215%26eb_br%3D58ef7bddb438af5e257c4377f32c243a%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4493741254%26bv%3D0%26bvm%3D1%26bvr%3D4%26shp%3D2%26ftsn%3D3%26acptad%3D1%26br1%3D120%26br2%3D100%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%252C0%252C28%252C38%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D20%2C21%2C22%2C23%2C24%2C25%2C26%2C17%2C17%2C17%26ax_ssid%3D10082%26lb%3D140%26reqt%3D1614867145589&eri=1&cookie=ID%3D9d0115fec06010e5%3AT%3D1614867144%3AS%3DALNI_MZZay_yPihGuKyzBagw9KCXvi0y6w&bc=31&abxe=1&lmt=1614867145&dt=1614867145594&dlt=1614867139095&idt=1477&frm=20&biw=1600&bih=1200&oid=3&adxs=1180&adys=713&adks=1478526462&ucis=q&ifi=26&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fmeterpreter.org%2Fgoogle-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome%2F&ref=https%3A%2F%2Ft.co%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=336x294&msz=336x280&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1657587250.1614867140&ga_sid=1614867141&ga_hid=963913986&ga_fc=false&fws=4&ohw=340&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

a21df33790cc47da6bce078e580ba6dba0de907d4c4d871bb86d96acc0e98202

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:25 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 137
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://meterpreter.org
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 340 B
167 B 248ms
247ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4438153568304686&correlator=3397210193292787&output=ldjh&impl=fif&eid=31060337&vrg=2021030301&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cmeterpreter_org-leader-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=336x280&ris=1&rcs=4&prev_scp=iid7%3D693365%26t%3D134%26d%3D133025%26t1%3D134%26pvc%3D0%26ap%3D1140%26sap%3D1140%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod51%26ic%3D5%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26gala%3D2709606%26rid%3D99998%26pt%3D37%26al%3D1037%26compid%3D0%26tap%3Dmeterpreter_org-leader-1-693365%26eb_br%3Da495ce7dbb4cefcd3e0a722048894f41%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4493741254%26bv%3D0%26bvm%3D3%26bvr%3D6%26shp%3D1%26ftsn%3D3%26br1%3D100%26br2%3D90%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D20%2C21%2C22%2C23%2C24%2C25%2C26%2C17%2C17%2C17%26ax_ssid%3D10082%26lb%3D140%26reqt%3D1614867145633&eri=1&cookie=ID%3D9d0115fec06010e5%3AT%3D1614867144%3AS%3DALNI_MZZay_yPihGuKyzBagw9KCXvi0y6w&bc=31&abxe=1&lmt=1614867145&dt=1614867145637&dlt=1614867139095&idt=1477&frm=20&biw=1600&bih=1200&oid=3&adxs=140&adys=1044&adks=3122800426&ucis=r&ifi=27&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fmeterpreter.org%2Fgoogle-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome%2F&ref=https%3A%2F%2Ft.co%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=880x280&msz=880x280&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1657587250.1614867140&ga_sid=1614867141&ga_hid=963913986&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

7391da4254cc7a09345fc73c0d45d9a9cc5f2c26333c79d389c8aa43a3ec8ebb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:25 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 137
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://meterpreter.org
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 337 B
173 B 189ms
187ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4438153568304686&correlator=2359511947640711&output=ldjh&impl=fif&eid=31060337&vrg=2021030301&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cmeterpreter_org-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=4&prev_scp=iid8%3D747215%26t%3D134%26d%3D133025%26t1%3D134%26pvc%3D0%26ap%3D1110%26sap%3D1110%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod51%26ic%3D5%26at%3Dmbf%26adr%3D399%26ezosn%3D3%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26gala%3D2709606%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dmeterpreter_org-box-2-747215%26eb_br%3De29f69dd468d31a5514dc9b5587ce757%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4493741254%26bv%3D19%26bvm%3D0%26bvr%3D9%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D16%26br2%3D60%26ezoic%3D1%26nmau%3D3%26mau%3D2%26stl%3D34%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D17%2C20%2C21%2C22%2C23%2C24%2C25%2C26%2C19%2C19%2C19%2C18%2C19%26ax_ssid%3D10082%26lb%3D28%26reqt%3D1614867145649&eri=1&cookie=ID%3D9d0115fec06010e5%3AT%3D1614867144%3AS%3DALNI_MZZay_yPihGuKyzBagw9KCXvi0y6w&bc=31&abxe=1&lmt=1614867145&dt=1614867145652&dlt=1614867139095&idt=1477&frm=20&biw=1600&bih=1200&oid=3&adxs=792&adys=319&adks=721207144&ucis=s&ifi=28&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fmeterpreter.org%2Fgoogle-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome%2F&ref=https%3A%2F%2Ft.co%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=323x250&msz=323x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1657587250.1614867140&ga_sid=1614867141&ga_hid=963913986&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

976b1c4497ba6ee143f85844359866ed82347c1ce9858501d460f67a1097fc5b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:25 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 139
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://meterpreter.org
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 integrator.js Show response
adservice.google.cz/adsid/ 107 B
123 B 16ms
15ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.cz/adsid/integrator.js?domain=meterpreter.org

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 14:12:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
123 B 15ms
14ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=meterpreter.org

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 14:12:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 345 B
204 B 177ms
177ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4438153568304686&correlator=1643248720795343&output=ldjh&impl=fif&eid=31060337&vrg=2021030301&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cmeterpreter_org-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90&ris=1&rcs=3&prev_scp=iid7%3D681215%26t%3D134%26d%3D133025%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26a%3D%257C253%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod51%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D4%26reft%3Dn%26refs%3D30%26ga%3D2497208%26gala%3D2709606%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dmeterpreter_org-medrectangle-2-681215%26eb_br%3Daf063c244089b52ec5a0423a258f1f8e%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4493741254%26bv%3D0%26bvm%3D1%26bvr%3D7%26shp%3D1%26ftsn%3D3%26br1%3D140%26br2%3D100%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%252C36%252C28%252C67%252C45%252C0%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D20%2C21%2C22%2C23%2C24%2C25%2C26%2C17%2C17%26ax_ssid%3D10082%26lb%3D160%26reqt%3D1614867145964&eri=1&cookie=ID%3D9d0115fec06010e5%3AT%3D1614867144%3AS%3DALNI_MZZay_yPihGuKyzBagw9KCXvi0y6w&bc=31&abxe=1&lmt=1614867145&dt=1614867145968&dlt=1614867139095&idt=1477&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=1104&adks=428325072&ucis=t&ifi=29&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fmeterpreter.org%2Fgoogle-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome%2F&ref=https%3A%2F%2Ft.co%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x-1&msz=970x-1&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1657587250.1614867140&ga_sid=1614867141&ga_hid=963913986&ga_fc=false&fws=512&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

879c23cba408dbc4acf6c3b61e7e5bcf3f784c130ff983ced0e0a3c6be60436e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:26 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 147
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://meterpreter.org
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 integrator.js Show response
adservice.google.cz/adsid/ 107 B
146 B 15ms
14ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.cz/adsid/integrator.js?domain=meterpreter.org

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 14:12:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
146 B 16ms
15ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=meterpreter.org

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 14:12:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 85 KB
28 KB 237ms
237ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4438153568304686&correlator=4332711105789628&output=ldjh&impl=fif&eid=31060337&vrg=2021030301&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cmeterpreter_org-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=336x280&ris=1&rcs=5&prev_scp=iid8%3D723215%26t%3D134%26d%3D133025%26t1%3D134%26pvc%3D0%26ap%3D1114%26sap%3D1114%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod51%26ic%3D6%26at%3Dbf%26adr%3D399%26ezosn%3D5%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26gala%3D2709606%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dmeterpreter_org-box-1-723215%26eb_br%3Dzero%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4493741254%26bv%3D0%26bvm%3D1%26bvr%3D4%26shp%3D2%26ftsn%3D3%26acptad%3D1%26br1%3D0%26br2%3D100%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%252C0%252C28%252C38%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D20%2C21%2C22%2C23%2C24%2C25%2C26%2C17%2C17%2C17%2C17%2C18%2C19%26ax_ssid%3D10082%26lb%3D120%26reqt%3D1614867146105%26ss38%3D1%26ss9%3D1&eri=1&cookie=ID%3D9d0115fec06010e5%3AT%3D1614867144%3AS%3DALNI_MZZay_yPihGuKyzBagw9KCXvi0y6w&bc=31&abxe=1&lmt=1614867146&dt=1614867146108&dlt=1614867139095&idt=1477&frm=20&biw=1600&bih=1200&oid=3&adxs=1180&adys=713&adks=1478526462&ucis=u&ifi=30&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fmeterpreter.org%2Fgoogle-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome%2F&ref=https%3A%2F%2Ft.co%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=336x294&msz=336x280&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1657587250.1614867140&ga_sid=1614867141&ga_hid=963913986&ga_fc=false&fws=4&ohw=340&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

58e9373fe9628465ac00a37c3e53145b7e7442e8edc7d781d4341201b63fd650

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4703873448072277699/336x280/336x280.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4703873448072277699/336x280/336x280.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CIP67PTolu8CFYDsuwgdAj8HFg&gqi=&layout=/sadbundle/%24csp%253Der3%24/4703873448072277699/336x280/336x280.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4703873448072277699/336x280/336x280.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4703873448072277699/336x280/336x280.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CIP67PTolu8CFYDsuwgdAj8HFg&gqi=&layout=/sadbundle/%24csp%253Der3%24/4703873448072277699/336x280/336x280.html
content-encoding: br
x-content-type-options: nosniff
google-creative-id: -1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28136
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
date: Thu, 04 Mar 2021 14:12:26 GMT
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://meterpreter.org
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 0661 42 B
113 B 46ms
46ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu0nAl6xME8GVuis0jmZth4ZfsP-GF4dDCOou6RP9pvUr1T6uQUujNJOv8wtu7DDkHrFUGZBj58t5ubRZpInvMjkWEmhicsv6btNIqjzm14OzSQQb4WdvXdFGBiCKDgQWh858e0l7WZoVKA-qz_ZG1r5A&sai=AMfl-YQe9ilH9RwmV5qr7Y_LHbnQP-PmzVaRwd5njbuN5nihqiCCNm0JzF1irBm5aFhFwyz4Vi2Ipgfnl6TCijUWaXTiBZFztG0dfY9kiyIpKxmwO8dLviMthYxcvyWL&sig=Cg0ArKJSzDmGRO6lCXAaEAE&cid=CAASF-RofIgcAbz38FNmxVpu4wBnw-v4h60Z&id=ampim&o=216,722&d=728,90&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=244&tls=1244&g=100&h=100&tt=1244&r=v&avms=ampa&adk=2796858326

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:12:26 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 army.gif Show response
meterpreter.org/porpoiseant/ 0
77 B 36ms
36ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjgxMjE1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLWJveC0zLTAiLCJ0X2Vwb2NoIjoxNjE0ODY3MTM4LCJyZXZlbnVlIjowLCJlc3RfcmV2ZW51ZSI6MCwiYWRfcG9zaXRpb24iOjExMDUsImFkX3NpemUiOiIiLCJiaWRfZmxvb3JfZmlsbGVkIjowLCJiaWRfZmxvb3JfcHJldiI6MCwic3RhdF9zb3VyY2VfaWQiOjAsImNvdW50cnlfY29kZSI6IkNaIiwicGFnZXZpZXdfaWQiOiI1YWNkMTMyOC1mZmE2LTRiZDAtNzI4ZC00MWFjOTc2YTBjOTEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDQzNTUwLCJkYXRhIjpbeyJuYW1lIjoidmlld2VkIiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/detroitchicago/memphis.js?gcb=192-0&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:26 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 03 Mar 2021 14:12:26 UTC

GET
H3-Q050 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 82DC 42 B
91 B 49ms
49ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst1J6O69UpBn8KNDoe_k8mav0g0cMcZIqjl8vNoXZ0BbHeYaE5xJOyvmB3UsJWuCsQKeqfZGR3pBNEC3llhomZT53VznoW8A1d3TgdXTeGDbx08EXCZ7AGs_Iy0OuysGUH2jKHIa0Kv7QPmcvbPVCI7uQ&sai=AMfl-YQzuPbP6yaofQD_H5coZjU_bYRnEGEbabbA_P814FyupNyHiTiAh-rQGSs5aA1SV_tQGx46tliXo44Ebm0W0ikdVpbVIsWPSedYg5YbhY3bvxA8CF5SZKZz-5GV&sig=Cg0ArKJSzFJNVspnba6BEAE&cid=CAASF-Ropx6xSzMGwh6iBXVvhXiD8Qgqpxhs&id=ampim&o=157,319&d=300,250&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=144&tls=1144&g=100&h=100&tt=1144&r=v&avms=ampa&adk=1009712993

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:12:26 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 army.gif Show response
meterpreter.org/porpoiseant/ 0
19 B 37ms
36ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzQ3MjE1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLWJveC0yLTAiLCJ0X2Vwb2NoIjoxNjE0ODY3MTM4LCJyZXZlbnVlIjowLCJlc3RfcmV2ZW51ZSI6MCwiYWRfcG9zaXRpb24iOjExMTAsImFkX3NpemUiOiIiLCJiaWRfZmxvb3JfZmlsbGVkIjowLCJiaWRfZmxvb3JfcHJldiI6MCwic3RhdF9zb3VyY2VfaWQiOjAsImNvdW50cnlfY29kZSI6IkNaIiwicGFnZXZpZXdfaWQiOiI1YWNkMTMyOC1mZmE2LTRiZDAtNzI4ZC00MWFjOTc2YTBjOTEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MjA4NjExMDk1LCJkYXRhIjpbeyJuYW1lIjoidmlld2VkIiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/detroitchicago/memphis.js?gcb=192-0&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:26 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 03 Mar 2021 14:12:26 UTC

GET
H2 200 container.html Show response
03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame C63A 6 KB
3 KB 6ms
6ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e86479d6e54449d1085c2149e190a615c6bead407b20bacbcf5852b5d65f1fee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-37/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://meterpreter.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://meterpreter.org/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 2973
date: Thu, 04 Mar 2021 14:12:21 GMT
expires: Fri, 04 Mar 2022 14:12:21 GMT
last-modified: Thu, 21 Nov 2019 16:01:11 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 5
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 74 KB
28 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2b04100564fd9141d7acbd40482d40a3c5b4af2cf25b2cf8726b5608841d61a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1614774803212306"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28399
x-xss-protection: 0
expires: Thu, 04 Mar 2021 14:12:26 GMT

GET
H2 200 army.gif Show response
meterpreter.org/porpoiseant/ 0
19 B 38ms
37ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzIzMjE1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLWJveC0xLTAiLCJ0X2Vwb2NoIjoxNjE0ODY3MTM4LCJhZF9wb3NpdGlvbiI6MTExNCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNaIiwicGFnZXZpZXdfaWQiOiI1YWNkMTMyOC1mZmE2LTRiZDAtNzI4ZC00MWFjOTc2YTBjOTEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ4MTc3MzU0MjAsImNyZWF0aXZlX2lkIjoxMzgyNDYxMDU4NDIsImRhdGEiOlt7Im5hbWUiOiJyZWZyZXNoX2NvdW50IiwidmFsIjoiNiJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzIzMjE1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLWJveC0xLTAiLCJ0X2Vwb2NoIjoxNjE0ODY3MTM4LCJhZF9wb3NpdGlvbiI6MTExNCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNaIiwicGFnZXZpZXdfaWQiOiI1YWNkMTMyOC1mZmE2LTRiZDAtNzI4ZC00MWFjOTc2YTBjOTEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ4MTc3MzU0MjAsImNyZWF0aXZlX2lkIjoxMzgyNDYxMDU4NDIsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfYmlkX2hhc2giLCJ2YWwiOiJ6ZXJvIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3MjMyMTUiLCJkb21haW5faWQiOiIxMzMwMjUiLCJ1bml0IjoiZGl2LWdwdC1hZC1tZXRlcnByZXRlcl9vcmctYm94LTEtMCIsInRfZXBvY2giOjE2MTQ4NjcxMzgsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDAwMiwiYWRfcG9zaXRpb24iOjExMTQsImFkX3NpemUiOiIiLCJiaWRfZmxvb3JfZmlsbGVkIjowLjAwMDAwMiwiYmlkX2Zsb29yX3ByZXYiOjAuMDAxMiwic3RhdF9zb3VyY2VfaWQiOjM1LCJjb3VudHJ5X2NvZGUiOiJDWiIsInBhZ2V2aWV3X2lkIjoiNWFjZDEzMjgtZmZhNi00YmQwLTcyOGQtNDFhYzk3NmEwYzkxIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0ODE3NzM1NDIwLCJjcmVhdGl2ZV9pZCI6MTM4MjQ2MTA1ODQyLCJkYXRhIjpbeyJuYW1lIjoibG9hZGVkIiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzIzMjE1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLWJveC0xLTAiLCJ0X2Vwb2NoIjoxNjE0ODY3MTM4LCJhZF9wb3NpdGlvbiI6MTExNCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNaIiwicGFnZXZpZXdfaWQiOiI1YWNkMTMyOC1mZmE2LTRiZDAtNzI4ZC00MWFjOTc2YTBjOTEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ4MTc3MzU0MjAsImNyZWF0aXZlX2lkIjoxMzgyNDYxMDU4NDIsImRhdGEiOlt7Im5hbWUiOiJjcmVhdGl2ZV9pZCIsInZhbCI6IjEzODI0NjEwNTg0MiJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzIzMjE1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLWJveC0xLTAiLCJ0X2Vwb2NoIjoxNjE0ODY3MTM4LCJhZF9wb3NpdGlvbiI6MTExNCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNaIiwicGFnZXZpZXdfaWQiOiI1YWNkMTMyOC1mZmE2LTRiZDAtNzI4ZC00MWFjOTc2YTBjOTEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ4MTc3MzU0MjAsImNyZWF0aXZlX2lkIjoxMzgyNDYxMDU4NDIsImRhdGEiOlt7Im5hbWUiOiJsaW5laXRlbV9pZCIsInZhbCI6IjQ4MTc3MzU0MjAifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/detroitchicago/memphis.js?gcb=192-0&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:26 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 03 Mar 2021 14:12:26 UTC

GET
H2 200 4817735420 Show response
g.ezoic.net/dac/ 0
40 B 37ms
36ms XHR
text/plain 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/4817735420
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/porpoiseant/banger.js?cb=192-0&bv=7&v=45&PageSpeed=off
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 04 Mar 2021 14:12:26 GMT
cache-control: max-age=3600, public
server: nginx/1.16.0
content-length: 0
vary: Accept-Encoding
content-type: text/plain

GET
H2 200 army.gif Show response
meterpreter.org/porpoiseant/ 0
19 B 37ms
36ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzIzMjE1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLWJveC0xLTAiLCJ0X2Vwb2NoIjoxNjE0ODY3MTM4LCJhZF9wb3NpdGlvbiI6MTExNCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNaIiwicGFnZXZpZXdfaWQiOiI1YWNkMTMyOC1mZmE2LTRiZDAtNzI4ZC00MWFjOTc2YTBjOTEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ4MTc3MzU0MjAsImNyZWF0aXZlX2lkIjoxMzgyNDYxMDU4NDIsImRhdGEiOlt7Im5hbWUiOiJ0X2xvY2FsX2RhdGUiLCJ2YWwiOiIyMDIxLTAzLTA0In0seyJuYW1lIjoidF9sb2NhbF9ob3VyIiwidmFsIjoiMTUifSx7Im5hbWUiOiJ0X2xvY2FsX2RheV9vZl93ZWVrIiwidmFsIjoiNCJ9LHsibmFtZSI6InRfbG9jYWxfdGltZXpvbmUiLCJ2YWwiOiItNjAifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/detroitchicago/memphis.js?gcb=192-0&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:26 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 03 Mar 2021 14:12:26 UTC

GET
H2 200 army.gif Show response
meterpreter.org/porpoiseant/ 0
19 B 36ms
36ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNzIzMjE1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLWJveC0xLTAiLCJ0X2Vwb2NoIjoxNjE0ODY3MTM4LCJhdWN0aW9uX2Vwb2NoIjoxNjE0ODY3MTQ2LCJhZF9wb3NpdGlvbiI6MTExNCwiY291bnRyeV9jb2RlIjoiQ1oiLCJwYWdldmlld19pZCI6IjVhY2QxMzI4LWZmYTYtNGJkMC03MjhkLTQxYWM5NzZhMGM5MSIsImJpZF9mbG9vcl9pbml0aWFsIjoyMjAsImJpZF9mbG9vcl9wcmV2IjoxMjAsImJpZF9mbG9vcl9maWxsZWQiOjAsImF1Y3Rpb25fY291bnQiOjYsInJlZnJlc2hfYWRfY291bnQiOjAsImF1Y3Rpb25fZHVyYXRpb24iOjI1MywibXVsdGlfYWRfdW5pdCI6MCwibXVsdGlfYWRfY291bnQiOjAsIm5ldHdvcmtfY29kZSI6MTI1NDE0NCwiZGF0YSI6W3sibmFtZSI6IiIsInZhbCI6IiJ9XSwibGluZV9pdGVtX2lkIjo0ODE3NzM1NDIwfV0=
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/detroitchicago/memphis.js?gcb=192-0&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:26 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 03 Mar 2021 14:12:26 UTC

GET
H3-Q050 200 336x280.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4703873448072277699/336x280/ Frame 7D47 220 KB
129 KB 8ms
7ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4703873448072277699/336x280/336x280.html

Requested by

Host: t.co
URL: https://t.co/Gz6FIXReoN

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cdf9ce7d1d8397e013a4ea9aa5143c6760cd6b26a4af8159c6ea4540eab84b59

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sadbundle/$csp%3Der3$/4703873448072277699/336x280/336x280.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
date: Fri, 26 Feb 2021 14:08:08 GMT
expires: Sat, 26 Feb 2022 14:08:08 GMT
last-modified: Mon, 08 Feb 2021 16:29:11 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
content-length: 130479
age: 518658
cache-control: public, max-age=31536000
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame C63A 0
0 67ms
66ms Fetch
text/html 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C8QOcyupAYIPtCYDZ7_UPgv6csAHri6DPYcTEyOjRDaTn8u2VAhABIPT5xiVgzOHtgfwuoAGs__PhAsgBCakCkMyGr24wtD7gAgCoAwHIAwiqBKUCT9AUj6STCmKygk_2KYdBODC_TRR3RXBp5-Gu9nzXRbknbkwaXPWLeiK-WtzRbn0MTObinwQ3Je65GwPo-jE000j3yqtlh0Qd9XFsW08qveiLTgOZD16QdjVXMi0GwP3NqId5Tzs125xS6j_XaLJcRCUpunnzYSogVrCY0dEeS1S2Ugc9S_STW71BF38U7AKWpeFFv5amrpiBAmBGhO_js9Xh_WMwFwTHYNlxfHU3eCIUx0_BhsRfbq-_fI-aLZdg5AvK2X6go1kFBHLA2aBvj08eIhsrKJYKSXpoSJ6Q5z-VQZAkYndniNbHX29iG-XW2Wl8hkUmoY6mbQ4Bbp0ZXmqvn44SUbd32b9xYLsmGIW4oRCI9c7mysUfL8o2XFd79EuFzIvABISXwIuXA-AEAZIFBAgEGAGSBQQIBRgEoAYugAe8gIyeAagH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAPIHBBDu7gjSCAkIgOGAEBABGB3yCBthZHgtc3Vic3luLTQ0MTIzOTYxNzk1OTE3NDiACgPICwHYEw2yFxoKGAgAEhRwdWItNjM5Njg0NDc0MjQ5NzIwOA&sigh=j9gokcznVYM&template_id=419&tpd=AGWhJmuN_TUwrddKp8MHW6cqS7HQXFEvreiNbGwzkNoCGbexoQ
Requested by: Host: t.co
URL: https://t.co/Gz6FIXReoN
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s04-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Referer: https://03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210302/r20110914/ Frame C63A 18 KB
7 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210302/r20110914/abg_lite_fy2019.js

Requested by

Host: 03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com
URL: https://03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dba8373b77d5f4fe9610ef894b1f473168b17582506353d3d88939277b271a82

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:07:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 277
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7378
x-xss-protection: 0
server: cafe
etag: 16808423653712541117
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 18 Mar 2021 14:07:49 GMT

GET
H3-Q050 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210302/r20110914/client/ Frame C63A 3 KB
2 KB 12ms
11ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210302/r20110914/client/window_focus_fy2019.js

Requested by

Host: 03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com
URL: https://03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

873aed697d352242a06cc0e1961d2503173d4cbe93713671731d6b8928961745

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:04:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 497
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1546
x-xss-protection: 0
server: cafe
etag: 8852521427838746165
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 18 Mar 2021 14:04:09 GMT

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C63A 110 KB
33 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com
URL: https://03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c04c7a578734441a2e3c552ab6f21ab2267c67f786cbadd64d4166d9721f7113

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1614774766775808"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34192
x-xss-protection: 0
expires: Thu, 04 Mar 2021 14:12:26 GMT

GET
H3-Q050 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210302/r20110914/client/ Frame C63A 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210302/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com
URL: https://03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

704d0d3da6cd158841779485200573d774009ed765dfe9f91cee6f3c0fafcba9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:09:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 194
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6139
x-xss-protection: 0
server: cafe
etag: 4905056106247604317
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 18 Mar 2021 14:09:12 GMT

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame C63A 0
0 14ms
13ms Image
text/html 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSQmD8mUpypzfSJmgC2fHC-3v9-ndQHU4ZZDMopI6u64Zc-Tenqw4ER66FMILdRK0CzLlAgRJpCUa9KuyDgX__5huJcKw
Requested by: Host: 03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com
URL: https://03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 army.gif Show response
meterpreter.org/porpoiseant/ 0
19 B 36ms
35ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjgxMjE1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLWJveC0zLTAiLCJ0X2Vwb2NoIjoxNjE0ODY3MTM4LCJhZF9wb3NpdGlvbiI6MTEwNSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNaIiwicGFnZXZpZXdfaWQiOiI1YWNkMTMyOC1mZmE2LTRiZDAtNzI4ZC00MWFjOTc2YTBjOTEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDQzNTUwLCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX3NpemUiLCJ2YWwiOiJbNzI4LDkwXSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjgxMjE1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLWJveC0zLTAiLCJ0X2Vwb2NoIjoxNjE0ODY3MTM4LCJhZF9wb3NpdGlvbiI6MTEwNSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNaIiwicGFnZXZpZXdfaWQiOiI1YWNkMTMyOC1mZmE2LTRiZDAtNzI4ZC00MWFjOTc2YTBjOTEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDQzNTUwLCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2ZsdWlkIiwidmFsIjoiZmFsc2UifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY4MTIxNSIsImRvbWFpbl9pZCI6IjEzMzAyNSIsInVuaXQiOiJkaXYtZ3B0LWFkLW1ldGVycHJldGVyX29yZy1ib3gtMy0wIiwidF9lcG9jaCI6MTYxNDg2NzEzOCwiYWRfcG9zaXRpb24iOjExMDUsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDWiIsInBhZ2V2aWV3X2lkIjoiNWFjZDEzMjgtZmZhNi00YmQwLTcyOGQtNDFhYzk3NmEwYzkxIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzU1MCwiZGF0YSI6W3sibmFtZSI6ImRvbWFpbl9kZnBfc3R5bGVfaWQiLCJ2YWwiOiIwIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/detroitchicago/memphis.js?gcb=192-0&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:26 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 03 Mar 2021 14:12:26 UTC

GET
H3-Q050 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame 7D47 9 KB
3 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4703873448072277699/336x280/336x280.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 04:49:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 33784
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3271
x-xss-protection: 0
server: cafe
etag: 7483759447172721109
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Fri, 05 Mar 2021 04:49:22 GMT

GET
H3-Q050 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 7D47 22 KB
9 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4703873448072277699/336x280/336x280.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4634b94630896f1a23c5ce01f743d720847c5f4dd28fb549ed503cb2df4f8e87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 13:07:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3896
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8867
x-xss-protection: 0
server: cafe
etag: 18043545750443934562
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Fri, 05 Mar 2021 13:07:30 GMT

GET
DATA 200
OK truncated
/ Frame C63A 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6f7b7caa2ee79dd6458f2e674fbb4f9e845af504bfdee91a7dc46d26be71058c

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 army.gif Show response
meterpreter.org/porpoiseant/ 0
19 B 37ms
36ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzQ3MjE1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLWJveC0yLTAiLCJ0X2Vwb2NoIjoxNjE0ODY3MTM4LCJhZF9wb3NpdGlvbiI6MTExMCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNaIiwicGFnZXZpZXdfaWQiOiI1YWNkMTMyOC1mZmE2LTRiZDAtNzI4ZC00MWFjOTc2YTBjOTEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MjA4NjExMDk1LCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX3NpemUiLCJ2YWwiOiJbMzAwLDI1MF0ifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6Ijc0NzIxNSIsImRvbWFpbl9pZCI6IjEzMzAyNSIsInVuaXQiOiJkaXYtZ3B0LWFkLW1ldGVycHJldGVyX29yZy1ib3gtMi0wIiwidF9lcG9jaCI6MTYxNDg2NzEzOCwiYWRfcG9zaXRpb24iOjExMTAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDWiIsInBhZ2V2aWV3X2lkIjoiNWFjZDEzMjgtZmZhNi00YmQwLTcyOGQtNDFhYzk3NmEwYzkxIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODIwODYxMTA5NSwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9mbHVpZCIsInZhbCI6ImZhbHNlIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3NDcyMTUiLCJkb21haW5faWQiOiIxMzMwMjUiLCJ1bml0IjoiZGl2LWdwdC1hZC1tZXRlcnByZXRlcl9vcmctYm94LTItMCIsInRfZXBvY2giOjE2MTQ4NjcxMzgsImFkX3Bvc2l0aW9uIjoxMTEwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ1oiLCJwYWdldmlld19pZCI6IjVhY2QxMzI4LWZmYTYtNGJkMC03MjhkLTQxYWM5NzZhMGM5MSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgyMDg2MTEwOTUsImRhdGEiOlt7Im5hbWUiOiJkb21haW5fZGZwX3N0eWxlX2lkIiwidmFsIjoiMzQifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/detroitchicago/memphis.js?gcb=192-0&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:26 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 03 Mar 2021 14:12:26 UTC

GET
DATA 200
OK truncated
/ Frame 7D47 29 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 29c418b793fe904cf18b21703694df4c68cc0ddf1e19e174af315914d823d9f7

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ Frame 7D47 42 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 91f3e1e5a8ed69152870f03ad59c17a546bd45da77cf3f6b9fbb413ed20fa6f2

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ Frame 7D47 44 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b7092f328a9f85c695352a7350352cd446a5c82e568e8605f8f6a79c52e9657c

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
H3-Q050 200 integrator.js Show response
adservice.google.cz/adsid/ 107 B
123 B 16ms
15ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.cz/adsid/integrator.js?domain=meterpreter.org

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 14:12:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
123 B 14ms
14ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=meterpreter.org

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 14:12:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 345 B
178 B 345ms
345ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4438153568304686&correlator=553634987868113&output=ldjh&impl=fif&eid=31060337&vrg=2021030301&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cmeterpreter_org-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90&ris=1&rcs=4&prev_scp=iid7%3D681215%26t%3D134%26d%3D133025%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26a%3D%257C253%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod51%26ic%3D5%26at%3Dmbf%26adr%3D399%26ezosn%3D4%26reft%3Dn%26refs%3D30%26ga%3D2497208%26gala%3D2709606%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dmeterpreter_org-medrectangle-2-681215%26eb_br%3D58ef7bddb438af5e257c4377f32c243a%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4493741254%26bv%3D0%26bvm%3D1%26bvr%3D7%26shp%3D1%26ftsn%3D3%26br1%3D120%26br2%3D100%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%252C36%252C28%252C67%252C45%252C0%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D20%2C21%2C22%2C23%2C24%2C25%2C26%2C17%2C17%2C17%26ax_ssid%3D10082%26lb%3D140%26reqt%3D1614867146520&eri=1&cookie=ID%3D9d0115fec06010e5%3AT%3D1614867144%3AS%3DALNI_MZZay_yPihGuKyzBagw9KCXvi0y6w&bc=31&abxe=1&lmt=1614867146&dt=1614867146524&dlt=1614867139095&idt=1477&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=1104&adks=428325072&ucis=v&ifi=31&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fmeterpreter.org%2Fgoogle-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome%2F&ref=https%3A%2F%2Ft.co%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x-1&msz=970x-1&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1657587250.1614867140&ga_sid=1614867141&ga_hid=963913986&ga_fc=false&fws=512&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

4281cccf9852b41b0f4f5d6a643142c17abe227043c6a4f6373da93f049d9539

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:26 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 144
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://meterpreter.org
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 army.gif Show response
meterpreter.org/porpoiseant/ 0
19 B 36ms
35ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjgxMjE1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLWJveC0zLTAiLCJ0X2Vwb2NoIjoxNjE0ODY3MTM4LCJhZF9wb3NpdGlvbiI6MTEwNSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNaIiwicGFnZXZpZXdfaWQiOiI1YWNkMTMyOC1mZmE2LTRiZDAtNzI4ZC00MWFjOTc2YTBjOTEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDQzNTUwLCJkYXRhIjpbeyJuYW1lIjoid29yZHNfYmVmb3JlIiwidmFsIjoiMTk1In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2OTMzNjUiLCJkb21haW5faWQiOiIxMzMwMjUiLCJ1bml0IjoiZGl2LWdwdC1hZC1tZXRlcnByZXRlcl9vcmctbGVhZGVyLTEtMCIsInRfZXBvY2giOjE2MTQ4NjcxMzgsImFkX3Bvc2l0aW9uIjoxMTQwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ1oiLCJwYWdldmlld19pZCI6IjVhY2QxMzI4LWZmYTYtNGJkMC03MjhkLTQxYWM5NzZhMGM5MSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJ3b3Jkc19iZWZvcmUiLCJ2YWwiOiIyODAifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjcyMzIxNSIsImRvbWFpbl9pZCI6IjEzMzAyNSIsInVuaXQiOiJkaXYtZ3B0LWFkLW1ldGVycHJldGVyX29yZy1ib3gtMS0wIiwidF9lcG9jaCI6MTYxNDg2NzEzOCwiYWRfcG9zaXRpb24iOjExMTQsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDWiIsInBhZ2V2aWV3X2lkIjoiNWFjZDEzMjgtZmZhNi00YmQwLTcyOGQtNDFhYzk3NmEwYzkxIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0ODE3NzM1NDIwLCJjcmVhdGl2ZV9pZCI6MTM4MjQ2MTA1ODQyLCJkYXRhIjpbeyJuYW1lIjoid29yZHNfYmVmb3JlIiwidmFsIjoiMTk0In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3NDcyMTUiLCJkb21haW5faWQiOiIxMzMwMjUiLCJ1bml0IjoiZGl2LWdwdC1hZC1tZXRlcnByZXRlcl9vcmctYm94LTItMCIsInRfZXBvY2giOjE2MTQ4NjcxMzgsImFkX3Bvc2l0aW9uIjoxMTEwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ1oiLCJwYWdldmlld19pZCI6IjVhY2QxMzI4LWZmYTYtNGJkMC03MjhkLTQxYWM5NzZhMGM5MSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgyMDg2MTEwOTUsImRhdGEiOlt7Im5hbWUiOiJ3b3Jkc19iZWZvcmUiLCJ2YWwiOiIxNTAifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6Ijc0NzIxNSIsImRvbWFpbl9pZCI6IjEzMzAyNSIsInVuaXQiOiJkaXYtZ3B0LWFkLW1ldGVycHJldGVyX29yZy1ib3gtMi0wXzEiLCJ0X2Vwb2NoIjoxNjE0ODY3MTM4LCJhZF9wb3NpdGlvbiI6MTExMCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNaIiwicGFnZXZpZXdfaWQiOiI1YWNkMTMyOC1mZmE2LTRiZDAtNzI4ZC00MWFjOTc2YTBjOTEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MjA4NjExMDk1LCJkYXRhIjpbeyJuYW1lIjoid29yZHNfYmVmb3JlIiwidmFsIjoiMTUwIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/detroitchicago/memphis.js?gcb=192-0&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:26 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 03 Mar 2021 14:12:26 UTC

GET
H2 200 army.gif Show response
meterpreter.org/porpoiseant/ 0
19 B 37ms
37ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzQ3MjE1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLWJveC0yLTBfMiIsInRfZXBvY2giOjE2MTQ4NjcxMzgsImFkX3Bvc2l0aW9uIjoxMTEwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ1oiLCJwYWdldmlld19pZCI6IjVhY2QxMzI4LWZmYTYtNGJkMC03MjhkLTQxYWM5NzZhMGM5MSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgyMDg2MTEwOTUsImRhdGEiOlt7Im5hbWUiOiJ3b3Jkc19iZWZvcmUiLCJ2YWwiOiIxNTAifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY4MTIxNSIsImRvbWFpbl9pZCI6IjEzMzAyNSIsInVuaXQiOiJkaXYtZ3B0LWFkLW1ldGVycHJldGVyX29yZy1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYxNDg2NzEzOCwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDWiIsInBhZ2V2aWV3X2lkIjoiNWFjZDEzMjgtZmZhNi00YmQwLTcyOGQtNDFhYzk3NmEwYzkxIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6IndvcmRzX2JlZm9yZSIsInZhbCI6IjI4MSJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/detroitchicago/memphis.js?gcb=192-0&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:26 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 03 Mar 2021 14:12:26 UTC

GET
H2 200 army.gif Show response
meterpreter.org/porpoiseant/ 0
19 B 37ms
37ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjgxMjE1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLWJveC0zLTAiLCJ0X2Vwb2NoIjoxNjE0ODY3MTM4LCJhZF9wb3NpdGlvbiI6MTEwNSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNaIiwicGFnZXZpZXdfaWQiOiI1YWNkMTMyOC1mZmE2LTRiZDAtNzI4ZC00MWFjOTc2YTBjOTEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDQzNTUwLCJkYXRhIjpbeyJuYW1lIjoicG9zX3giLCJ2YWwiOiIyMTYifSx7Im5hbWUiOiJwb3NfeSIsInZhbCI6IjcyMiJ9LHsibmFtZSI6ImlzX2Zsb2F0aW5nIiwidmFsIjoiZmFsc2UifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY5MzM2NSIsImRvbWFpbl9pZCI6IjEzMzAyNSIsInVuaXQiOiJkaXYtZ3B0LWFkLW1ldGVycHJldGVyX29yZy1sZWFkZXItMS0wIiwidF9lcG9jaCI6MTYxNDg2NzEzOCwiYWRfcG9zaXRpb24iOjExNDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDWiIsInBhZ2V2aWV3X2lkIjoiNWFjZDEzMjgtZmZhNi00YmQwLTcyOGQtNDFhYzk3NmEwYzkxIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6InBvc194IiwidmFsIjoiMTQwIn0seyJuYW1lIjoicG9zX3kiLCJ2YWwiOiIxMDQ0In0seyJuYW1lIjoiaXNfZmxvYXRpbmciLCJ2YWwiOiJmYWxzZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzIzMjE1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLWJveC0xLTAiLCJ0X2Vwb2NoIjoxNjE0ODY3MTM4LCJhZF9wb3NpdGlvbiI6MTExNCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNaIiwicGFnZXZpZXdfaWQiOiI1YWNkMTMyOC1mZmE2LTRiZDAtNzI4ZC00MWFjOTc2YTBjOTEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ4MTc3MzU0MjAsImNyZWF0aXZlX2lkIjoxMzgyNDYxMDU4NDIsImRhdGEiOlt7Im5hbWUiOiJwb3NfeCIsInZhbCI6IjExODAifSx7Im5hbWUiOiJwb3NfeSIsInZhbCI6IjcxMyJ9LHsibmFtZSI6ImlzX2Zsb2F0aW5nIiwidmFsIjoiZmFsc2UifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6Ijc0NzIxNSIsImRvbWFpbl9pZCI6IjEzMzAyNSIsInVuaXQiOiJkaXYtZ3B0LWFkLW1ldGVycHJldGVyX29yZy1ib3gtMi0wIiwidF9lcG9jaCI6MTYxNDg2NzEzOCwiYWRfcG9zaXRpb24iOjExMTAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDWiIsInBhZ2V2aWV3X2lkIjoiNWFjZDEzMjgtZmZhNi00YmQwLTcyOGQtNDFhYzk3NmEwYzkxIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODIwODYxMTA5NSwiZGF0YSI6W3sibmFtZSI6InBvc194IiwidmFsIjoiMTQ1In0seyJuYW1lIjoicG9zX3kiLCJ2YWwiOiIzMTkifSx7Im5hbWUiOiJpc19mbG9hdGluZyIsInZhbCI6ImZhbHNlIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3NDcyMTUiLCJkb21haW5faWQiOiIxMzMwMjUiLCJ1bml0IjoiZGl2LWdwdC1hZC1tZXRlcnByZXRlcl9vcmctYm94LTItMF8xIiwidF9lcG9jaCI6MTYxNDg2NzEzOCwiYWRfcG9zaXRpb24iOjExMTAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDWiIsInBhZ2V2aWV3X2lkIjoiNWFjZDEzMjgtZmZhNi00YmQwLTcyOGQtNDFhYzk3NmEwYzkxIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODIwODYxMTA5NSwiZGF0YSI6W3sibmFtZSI6InBvc194IiwidmFsIjoiNDY5In0seyJuYW1lIjoicG9zX3kiLCJ2YWwiOiIzMTkifSx7Im5hbWUiOiJpc19mbG9hdGluZyIsInZhbCI6ImZhbHNlIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/detroitchicago/memphis.js?gcb=192-0&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:26 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 03 Mar 2021 14:12:26 UTC

GET
H2 200 army.gif Show response
meterpreter.org/porpoiseant/ 0
19 B 36ms
36ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzQ3MjE1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLWJveC0yLTBfMiIsInRfZXBvY2giOjE2MTQ4NjcxMzgsImFkX3Bvc2l0aW9uIjoxMTEwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ1oiLCJwYWdldmlld19pZCI6IjVhY2QxMzI4LWZmYTYtNGJkMC03MjhkLTQxYWM5NzZhMGM5MSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgyMDg2MTEwOTUsImRhdGEiOlt7Im5hbWUiOiJwb3NfeCIsInZhbCI6Ijc5MiJ9LHsibmFtZSI6InBvc195IiwidmFsIjoiMzE5In0seyJuYW1lIjoiaXNfZmxvYXRpbmciLCJ2YWwiOiJmYWxzZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjgxMjE1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjE0ODY3MTM4LCJhZF9wb3NpdGlvbiI6MTEwMCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNaIiwicGFnZXZpZXdfaWQiOiI1YWNkMTMyOC1mZmE2LTRiZDAtNzI4ZC00MWFjOTc2YTBjOTEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoicG9zX3giLCJ2YWwiOiIwIn0seyJuYW1lIjoicG9zX3kiLCJ2YWwiOiIxMDk2In0seyJuYW1lIjoiaXNfZmxvYXRpbmciLCJ2YWwiOiJ0cnVlIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/detroitchicago/memphis.js?gcb=192-0&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:26 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 03 Mar 2021 14:12:26 UTC

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 4A14 0
0 66ms
66ms Image
text/html 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Cw0GDyepAYOurDJ3P7_UP7OuCsAr-xJawYcuA3vmWDcjwze6rCRABIPT5xiVgzOHtgfwuoAHVvtTUA8gBAqkCNaJgRDy8aD7gAgCoAwGqBKYCT9D2_dOkKi0BoPCqHWmaHtYHNNzEK0pwMnI34RGWntRrYStFsRyYrH_8vsMErBkEWllpmJQlvtXqFroJZilwF-dsxMUn34eG9CZzN1uw-joJ-tWsmxXHtCVl4Y2PjJyaa6l5-vxXkC4GtVOGMZEOjgrrD6d8qW3GOb_OInLOVmiD3nBoK__7R5ko4iZst9uOVbwBM0o3rg117y5BuHO0FqDuEbxxTkJhPXlW4e2fcycHdg4i45PzbxAjqK8GcqB7FXf6p8N5xU_CQuWuaAQAM-9ivJplLNtdDyTh52WNUuF9fNdd0Vp8yZzKV3aBR5ZatoXZm0-ZvhBehYmGr46xPEzsntFq61q-gyUOido9Pt6GuUPB1tMwXGTimVL2JgzwptMhedsHwAS-kcKusAPgBAGgBgKAB5PBqyuoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwHyBwQQp5MR0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi00NDEyMzk2MTc5NTkxNzQ4gAoDyAsB2BMDmBYBshcaChgIABIUcHViLTYzOTY4NDQ3NDI0OTcyMDg&sigh=STHDPvXOAiM&vt=1
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s04-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 4A14 42 B
66 B 48ms
46ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss80bLa1sDRmzxRvxPfjQyE0uQ2YQ34Ze-xw5IMRZsaanWLtDggZMEWj0vXFjjRy9kRqY51EBa1hfnBVFnQAR4drniNsqnmiIBGht_UebKY5tTWabOPqIun7gN1YiUJSQwNWB6z8wHJdE7BU6JUQDQI&sai=AMfl-YTNgeTH2flua40dLOYzVvKuwaqyIb2QNEr1zwFO2g75MHi85LvlnMEKeQY4Tr9vtl-OPo2sVv675ubg-aKp15QWpkv9MFZ-N1Hci6h-InfOtUfRutjYKsxGA0QJ&sig=Cg0ArKJSzBx60q4WHuKmEAE&cid=CAASF-Roh9NfkV_PWlGWOmQZKT-lwSx5LYf8&id=ampim&o=480,319&d=300,250&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=199&tls=1199&g=100&h=100&tt=1199&r=v&avms=ampa&adk=4043077312

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:12:26 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 army.gif Show response
meterpreter.org/porpoiseant/ 0
19 B 36ms
35ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzQ3MjE1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLWJveC0yLTBfMSIsInRfZXBvY2giOjE2MTQ4NjcxMzgsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLCJhZF9wb3NpdGlvbiI6MTExMCwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAsImJpZF9mbG9vcl9wcmV2IjowLCJzdGF0X3NvdXJjZV9pZCI6MCwiY291bnRyeV9jb2RlIjoiQ1oiLCJwYWdldmlld19pZCI6IjVhY2QxMzI4LWZmYTYtNGJkMC03MjhkLTQxYWM5NzZhMGM5MSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgyMDg2MTEwOTUsImRhdGEiOlt7Im5hbWUiOiJ2aWV3ZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/detroitchicago/memphis.js?gcb=192-0&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:26 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 03 Mar 2021 14:12:26 UTC

GET
H/1.1 200
OK SPug Show response
simage4.pubmatic.com/AdServer/ Frame B498 0
587 B 197ms
51ms Script
text/plain 185.64.189.114
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=156983&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.114 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Cnection: close
Date: Thu, 04 Mar 2021 14:12:26 GMT
Content-Encoding: gzip
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-cache
Transfer-Encoding: chunked
Content-Type: text/plain; charset=utf-8

GET
H2 200 army.gif Show response
meterpreter.org/porpoiseant/ 0
65 B 37ms
36ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzQ3MjE1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLWJveC0yLTBfMSIsInRfZXBvY2giOjE2MTQ4NjcxMzgsImFkX3Bvc2l0aW9uIjoxMTEwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ1oiLCJwYWdldmlld19pZCI6IjVhY2QxMzI4LWZmYTYtNGJkMC03MjhkLTQxYWM5NzZhMGM5MSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgyMDg2MTEwOTUsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfc2l6ZSIsInZhbCI6IlszMDAsMjUwXSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzQ3MjE1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLWJveC0yLTBfMSIsInRfZXBvY2giOjE2MTQ4NjcxMzgsImFkX3Bvc2l0aW9uIjoxMTEwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ1oiLCJwYWdldmlld19pZCI6IjVhY2QxMzI4LWZmYTYtNGJkMC03MjhkLTQxYWM5NzZhMGM5MSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgyMDg2MTEwOTUsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfZmx1aWQiLCJ2YWwiOiJmYWxzZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzQ3MjE1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLWJveC0yLTBfMSIsInRfZXBvY2giOjE2MTQ4NjcxMzgsImFkX3Bvc2l0aW9uIjoxMTEwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ1oiLCJwYWdldmlld19pZCI6IjVhY2QxMzI4LWZmYTYtNGJkMC03MjhkLTQxYWM5NzZhMGM5MSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgyMDg2MTEwOTUsImRhdGEiOlt7Im5hbWUiOiJkb21haW5fZGZwX3N0eWxlX2lkIiwidmFsIjoiMzQifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/detroitchicago/memphis.js?gcb=192-0&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:27 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 03 Mar 2021 14:12:27 UTC

GET
H2 200 integrator.js Show response
adservice.google.cz/adsid/ 107 B
165 B 21ms
15ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.cz/adsid/integrator.js?domain=meterpreter.org

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 14:12:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 21ms
15ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=meterpreter.org

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 14:12:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 473 B
427 B 360ms
358ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4438153568304686&correlator=727382573420274&output=ldjh&impl=fif&eid=31060337&vrg=2021030301&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cmeterpreter_org-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90&ris=1&rcs=5&prev_scp=iid7%3D681215%26t%3D134%26d%3D133025%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26a%3D%257C253%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod51%26ic%3D6%26at%3Dmbf%26adr%3D399%26ezosn%3D4%26reft%3Dn%26refs%3D30%26ga%3D2497208%26gala%3D2709606%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dmeterpreter_org-medrectangle-2-681215%26eb_br%3Da495ce7dbb4cefcd3e0a722048894f41%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4493741254%26bv%3D0%26bvm%3D1%26bvr%3D7%26shp%3D1%26ftsn%3D3%26br1%3D100%26br2%3D100%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%252C36%252C28%252C67%252C45%252C0%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D20%2C21%2C22%2C23%2C24%2C25%2C26%2C17%2C17%2C17%2C17%26ax_ssid%3D10082%26lb%3D120%26reqt%3D1614867147034&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1614867147&dt=1614867147043&dlt=1614867139095&idt=1477&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=1104&adks=428325072&ucis=w&ifi=32&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fmeterpreter.org%2Fgoogle-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome%2F&ref=https%3A%2F%2Ft.co%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x-1&msz=970x-1&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1657587250.1614867140&ga_sid=1614867141&ga_hid=963913986&ga_fc=false&fws=512&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

e21c786504297f5329e2fdeca807f3fef72b8704a24097c7f16abd33cea5353f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:27 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 250
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://meterpreter.org
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 integrator.js Show response
adservice.google.cz/adsid/ 107 B
146 B 16ms
15ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.cz/adsid/integrator.js?domain=meterpreter.org

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 14:12:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
146 B 15ms
14ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=meterpreter.org

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 14:12:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 461 B
407 B 357ms
357ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4438153568304686&correlator=2568093022584942&output=ldjh&impl=fif&eid=31060337&vrg=2021030301&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cmeterpreter_org-leader-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=336x280&ris=2&rcs=5&prev_scp=iid7%3D693365%26t%3D134%26d%3D133025%26t1%3D134%26pvc%3D0%26ap%3D1140%26sap%3D1140%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod51%26ic%3D6%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26gala%3D2709606%26rid%3D99998%26pt%3D37%26al%3D1037%26compid%3D0%26tap%3Dmeterpreter_org-leader-1-693365%26eb_br%3Da495ce7dbb4cefcd3e0a722048894f41%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4493741254%26bv%3D0%26bvm%3D3%26bvr%3D6%26shp%3D1%26ftsn%3D3%26br1%3D100%26br2%3D90%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D20%2C21%2C22%2C23%2C24%2C25%2C26%2C17%2C17%2C17%2C17%26ax_ssid%3D10082%26lb%3D100%26reqt%3D1614867146141&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1614867147&dt=1614867147144&dlt=1614867139095&idt=1477&frm=20&biw=1600&bih=1200&oid=3&adxs=140&adys=1044&adks=3122800426&ucis=x&ifi=33&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fmeterpreter.org%2Fgoogle-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome%2F&ref=https%3A%2F%2Ft.co%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=880x280&msz=880x280&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1657587250.1614867140&ga_sid=1614867141&ga_hid=963913986&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

248d38d1df2a328daf17453fccf0309ccbdaf0098fc9e9068323f86848814723

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:27 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 233
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://meterpreter.org
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 43 KB
11 KB 338ms
338ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4438153568304686&correlator=4338923970276045&output=ldjh&impl=fif&eid=31060337&vrg=2021030301&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cmeterpreter_org-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=2&rcs=5&prev_scp=iid8%3D747215%26t%3D134%26d%3D133025%26t1%3D134%26pvc%3D0%26ap%3D1110%26sap%3D1110%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod51%26ic%3D6%26at%3Dmbf%26adr%3D399%26ezosn%3D3%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26gala%3D2709606%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dmeterpreter_org-box-2-747215%26eb_br%3D2e8b8c60843e52e5aaa1e3a52287a2bb%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4493741254%26bv%3D19%26bvm%3D0%26bvr%3D9%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D8%26br2%3D60%26ezoic%3D1%26nmau%3D3%26mau%3D2%26stl%3D34%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D17%2C20%2C21%2C22%2C23%2C24%2C25%2C26%2C19%2C19%2C19%2C18%2C19%2C18%2C19%26ax_ssid%3D10082%26lb%3D16%26reqt%3D1614867146156&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1614867147&dt=1614867147158&dlt=1614867139095&idt=1477&frm=20&biw=1600&bih=1200&oid=3&adxs=792&adys=319&adks=721207144&ucis=y&ifi=34&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fmeterpreter.org%2Fgoogle-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome%2F&ref=https%3A%2F%2Ft.co%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=323x250&msz=323x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1657587250.1614867140&ga_sid=1614867141&ga_hid=963913986&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

5db1382cb9d1dd384ea53eb49ea64d5e9656ce94eb9a0133a830934b7bd1bc32

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:27 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10997
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://meterpreter.org
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame C63A 42 B
108 B 48ms
48ms Fetch
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstnfO_YKiFYZIXTMXnIOeB3yUapKRo3OJPgRYd-hu9z2-WsGy-sS3C2l1eImizNdQ3eoqXScft9Iat4eagdJHhNFuIBpfcMq5psoqax0lIbB1VLiySNqbpnT6bLTR5JuL0OCaJq-h82mJ7FGnbqGjHs&sai=AMfl-YS_RahdMBNeoGqjmjMxcx_S_s9YcD4yfpnxaP2aWHAazPDaeu53DTigZlYWZb_7hp2JP4Af3S36piN6gNeviI29UrJtMo_TcCEr9bIDydi0_RCg96DKHsxQjK2P&sig=Cg0ArKJSzPibO7bZwTLkEAE&cid=CAASF-RofkJNT4LmwR_cE_eKH9LQPXZDQa49&id=osdim&mcvt=1000&p=713,1180,993,1516&mtos=0,1000,1000,1000,1000&tos=0,1000,0,0,0&v=20210303&bin=7&avms=nio&bs=0,0&mc=0.92&if=1&app=0&itpl=2&adk=1478526462&rs=4&met=mue&la=0&cr=0&osd=1&vs=4&rst=1614867146366&dlt=10&rpt=137&isd=0&msd=0&r=v&uup=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:12:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012101070013000/ Frame 4C85 185 KB
53 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0812a00aee80133b732c5cb2e0362ee2a52ae9f50c126d43e73f98163db9711f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 181134
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53820
x-xss-protection: 0
server: sffe
date: Tue, 02 Mar 2021 11:53:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "ee5348f2de7cdf64"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Mar 2022 11:53:33 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012101070013000/v0/ Frame 4C85 12 KB
5 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

981f6ac4a0eed80f6a40eef39d86ce7876f6e360d8b3a2f57f2617bb12895dc3

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 181134
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4559
x-xss-protection: 0
server: sffe
date: Tue, 02 Mar 2021 11:53:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "c3a321a15743f406"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Mar 2022 11:53:33 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012101070013000/v0/ Frame 4C85 87 KB
27 KB 11ms
11ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c4024d5169b2506f3421052b45f5d66154de796baf2443d9326ac40107ce5cfb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 181134
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27206
x-xss-protection: 0
server: sffe
date: Tue, 02 Mar 2021 11:53:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1f991b6a8daa2b14"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Mar 2022 11:53:33 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012101070013000/v0/ Frame 4C85 3 KB
1 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c7fa743da4cd37829cd0e7c02e877f094400036be87c8e1fd9d2c3f5f68a8fa5

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 181134
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1376
x-xss-protection: 0
server: sffe
date: Tue, 02 Mar 2021 11:53:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "512b909f94eb26fb"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Mar 2022 11:53:33 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012101070013000/v0/ Frame 4C85 40 KB
13 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

194a2819816bb760d4c5ba2ba825cf1926b853c821842697c3024ec74a36f66c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 181134
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12793
x-xss-protection: 0
server: sffe
date: Tue, 02 Mar 2021 11:53:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1e3ef417618f7e28"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Mar 2022 11:53:33 GMT

GET
H2 200 7960997849757990645
tpc.googlesyndication.com/simgad/ Frame 4C85 63 KB
63 KB 9ms
7ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/7960997849757990645?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qlMCyr1SJ6Cfi36RJ6Z7P1O1S89Uw

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

014c30ebd662310c5d2686360b66afbfc9a64eb577329778da489b28b64f71e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 05:13:22 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Feb 2021 14:11:32 GMT
server: sffe
age: 291545
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 64071
x-xss-protection: 0
expires: Tue, 01 Mar 2022 05:13:22 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 4C85 2 KB
3 KB 8ms
6ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 08:22:57 GMT
x-content-type-options: nosniff
server: cafe
age: 20970
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Fri, 05 Mar 2021 08:22:57 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 4C85 295 B
358 B 7ms
7ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 03 Mar 2021 23:24:51 GMT
x-content-type-options: nosniff
server: cafe
age: 53256
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 04 Mar 2021 23:24:51 GMT

GET
DATA 200
OK truncated
/ Frame 4C85 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2a436e681b1e66f4ec579f8652230e2997d6be0d994bcb4369f8788648928975

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 204 l
www.google.com/ads/measurement/ Frame 4C85 0
0 24ms
13ms Image
text/html 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaT34E7J5JOQxVMqCXrbB0DkDLA9PnkKhhqqM9KYdj2Kqm4y5CavP1AMkK0lpq3j4tnJ48e6
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 4C85 0
0 75ms
66ms Image
text/html 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CzZofy-pAYPGaDYvd7_UP-LeZ-Ar_-4PMYdz_6YedDeCa0q-dEhABIPT5xiVgzOHtgfwuoAHjz5m_A8gBAuACAKgDAcgDCKoEqQJP0FRwLe7jVcSGhC4RrVNLSQt4M9x2axL789fouWa9Fm_ZFsahVu_LDZVotSEojv4o5Eh2lLGJbO4yA_BE7f_T4q9s1UaNOgNtjPyaCy4Tjs2Im6bPtvQvlDot160HTesKn5B7Gg1Vd6xZqby9K4nnivFjVdcs72GELGUK4mAb-mR2FtMjBNpVdRAq6Zv5tYu8QwKBa8vlqKHgV-czOrKLeAb-7evQThV2noNp4MzE3sn2wYgINEvZB25ZrEtFPqZEQ7uYf_AhUDmmwuqXQzkYnSfcOASG1p8CUiKo0zv-ct9gx0_0QY659yzhFCu9C8-qwqII4V3HFdN5GZKUjxgLPbFbSydbA1iD20owp3pK3ZwZ4Q3S1hweoUPe6Nc7QdoUcxQGncQjH37ABOPcl5PFAuAEAZIFBAgEGAGSBQQIBRgEoAYCgAfd9pMwqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcB8gcEENGyBtIICQiA4YBQEAEYHfIIG2FkeC1zdWJzeW4tNDQxMjM5NjE3OTU5MTc0OIAKA8gLAdgTDLIXGgoYCAASFHB1Yi02Mzk2ODQ0NzQyNDk3MjA4&sigh=X4JBhSxydpM&tpd=AGWhJmvLr4drFeVSEdyS_aNWBHl2zmetnHNKyk-dpXuL59uPUw
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s04-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 army.gif Show response
meterpreter.org/porpoiseant/ 0
19 B 36ms
35ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzQ3MjE1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLWJveC0yLTBfMiIsInRfZXBvY2giOjE2MTQ4NjcxMzgsImFkX3Bvc2l0aW9uIjoxMTEwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ1oiLCJwYWdldmlld19pZCI6IjVhY2QxMzI4LWZmYTYtNGJkMC03MjhkLTQxYWM5NzZhMGM5MSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgyMDg2MTEwOTUsImRhdGEiOlt7Im5hbWUiOiJyZWZyZXNoX2NvdW50IiwidmFsIjoiNiJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzQ3MjE1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLWJveC0yLTBfMiIsInRfZXBvY2giOjE2MTQ4NjcxMzgsImFkX3Bvc2l0aW9uIjoxMTEwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ1oiLCJwYWdldmlld19pZCI6IjVhY2QxMzI4LWZmYTYtNGJkMC03MjhkLTQxYWM5NzZhMGM5MSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgyMDg2MTEwOTUsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfYmlkX2hhc2giLCJ2YWwiOiIyZThiOGM2MDg0M2U1MmU1YWFhMWUzYTUyMjg3YTJiYiJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzQ3MjE1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLWJveC0yLTBfMiIsInRfZXBvY2giOjE2MTQ4NjcxMzgsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDA4LCJhZF9wb3NpdGlvbiI6MTExMCwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAuMDAwMDgsImJpZF9mbG9vcl9wcmV2IjowLjAwMDE2LCJzdGF0X3NvdXJjZV9pZCI6MzUsImNvdW50cnlfY29kZSI6IkNaIiwicGFnZXZpZXdfaWQiOiI1YWNkMTMyOC1mZmE2LTRiZDAtNzI4ZC00MWFjOTc2YTBjOTEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MjA4NjExMDk1LCJkYXRhIjpbeyJuYW1lIjoibG9hZGVkIiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzQ3MjE1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLWJveC0yLTBfMiIsInRfZXBvY2giOjE2MTQ4NjcxMzgsImFkX3Bvc2l0aW9uIjoxMTEwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ1oiLCJwYWdldmlld19pZCI6IjVhY2QxMzI4LWZmYTYtNGJkMC03MjhkLTQxYWM5NzZhMGM5MSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgyMDg2MTEwOTUsImRhdGEiOlt7Im5hbWUiOiJjcmVhdGl2ZV9pZCIsInZhbCI6IjEzODMxMDA0MzUyMyJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzQ3MjE1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLWJveC0yLTBfMiIsInRfZXBvY2giOjE2MTQ4NjcxMzgsImFkX3Bvc2l0aW9uIjoxMTEwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ1oiLCJwYWdldmlld19pZCI6IjVhY2QxMzI4LWZmYTYtNGJkMC03MjhkLTQxYWM5NzZhMGM5MSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgyMDg2MTEwOTUsImRhdGEiOlt7Im5hbWUiOiJsaW5laXRlbV9pZCIsInZhbCI6IjI4Njg3Mjc0In1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/detroitchicago/memphis.js?gcb=192-0&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:27 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 03 Mar 2021 14:12:27 UTC

GET
H2 200 28687274 Show response
g.ezoic.net/dac/ 0
40 B 60ms
59ms XHR
text/plain 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/28687274
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/porpoiseant/banger.js?cb=192-0&bv=7&v=45&PageSpeed=off
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 04 Mar 2021 14:12:27 GMT
cache-control: max-age=3600, public
server: nginx/1.16.0
content-length: 0
vary: Accept-Encoding
content-type: text/plain

GET
H2 200 army.gif Show response
meterpreter.org/porpoiseant/ 0
19 B 37ms
36ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzQ3MjE1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLWJveC0yLTBfMiIsInRfZXBvY2giOjE2MTQ4NjcxMzgsImFkX3Bvc2l0aW9uIjoxMTEwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ1oiLCJwYWdldmlld19pZCI6IjVhY2QxMzI4LWZmYTYtNGJkMC03MjhkLTQxYWM5NzZhMGM5MSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgyMDg2MTEwOTUsImRhdGEiOlt7Im5hbWUiOiJ0X2xvY2FsX2RhdGUiLCJ2YWwiOiIyMDIxLTAzLTA0In0seyJuYW1lIjoidF9sb2NhbF9ob3VyIiwidmFsIjoiMTUifSx7Im5hbWUiOiJ0X2xvY2FsX2RheV9vZl93ZWVrIiwidmFsIjoiNCJ9LHsibmFtZSI6InRfbG9jYWxfdGltZXpvbmUiLCJ2YWwiOiItNjAifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/detroitchicago/memphis.js?gcb=192-0&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:27 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 03 Mar 2021 14:12:27 UTC

GET
H2 200 army.gif Show response
meterpreter.org/porpoiseant/ 0
19 B 35ms
35ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNzQ3MjE1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLWJveC0yLTBfMiIsInRfZXBvY2giOjE2MTQ4NjcxMzgsImF1Y3Rpb25fZXBvY2giOjE2MTQ4NjcxNDgsImFkX3Bvc2l0aW9uIjoxMTEwLCJjb3VudHJ5X2NvZGUiOiJDWiIsInBhZ2V2aWV3X2lkIjoiNWFjZDEzMjgtZmZhNi00YmQwLTcyOGQtNDFhYzk3NmEwYzkxIiwiYmlkX2Zsb29yX2luaXRpYWwiOjEyMCwiYmlkX2Zsb29yX3ByZXYiOjE2LCJiaWRfZmxvb3JfZmlsbGVkIjo4LCJhdWN0aW9uX2NvdW50Ijo2LCJyZWZyZXNoX2FkX2NvdW50IjowLCJhdWN0aW9uX2R1cmF0aW9uIjozNTYsIm11bHRpX2FkX3VuaXQiOjIsIm11bHRpX2FkX2NvdW50IjozLCJuZXR3b3JrX2NvZGUiOjEyNTQxNDQsImRhdGEiOlt7Im5hbWUiOiIiLCJ2YWwiOiIifV0sImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzR9XQ==
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/detroitchicago/memphis.js?gcb=192-0&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:27 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 03 Mar 2021 14:12:27 UTC

GET
H3-Q050 200 integrator.js Show response
adservice.google.cz/adsid/ 107 B
123 B 16ms
15ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.cz/adsid/integrator.js?domain=meterpreter.org

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 14:12:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
123 B 16ms
15ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=meterpreter.org

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 14:12:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 43 KB
11 KB 372ms
372ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4438153568304686&correlator=10983129138592&output=ldjh&impl=fif&eid=31060337&vrg=2021030301&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cmeterpreter_org-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90&ris=1&rcs=6&prev_scp=iid7%3D681215%26t%3D134%26d%3D133025%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26a%3D%257C253%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod51%26ic%3D7%26at%3Dmbf%26adr%3D399%26ezosn%3D4%26reft%3Dn%26refs%3D30%26ga%3D2497208%26gala%3D2709606%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dmeterpreter_org-medrectangle-2-681215%26eb_br%3Db355e9227b551c119a30a68852723b62%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4493741254%26bv%3D0%26bvm%3D1%26bvr%3D7%26shp%3D1%26ftsn%3D3%26br1%3D90%26br2%3D100%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%252C36%252C28%252C67%252C45%252C0%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D20%2C21%2C22%2C23%2C24%2C25%2C26%2C17%2C17%2C17%2C17%2C17%2C19%26ax_ssid%3D10082%26lb%3D100%26reqt%3D1614867147560&eri=1&cookie=ID%3D61fd0f9a525782ba-228d291fadba007d%3AT%3D1614867147%3AS%3DALNI_Ma7maCqsl8656LhY4kMpXC2yjzLwg&bc=31&abxe=1&lmt=1614867147&dt=1614867147563&dlt=1614867139095&idt=1477&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=1104&adks=428325072&ucis=z&ifi=35&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fmeterpreter.org%2Fgoogle-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome%2F&ref=https%3A%2F%2Ft.co%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x-1&msz=970x-1&psts=AGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1657587250.1614867140&ga_sid=1614867141&ga_hid=963913986&ga_fc=false&fws=512&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

6160dc625f8296db2e38ee223e677a8ccc689de9571ce3396461371b18c36061

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:27 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10954
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://meterpreter.org
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 4C85
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

48ms
48ms

Image
text/html

2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Redirect headers

date: Thu, 04 Mar 2021 14:12:27 GMT
x-content-type-options: nosniff
server: safe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0

GET
H2 200 army.gif Show response
meterpreter.org/porpoiseant/ 0
19 B 37ms
36ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzIzMjE1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLWJveC0xLTAiLCJ0X2Vwb2NoIjoxNjE0ODY3MTM4LCJyZXZlbnVlIjowLCJlc3RfcmV2ZW51ZSI6MCwiYWRfcG9zaXRpb24iOjExMTQsImFkX3NpemUiOiIiLCJiaWRfZmxvb3JfZmlsbGVkIjowLCJiaWRfZmxvb3JfcHJldiI6MCwic3RhdF9zb3VyY2VfaWQiOjAsImNvdW50cnlfY29kZSI6IkNaIiwicGFnZXZpZXdfaWQiOiI1YWNkMTMyOC1mZmE2LTRiZDAtNzI4ZC00MWFjOTc2YTBjOTEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ4MTc3MzU0MjAsImNyZWF0aXZlX2lkIjoxMzgyNDYxMDU4NDIsImRhdGEiOlt7Im5hbWUiOiJ2aWV3ZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/detroitchicago/memphis.js?gcb=192-0&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:27 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 03 Mar 2021 14:12:27 UTC

GET
H3-Q050 200 integrator.js Show response
adservice.google.cz/adsid/ 107 B
123 B 17ms
16ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.cz/adsid/integrator.js?domain=meterpreter.org

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 14:12:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
123 B 17ms
16ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=meterpreter.org

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 14:12:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 445 B
274 B 428ms
419ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4438153568304686&correlator=2604957989984643&output=ldjh&impl=fif&eid=31060337&vrg=2021030301&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cmeterpreter_org-leader-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=336x280&ris=1&rcs=6&prev_scp=iid7%3D693365%26t%3D134%26d%3D133025%26t1%3D134%26pvc%3D0%26ap%3D1140%26sap%3D1140%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod51%26ic%3D7%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26gala%3D2709606%26rid%3D99998%26pt%3D37%26al%3D1037%26compid%3D0%26tap%3Dmeterpreter_org-leader-1-693365%26eb_br%3Ddfa60cee6e1053fc0c9e607c8047bd28%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4493741254%26bv%3D0%26bvm%3D3%26bvr%3D6%26shp%3D1%26ftsn%3D3%26br1%3D80%26br2%3D90%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D20%2C21%2C22%2C23%2C24%2C25%2C26%2C17%2C17%2C17%2C17%2C17%2C19%26ax_ssid%3D10082%26lb%3D100%26reqt%3D1614867147651&eri=1&cookie=ID%3D61fd0f9a525782ba-228d291fadba007d%3AT%3D1614867147%3AS%3DALNI_Ma7maCqsl8656LhY4kMpXC2yjzLwg&bc=31&abxe=1&lmt=1614867147&dt=1614867147655&dlt=1614867139095&idt=1477&frm=20&biw=1600&bih=1200&oid=3&adxs=140&adys=1044&adks=3122800426&ucis=10&ifi=36&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fmeterpreter.org%2Fgoogle-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome%2F&ref=https%3A%2F%2Ft.co%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=880x280&msz=880x280&psts=AGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1657587250.1614867140&ga_sid=1614867141&ga_hid=963913986&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

ce81059b4d1aa9c4da5817df1d8fe706e21ac420bceed3bf5309f0f04fa159d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:28 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 218
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://meterpreter.org
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 army.gif Show response
meterpreter.org/porpoiseant/ 0
19 B 37ms
37ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzIzMjE1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLWJveC0xLTAiLCJ0X2Vwb2NoIjoxNjE0ODY3MTM4LCJhZF9wb3NpdGlvbiI6MTExNCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNaIiwicGFnZXZpZXdfaWQiOiI1YWNkMTMyOC1mZmE2LTRiZDAtNzI4ZC00MWFjOTc2YTBjOTEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ4MTc3MzU0MjAsImNyZWF0aXZlX2lkIjoxMzgyNDYxMDU4NDIsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfc2l6ZSIsInZhbCI6IlszMzYsMjgwXSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzIzMjE1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLWJveC0xLTAiLCJ0X2Vwb2NoIjoxNjE0ODY3MTM4LCJhZF9wb3NpdGlvbiI6MTExNCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNaIiwicGFnZXZpZXdfaWQiOiI1YWNkMTMyOC1mZmE2LTRiZDAtNzI4ZC00MWFjOTc2YTBjOTEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ4MTc3MzU0MjAsImNyZWF0aXZlX2lkIjoxMzgyNDYxMDU4NDIsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfZmx1aWQiLCJ2YWwiOiJmYWxzZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzIzMjE1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLWJveC0xLTAiLCJ0X2Vwb2NoIjoxNjE0ODY3MTM4LCJhZF9wb3NpdGlvbiI6MTExNCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNaIiwicGFnZXZpZXdfaWQiOiI1YWNkMTMyOC1mZmE2LTRiZDAtNzI4ZC00MWFjOTc2YTBjOTEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ4MTc3MzU0MjAsImNyZWF0aXZlX2lkIjoxMzgyNDYxMDU4NDIsImRhdGEiOlt7Im5hbWUiOiJkb21haW5fZGZwX3N0eWxlX2lkIiwidmFsIjoiNjYifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/detroitchicago/memphis.js?gcb=192-0&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:27 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 03 Mar 2021 14:12:27 UTC

GET
H3-Q050 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012101070013000/ Frame C5D7 185 KB
53 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0812a00aee80133b732c5cb2e0362ee2a52ae9f50c126d43e73f98163db9711f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 181134
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53820
x-xss-protection: 0
server: sffe
date: Tue, 02 Mar 2021 11:53:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "ee5348f2de7cdf64"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Mar 2022 11:53:33 GMT

GET
H3-Q050 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012101070013000/v0/ Frame C5D7 12 KB
4 KB 17ms
16ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

981f6ac4a0eed80f6a40eef39d86ce7876f6e360d8b3a2f57f2617bb12895dc3

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 181134
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4559
x-xss-protection: 0
server: sffe
date: Tue, 02 Mar 2021 11:53:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "c3a321a15743f406"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Mar 2022 11:53:33 GMT

GET
H3-Q050 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012101070013000/v0/ Frame C5D7 87 KB
27 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c4024d5169b2506f3421052b45f5d66154de796baf2443d9326ac40107ce5cfb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 181134
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27206
x-xss-protection: 0
server: sffe
date: Tue, 02 Mar 2021 11:53:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1f991b6a8daa2b14"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Mar 2022 11:53:33 GMT

GET
H3-Q050 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012101070013000/v0/ Frame C5D7 3 KB
1 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c7fa743da4cd37829cd0e7c02e877f094400036be87c8e1fd9d2c3f5f68a8fa5

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 181134
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1376
x-xss-protection: 0
server: sffe
date: Tue, 02 Mar 2021 11:53:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "512b909f94eb26fb"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Mar 2022 11:53:33 GMT

GET
H3-Q050 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012101070013000/v0/ Frame C5D7 40 KB
13 KB 17ms
16ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012101070013000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

194a2819816bb760d4c5ba2ba825cf1926b853c821842697c3024ec74a36f66c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 181134
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12793
x-xss-protection: 0
server: sffe
date: Tue, 02 Mar 2021 11:53:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1e3ef417618f7e28"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Mar 2022 11:53:33 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame C5D7 2 KB
3 KB 14ms
14ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 08:22:57 GMT
x-content-type-options: nosniff
server: cafe
age: 20970
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Fri, 05 Mar 2021 08:22:57 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame C5D7 295 B
397 B 13ms
13ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 03 Mar 2021 23:24:51 GMT
x-content-type-options: nosniff
server: cafe
age: 53256
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 04 Mar 2021 23:24:51 GMT

GET
DATA 200
OK truncated
/ Frame C5D7 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a76e9091942d5785c7c20c8d92d0305bd7c748655df9e71f55142bdce2e6d57e

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 16479671133593605222
tpc.googlesyndication.com/simgad/ Frame C5D7 64 KB
64 KB 11ms
10ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/16479671133593605222?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qnpTwotZOeIryzijPkm_eJupzAyUw

Requested by

Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c5fb07031c62afb3af463f2c1ac4a5c65dec89cd8137116b387b1560c7072e60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 03 Mar 2021 10:50:35 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Feb 2021 14:11:31 GMT
server: sffe
age: 98512
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 65249
x-xss-protection: 0
expires: Thu, 03 Mar 2022 10:50:35 GMT

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame C5D7 0
0 18ms
17ms Image
text/html 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaR683pIVzPAfFDSeZgqtbnLcR5qBTdSMFBUbMr0pAsmEIuoXiW-CbD3jY8HmQqAxyu5TVyv9iFM9FJHiHIpScSzkxwGhg
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame C5D7 0
0 67ms
66ms Image
text/html 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C_Jx5y-pAYP3gJayxlQeLw5e4Df_7g8xhtP_ph50N4JrSr50SEAEg9PnGJWDM4e2B_C6gAePPmb8DyAEC4AIAqAMByAMIqgSfAk_QJok_8MCdkw8q7HnGnktMqZ6Eu_QQdgK2LEsRoypwpLafIH-RR4x7KDsPKUXJmIDeEbuEh0ly7IKBKwnw407lhPRThDN7-QMQVgdeSZvKayxgHHQnOQw-WpoceQre8xGqqxJE4_cSU9mk22W0-3PhyO_eFiiOeqSaJ7cQd_c2beGWbUsehBiWbPxjpwGIu7YIClVh0tZR6mvkvjXfZxczM4lXT9axC1Hp8hZlUzSs8sKc9sHW1x94EesdBGlyBPXHm2tgcbAV_N8J01N5lkO9CzxvHgFbWK_CqQbBlE_vA7N07KS29BEoO0Qwa6VBVnIvLrXAlFrcuOVjaoCEjs4Nqzt0A5TF5KZ6lSb9j2MkEVGQ8XlPuwySrVm8C7e6wATj3JeTxQLgBAGSBQQIBBgBkgUECAUYBKAGAoAH3faTMKgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAfIHBBDwrUHSCAkIgOGAEBABGB3yCBthZHgtc3Vic3luLTQ0MTIzOTYxNzk1OTE3NDiACgPICwHYEwyyFxoKGAgAEhRwdWItNjM5Njg0NDc0MjQ5NzIwOA&sigh=vW6NmD2ak1w&tpd=AGWhJmu9IFKd6u6GuF-lRJNLOQl6kEE5dwpMu6KncvfhjFUpMQ
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s04-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 army.gif Show response
meterpreter.org/porpoiseant/ 0
19 B 39ms
37ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjgxMjE1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjE0ODY3MTM4LCJhZF9wb3NpdGlvbiI6MTEwMCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNaIiwicGFnZXZpZXdfaWQiOiI1YWNkMTMyOC1mZmE2LTRiZDAtNzI4ZC00MWFjOTc2YTBjOTEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTE2LCJkYXRhIjpbeyJuYW1lIjoicmVmcmVzaF9jb3VudCIsInZhbCI6IjcifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY4MTIxNSIsImRvbWFpbl9pZCI6IjEzMzAyNSIsInVuaXQiOiJkaXYtZ3B0LWFkLW1ldGVycHJldGVyX29yZy1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYxNDg2NzEzOCwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDWiIsInBhZ2V2aWV3X2lkIjoiNWFjZDEzMjgtZmZhNi00YmQwLTcyOGQtNDFhYzk3NmEwYzkxIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDUxNiwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9iaWRfaGFzaCIsInZhbCI6ImIzNTVlOTIyN2I1NTFjMTE5YTMwYTY4ODUyNzIzYjYyIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2ODEyMTUiLCJkb21haW5faWQiOiIxMzMwMjUiLCJ1bml0IjoiZGl2LWdwdC1hZC1tZXRlcnByZXRlcl9vcmctbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MTQ4NjcxMzgsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDksImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiYmlkX2Zsb29yX2ZpbGxlZCI6MC4wMDA5LCJiaWRfZmxvb3JfcHJldiI6MC4wMDEsInN0YXRfc291cmNlX2lkIjozNSwiY291bnRyeV9jb2RlIjoiQ1oiLCJwYWdldmlld19pZCI6IjVhY2QxMzI4LWZmYTYtNGJkMC03MjhkLTQxYWM5NzZhMGM5MSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MTYsImRhdGEiOlt7Im5hbWUiOiJsb2FkZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2ODEyMTUiLCJkb21haW5faWQiOiIxMzMwMjUiLCJ1bml0IjoiZGl2LWdwdC1hZC1tZXRlcnByZXRlcl9vcmctbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MTQ4NjcxMzgsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ1oiLCJwYWdldmlld19pZCI6IjVhY2QxMzI4LWZmYTYtNGJkMC03MjhkLTQxYWM5NzZhMGM5MSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1MTYsImRhdGEiOlt7Im5hbWUiOiJjcmVhdGl2ZV9pZCIsInZhbCI6IjEzODMxMDAzNDUxNiJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjgxMjE1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjE0ODY3MTM4LCJhZF9wb3NpdGlvbiI6MTEwMCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNaIiwicGFnZXZpZXdfaWQiOiI1YWNkMTMyOC1mZmE2LTRiZDAtNzI4ZC00MWFjOTc2YTBjOTEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTE2LCJkYXRhIjpbeyJuYW1lIjoibGluZWl0ZW1faWQiLCJ2YWwiOiIyODY4NzI3NCJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/detroitchicago/memphis.js?gcb=192-0&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:28 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 03 Mar 2021 14:12:27 UTC

GET
H2 200 28687274 Show response
g.ezoic.net/dac/ 0
40 B 35ms
34ms XHR
text/plain 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/28687274
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/porpoiseant/banger.js?cb=192-0&bv=7&v=45&PageSpeed=off
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 04 Mar 2021 14:12:28 GMT
cache-control: max-age=3600, public
server: nginx/1.16.0
content-length: 0
vary: Accept-Encoding
content-type: text/plain

GET
H2 200 army.gif Show response
meterpreter.org/porpoiseant/ 0
42 B 37ms
36ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjgxMjE1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjE0ODY3MTM4LCJhZF9wb3NpdGlvbiI6MTEwMCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNaIiwicGFnZXZpZXdfaWQiOiI1YWNkMTMyOC1mZmE2LTRiZDAtNzI4ZC00MWFjOTc2YTBjOTEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTE2LCJkYXRhIjpbeyJuYW1lIjoidF9sb2NhbF9kYXRlIiwidmFsIjoiMjAyMS0wMy0wNCJ9LHsibmFtZSI6InRfbG9jYWxfaG91ciIsInZhbCI6IjE1In0seyJuYW1lIjoidF9sb2NhbF9kYXlfb2Zfd2VlayIsInZhbCI6IjQifSx7Im5hbWUiOiJ0X2xvY2FsX3RpbWV6b25lIiwidmFsIjoiLTYwIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/detroitchicago/memphis.js?gcb=192-0&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:28 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 03 Mar 2021 14:12:27 UTC

GET
H2 200 army.gif Show response
meterpreter.org/porpoiseant/ 0
19 B 37ms
37ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNjgxMjE1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjE0ODY3MTM4LCJhdWN0aW9uX2Vwb2NoIjoxNjE0ODY3MTQ4LCJhZF9wb3NpdGlvbiI6MTEwMCwiY291bnRyeV9jb2RlIjoiQ1oiLCJwYWdldmlld19pZCI6IjVhY2QxMzI4LWZmYTYtNGJkMC03MjhkLTQxYWM5NzZhMGM5MSIsImJpZF9mbG9vcl9pbml0aWFsIjoyMjAsImJpZF9mbG9vcl9wcmV2IjoxMDAsImJpZF9mbG9vcl9maWxsZWQiOjkwLCJhdWN0aW9uX2NvdW50Ijo3LCJyZWZyZXNoX2FkX2NvdW50IjowLCJhdWN0aW9uX2R1cmF0aW9uIjozOTAsIm11bHRpX2FkX3VuaXQiOjAsIm11bHRpX2FkX2NvdW50IjowLCJuZXR3b3JrX2NvZGUiOjEyNTQxNDQsImRhdGEiOlt7Im5hbWUiOiIiLCJ2YWwiOiIifV0sImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzR9XQ==
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/detroitchicago/memphis.js?gcb=192-0&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:28 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 03 Mar 2021 14:12:27 UTC

GET
H3-Q050

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame C5D7
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

16ms
14ms

Image
text/html

2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Redirect headers

date: Thu, 04 Mar 2021 14:12:28 GMT
x-content-type-options: nosniff
server: safe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.cz/adsid/ 107 B
146 B 16ms
16ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.cz/adsid/integrator.js?domain=meterpreter.org

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 14:12:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
146 B 15ms
15ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=meterpreter.org

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 14:12:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 18 KB
9 KB 364ms
363ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4438153568304686&correlator=3740273389722386&output=ldjh&impl=fif&eid=31060337&vrg=2021030301&ptt=17&us_privacy=1---&sc=1&sfv=1-0-37&ecs=20210304&iu_parts=1254144%2Cmeterpreter_org-leader-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=336x280&ris=1&rcs=7&prev_scp=iid7%3D693365%26t%3D134%26d%3D133025%26t1%3D134%26pvc%3D0%26ap%3D1140%26sap%3D1140%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod51%26ic%3D8%26at%3Dbf%26adr%3D399%26ezosn%3D0%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26gala%3D2709606%26rid%3D99998%26pt%3D37%26al%3D1037%26compid%3D0%26tap%3Dmeterpreter_org-leader-1-693365%26eb_br%3Dzero%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4493741254%26bv%3D0%26bvm%3D3%26bvr%3D6%26shp%3D1%26ftsn%3D3%26br1%3D0%26br2%3D90%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D20%2C21%2C22%2C23%2C24%2C25%2C26%2C17%2C17%2C17%2C17%2C17%2C19%2C17%2C18%2C19%26ax_ssid%3D10082%26lb%3D80%26reqt%3D1614867148169%26ss38%3D1%26ss9%3D1&eri=1&cookie=ID%3D61fd0f9a525782ba%3AT%3D1614867147%3AS%3DALNI_MaDH6V9QZhY53w_Mu1DJh8W9sTRRQ&bc=31&abxe=1&lmt=1614867148&dt=1614867148172&dlt=1614867139095&idt=1477&frm=20&biw=1600&bih=1200&oid=3&adxs=140&adys=1044&adks=3122800426&ucis=11&ifi=37&u_tz=60&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fmeterpreter.org%2Fgoogle-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome%2F&ref=https%3A%2F%2Ft.co%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=880x280&msz=880x280&ga_vid=1657587250.1614867140&ga_sid=1614867141&ga_hid=963913986&ga_fc=false&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

3cefffd4850121dce5c32b15d7f155b3abcf4489a9558742b2b932d146b4ed1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:28 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9202
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://meterpreter.org
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame F333 6 KB
3 KB 6ms
6ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021030301.js?31060337

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e86479d6e54449d1085c2149e190a615c6bead407b20bacbcf5852b5d65f1fee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-37/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://meterpreter.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://meterpreter.org/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 2973
date: Thu, 04 Mar 2021 14:12:21 GMT
expires: Fri, 04 Mar 2022 14:12:21 GMT
last-modified: Thu, 21 Nov 2019 16:01:11 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 7
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 army.gif Show response
meterpreter.org/porpoiseant/ 0
19 B 39ms
37ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjkzMzY1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLWxlYWRlci0xLTAiLCJ0X2Vwb2NoIjoxNjE0ODY3MTM4LCJhZF9wb3NpdGlvbiI6MTE0MCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNaIiwicGFnZXZpZXdfaWQiOiI1YWNkMTMyOC1mZmE2LTRiZDAtNzI4ZC00MWFjOTc2YTBjOTEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ4MTc3MzU0MjAsImNyZWF0aXZlX2lkIjoxMzgyNDYxMDU4NDIsImRhdGEiOlt7Im5hbWUiOiJyZWZyZXNoX2NvdW50IiwidmFsIjoiOCJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjkzMzY1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLWxlYWRlci0xLTAiLCJ0X2Vwb2NoIjoxNjE0ODY3MTM4LCJhZF9wb3NpdGlvbiI6MTE0MCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNaIiwicGFnZXZpZXdfaWQiOiI1YWNkMTMyOC1mZmE2LTRiZDAtNzI4ZC00MWFjOTc2YTBjOTEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ4MTc3MzU0MjAsImNyZWF0aXZlX2lkIjoxMzgyNDYxMDU4NDIsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfYmlkX2hhc2giLCJ2YWwiOiJ6ZXJvIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2OTMzNjUiLCJkb21haW5faWQiOiIxMzMwMjUiLCJ1bml0IjoiZGl2LWdwdC1hZC1tZXRlcnByZXRlcl9vcmctbGVhZGVyLTEtMCIsInRfZXBvY2giOjE2MTQ4NjcxMzgsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDAwMiwiYWRfcG9zaXRpb24iOjExNDAsImFkX3NpemUiOiIiLCJiaWRfZmxvb3JfZmlsbGVkIjowLjAwMDAwMiwiYmlkX2Zsb29yX3ByZXYiOjAuMDAwOCwic3RhdF9zb3VyY2VfaWQiOjM1LCJjb3VudHJ5X2NvZGUiOiJDWiIsInBhZ2V2aWV3X2lkIjoiNWFjZDEzMjgtZmZhNi00YmQwLTcyOGQtNDFhYzk3NmEwYzkxIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0ODE3NzM1NDIwLCJjcmVhdGl2ZV9pZCI6MTM4MjQ2MTA1ODQyLCJkYXRhIjpbeyJuYW1lIjoibG9hZGVkIiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjkzMzY1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLWxlYWRlci0xLTAiLCJ0X2Vwb2NoIjoxNjE0ODY3MTM4LCJhZF9wb3NpdGlvbiI6MTE0MCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNaIiwicGFnZXZpZXdfaWQiOiI1YWNkMTMyOC1mZmE2LTRiZDAtNzI4ZC00MWFjOTc2YTBjOTEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ4MTc3MzU0MjAsImNyZWF0aXZlX2lkIjoxMzgyNDYxMDU4NDIsImRhdGEiOlt7Im5hbWUiOiJjcmVhdGl2ZV9pZCIsInZhbCI6IjEzODI0NjEwNTg0MiJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjkzMzY1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLWxlYWRlci0xLTAiLCJ0X2Vwb2NoIjoxNjE0ODY3MTM4LCJhZF9wb3NpdGlvbiI6MTE0MCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNaIiwicGFnZXZpZXdfaWQiOiI1YWNkMTMyOC1mZmE2LTRiZDAtNzI4ZC00MWFjOTc2YTBjOTEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ4MTc3MzU0MjAsImNyZWF0aXZlX2lkIjoxMzgyNDYxMDU4NDIsImRhdGEiOlt7Im5hbWUiOiJsaW5laXRlbV9pZCIsInZhbCI6IjQ4MTc3MzU0MjAifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/detroitchicago/memphis.js?gcb=192-0&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:28 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 03 Mar 2021 14:12:28 UTC

GET
H2 200 4817735420 Show response
g.ezoic.net/dac/ 0
17 B 35ms
33ms XHR
text/plain 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/4817735420
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/porpoiseant/banger.js?cb=192-0&bv=7&v=45&PageSpeed=off
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 04 Mar 2021 14:12:28 GMT
cache-control: max-age=3600, public
server: nginx/1.16.0
content-length: 0
vary: Accept-Encoding
content-type: text/plain

GET
H2 200 army.gif Show response
meterpreter.org/porpoiseant/ 0
19 B 38ms
37ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjkzMzY1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLWxlYWRlci0xLTAiLCJ0X2Vwb2NoIjoxNjE0ODY3MTM4LCJhZF9wb3NpdGlvbiI6MTE0MCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNaIiwicGFnZXZpZXdfaWQiOiI1YWNkMTMyOC1mZmE2LTRiZDAtNzI4ZC00MWFjOTc2YTBjOTEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ4MTc3MzU0MjAsImNyZWF0aXZlX2lkIjoxMzgyNDYxMDU4NDIsImRhdGEiOlt7Im5hbWUiOiJ0X2xvY2FsX2RhdGUiLCJ2YWwiOiIyMDIxLTAzLTA0In0seyJuYW1lIjoidF9sb2NhbF9ob3VyIiwidmFsIjoiMTUifSx7Im5hbWUiOiJ0X2xvY2FsX2RheV9vZl93ZWVrIiwidmFsIjoiNCJ9LHsibmFtZSI6InRfbG9jYWxfdGltZXpvbmUiLCJ2YWwiOiItNjAifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/detroitchicago/memphis.js?gcb=192-0&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:28 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 03 Mar 2021 14:12:28 UTC

GET
H2 200 army.gif Show response
meterpreter.org/porpoiseant/ 0
42 B 36ms
36ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNjkzMzY1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLWxlYWRlci0xLTAiLCJ0X2Vwb2NoIjoxNjE0ODY3MTM4LCJhdWN0aW9uX2Vwb2NoIjoxNjE0ODY3MTQ5LCJhZF9wb3NpdGlvbiI6MTE0MCwiY291bnRyeV9jb2RlIjoiQ1oiLCJwYWdldmlld19pZCI6IjVhY2QxMzI4LWZmYTYtNGJkMC03MjhkLTQxYWM5NzZhMGM5MSIsImJpZF9mbG9vcl9pbml0aWFsIjoxODAsImJpZF9mbG9vcl9wcmV2Ijo4MCwiYmlkX2Zsb29yX2ZpbGxlZCI6MCwiYXVjdGlvbl9jb3VudCI6OCwicmVmcmVzaF9hZF9jb3VudCI6MCwiYXVjdGlvbl9kdXJhdGlvbiI6Mzc1LCJtdWx0aV9hZF91bml0IjowLCJtdWx0aV9hZF9jb3VudCI6MCwibmV0d29ya19jb2RlIjoxMjU0MTQ0LCJkYXRhIjpbeyJuYW1lIjoiIiwidmFsIjoiIn1dLCJsaW5lX2l0ZW1faWQiOjQ4MTc3MzU0MjB9XQ==
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/detroitchicago/memphis.js?gcb=192-0&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:28 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 03 Mar 2021 14:12:28 UTC

GET
H3-Q050 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame DB80 510 B
262 B 19ms
19ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPjl5QIQzM6ziAIYhKCAmgEwAQ&v=APEucNUn7Wm-UkCK7jIKOTHq5sYnQ6dWbEl-xwr7Arp9uUFV6biJ3_f5yJtQynJLb5IhS5Bg7DOvPYYZ84jv-5s0i8yc0ZU1AUdmNrkTKwGLW5k7TZ1WMcRmtojrJ4os3wU6dqO7D90DWqo5YxLimXFrRIWBXxeUyBx0599s_Hl8XitkHFUSogeS7jxq2C0PBN6LKy7wdKXq_tldIWEBe9i2oD5_NR8wo4yx9XlK8IFinNLwS60Fggc

Requested by

Host: t.co
URL: https://t.co/Gz6FIXReoN

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ec204561656bab028c2fb1d77312a95e26333f39b4a2a274049423f023acf5f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CPjl5QIQzM6ziAIYhKCAmgEwAQ&v=APEucNUn7Wm-UkCK7jIKOTHq5sYnQ6dWbEl-xwr7Arp9uUFV6biJ3_f5yJtQynJLb5IhS5Bg7DOvPYYZ84jv-5s0i8yc0ZU1AUdmNrkTKwGLW5k7TZ1WMcRmtojrJ4os3wU6dqO7D90DWqo5YxLimXFrRIWBXxeUyBx0599s_Hl8XitkHFUSogeS7jxq2C0PBN6LKy7wdKXq_tldIWEBe9i2oD5_NR8wo4yx9XlK8IFinNLwS60Fggc
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: DSID=NO_DATA; IDE=AHWqTUmY6HWHq93sutJh_lxjraKTIQfYIV51vN7WFKDPU9kqKhZkSND6j1Dxua7p63g
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Thu, 04 Mar 2021 14:12:28 GMT
server: cafe
cache-control: private
content-length: 236
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 9594 39 KB
19 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D0AwB-kNbetvEcvZoGQbiz2YPT-kstgP4n6nYj2ZZxRylEmyJGKiLE3LHM9gRSwerD7hx40Pwm11sEO1DDlBT-EVsaW7FoYWIMwWzG_ZToPrTpJRUXZ5ZwqS3dVVNoFMkYe9hJ-6euaqN_wxXAMnS2VThbYw&dbm_d=AKAmf-D79rb2AUElPKh6ruyp3lvoeYVmIp_oI99Tkl3GAV2nUX0tTfp_bddH6URBtgPpZU-tXyCOx80u9xiq5Sl4TZRBdViB53qSz4nfCTRwwpkGZwg30EpV9Jm4tcqMwr40PZjI08txRLJIQG9jPO3X4guAH4pm1gOV9X36RNZ9acIpiX1rEf66SxHGSQhmw39rGblkMLr5FNd9bafTMFqZBOud6MVC-ouRvf4O2A6bNeBVHfW3ZtJv98loP4V1O1FlkKuDoMzV-EztHTqHTSHIdDo6GXOvaM42Qfhf-8BD5URRVfB0NhLPbT-F2jufsiLEgtwLLe1reiJFnaV8yqKqYU7re_FLO3KYovWcfdWtoxDwhZS9wjqNWJm3usbILwFq7jgFAniszhJBs3HfXZdi8s1QzFO9jSmtmGJMZGzsO5mgybFiLeED_Gqcz5RSYQN5Z8-H4eI2ieD_AWz0IlbptIBk_p2pQ8ElkJ3KBrUuKHqt1tCgWevOK5klrE1aax6gjTJjG9HdqiKftR5RwpbDfubw8l5MESDzmkefDos-0G-8Sp2VctwtBeTaLzTGcY2IejZGNMW9BKpzbE43HCri2ET0fWhsD4FR7wXM18Xzub0NjVLfoA2W4ScsqqaNwELohSALgOJDgn9adlBU9qWpEI5jWvZ9Cb-5IKRR6jWx2dTYnZ69KpJgWTXAO6UB4kKW8mA0UsgnKJi3d3GC_yxgSTcY97G2l1C8Nt_xgA7ZPwvqrL6-uSTne4Bg0_nLx7wih38FtX8fhkC-NA0eWsMfOT8HIf3yB15olZ6qRr6uEeZdajr1kq29seMVNswCNtGYr4jGaNFUHRrRwJAQw9uq6i_WQGQzOwByB2MDxJC2wO0KT49JanO0BisMd7O6Tk_763VUlBnMqKnzutTmGNfngybV9J5DhcDaiuZYCiGqUElyG7Y7Nz8CNVNfn3mMtCoZCVjhwPYBMZfMEAOlNmw1E_K-3x1HATavBZ1jCv6XTd2GCqoWNwaeS7vVX7kD6UqSCoovE205Nm_oyjDxOkVcIKf4KArXPu-mIAOYCkIqL-9vPLUYiM7TgD1DcniCnKL8G8KVuqoa45_RBy91LQFuTFl27epC_SjUEgAW7ViIsZJH8Pw1lkT7BRFz8FoX3cgD1ZpeminTlBK3lePrxhqBeQBb_KGzMYcVcZ9kSQGYQKxK5Oc-GWOBUFauOmmO2OF869DMuo1V_5yNIcmk9twnfMl67kQ4aituFIM5frVArmAyKr9syoJSTAwjMM9hSwXIswCaR3rMQtdYoXk6BLEYKThj8XtS1iSXs3FDfOyNbWHQUonzasBQaonUg9dJklQMcjcwPSZBmXY2MxfZV3WTXbPBKPuiIdKWuerorYNC47u0D1YFvCbuczL0eqS4SgFY_uetzyWxjW_7DPbujVTi56X0rwl3ANXDm3FM3cyk2YlGAo4ePck-nUa9JBznmAEIfgyoAKwQp3QDyGO3dMH80BGzZZ6XFgwBaBDopmAWVxnFiXoyKRIBu7WOUGp4w7uzsujM8kYq98Jph4hrbXTdWxOf7mKKoH1Nu9pwomC_SHbuohsd1uVYYTZ7ZPf1qBkFSZU2EA53Lv3WT2G5LxeknGVJtOaxMEz_3_MQW8GXlSeUR5Tw8QnVDMnPu1w5PJ3QdNKXJy0KE0fiZAHoRzoN4145Wgyv0Z0XU1fOG5r_6TJ91s3lsRMNyh_eCf5azMtNemwSC4bXLGpwVeDNhcfvd7865QyKhExpC-_xV9gOZhA9lH8SczjNDFLB4nv28WRCUrplVsLVa-9Py6Wa472d0xbitoGIVeg984oUYu7Vg-fmkPPu3yubpiaKtfAVrtdEpGEQ1IvyoQ5cP8wx82NUQ6ryylzLoBqWlTSvHVHk508lfjfVAHgxbcFSEST0aZz4fwxKHqA2BMTKiAvtePs0cni3EVcxwbd0BZ3LSSud8O_cWHaj93oEHjozNu8Ks1GTSCtGiftbo5IbvZE4Kc3Un6hludP9YWV9Guy5gnGtyt0sPBub1YuaFs2Iwxg_UWBJcGXl9curO4c8fquVxP2EX-wgEqwiS8Y2IhsdxbTJ7gksK-krX7dL29TSBMGgePwcA2kqhLwdwJzw1KsOpzrQsYUgZMSu5YvTMCXfkgZivnQ2SBWgf6LCHNl-yZ81ZvLBedkD9tk7UgiFav-D7WoYFB5t-usbXo0PZtxbvbgn3clO5p6aqY8mLJCTvhCDqiVpKj8FnVmQ-PCcSsymSYDgtqaNdezoO9rZ_MMdW8rvsFOCi2bJXLvEw6ETGJhvM7VB4XUcOHje7hBFK1LVeBdHyDopfx820CB-QNp01omvoCtia27eTd5aawfqWgTG8xjzmAzZACZfNECO_o6E2yzd_cf5DDJeCteXEnNt6pW1svoid8zbO0JvDr9xde3Xax0jV14v-HhLhht7eHbGpPZfHEPLSzFBgJfZeliVybY3OkAO_rNQcV8rHYoGWgbmzV8IWxA9fX_9Tlmxp9bESPYlVhEz-vuECteSRwtXnHmEp9SeqFBVLSZ-gwdRQWNkxWT8Xc2davT8UZrZJyDvPPLcCgGm74dEMdDYRy-R4rR4ezsF8fVo5JK_Z9kMihgu__qcmyP4O_zqymYAinl7lzp7nm4povnLoQssL2I9s9Gnl4AwCZJsKqYkD6ZDYJQNA7jBB6xIl1c-04uUHGXbOuiyxj6GZlONBZGEfQ1dX5G6RjGvOT41gZvbalc2Dm8-txaw8Ghe2v639al91WXEFkIxyjNthKmsSDN8yTUCmzZFzPZ_bMzwidUc5UisLoBfVz9UOgUXxRNQKOe7METonDvW5lZuwzGvdiyoiHhKRX-oivLVCOfL6q1zmTXrFXfys8hR-XEH6QxOxngW0eEh0qYYtnADJpXtaRiSgrmpOLQlTsHWWIwbp-_9XGVCevfwFXOR7Wm3zAeEJEvOsg5GuokrDDD6TTLa2S_XKHpqV-CJA9BMrCdej0zWf1OsjunG8_h4z0gVGItJ-8mL_YNWxJzJ05GO_S6ienkuwOcs-hcnxH1ZL1yHUlk&cid=CAASEuRoclr6OwOTLIRQ49xiv-Qa0Q&rfl=2%2Chttps%253A%252F%252Fmeterpreter.org%252F%240

Requested by

Host: t.co
URL: https://t.co/Gz6FIXReoN

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d801004642f789bbc27e2500ceff57dc71257c7642cfb779be3f4b1260356fa8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:12:28 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19286
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210302/r20110914/client/ Frame 9594 3 KB
2 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210302/r20110914/client/window_focus_fy2019.js

Requested by

Host: t.co
URL: https://t.co/Gz6FIXReoN

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

873aed697d352242a06cc0e1961d2503173d4cbe93713671731d6b8928961745

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:04:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 499
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1546
x-xss-protection: 0
server: cafe
etag: 8852521427838746165
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 18 Mar 2021 14:04:09 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9594 110 KB
34 KB 16ms
14ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: t.co
URL: https://t.co/Gz6FIXReoN

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c04c7a578734441a2e3c552ab6f21ab2267c67f786cbadd64d4166d9721f7113

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1614774766775808"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34192
x-xss-protection: 0
expires: Thu, 04 Mar 2021 14:12:28 GMT

GET
H3-Q050 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210302/r20110914/client/ Frame 9594 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210302/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: t.co
URL: https://t.co/Gz6FIXReoN

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

704d0d3da6cd158841779485200573d774009ed765dfe9f91cee6f3c0fafcba9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:09:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 196
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6139
x-xss-protection: 0
server: cafe
etag: 4905056106247604317
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 18 Mar 2021 14:09:12 GMT

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame 9594 0
0 14ms
13ms Image
text/html 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaT5CxkoBKH_UhSjTVEuNyuzpIdVqM2MpqxuB6YFAO45Ox2Xizb-7sPJYh2xPBUIcvTnFMO2hX0V3p6yabQWmc4j9Qoi9g
Requested by: Host: t.co
URL: https://t.co/Gz6FIXReoN
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9594 42 B
88 B 39ms
38ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-C_FzKqGa5pJDnNKFQQrUjfNm_p0yQCQQPFXESVff8eE4T9oNT1cr1NeGG867jbF8h7URcN_3x97QXC1tdNT9Smjc743pL3JdJQTwhd2YevBcrXEdk

Requested by

Host: t.co
URL: https://t.co/Gz6FIXReoN

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:12:28 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel
cm.g.doubleclick.net/ Frame DB80 170 B
232 B 41ms
40ms Image
image/png 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_sc&google_dbm

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPjl5QIQzM6ziAIYhKCAmgEwAQ&v=APEucNUn7Wm-UkCK7jIKOTHq5sYnQ6dWbEl-xwr7Arp9uUFV6biJ3_f5yJtQynJLb5IhS5Bg7DOvPYYZ84jv-5s0i8yc0ZU1AUdmNrkTKwGLW5k7TZ1WMcRmtojrJ4os3wU6dqO7D90DWqo5YxLimXFrRIWBXxeUyBx0599s_Hl8XitkHFUSogeS7jxq2C0PBN6LKy7wdKXq_tldIWEBe9i2oD5_NR8wo4yx9XlK8IFinNLwS60Fggc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:12:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame DB80
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_sc&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDKOwP1pSKIe63hPJyLWhvs&google_cver=1

43 B
1014 B

42ms
41ms

Image
image/gif

23.218.208.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDKOwP1pSKIe63hPJyLWhvs&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPjl5QIQzM6ziAIYhKCAmgEwAQ&v=APEucNUn7Wm-UkCK7jIKOTHq5sYnQ6dWbEl-xwr7Arp9uUFV6biJ3_f5yJtQynJLb5IhS5Bg7DOvPYYZ84jv-5s0i8yc0ZU1AUdmNrkTKwGLW5k7TZ1WMcRmtojrJ4os3wU6dqO7D90DWqo5YxLimXFrRIWBXxeUyBx0599s_Hl8XitkHFUSogeS7jxq2C0PBN6LKy7wdKXq_tldIWEBe9i2oD5_NR8wo4yx9XlK8IFinNLwS60Fggc
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.218.208.246 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-208-246.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 04 Mar 2021 14:12:28 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 04 Mar 2021 14:12:28 GMT

Redirect headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:12:28 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDKOwP1pSKIe63hPJyLWhvs&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame DB80
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_sc%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_sc%26google_hm%3D&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_sc&google_hm=YEDqzARr.XedvY6FCEeLKAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDKOwP1pSKIe63hPJyLWhvs&google_cver=1&google_hm=2

43 B
894 B

42ms
41ms

Image
image/gif

23.218.208.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDKOwP1pSKIe63hPJyLWhvs&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPjl5QIQzM6ziAIYhKCAmgEwAQ&v=APEucNUn7Wm-UkCK7jIKOTHq5sYnQ6dWbEl-xwr7Arp9uUFV6biJ3_f5yJtQynJLb5IhS5Bg7DOvPYYZ84jv-5s0i8yc0ZU1AUdmNrkTKwGLW5k7TZ1WMcRmtojrJ4os3wU6dqO7D90DWqo5YxLimXFrRIWBXxeUyBx0599s_Hl8XitkHFUSogeS7jxq2C0PBN6LKy7wdKXq_tldIWEBe9i2oD5_NR8wo4yx9XlK8IFinNLwS60Fggc
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.218.208.246 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-208-246.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 04 Mar 2021 14:12:28 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 04 Mar 2021 14:12:28 GMT

Redirect headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:12:28 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDKOwP1pSKIe63hPJyLWhvs&google_cver=1&google_hm=2
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210302/r20110914/ Frame 9594 23 KB
9 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210302/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D0AwB-kNbetvEcvZoGQbiz2YPT-kstgP4n6nYj2ZZxRylEmyJGKiLE3LHM9gRSwerD7hx40Pwm11sEO1DDlBT-EVsaW7FoYWIMwWzG_ZToPrTpJRUXZ5ZwqS3dVVNoFMkYe9hJ-6euaqN_wxXAMnS2VThbYw&dbm_d=AKAmf-D79rb2AUElPKh6ruyp3lvoeYVmIp_oI99Tkl3GAV2nUX0tTfp_bddH6URBtgPpZU-tXyCOx80u9xiq5Sl4TZRBdViB53qSz4nfCTRwwpkGZwg30EpV9Jm4tcqMwr40PZjI08txRLJIQG9jPO3X4guAH4pm1gOV9X36RNZ9acIpiX1rEf66SxHGSQhmw39rGblkMLr5FNd9bafTMFqZBOud6MVC-ouRvf4O2A6bNeBVHfW3ZtJv98loP4V1O1FlkKuDoMzV-EztHTqHTSHIdDo6GXOvaM42Qfhf-8BD5URRVfB0NhLPbT-F2jufsiLEgtwLLe1reiJFnaV8yqKqYU7re_FLO3KYovWcfdWtoxDwhZS9wjqNWJm3usbILwFq7jgFAniszhJBs3HfXZdi8s1QzFO9jSmtmGJMZGzsO5mgybFiLeED_Gqcz5RSYQN5Z8-H4eI2ieD_AWz0IlbptIBk_p2pQ8ElkJ3KBrUuKHqt1tCgWevOK5klrE1aax6gjTJjG9HdqiKftR5RwpbDfubw8l5MESDzmkefDos-0G-8Sp2VctwtBeTaLzTGcY2IejZGNMW9BKpzbE43HCri2ET0fWhsD4FR7wXM18Xzub0NjVLfoA2W4ScsqqaNwELohSALgOJDgn9adlBU9qWpEI5jWvZ9Cb-5IKRR6jWx2dTYnZ69KpJgWTXAO6UB4kKW8mA0UsgnKJi3d3GC_yxgSTcY97G2l1C8Nt_xgA7ZPwvqrL6-uSTne4Bg0_nLx7wih38FtX8fhkC-NA0eWsMfOT8HIf3yB15olZ6qRr6uEeZdajr1kq29seMVNswCNtGYr4jGaNFUHRrRwJAQw9uq6i_WQGQzOwByB2MDxJC2wO0KT49JanO0BisMd7O6Tk_763VUlBnMqKnzutTmGNfngybV9J5DhcDaiuZYCiGqUElyG7Y7Nz8CNVNfn3mMtCoZCVjhwPYBMZfMEAOlNmw1E_K-3x1HATavBZ1jCv6XTd2GCqoWNwaeS7vVX7kD6UqSCoovE205Nm_oyjDxOkVcIKf4KArXPu-mIAOYCkIqL-9vPLUYiM7TgD1DcniCnKL8G8KVuqoa45_RBy91LQFuTFl27epC_SjUEgAW7ViIsZJH8Pw1lkT7BRFz8FoX3cgD1ZpeminTlBK3lePrxhqBeQBb_KGzMYcVcZ9kSQGYQKxK5Oc-GWOBUFauOmmO2OF869DMuo1V_5yNIcmk9twnfMl67kQ4aituFIM5frVArmAyKr9syoJSTAwjMM9hSwXIswCaR3rMQtdYoXk6BLEYKThj8XtS1iSXs3FDfOyNbWHQUonzasBQaonUg9dJklQMcjcwPSZBmXY2MxfZV3WTXbPBKPuiIdKWuerorYNC47u0D1YFvCbuczL0eqS4SgFY_uetzyWxjW_7DPbujVTi56X0rwl3ANXDm3FM3cyk2YlGAo4ePck-nUa9JBznmAEIfgyoAKwQp3QDyGO3dMH80BGzZZ6XFgwBaBDopmAWVxnFiXoyKRIBu7WOUGp4w7uzsujM8kYq98Jph4hrbXTdWxOf7mKKoH1Nu9pwomC_SHbuohsd1uVYYTZ7ZPf1qBkFSZU2EA53Lv3WT2G5LxeknGVJtOaxMEz_3_MQW8GXlSeUR5Tw8QnVDMnPu1w5PJ3QdNKXJy0KE0fiZAHoRzoN4145Wgyv0Z0XU1fOG5r_6TJ91s3lsRMNyh_eCf5azMtNemwSC4bXLGpwVeDNhcfvd7865QyKhExpC-_xV9gOZhA9lH8SczjNDFLB4nv28WRCUrplVsLVa-9Py6Wa472d0xbitoGIVeg984oUYu7Vg-fmkPPu3yubpiaKtfAVrtdEpGEQ1IvyoQ5cP8wx82NUQ6ryylzLoBqWlTSvHVHk508lfjfVAHgxbcFSEST0aZz4fwxKHqA2BMTKiAvtePs0cni3EVcxwbd0BZ3LSSud8O_cWHaj93oEHjozNu8Ks1GTSCtGiftbo5IbvZE4Kc3Un6hludP9YWV9Guy5gnGtyt0sPBub1YuaFs2Iwxg_UWBJcGXl9curO4c8fquVxP2EX-wgEqwiS8Y2IhsdxbTJ7gksK-krX7dL29TSBMGgePwcA2kqhLwdwJzw1KsOpzrQsYUgZMSu5YvTMCXfkgZivnQ2SBWgf6LCHNl-yZ81ZvLBedkD9tk7UgiFav-D7WoYFB5t-usbXo0PZtxbvbgn3clO5p6aqY8mLJCTvhCDqiVpKj8FnVmQ-PCcSsymSYDgtqaNdezoO9rZ_MMdW8rvsFOCi2bJXLvEw6ETGJhvM7VB4XUcOHje7hBFK1LVeBdHyDopfx820CB-QNp01omvoCtia27eTd5aawfqWgTG8xjzmAzZACZfNECO_o6E2yzd_cf5DDJeCteXEnNt6pW1svoid8zbO0JvDr9xde3Xax0jV14v-HhLhht7eHbGpPZfHEPLSzFBgJfZeliVybY3OkAO_rNQcV8rHYoGWgbmzV8IWxA9fX_9Tlmxp9bESPYlVhEz-vuECteSRwtXnHmEp9SeqFBVLSZ-gwdRQWNkxWT8Xc2davT8UZrZJyDvPPLcCgGm74dEMdDYRy-R4rR4ezsF8fVo5JK_Z9kMihgu__qcmyP4O_zqymYAinl7lzp7nm4povnLoQssL2I9s9Gnl4AwCZJsKqYkD6ZDYJQNA7jBB6xIl1c-04uUHGXbOuiyxj6GZlONBZGEfQ1dX5G6RjGvOT41gZvbalc2Dm8-txaw8Ghe2v639al91WXEFkIxyjNthKmsSDN8yTUCmzZFzPZ_bMzwidUc5UisLoBfVz9UOgUXxRNQKOe7METonDvW5lZuwzGvdiyoiHhKRX-oivLVCOfL6q1zmTXrFXfys8hR-XEH6QxOxngW0eEh0qYYtnADJpXtaRiSgrmpOLQlTsHWWIwbp-_9XGVCevfwFXOR7Wm3zAeEJEvOsg5GuokrDDD6TTLa2S_XKHpqV-CJA9BMrCdej0zWf1OsjunG8_h4z0gVGItJ-8mL_YNWxJzJ05GO_S6ienkuwOcs-hcnxH1ZL1yHUlk&cid=CAASEuRoclr6OwOTLIRQ49xiv-Qa0Q&rfl=2%2Chttps%253A%252F%252Fmeterpreter.org%252F%240

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3fd4682435ded532ff6a3464af1d8b9c0dec14b8540fe11b995dc7ba0ab87554

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:08:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 252
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8954
x-xss-protection: 0
server: cafe
etag: 1264331036119830315
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 18 Mar 2021 14:08:16 GMT

GET
H3-Q050 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210302/r20110914/elements/html/ Frame 9594 8 KB
3 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210302/r20110914/elements/html/omrhp.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:08:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 209
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 18 Mar 2021 14:08:59 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 9594 0
56 B 74ms
74ms Other
image/gif 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsscv-CKiLaKGBvhcbOgF2EtyGUEelZKosvB-8_S0Sx4QNnFecQCJQ6s6LhdNYdj9aqA2DtVwdwLJJqONxQ2b-dYexLExvztzt4cOyLhDRAVmnKePa6G1bi8oK_QXyQCMQTmpXyuChwJNgaHMqqDhWztWTLOSKWDvch_oQ3_8uNmSGULkv0zCWS1QcBXHkEsEwKZviPupW6JzMnbp9qS7ZgzD3zeCCG98lbHxRvGhsf_Gh9NXWphcAZUDDBedaFpKfEuEXWhkpGCgSeoj4sr0VzKJ9SjS-0FGRVVk-xHy3fwNhTBXPFQJvDS19IfujTKBsARRB8q9nnc8x6WGlE9Sy9sXxbWybH1df340bvLcYZGc6__GvTyeoisPJQ98CRnHbCX18MRw1Hwr01y1Cogsf5Ar22IZQSKec6tJK0Lenxuhz5HIoHzMpI_XqD_KelSguw8f14F-O71EjIwwWGImsjCN6La9KC4R0Utq9Po5cgQ_phbzbEAwy5c-nH6HJKYLz6ZbCFtyoAuvVVzLL1o-GTWuezA5-z6LGnBh1REtxLpd2xwqkpIJYaTiXuSOQXSZ3GE7qSRNR1z724_NLlJ8BuMQ8i65T7VWZnfQYMpbCRd-9tggGVCZaNnsixsXr8yUujYXKYo7Q45lF5o9YkaTRy_wGer5qDgEBfiQmMqqMeMYlPG_XUZT_y4DdrJ05uX7BGaD8t36MwukZxRfYfCblCeNmvG23eAI4An_PKnL3fuWvrXyg3qPcUjYFDg3RzY4KXFywIW2skOvOatQc3VOXrJddm2FuLHSjqc_xyAjXZz7Pr7Sv7xTXjQptki99Xw1iKGt_0qXbgscQeaxp0p-BPZ1zK1sQVL8Vp6-5tHMen5zAVSq3BpxNgaSio_S7wDXAu0mXvFie977-UmR76gEO8Y_p1ing0fGqjd67EbaeWxh4UICCy37pzYF5xxCPCMSTsT_nB74TVmipxo176WC3CdfRsqhpFTY0F87nwujBiQH1BNgpBbM6i6ZwUCVMyqpX4KS-5YzFcHCCfZ33oOPlsvofMZ7biK2FKJu_1OEF9bsaxND8pgI_uZKyO7zoIrLfFz6jXFj_01ph7ePx9UEwAEveFvXb0qMSQfofSSliQT2UrrpTpbimDKQjnxj0gX2K4Fan3GLC2bwKa0-0U516c71qhMNiac87jv1ayfcsS6PilIk5aLow-V3XC9JoMIb6M4JJeLN9lsXneVmILdt1Z6Md7qDCU&sai=AMfl-YQYjWuD1YVskn_Jgj1iX_1ww-mrB0U6tUAWFG0W_Jvi-0ss8VgK8D7JtHkWrm494gIFMhqKXZMDdHM2EzSMVmir--_3nmX1s0YLPQYIPu1Dy1bM4cnJW9fpIprTY3lkPjUwgQaumUuLp7ONwoNobEwtm04e-wkkTlpiUGFA0q8X_JP4g6xnhE4&sig=Cg0ArKJSzK6MSrMVI1Z1EAE&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20210302.53113&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 04 Mar 2021 14:12:28 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-Q050 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 9594 41 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 09:08:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 18218
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 04 Mar 2022 09:08:50 GMT

GET
H2 200 12222020-012632444-100514_Blog_1_MPU.jpg
s0.2mdn.net/9891412/ Frame 9594 55 KB
55 KB 8ms
7ms Image
image/jpeg 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9891412/12222020-012632444-100514_Blog_1_MPU.jpg

Requested by

Host: 03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com
URL: https://03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ace00d9cee344e2700fa024a28dcbad342a9ed62f75d6d8376de42e9cbcfc11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 05:49:51 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Dec 2020 09:26:32 GMT
server: sffe
age: 30157
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 56198
x-xss-protection: 0
expires: Fri, 05 Mar 2021 05:49:51 GMT

GET
H3-Q050 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame C6D7 1 KB
854 B 6ms
6ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com
URL: https://03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Thu, 04 Mar 2021 03:14:09 GMT
expires: Fri, 05 Mar 2021 03:14:09 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 39499
cache-control: public, max-age=86400
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 9594 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8741c758e3efd8383a9f284f64bb7ee4b13686ff0b8e7814447c020be14bfaf1

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 9594 0
55 B 67ms
67ms Other
image/gif 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Thu, 04 Mar 2021 14:12:28 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-Q050 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 4C85 42 B
206 B 48ms
47ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss3yCrEdeSeal-oiM2geIlbRw6PjkrWpjjF1yMvvM-2Yai8BDWFMPN_qt-I8f_ZFkGKVOFTW_R_0Da9Dz9HLt4uapLPVXMHp3Umr9TQjX8-Fo84P8DU6Y_z4Yzq1f-Jb2R6ZMMth9CKhNtaW-cqt_bVNQ&sai=AMfl-YRC0oNv1Rc5y8ivhlkC6PXNzyAjP6lak_11aQbea-XRxKsfI-9nxFkKaW84JQeb30gXVNnnhnWIItrwxu1p8DEID6m9TcuP4qBi_9_7PPcmDdC6-tKWAerN7SRHxXuU&sig=Cg0ArKJSzEkzEzyaK_2XEAE&cid=CAASPeRottZW-6Zn4m4qaXMpaLsAYFmjK5VbWSriA4dCc01kFdKm5BlExY1pjJTqMTpfTQzoStHPzioo2lrmxO8&id=ampim&o=804,319&d=300,250&ss=1600,1200&bs=1600,1200&mcvt=1016&mtos=0,0,1016,1016,1016&tos=0,0,1016,0,0&tfs=123&tls=1139&g=100&h=100&tt=1139&r=v&avms=ampa&adk=721207144

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:12:28 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame C726 22 KB
8 KB 6ms
6ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Thu, 04 Mar 2021 09:08:50 GMT
expires: Fri, 04 Mar 2022 09:08:50 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 18218
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 army.gif Show response
meterpreter.org/porpoiseant/ 0
19 B 36ms
35ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzQ3MjE1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLWJveC0yLTBfMiIsInRfZXBvY2giOjE2MTQ4NjcxMzgsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLCJhZF9wb3NpdGlvbiI6MTExMCwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAsImJpZF9mbG9vcl9wcmV2IjowLCJzdGF0X3NvdXJjZV9pZCI6MCwiY291bnRyeV9jb2RlIjoiQ1oiLCJwYWdldmlld19pZCI6IjVhY2QxMzI4LWZmYTYtNGJkMC03MjhkLTQxYWM5NzZhMGM5MSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgyMDg2MTEwOTUsImRhdGEiOlt7Im5hbWUiOiJ2aWV3ZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/detroitchicago/memphis.js?gcb=192-0&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:28 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 03 Mar 2021 14:12:28 UTC

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame C6D7
Redirect Chain

https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESEPcQ9PLz3JbAg8ReCCJ88UI&google_cver=1&google_push=AQvitUIDWGYrC3kTUj5_i1IuJ8_MOveu4wWiU_9N3cUHiR4fdkVxYj1PI-yMY...
https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESEPcQ9PLz3JbAg8ReCCJ88UI&google_cver=1&google_push=AQvitUIDWGYrC3kTUj5_i1IuJ8_MOveu4wWiU_9N3cUHiR4fdkVxYj1PI-yMY...
https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=R0OjV5axm1wM_gZhy0ab7g&google_push=AQvitUIDWGYrC3kTUj5_i1IuJ8_MOveu4wWiU_9N3cUHiR4fdkVxYj1PI-yMYwX3n8905J1FyE2IGyHfI...

170 B
190 B

42ms
42ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=R0OjV5axm1wM_gZhy0ab7g&google_push=AQvitUIDWGYrC3kTUj5_i1IuJ8_MOveu4wWiU_9N3cUHiR4fdkVxYj1PI-yMYwX3n8905J1FyE2IGyHfIER9F3eg0lRWLhJobNMB

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:12:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=R0OjV5axm1wM_gZhy0ab7g&google_push=AQvitUIDWGYrC3kTUj5_i1IuJ8_MOveu4wWiU_9N3cUHiR4fdkVxYj1PI-yMYwX3n8905J1FyE2IGyHfIER9F3eg0lRWLhJobNMB
Date: Thu, 04 Mar 2021 14:12:28 GMT
Server: nginx
Connection: keep-alive
Content-Type: text/plain; charset=utf-8
Content-Length: 238
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame C6D7
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESELinSSSmUrUDd_slJoIQ6aU&google_cver=1&google_push=AQvitUJl1ebhNA2SSSJKPJwRizMRdaOhQsBSw4c4dKHbBahC-dKIXMtpVWU4_uLBFUHRljCqUp8yE2WvXZwX4XcC35rl1q1hBkw
https://rtb.openx.net/sync/dds?google_gid=CAESELinSSSmUrUDd_slJoIQ6aU&google_cver=1&google_push=AQvitUJl1ebhNA2SSSJKPJwRizMRdaOhQsBSw4c4dKHbBahC-dKIXMtpVWU4_uLBFUHRljCqUp8yE2WvXZwX4XcC35rl1q1hBkw&o...
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUJl1ebhNA2SSSJKPJwRizMRdaOhQsBSw4c4dKHbBahC-dKIXMtpVWU4_uLBFUHRljCqUp8yE2WvXZwX4XcC35rl1q1hBkw&google_hm=uM3dR6Ohwn8qDZmW92p0Aw==

170 B
190 B

43ms
43ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUJl1ebhNA2SSSJKPJwRizMRdaOhQsBSw4c4dKHbBahC-dKIXMtpVWU4_uLBFUHRljCqUp8yE2WvXZwX4XcC35rl1q1hBkw&google_hm=uM3dR6Ohwn8qDZmW92p0Aw==

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:12:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:12:27 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUJl1ebhNA2SSSJKPJwRizMRdaOhQsBSw4c4dKHbBahC-dKIXMtpVWU4_uLBFUHRljCqUp8yE2WvXZwX4XcC35rl1q1hBkw&google_hm=uM3dR6Ohwn8qDZmW92p0Aw==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: tqq9rkrnv36vue1q6435rafkobuc7jdf

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame C6D7
Redirect Chain

https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEBBaOXQFL1Dmbl1PVXBC_ls&google_cver=1&google_push=AQvitUJRsOuEaKLejfWdja9Vqc9HTFBqSZabwN9Eb0z5mUCpg2qE5v6mYs4GDFwlOe8kV7cpLpHGle7JbTEUI...
https://b1sync.zemanta.com/usersync/googleadx/?google_cver=1&google_gid=CAESEBBaOXQFL1Dmbl1PVXBC_ls&google_push=AQvitUJRsOuEaKLejfWdja9Vqc9HTFBqSZabwN9Eb0z5mUCpg2qE5v6mYs4GDFwlOe8kV7cpLpHGle7JbTEUI...
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AQvitUJRsOuEaKLejfWdja9Vqc9HTFBqSZabwN9Eb0z5mUCpg2qE5v6mYs4GDFwlOe8kV7cpLpHGle7JbTEUIOjBeQOVu2C8pFxM&google_hm=SnFEaUlxMU1QV2NscFI2...

170 B
190 B

42ms
42ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AQvitUJRsOuEaKLejfWdja9Vqc9HTFBqSZabwN9Eb0z5mUCpg2qE5v6mYs4GDFwlOe8kV7cpLpHGle7JbTEUIOjBeQOVu2C8pFxM&google_hm=SnFEaUlxMU1QV2NscFI2RWJ0OFM=

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:12:29 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 04 Mar 2021 14:12:29 GMT
P3p: CP="We do not support P3P header."
Location: https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AQvitUJRsOuEaKLejfWdja9Vqc9HTFBqSZabwN9Eb0z5mUCpg2qE5v6mYs4GDFwlOe8kV7cpLpHGle7JbTEUIOjBeQOVu2C8pFxM&google_hm=SnFEaUlxMU1QV2NscFI2RWJ0OFM=
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=utf-8
Content-Length: 236
Expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame C6D7
Redirect Chain

https://google-sync.rutarget.ru/sync?google_gid=CAESECXJyge3p_3RPxjEl25YHyg&google_cver=1&google_push=AQvitUJZSGwGx6AZPVvtHdT6KQeLbhoioGw31zOhygVNWptL_g0qPRPaSfyHhkXMiiEukUKCE4g9usWPLvk0XAnMmGJ-2kb...
https://cm.g.doubleclick.net/pixel?google_nid=segmentoru&google_hm=WXhRTm4xQTBmX2Fl&google_ula=2046794&google_push=AQvitUJZSGwGx6AZPVvtHdT6KQeLbhoioGw31zOhygVNWptL_g0qPRPaSfyHhkXMiiEukUKCE4g9usWPLv...

170 B
213 B

140ms
139ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=segmentoru&google_hm=WXhRTm4xQTBmX2Fl&google_ula=2046794&google_push=AQvitUJZSGwGx6AZPVvtHdT6KQeLbhoioGw31zOhygVNWptL_g0qPRPaSfyHhkXMiiEukUKCE4g9usWPLvk0XAnMmGJ-2kb2L7FQ

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:12:29 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=segmentoru&google_hm=WXhRTm4xQTBmX2Fl&google_ula=2046794&google_push=AQvitUJZSGwGx6AZPVvtHdT6KQeLbhoioGw31zOhygVNWptL_g0qPRPaSfyHhkXMiiEukUKCE4g9usWPLvk0XAnMmGJ-2kb2L7FQ
Date: Thu, 04 Mar 2021 14:12:29 GMT
Server: nginx
Connection: keep-alive
Content-Length: 0
P3P: CP="This is not a P3P policy. Please visit http://rutarget.ru/p3p/ to get more information."

GET
H2 204 exptsync
ads.yieldmo.com/ Frame C6D7 0
35 B 188ms
61ms Image
text/plain 52.17.188.230
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.yieldmo.com/exptsync?google_gid=CAESEApm8FVFbijW95wtgKjgb7w&google_cver=1&google_push=AQvitULamT711qcICpYkq3CkmsJFdbOovjhV59-q-QJJXAipDRe-fZVao18hnOjGh7E3UQkCzzrwIoRp80saHw-bH0YWqB1JILA0
Requested by: Host: 03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com
URL: https://03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.17.188.230 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:28 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame C6D7
Redirect Chain

https://match.360yield.com/match/ebda?google_gid=CAESEDpMiJA4hAcWbM7eZQuFASo&google_cver=1&google_push=AQvitUJjKVSfb8a8uNNNbvuRPem8g2hHE1mA723WyHB0L6gzOZf4suHar4CYnGQMm8cHkgUhdNzxhdqwjVMvD32uwyiJEj...
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEDpMiJA4hAcWbM7eZQuFASo&google_cver=1&google_push=AQvitUJjKVSfb8a8uNNNbvuRPem8g2hHE1mA723WyHB0L6gzOZf4suHar4CYnGQMm8cHkgUhdNzxhdqwjVMvD32u...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=c15d-dWCQy-3FbJHIzTEQA&google_push=AQvitUJjKVSfb8a8uNNNbvuRPem8g2hHE1mA723WyHB0L6gzOZf4suHar4CYnGQMm8cHkgUhdNzxhdqwjVMvD32...

170 B
201 B

40ms
39ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=c15d-dWCQy-3FbJHIzTEQA&google_push=AQvitUJjKVSfb8a8uNNNbvuRPem8g2hHE1mA723WyHB0L6gzOZf4suHar4CYnGQMm8cHkgUhdNzxhdqwjVMvD32uwyiJEjwZRLy0

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:12:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=c15d-dWCQy-3FbJHIzTEQA&google_push=AQvitUJjKVSfb8a8uNNNbvuRPem8g2hHE1mA723WyHB0L6gzOZf4suHar4CYnGQMm8cHkgUhdNzxhdqwjVMvD32uwyiJEjwZRLy0
date: Thu, 04 Mar 2021 14:12:28 GMT
access-control-allow-origin: *
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H3-Q050 200 dot.gif
s0.2mdn.net/ Frame C6D7 43 B
383 B 60ms
45ms Image
image/gif 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dot.gif?google_gid=CAESELTyXqWxgj4AH_6mf6NYx0I&google_cver=1&google_push=AQvitUKurICEKaQSEPbDU9j5op6Jy7CuQGQNHOGJaMGmjIozNZ76zkCUpZKhMKNX53CfqWJ4-1FYh0KlELQT8M5v_m4TD-upsUcogg

Requested by

Host: 03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com
URL: https://03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:28 GMT
x-content-type-options: nosniff
last-modified: Sun, 01 Feb 2009 08:00:00 GMT
server: sffe
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
expires: Fri, 05 Mar 2021 14:12:28 GMT

GET
H3-Q050 204 attr
cm.g.doubleclick.net/pixel/ Frame C6D7 0
49 B 41ms
38ms Image
text/html 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13K_HasI0nhR8kC7uNt4Ay4wnjrhdykRtJiyxD8QZERNUccfursBTlE56gieSoUVljLSQxZOyw

Requested by

Host: 03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com
URL: https://03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:28 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-Q050 200 cBiyZrE2vwbFPBS6sT95jOp0NaMCoy8g5L57SNLHBl8.js Show response
pagead2.googlesyndication.com/bg/ Frame C726 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/cBiyZrE2vwbFPBS6sT95jOp0NaMCoy8g5L57SNLHBl8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7018b266b136bf06c53c14bab13f798cea7435a302a32f20e4be7b48d2c7065f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 10:25:02 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 01 Mar 2021 10:45:00 GMT
server: sffe
age: 13646
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5702
x-xss-protection: 0
expires: Fri, 04 Mar 2022 10:25:02 GMT

GET
H2 200 greenoaks.gif Show response
meterpreter.org/detroitchicago/ 0
42 B 37ms
36ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI1YWNkMTMyOC1mZmE2LTRiZDAtNzI4ZC00MWFjOTc2YTBjOTEiLCJkb21haW5faWQiOiIxMzMwMjUiLCJ0X2Vwb2NoIjoxNjE0ODY3MTM4LCJkYXRhIjpbeyJuYW1lIjoiZGlzcGxheV9hZF92aWV3cG9ydF9weCIsInZhbCI6IjUzOTEzMCJ9LHsibmFtZSI6ImRpc3BsYXlfYWRfdmlld3BvcnRfY291bnQiLCJ2YWwiOiI3In0seyJuYW1lIjoibmF0aXZlX2FkX3ZpZXdwb3J0X3B4IiwidmFsIjoiMCJ9LHsibmFtZSI6Im5hdGl2ZV9hZF92aWV3cG9ydF9jb3VudCIsInZhbCI6IjAifSx7Im5hbWUiOiJkaXNwbGF5X2FkX2RvY19weCIsInZhbCI6IjczNTU1MCJ9LHsibmFtZSI6ImRpc3BsYXlfYWRfZG9jX2NvdW50IiwidmFsIjoiNyJ9LHsibmFtZSI6Im5hdGl2ZV9hZF9kb2NfcHgiLCJ2YWwiOiIwIn0seyJuYW1lIjoibmF0aXZlX2FkX2RvY19jb3VudCIsInZhbCI6IjAifSx7Im5hbWUiOiJ2aWV3cG9ydF9zaXplIiwidmFsIjoiMTYwMHgxMjAwIn0seyJuYW1lIjoidmlld3BvcnRfcHgiLCJ2YWwiOiIxOTIwMDAwIn0seyJuYW1lIjoiZG9jX3B4IiwidmFsIjoiNDQ5MTIwMCJ9LHsibmFtZSI6ImRvY19oZWlnaHQiLCJ2YWwiOiIyODA3In1dfV0=
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/detroitchicago/memphis.js?gcb=192-0&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:28 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 03 Mar 2021 14:12:29 UTC

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C726 0
23 B 41ms
41ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BGAqhzOpAYLrjI8rP7_UP-5-a0A8AAAAAOAHgBAI&bg=!QUKlQgHNAAWsVXnBrDsAKQB2-DxamPwmRwmEcQIxHxpiJ4AgZsD3aMmxWP558pPDXvjZ4n0rW9EyAgAAAJBSAAAACmgBBwoAK4zMUlcXopZz30rkSGjUbpH8Ng0mVmX5le2DXJ0vEerTXgEJ7cHRV1aUg6OZAr6_3buN-qUvFRwuk5zZRu3SZ48TJWs6_dNWcuUxjSiBWWTRiq69Asc5vYJmLuNkxQ5_P0MjFjDS7Skmr_6REofftGzXu9hC2bgDyKwOaX0qiPIt_xNJQT8k63hkIuWgf4jabsWBtto4jW-7Xxzbjl4emm_KWz97l2rrnEL7-Jl92kjDqIWiE7zqvtJ-dy3CLRXQZHULgM1kD9v0_W9jY9qdXaYC3YNDWkHEavfP3YfSxGD21-7nTc6UgA0y3r9L3ZD-qg-4lcSOsMhUzD0pbXVofXdqr5g1ODX-Twt68lIwmofwP_ReYtbTjmtGypOnIEFNJHXSpf7A4wlJwYoUMRSs_eL3vY32im9TLkBE8ZYnmSwkkWvALkTMLhdstOtgveK-fb9Q5Zv3PefnWYbsmUtmnUOXIDwKyPpmlGYvoaAWWbV0acVY30WrtI0XMKZk7QRAMaRK9XpgtiEb8J028RmfijxIM_lMdsy0ts1njA_KhINeX9J2DTyGd0ucReki-DutNOgBKIPQmLW66KYiqZhQztE80iG0sMjRC8GXdQPjxgHtnYC1BfCVIEHuJEWnxbJlWdosUxyWYjKUUbjD9Qy2E0CqHtApobUTnj6JXvIWi5xNyicbAJEInpWcD-7XklvdOMpboFwF4pn8lbnc4VWnB1Nki2_grVCaRtV9Smd5AmPRaC8crTuM-Z47Qr_yYJyu1i2KSpzMXJGx3VezCZETjQKq2R6GAipE8RrPkoel2b55pGp1IEGEz_c22M8yfwf9zivVxOY9CziY6pHHWLrBfIr2J3PlI1KlMvQlfSzARRREZGmPBQgi5RhRSvmKZLsMi1cKQGYL7OLW43FI_odlIoq_n0pePuyQ-jcGfkqVNgxy0Ha9ZOEr6aCadUVxfhFgdFR4iOZE-nHWuVSBIdPplocuZ6DSo2YwgPhOTkU

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:12:28 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 army.gif Show response
meterpreter.org/porpoiseant/ 0
42 B 37ms
36ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzQ3MjE1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLWJveC0yLTBfMiIsInRfZXBvY2giOjE2MTQ4NjcxMzgsImFkX3Bvc2l0aW9uIjoxMTEwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ1oiLCJwYWdldmlld19pZCI6IjVhY2QxMzI4LWZmYTYtNGJkMC03MjhkLTQxYWM5NzZhMGM5MSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgyMDg2MTEwOTUsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfc2l6ZSIsInZhbCI6IlszMDAsMjUwXSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzQ3MjE1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLWJveC0yLTBfMiIsInRfZXBvY2giOjE2MTQ4NjcxMzgsImFkX3Bvc2l0aW9uIjoxMTEwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ1oiLCJwYWdldmlld19pZCI6IjVhY2QxMzI4LWZmYTYtNGJkMC03MjhkLTQxYWM5NzZhMGM5MSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgyMDg2MTEwOTUsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfZmx1aWQiLCJ2YWwiOiJmYWxzZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzQ3MjE1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLWJveC0yLTBfMiIsInRfZXBvY2giOjE2MTQ4NjcxMzgsImFkX3Bvc2l0aW9uIjoxMTEwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiQ1oiLCJwYWdldmlld19pZCI6IjVhY2QxMzI4LWZmYTYtNGJkMC03MjhkLTQxYWM5NzZhMGM5MSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgyMDg2MTEwOTUsImRhdGEiOlt7Im5hbWUiOiJkb21haW5fZGZwX3N0eWxlX2lkIiwidmFsIjoiMzQifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/detroitchicago/memphis.js?gcb=192-0&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:29 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 03 Mar 2021 14:12:29 UTC

GET
H3-Q050 200 activeview
pagead2.googlesyndication.com/pcs/ Frame C5D7 42 B
90 B 47ms
47ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss2LpO_-IaexYMW8K7NgEWinNH3OtnexDpng13GIBRKKtuRmcbKb7mpMFNHttcEs9r73Rn4fiYrViaspGQiEDNEr2G35dIPv0fhcWyfv4TE2lnRZq7isJUQDqiAx35aLGvDRNMA0z6H9u54RI8IrV-bbA&sai=AMfl-YRzyRchD8rJ821QBHOIHSR3wyYdBdfWbFMQnp2p6C64hY_0NP5rVQSLPUbPji4898henuS-xhqycs7HAencltx_ZT3zuDPASBXwzudqgNWyKlqU_p3QXnuWEQM&sig=Cg0ArKJSzEaPAiv9uaiVEAE&cid=CAASF-Ro1QhFCJNINmp4Roo6z_h1xZhnqFti&id=ampim&o=315,1098&d=970,90&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=106&tls=1106&g=100&h=100&tt=1106&r=v&avms=ampa&adk=428325072

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://meterpreter.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:12:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 army.gif Show response
meterpreter.org/porpoiseant/ 0
19 B 36ms
36ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjgxMjE1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjE0ODY3MTM4LCJyZXZlbnVlIjowLCJlc3RfcmV2ZW51ZSI6MCwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJiaWRfZmxvb3JfZmlsbGVkIjowLCJiaWRfZmxvb3JfcHJldiI6MCwic3RhdF9zb3VyY2VfaWQiOjAsImNvdW50cnlfY29kZSI6IkNaIiwicGFnZXZpZXdfaWQiOiI1YWNkMTMyOC1mZmE2LTRiZDAtNzI4ZC00MWFjOTc2YTBjOTEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTE2LCJkYXRhIjpbeyJuYW1lIjoidmlld2VkIiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/detroitchicago/memphis.js?gcb=192-0&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:29 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 03 Mar 2021 14:12:29 UTC

GET
H2 200 army.gif Show response
meterpreter.org/porpoiseant/ 0
19 B 37ms
36ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjgxMjE1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjE0ODY3MTM4LCJhZF9wb3NpdGlvbiI6MTEwMCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNaIiwicGFnZXZpZXdfaWQiOiI1YWNkMTMyOC1mZmE2LTRiZDAtNzI4ZC00MWFjOTc2YTBjOTEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTE2LCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX3NpemUiLCJ2YWwiOiJbOTcwLDkwXSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjgxMjE1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjE0ODY3MTM4LCJhZF9wb3NpdGlvbiI6MTEwMCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNaIiwicGFnZXZpZXdfaWQiOiI1YWNkMTMyOC1mZmE2LTRiZDAtNzI4ZC00MWFjOTc2YTBjOTEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTE2LCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2ZsdWlkIiwidmFsIjoiZmFsc2UifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY4MTIxNSIsImRvbWFpbl9pZCI6IjEzMzAyNSIsInVuaXQiOiJkaXYtZ3B0LWFkLW1ldGVycHJldGVyX29yZy1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYxNDg2NzEzOCwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJDWiIsInBhZ2V2aWV3X2lkIjoiNWFjZDEzMjgtZmZhNi00YmQwLTcyOGQtNDFhYzk3NmEwYzkxIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDUxNiwiZGF0YSI6W3sibmFtZSI6ImRvbWFpbl9kZnBfc3R5bGVfaWQiLCJ2YWwiOiIwIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/detroitchicago/memphis.js?gcb=192-0&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:29 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 03 Mar 2021 14:12:29 UTC

GET
H2 200 army.gif Show response
meterpreter.org/porpoiseant/ 0
19 B 37ms
36ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjkzMzY1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLWxlYWRlci0xLTAiLCJ0X2Vwb2NoIjoxNjE0ODY3MTM4LCJyZXZlbnVlIjowLCJlc3RfcmV2ZW51ZSI6MCwiYWRfcG9zaXRpb24iOjExNDAsImFkX3NpemUiOiIiLCJiaWRfZmxvb3JfZmlsbGVkIjowLCJiaWRfZmxvb3JfcHJldiI6MCwic3RhdF9zb3VyY2VfaWQiOjAsImNvdW50cnlfY29kZSI6IkNaIiwicGFnZXZpZXdfaWQiOiI1YWNkMTMyOC1mZmE2LTRiZDAtNzI4ZC00MWFjOTc2YTBjOTEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ4MTc3MzU0MjAsImNyZWF0aXZlX2lkIjoxMzgyNDYxMDU4NDIsImRhdGEiOlt7Im5hbWUiOiJ2aWV3ZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/detroitchicago/memphis.js?gcb=192-0&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:29 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 03 Mar 2021 14:12:29 UTC

GET
H3-Q050 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 9594 42 B
479 B 73ms
60ms Fetch
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvzaY--L9PvWKuIdN30QTw3Mgj1Pksbe1bqiXhp64MqgaPtVImd7aC9mlPx6LOJX68u0OSqJ2wWcSxJ8REaO4jV6YAYjiGieJrbLvrCMNocXUKUHmotsmUqVx5bJw&sai=AMfl-YSGQfQxKbSUl1_GQNk7CNeQSeT6FYY3_pwaHxY-TSn0Nh7gjMuanJqRnDSwLR5mxDxdF7OhKFFYboOAkRZQZRefW5hNFMPtcwjk1UXt1YfqPeqdd9QXLB0gTtY&sig=Cg0ArKJSzH2AmX068eEWEAE&cid=CAASEuRoclr6OwOTLIRQ49xiv-Qa0Q&id=osdim&mcvt=1013&p=1059,430,1313,730&mtos=0,0,1013,1013,1013&tos=0,0,1013,0,0&v=20210303&bin=7&avms=nio&bs=0,0&mc=0.56&if=1&app=0&itpl=20&adk=3122800426&rs=4&met=mue&la=0&cr=0&osd=1&vs=4&rst=1614867148549&dlt=14&rpt=2&isd=0&msd=0&r=v&uup=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 04 Mar 2021 14:12:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 army.gif Show response
meterpreter.org/porpoiseant/ 0
65 B 37ms
37ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://meterpreter.org/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjkzMzY1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLWxlYWRlci0xLTAiLCJ0X2Vwb2NoIjoxNjE0ODY3MTM4LCJhZF9wb3NpdGlvbiI6MTE0MCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNaIiwicGFnZXZpZXdfaWQiOiI1YWNkMTMyOC1mZmE2LTRiZDAtNzI4ZC00MWFjOTc2YTBjOTEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ4MTc3MzU0MjAsImNyZWF0aXZlX2lkIjoxMzgyNDYxMDU4NDIsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfc2l6ZSIsInZhbCI6IlszMzYsMjgwXSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjkzMzY1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLWxlYWRlci0xLTAiLCJ0X2Vwb2NoIjoxNjE0ODY3MTM4LCJhZF9wb3NpdGlvbiI6MTE0MCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNaIiwicGFnZXZpZXdfaWQiOiI1YWNkMTMyOC1mZmE2LTRiZDAtNzI4ZC00MWFjOTc2YTBjOTEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ4MTc3MzU0MjAsImNyZWF0aXZlX2lkIjoxMzgyNDYxMDU4NDIsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfZmx1aWQiLCJ2YWwiOiJmYWxzZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjkzMzY1IiwiZG9tYWluX2lkIjoiMTMzMDI1IiwidW5pdCI6ImRpdi1ncHQtYWQtbWV0ZXJwcmV0ZXJfb3JnLWxlYWRlci0xLTAiLCJ0X2Vwb2NoIjoxNjE0ODY3MTM4LCJhZF9wb3NpdGlvbiI6MTE0MCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkNaIiwicGFnZXZpZXdfaWQiOiI1YWNkMTMyOC1mZmE2LTRiZDAtNzI4ZC00MWFjOTc2YTBjOTEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ4MTc3MzU0MjAsImNyZWF0aXZlX2lkIjoxMzgyNDYxMDU4NDIsImRhdGEiOlt7Im5hbWUiOiJkb21haW5fZGZwX3N0eWxlX2lkIiwidmFsIjoiNjYifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: meterpreter.org
URL: https://meterpreter.org/detroitchicago/memphis.js?gcb=192-0&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Mar 2021 14:12:30 GMT
server: nginx/1.16.0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 03 Mar 2021 14:12:30 UTC

Verdicts & Comments Add Verdict or Comment

245 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

22 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
meterpreter.org/	1970-01-20 01:56:10	Name: cto_bundle Value: lx5Ykl8lMkZYUmxzY2kxZ3hzc25rVmJpS21WaFBWcXJnM0hBUzR5Z2hnaWZhQUd2WUJYRFB0NyUyQmp5clhNWXpIU3pQdEFYUE9nTGh0c1NzMDFTWE0lMkZMaDBIczRaeFNaVHZXWmpGcWZvUCUyQnI2WFBMbjl0WTVMT25uREJwc1REejAwQmI5UlBC
.meterpreter.org/	1970-01-20 01:56:03	Name: __gads Value: ID=208fa4a6ee5c7084-22ab202cadba00f8:T=1614867140:S=ALNI_MZJzmOmFlODWe9BXOUr-a5ht9vKog
meterpreter.org/	1970-01-22 05:53:39	Name: ezohw Value: w%3D1600%2Ch%3D1200
meterpreter.org/	1970-01-22 05:53:39	Name: ezds Value: ffid%3D1%2Cw%3D1600%2Ch%3D1200
meterpreter.org/	1969-12-31 23:59:59	Name: ezouspva Value: 0
.meterpreter.org/	1970-01-20 01:20:03	Name: ezCMPCCS Value: false
meterpreter.org/	1970-01-19 17:17:39	Name: _pbjs_userid_consent_data Value: 3524755945110770
.meterpreter.org/	1970-01-19 16:34:34	Name: lp_133025 Value: https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
.meterpreter.org/	1970-01-19 16:34:28	Name: ezovid_133025 Value: 1757105521
.meterpreter.org/	1970-01-20 10:05:39	Name: _ga Value: GA1.2.1657587250.1614867140
.meterpreter.org/	1970-01-19 16:37:19	Name: active_template::133025 Value: pub_site.1614867138
.meterpreter.org/	1970-01-19 16:35:53	Name: ezepvv Value: 0
.meterpreter.org/	1970-01-19 16:34:28	Name: ezoadgid_133025 Value: -1
.meterpreter.org/	1970-01-19 16:34:28	Name: ezopvc_133025 Value: 1
.meterpreter.org/	1970-01-19 16:37:19	Name: ezovuuidtime_133025 Value: 1614867139
.meterpreter.org/	1970-01-19 16:34:28	Name: ezovuuid_133025 Value: 9f33d6e1-fcd3-4bc2-4e33-e881a2f7bb7a
meterpreter.org/	1970-01-20 01:56:10	Name: cto_bidid Value: bTAs1F9PaFRrRElWNnlFQ0hnelRIT3FiVUlBQzI0dyUyRkZPY1V6ejd1eVdMMmkyYWY1QlBzMWswTnR2JTJCVVFCVTl6Zm84ajF0M1JFdUladmdlb09YcW02eEFKbEElM0QlM0Q
.meterpreter.org/	1970-01-19 16:34:27	Name: _gat_gtag_UA_63315582_3 Value: 1
.meterpreter.org/	1970-01-19 16:35:53	Name: _gid Value: GA1.2.1522224621.1614867140
meterpreter.org/	1969-12-31 23:59:59	Name: ezouspvv Value: 0
.meterpreter.org/	1970-01-19 16:34:34	Name: ezoref_133025 Value: t.co
.meterpreter.org/	1970-01-19 16:34:34	Name: ezoab_133025 Value: mod51

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js(Line 1) Message: OneSignal: Using fallback ES5 Stub for backwards compatibility.
console-api	info	URL: https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs(Line 10) Message: Powered by AMP ⚡ HTML – Version 2101070013000 https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
console-api	info	URL: https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs(Line 10) Message: Powered by AMP ⚡ HTML – Version 2101070013000 https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
console-api	info	URL: https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs(Line 10) Message: Powered by AMP ⚡ HTML – Version 2101070013000 https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
console-api	info	URL: https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs(Line 10) Message: Powered by AMP ⚡ HTML – Version 2101070013000 https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/
console-api	info	URL: https://cdn.ampproject.org/rtv/012101070013000/amp4ads-v0.mjs(Line 10) Message: Powered by AMP ⚡ HTML – Version 2101070013000 https://meterpreter.org/google-fixes-zero-day-vulnerability-cve-2021-21166-in-chrome/

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

03fe83d145add18aff7b44f5d9854b8d.safeframe.googlesyndication.com
a.tribalfusion.com
acdn.adnxs.com
ad.turn.com
ads.avct.cloud
ads.playground.xyz
ads.pubmatic.com
ads.yieldmo.com
adservice.google.com
adservice.google.cz
ap.lijit.com
b1sync.zemanta.com
bcp.crwdcntrl.net
bh.contextweb.com
bidder.criteo.com
c1.adform.net
cdn.ampproject.org
cdn.onesignal.com
clients1.google.com
cm.adgrx.com
cm.g.doubleclick.net
cse.google.com
csi.gstatic.com
d5p.de17a.com
dis.criteo.com
dmp.brand-display.com
dpm.demdex.net
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
ezodn.com
fonts.googleapis.com
fonts.gstatic.com
g.ezodn.com
g.ezoic.net
go.ezodn.com
go.ezoic.net
google-sync.rutarget.ru
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
green.erne.co
gum.criteo.com
hbopenbid.pubmatic.com
htlb.casalemedia.com
ib.adnxs.com
id5-sync.com
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
js-sec.indexww.com
match.360yield.com
match.adsby.bidtheatre.com
match.adsrvr.org
match.prod.bidr.io
match.taboola.com
meterpreter.org
mug.criteo.com
mwzeom.zeotap.com
p.rfihub.com
pagead2.googlesyndication.com
pixel-sync.sitescout.com
pixel.quantserve.com
pixel.tapad.com
pm.w55c.net
pr-bh.ybp.yahoo.com
prebid.a-mo.net
pubmatic-match.dotomi.com
rtb.gumgum.com
rtb.openx.net
s.amazon-adsystem.com
s.tribalfusion.com
s0.2mdn.net
secure.adnxs.com
securepubads.g.doubleclick.net
simage2.pubmatic.com
simage4.pubmatic.com
ssum-sec.casalemedia.com
static.criteo.net
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.1rx.io
sync.mathtag.com
sync.targeting.unrulymedia.com
t.co
tag.1rx.io
tpc.googlesyndication.com
tracking.m6r.eu
trc.taboola.com
uipglob.semasio.net
um.simpli.fi
ups.analytics.yahoo.com
visitor.fiftyt.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
x.bidswitch.net
104.244.42.69
136.144.59.88
142.250.185.98
142.250.186.34
151.101.14.49
159.253.128.188
159.65.197.210
172.217.18.98
173.231.180.197
178.250.2.131
178.250.2.146
178.250.2.151
18.156.0.31
18.185.192.106
18.185.200.55
184.31.84.150
184.31.91.75
185.29.133.58
185.33.220.242
185.64.189.112
185.64.189.114
185.64.190.78
185.64.190.80
193.0.160.129
198.148.27.140
199.232.137.44
2001:678:cb4:bbbb::11
213.155.156.164
213.19.147.151
213.19.147.210
216.52.2.39
23.218.208.187
23.218.208.200
23.218.208.246
2600:9000:214f:3400:2:cb38:840:93a1
2606:4700:10::6816:1957
2606:4700:3030::ac43:ce7a
2606:4700::6812:d05
2606:4700::6812:e234
2607:f8b0:4009:80d::2003
2620:116:800d:21:36a9:ecb:e518:b308
2a00:1288:110:c305::8000
2a00:1450:4001:800::2001
2a00:1450:4001:801::2002
2a00:1450:4001:801::2006
2a00:1450:4001:802::2001
2a00:1450:4001:803::2003
2a00:1450:4001:809::2002
2a00:1450:4001:80e::2004
2a00:1450:4001:80f::2002
2a00:1450:4001:80f::2003
2a00:1450:4001:80f::200e
2a00:1450:4001:811::200e
2a00:1450:4001:813::2002
2a00:1450:4001:827::2008
2a00:1450:4001:827::200e
2a00:1450:4001:829::200e
2a00:1450:4001:82a::200a
2a00:1450:4001:82b::2002
2a00:1450:400c:c00::9a
2a02:2638:1::3
2a02:2638::1c
2a02:fa8:8806:12::1400
3.126.196.163
3.127.76.126
34.246.156.173
34.249.128.36
34.250.193.151
34.98.107.212
35.201.96.126
35.227.248.159
35.227.252.103
35.241.40.233
37.157.2.237
51.89.7.199
52.17.151.21
52.17.188.230
52.30.234.204
52.49.193.31
52.58.182.33
54.239.17.112
64.202.112.63
66.155.71.150
77.243.60.138
80.64.106.148
85.114.159.93
94.23.73.243
0001e893552b1e9805eaf2cfe9b6867ddb916e2213083d8d1513aa3e2ee2dd78
014c30ebd662310c5d2686360b66afbfc9a64eb577329778da489b28b64f71e3
03e76be9d6de0361803e0dc135d29ddcd0f44c1de6ee721298395b5a3733db81
07c93785b4b4e235d0a2dbe280b950972a576c5d711c5015fc0b0584096bef51
0812a00aee80133b732c5cb2e0362ee2a52ae9f50c126d43e73f98163db9711f
08375cebca0d36f2fa3ec9e027a974146af7161553e4319a418d4cee6b38bed7
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
0f3be44690ae9914ae3e47b7752e1bdea316f09938e9094f99e0de19ccd8987a
0f9214f2d695e2d0ef095adb0db78e1d96a19c7b8bd40bbf9727b3c690e4cbb7
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
12deb5082d9a265422916da8c3f6b1db8636ff8a5a72e0cad6cdf62f1ef5fc93
15f0626dd31e3e991a1c21d6304f2e370b92b3c91650de3d7ed8a38f1159a457
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
194a2819816bb760d4c5ba2ba825cf1926b853c821842697c3024ec74a36f66c
1b68431bd479f66f60cca8fef9520547c0f28390680174d8b36c5591085e8393
1c5ad2fd42dffdf04a0f1d757c1cccb4d840218d7ecada79d6cc9db33ca40319
204ad78630019e9a1263d012d9aeb90c470998b77d2414e53ab4306d2389588d
248d38d1df2a328daf17453fccf0309ccbdaf0098fc9e9068323f86848814723
251e8e864140d9a7ceacce3371ff692595dd0a455ad000de4041d8a313618bd7
263a21226b77bf3507291136648fcd6fa84ae86e469fcd74623200964d57a6b4
26b4485584314aa0850427462143a6a28b66c982db28deb42766214fad7744c7
2774305aa70674b8fab2a2d8267f9f40559016e3fcfe441f39b2155f4062a72d
29aec720e772d77058fbe8aa0081fc3f1474ab2ea2ecbe5b0df5eeb70ea5905f
29c418b793fe904cf18b21703694df4c68cc0ddf1e19e174af315914d823d9f7
2a436e681b1e66f4ec579f8652230e2997d6be0d994bcb4369f8788648928975
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2e91355fb3ae5659978874f80fe6ac0723d7156499e9a48cac8fa4e0a86dd478
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
311a42892bf475bb07fdef468183033b4ed1279be748f72784859988fbd023c6
329d1a750114920332eadc55c129957d9dbe5a1b25745e2f7e0ed4fad75e04cd
331b2b1241f1f2a53744bdca867c5b76954d9431970e91f490f64c707fc24a16
33d67bf0263f1ecd4790e6d1384de8066c349067f0167c36b8292dfc6665972f
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
38e22a9da44d362f72a06246a2653d10f24cb3c8062ab3d63c93273cb41f212f
398f165fb90ea53788cd1a05817c7d5c093ea3b2f4aee44a4e823ed48c8a555a
39d124d995c711c4748c338713459f9bf94841d6f3c722ffbea7711a82cba53e
3a745b09fda10e4f43d03673945b7062173ffc1bf48a709328fa5aeafd572d71
3c225772f0000aaa760411d6e17b761db5b82c0d06c77b3b34635cd13c88f5a4
3cefffd4850121dce5c32b15d7f155b3abcf4489a9558742b2b932d146b4ed1d
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3fd4682435ded532ff6a3464af1d8b9c0dec14b8540fe11b995dc7ba0ab87554
41eb9054d5d5527274926b32631be8eb22dd6254f15a4d9d14cfe2688ea4f538
4281cccf9852b41b0f4f5d6a643142c17abe227043c6a4f6373da93f049d9539
4634b94630896f1a23c5ce01f743d720847c5f4dd28fb549ed503cb2df4f8e87
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
49e1dcef611a905b866974d135554059ecd77a0ae022553178ec359ea0b64504
4ace00d9cee344e2700fa024a28dcbad342a9ed62f75d6d8376de42e9cbcfc11
4c1355d27b14881a055e00a4a2afa4608b452c9780ac5c61e1b8f9fd55fa3e1e
4e0361b3921d2a4c4f9f59192af39878acb387b85107d22a76057bb258d0ebb7
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f49e616d278a16d9cd55a6d5fe19c99ebd37d7d3848d14422190618b67011e0
4f8407621352728eaadc7f18cf6cdd49686b4df4e5ee45247c92336ec3ec733b
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
51f4ee4a75846d5e2bbdeebb7f89834a8e71b4bde9b8634682a3840791f8c146
529d0a7b3944929222155bca3272ba1a87acc2faa09b2ed26a713872b7ff8794
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
552024450f0fcfad3372158dd3bc59f40c7e271a239dced34850c43970744bfe
5578a62b81f315375d072cfe506fc13813e844f94c910bdb15ce20e1fc3ef50a
55b47e27e2141d34d02e1ee2ba98c3013bdbb4be13767fb4ef85f788415fe743
58771723962eb6f05d0624df6033c9330d7a52b78ea1047320b216cc651dcf1d
58e9373fe9628465ac00a37c3e53145b7e7442e8edc7d781d4341201b63fd650
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
5db1382cb9d1dd384ea53eb49ea64d5e9656ce94eb9a0133a830934b7bd1bc32
5e23f5e776f642a389256a65023919d6abec2ca6b77c8260bd58579f4a146889
6160dc625f8296db2e38ee223e677a8ccc689de9571ce3396461371b18c36061
636e5f5b2eebe0800656a171c6ee9d34ee67cbae3d745983c48d4a5474421d53
67e97e60b88272b3515686dea7331e7ec8302021bfcdf66ec69f219118276e07
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6bcd339f66d32a3f5d92cfb855088beda577eadeb31f29f8b934533ac6ca0586
6c916669cf923b4f1b2db5c5107c83b6ca205e7ad0dcd840b251e63f0c8d28a2
6f7b7caa2ee79dd6458f2e674fbb4f9e845af504bfdee91a7dc46d26be71058c
7018b266b136bf06c53c14bab13f798cea7435a302a32f20e4be7b48d2c7065f
704d0d3da6cd158841779485200573d774009ed765dfe9f91cee6f3c0fafcba9
7391da4254cc7a09345fc73c0d45d9a9cc5f2c26333c79d389c8aa43a3ec8ebb
7eca7977c6ade416c20775a7fd7cfa2291c5752cd1225d5c4342b057c37a000c
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
83bcdfa5df8e5f84aa8715b0aefb06e9909b30290843475a0ecc6887650f811f
84d19a0b2a602b2a370c744e0a5ac703d9b5d30ef90e592462bcc1143742089e
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
84e9bc00d0fb6c585eb8e5bb05d7e12bc6d10b794a9d5554cd9606fef43408d0
8724b0dd1b2ea8421b456b51bb1594abaf4ae961d9ef7f80e19ae215cd826085
873aed697d352242a06cc0e1961d2503173d4cbe93713671731d6b8928961745
8741c758e3efd8383a9f284f64bb7ee4b13686ff0b8e7814447c020be14bfaf1
879c23cba408dbc4acf6c3b61e7e5bcf3f784c130ff983ced0e0a3c6be60436e
87dcdcee04743c81d03acccbe4a165c85c57387983c06690bb387e4c5863cc45
88127529619989a58d185d1417f7999d0cc3aaf325f73acdbc01520ff9809787
89d96e935e962271387ae8052ff88d0e159ab7607609506f2cfbc2ac5669e92f
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8fc838f87d1a22cfa3a03c6956e04cc0e9f7a2759d975630109aa6eb5e1d06eb
90640f2d7240a0bafef3efc8d6675f01585e3e058bdaca9a0e1cd51b2a505927
91f3e1e5a8ed69152870f03ad59c17a546bd45da77cf3f6b9fbb413ed20fa6f2
92309f0b0ea89dea580afcb1c5e5db384274c5b13823f2101b574641cfb152c3
943a150e9577247cc5e8e493065795ca77a35485b4169f33a4d6f570c209b010
96054c09a65a26e54f43e6ffd6c4776ce18a6ed3e3e556223300769f753df110
966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38
976b1c4497ba6ee143f85844359866ed82347c1ce9858501d460f67a1097fc5b
981f6ac4a0eed80f6a40eef39d86ce7876f6e360d8b3a2f57f2617bb12895dc3
9856f73af78d7ce7e6d5a2d2794d9723bb952445e0640ca39893a10a5947b52c
99081672b1e89a59c64a76d797570c507ec89f20d7c51bc09863381a91d40a38
997e1fbf8331c9f3af1ff0ace8c73754cbfce4c143c785b7bc44dbcead23576e
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9a63460e2a00420b4c87494c91e768e3555e7e098f359fcdf3b8b8f04fc690f6
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9b866ab8771a0bd4580ef6113e672f48119b938475a9da5f87ad516b6e71957b
9d09e0a7a1dd10d174fcf8cab650952432c1fd1b65dd811c1ab75fb7b6cb45c0
9ec204561656bab028c2fb1d77312a95e26333f39b4a2a274049423f023acf5f
a21df33790cc47da6bce078e580ba6dba0de907d4c4d871bb86d96acc0e98202
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a76e9091942d5785c7c20c8d92d0305bd7c748655df9e71f55142bdce2e6d57e
ab6aeb86edbeff320da69ae4fbb0a3791dfe3107c17ac03737204b33232218d9
ade84315e37d81262f9d447b70a0b44b84e24248626e11eca812d034348fda97
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b3b8c21edfe6c5e402fdc607366fd8d15949a65914f58134733dc68922bc8d61
b7092f328a9f85c695352a7350352cd446a5c82e568e8605f8f6a79c52e9657c
ba74e3617286affe0b6f1076406ae6a46f9872d3e967ce3dea23d85f940aa455
bcbc4a26d8334f3263f379e0d3efc4ea53b731c5153ba75e51b2cf9958b9aa7e
c04c7a578734441a2e3c552ab6f21ab2267c67f786cbadd64d4166d9721f7113
c1302ecfd543bee11849dcf4b5c6b5f380718535acb24f28ca37d2c457bf0470
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c4024d5169b2506f3421052b45f5d66154de796baf2443d9326ac40107ce5cfb
c5fb07031c62afb3af463f2c1ac4a5c65dec89cd8137116b387b1560c7072e60
c7fa743da4cd37829cd0e7c02e877f094400036be87c8e1fd9d2c3f5f68a8fa5
c80203c7eae413cecc09a4ed0974e31a8538060cddd5bc1f1a5bfa53db672c9e
c87d52d2073a604a0b34963d121bd4c5c7564cf71a8004c63e0f372a30247a3a
ca752586777d1f855a56edaaf5a718b562a36a8d6b5b990f6cc7e590009bc3e9
cddfb4bf9e99a2630e505f8aa4e5794e350511331fcfa562acdb770df2473428
cdf9ce7d1d8397e013a4ea9aa5143c6760cd6b26a4af8159c6ea4540eab84b59
ce81059b4d1aa9c4da5817df1d8fe706e21ac420bceed3bf5309f0f04fa159d5
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cf93d7c78e37ef5f9e9a566954af1fe8891ae8cf5716246e6ad71da77a045c05
d2a0d5b73323093c1af631e62392cd029093f9fb422095ae1071cc421ffa5a11
d43f851f9dd3ebcbc7fb4c4c83219c68d6d9caefedbecb64fea688097c57b002
d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01
d7626d62aedca576eecae6b99df9850dde5b33a8cd6d9fb74ebf713432ac3101
d801004642f789bbc27e2500ceff57dc71257c7642cfb779be3f4b1260356fa8
d91161e688cde586a80ad7378b5f3f56372397ca27c4c8b1ee3276d8d0313cbc
d996911a48456da047197d69d725c4903c52e1388cb421f04c7e5a184766faf5
d9cebb89ed3e16a74386f743f3fc12fe98cb4fc5c11f03af5febdf1141ca6a39
db992becefd2fd7f128735611af655c1a01d5fd8b26edf010cd10afaf1ba4755
dba8373b77d5f4fe9610ef894b1f473168b17582506353d3d88939277b271a82
dbe61ded3e9d029313c41f30a7b5aec6b7c9255b98e30af0aebc28873e1838e2
dcec22bbcb68119d6c7d6d5e088fb82183a9826d0c9e3403f1386fd837f06a89
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e104681a4421fe4449fa7f626fdecdeaf941b883136ca286e78a360e7d67d399
e1a156c3daa4ae0c41f21ef266131ca5a34d56695e3d860b232da142ef031234
e21c786504297f5329e2fdeca807f3fef72b8704a24097c7f16abd33cea5353f
e2b04100564fd9141d7acbd40482d40a3c5b4af2cf25b2cf8726b5608841d61a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e70f46ce29bc22961327a3240b545cf419346d8c52316f774c7a7b2685914b8e
e86479d6e54449d1085c2149e190a615c6bead407b20bacbcf5852b5d65f1fee
e880cfb00660243746094719aac8116005e3a566de645602d2230d5160faeafe
eafea11c1e8693278d254b8964e8746c913952d9a582ff6fc89e5040830e15ea
ebb2d64043ae045680e9ee3ef0d0054f2c205130332efef52696dfbedf92e56e
ef18e0a1a378ef74f83020ff7484e3d66d685d67bb4d5538a420722120b33f15
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2b92530616ddbefbed0e825e094cd914f17ae899b42152f17028a0073f5eb62
f69dfe383fe0ef66df2c8de098fda546a826801c150ec22e7e09b8020b221dae
f79402250c6ccc3dedce3ce00ef34de36521c73c79003c703316af58800494a5
f877a798b0af17fb62564cc4a3b2c8f1fb76398c7e3156eae984fafe175bf4c3
fae2dc10eaa5b7644e8f58c84f7fa0641b6a12b0bea27684105675f6bc45895e
fafbd8b5cf40757d8ea0fe36a5052c9fd39d37186571282db54dbf1fc91010e3

meterpreter.org Open in urlscan Pro 3.126.196.163 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

360 Requests

100 %HTTPS

34 %IPv6

67 Domains

97 Subdomains

64 IPs

11 Countries

2720 kBTransfer

6590 kBSize

22 Cookies

6 Outgoing links

Page URL History

Redirected requests

360 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 11 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

meterpreter.org Open in urlscan Pro
3.126.196.163 Public Scan

Screenshot
Live screenshot

Full Image

360
Requests

100 %
HTTPS

34 %
IPv6

67
Domains

97
Subdomains

64
IPs

11
Countries

2720 kB
Transfer

6590 kB
Size

22
Cookies

360 HTTP transactions
11 data transactions