urlscan.io logo urlscan.io
SecurityTrails logo

microsoft-qa.over-haul.com Open in urlscan Pro
2606:4700:10::6816:13bb  Public Scan

Go To Rescan Add Verdict Report
URL: https://microsoft-qa.over-haul.com/
Submission: On May 08 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 1 countries across 2 domains to perform 11 HTTP transactions. The main IP is 2606:4700:10::6816:13bb, located in United States and belongs to CLOUDFLARENET, US. The main domain is microsoft-qa.over-haul.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 8th 2023. Valid for: a year.
This is the only time microsoft-qa.over-haul.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
6 2606:4700:10:... 13335 (CLOUDFLAR...)
2 20.83.139.45 8075 (MICROSOFT...)
1 2600:1f18:24e... 14618 (AMAZON-AES)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
11 5
Domain Requested by
6 microsoft-qa.over-haul.com microsoft-qa.over-haul.com
2 unleash-proxy.az-dev.over-haul.com microsoft-qa.over-haul.com
1 qa-static-assets.over-haul.com
1 session-replay.browser-intake-datadoghq.com microsoft-qa.over-haul.com
11 4

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-05-08 -
2024-05-07		 a year crt.sh
*.az-dev.over-haul.com
R3		 2023-04-12 -
2023-07-11		 3 months crt.sh
*.browser-intake-datadoghq.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-07-21 -
2023-07-22		 a year crt.sh

This page contains 1 frames:

Primary Page: https://microsoft-qa.over-haul.com/
Frame ID: 668A9E859D9C70339FB5A8BCBE15A099
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Overhaul

Page Statistics

11
Requests

91 %
HTTPS

75 %
IPv6

2
Domains

4
Subdomains

5
IPs

1
Countries

482 kB
Transfer

1585 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
microsoft-qa.over-haul.com/ 		1023 B
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://microsoft-qa.over-haul.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:13bb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6f354bd1f6bac1689e31a28474bb3e14717af4c436d1677b20183f27daaa6a7c
Security Headers
Name Value
Content-Security-Policy default-src 'self'; child-src 'self' blob: app.pendo.io app.eu.pendo.io; frame-src 'self' app.pendo.io app.eu.pendo.io *.microsoft.com over-haul.app.box.com iframe-overhaul-simulator.web.app over-haul.com; frame-ancestors 'self' app.pendo.io app.eu.pendo.io *.microsoft.com over-haul.app.box.com iframe-overhaul-simulator.web.app; script-src 'self' *.over-haul.com 'unsafe-eval' 'unsafe-inline' unleash-proxy.oh-aws-us-east-1-app-dev.ovhl.io unleash-proxy.oh-aws-us-east-1-app-stage.ovhl.io unleash-proxy.oh-aws-us-east-1-app-prod.ovhl.io app.pendo.io *.storage.googleapis.com cdn.pendo.io data.pendo.io app.eu.pendo.io pendo-eu-static.storage.googleapis.com cdn.eu.pendo.io data.eu.pendo.io www.googletagmanager.com edge.fullstory.com assets.zendesk.com static.zdassets.com stats.pusher.com; connect-src 'self' unleash-proxy.oh-aws-us-east-1-app-dev.ovhl.io unleash-proxy.oh-aws-us-east-1-app-stage.ovhl.io unleash-proxy.oh-aws-us-east-1-app-prod.ovhl.io app.pendo.io data.pendo.io app.eu.pendo.io data.eu.pendo.io *.storage.googleapis.com *.over-haul.com *.browser-intake-datadoghq.com rs.fullstory.com api.tiles.mapbox.com events.mapbox.com api.mapbox.com ohhelp.zendesk.com ekr.zdassets.com wss:; style-src 'self' *.over-haul.com 'unsafe-inline' unleash-proxy.oh-aws-us-east-1-app-dev.ovhl.io unleash-proxy.oh-aws-us-east-1-app-stage.ovhl.io unleash-proxy.oh-aws-us-east-1-app-prod.ovhl.io app.pendo.io cdn.pendo.io fonts.googleapis.com app.eu.pendo.io cdn.eu.pendo.io *.storage.googleapis.com; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com unleash-proxy.oh-aws-us-east-1-app-dev.ovhl.io unleash-proxy.oh-aws-us-east-1-app-stage.ovhl.io unleash-proxy.oh-aws-us-east-1-app-prod.ovhl.io; img-src 'self' *.over-haul.com unleash-proxy.oh-aws-us-east-1-app-dev.ovhl.io unleash-proxy.oh-aws-us-east-1-app-stage.ovhl.io unleash-proxy.oh-aws-us-east-1-app-prod.ovhl.io cdn.pendo.io app.pendo.io *.storage.googleapis.com data.pendo.io cdn.eu.pendo.io app.eu.pendo.io data.eu.pendo.io data: blob: qa-overhaul-com.s3.amazonaws.com cdnjs.cloudflare.com; media-src 'self' static.zdassets.com; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
7c3ecf4f5b38372c-FRA
content-encoding
br
content-security-policy
default-src 'self'; child-src 'self' blob: app.pendo.io app.eu.pendo.io; frame-src 'self' app.pendo.io app.eu.pendo.io *.microsoft.com over-haul.app.box.com iframe-overhaul-simulator.web.app over-haul.com; frame-ancestors 'self' app.pendo.io app.eu.pendo.io *.microsoft.com over-haul.app.box.com iframe-overhaul-simulator.web.app; script-src 'self' *.over-haul.com 'unsafe-eval' 'unsafe-inline' unleash-proxy.oh-aws-us-east-1-app-dev.ovhl.io unleash-proxy.oh-aws-us-east-1-app-stage.ovhl.io unleash-proxy.oh-aws-us-east-1-app-prod.ovhl.io app.pendo.io *.storage.googleapis.com cdn.pendo.io data.pendo.io app.eu.pendo.io pendo-eu-static.storage.googleapis.com cdn.eu.pendo.io data.eu.pendo.io www.googletagmanager.com edge.fullstory.com assets.zendesk.com static.zdassets.com stats.pusher.com; connect-src 'self' unleash-proxy.oh-aws-us-east-1-app-dev.ovhl.io unleash-proxy.oh-aws-us-east-1-app-stage.ovhl.io unleash-proxy.oh-aws-us-east-1-app-prod.ovhl.io app.pendo.io data.pendo.io app.eu.pendo.io data.eu.pendo.io *.storage.googleapis.com *.over-haul.com *.browser-intake-datadoghq.com rs.fullstory.com api.tiles.mapbox.com events.mapbox.com api.mapbox.com ohhelp.zendesk.com ekr.zdassets.com wss:; style-src 'self' *.over-haul.com 'unsafe-inline' unleash-proxy.oh-aws-us-east-1-app-dev.ovhl.io unleash-proxy.oh-aws-us-east-1-app-stage.ovhl.io unleash-proxy.oh-aws-us-east-1-app-prod.ovhl.io app.pendo.io cdn.pendo.io fonts.googleapis.com app.eu.pendo.io cdn.eu.pendo.io *.storage.googleapis.com; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com unleash-proxy.oh-aws-us-east-1-app-dev.ovhl.io unleash-proxy.oh-aws-us-east-1-app-stage.ovhl.io unleash-proxy.oh-aws-us-east-1-app-prod.ovhl.io; img-src 'self' *.over-haul.com unleash-proxy.oh-aws-us-east-1-app-dev.ovhl.io unleash-proxy.oh-aws-us-east-1-app-stage.ovhl.io unleash-proxy.oh-aws-us-east-1-app-prod.ovhl.io cdn.pendo.io app.pendo.io *.storage.googleapis.com data.pendo.io cdn.eu.pendo.io app.eu.pendo.io data.eu.pendo.io data: blob: qa-overhaul-com.s3.amazonaws.com cdnjs.cloudflare.com; media-src 'self' static.zdassets.com; worker-src 'self' blob:;
content-type
text/html
date
Mon, 08 May 2023 04:02:54 GMT
expires
Thu, 01 Jan 1970 00:00:01 GMT
last-modified
Sun, 07 May 2023 19:03:27 GMT
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains
null
microsoft-qa.over-haul.com/ 		0
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://microsoft-qa.over-haul.com/null
Requested by
Host: microsoft-qa.over-haul.com
URL: https://microsoft-qa.over-haul.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:13bb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; child-src 'self' blob: app.pendo.io app.eu.pendo.io; frame-src 'self' app.pendo.io app.eu.pendo.io *.microsoft.com over-haul.app.box.com iframe-overhaul-simulator.web.app over-haul.com; frame-ancestors 'self' app.pendo.io app.eu.pendo.io *.microsoft.com over-haul.app.box.com iframe-overhaul-simulator.web.app; script-src 'self' *.over-haul.com 'unsafe-eval' 'unsafe-inline' unleash-proxy.oh-aws-us-east-1-app-dev.ovhl.io unleash-proxy.oh-aws-us-east-1-app-stage.ovhl.io unleash-proxy.oh-aws-us-east-1-app-prod.ovhl.io app.pendo.io *.storage.googleapis.com cdn.pendo.io data.pendo.io app.eu.pendo.io pendo-eu-static.storage.googleapis.com cdn.eu.pendo.io data.eu.pendo.io www.googletagmanager.com edge.fullstory.com assets.zendesk.com static.zdassets.com stats.pusher.com; connect-src 'self' unleash-proxy.oh-aws-us-east-1-app-dev.ovhl.io unleash-proxy.oh-aws-us-east-1-app-stage.ovhl.io unleash-proxy.oh-aws-us-east-1-app-prod.ovhl.io app.pendo.io data.pendo.io app.eu.pendo.io data.eu.pendo.io *.storage.googleapis.com *.over-haul.com *.browser-intake-datadoghq.com rs.fullstory.com api.tiles.mapbox.com events.mapbox.com api.mapbox.com ohhelp.zendesk.com ekr.zdassets.com wss:; style-src 'self' *.over-haul.com 'unsafe-inline' unleash-proxy.oh-aws-us-east-1-app-dev.ovhl.io unleash-proxy.oh-aws-us-east-1-app-stage.ovhl.io unleash-proxy.oh-aws-us-east-1-app-prod.ovhl.io app.pendo.io cdn.pendo.io fonts.googleapis.com app.eu.pendo.io cdn.eu.pendo.io *.storage.googleapis.com; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com unleash-proxy.oh-aws-us-east-1-app-dev.ovhl.io unleash-proxy.oh-aws-us-east-1-app-stage.ovhl.io unleash-proxy.oh-aws-us-east-1-app-prod.ovhl.io; img-src 'self' *.over-haul.com unleash-proxy.oh-aws-us-east-1-app-dev.ovhl.io unleash-proxy.oh-aws-us-east-1-app-stage.ovhl.io unleash-proxy.oh-aws-us-east-1-app-prod.ovhl.io cdn.pendo.io app.pendo.io *.storage.googleapis.com data.pendo.io cdn.eu.pendo.io app.eu.pendo.io data.eu.pendo.io data: blob: qa-overhaul-com.s3.amazonaws.com cdnjs.cloudflare.com; media-src 'self' static.zdassets.com; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://microsoft-qa.over-haul.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date
Mon, 08 May 2023 04:02:54 GMT
content-security-policy
default-src 'self'; child-src 'self' blob: app.pendo.io app.eu.pendo.io; frame-src 'self' app.pendo.io app.eu.pendo.io *.microsoft.com over-haul.app.box.com iframe-overhaul-simulator.web.app over-haul.com; frame-ancestors 'self' app.pendo.io app.eu.pendo.io *.microsoft.com over-haul.app.box.com iframe-overhaul-simulator.web.app; script-src 'self' *.over-haul.com 'unsafe-eval' 'unsafe-inline' unleash-proxy.oh-aws-us-east-1-app-dev.ovhl.io unleash-proxy.oh-aws-us-east-1-app-stage.ovhl.io unleash-proxy.oh-aws-us-east-1-app-prod.ovhl.io app.pendo.io *.storage.googleapis.com cdn.pendo.io data.pendo.io app.eu.pendo.io pendo-eu-static.storage.googleapis.com cdn.eu.pendo.io data.eu.pendo.io www.googletagmanager.com edge.fullstory.com assets.zendesk.com static.zdassets.com stats.pusher.com; connect-src 'self' unleash-proxy.oh-aws-us-east-1-app-dev.ovhl.io unleash-proxy.oh-aws-us-east-1-app-stage.ovhl.io unleash-proxy.oh-aws-us-east-1-app-prod.ovhl.io app.pendo.io data.pendo.io app.eu.pendo.io data.eu.pendo.io *.storage.googleapis.com *.over-haul.com *.browser-intake-datadoghq.com rs.fullstory.com api.tiles.mapbox.com events.mapbox.com api.mapbox.com ohhelp.zendesk.com ekr.zdassets.com wss:; style-src 'self' *.over-haul.com 'unsafe-inline' unleash-proxy.oh-aws-us-east-1-app-dev.ovhl.io unleash-proxy.oh-aws-us-east-1-app-stage.ovhl.io unleash-proxy.oh-aws-us-east-1-app-prod.ovhl.io app.pendo.io cdn.pendo.io fonts.googleapis.com app.eu.pendo.io cdn.eu.pendo.io *.storage.googleapis.com; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com unleash-proxy.oh-aws-us-east-1-app-dev.ovhl.io unleash-proxy.oh-aws-us-east-1-app-stage.ovhl.io unleash-proxy.oh-aws-us-east-1-app-prod.ovhl.io; img-src 'self' *.over-haul.com unleash-proxy.oh-aws-us-east-1-app-dev.ovhl.io unleash-proxy.oh-aws-us-east-1-app-stage.ovhl.io unleash-proxy.oh-aws-us-east-1-app-prod.ovhl.io cdn.pendo.io app.pendo.io *.storage.googleapis.com data.pendo.io cdn.eu.pendo.io app.eu.pendo.io data.eu.pendo.io data: blob: qa-overhaul-com.s3.amazonaws.com cdnjs.cloudflare.com; media-src 'self' static.zdassets.com; worker-src 'self' blob:;
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
DYNAMIC
server
cloudflare
content-type
text/html
cf-ray
7c3ecf518cff372c-FRA
rocket-loader.min.js
microsoft-qa.over-haul.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://microsoft-qa.over-haul.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Requested by
Host: microsoft-qa.over-haul.com
URL: https://microsoft-qa.over-haul.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:13bb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://microsoft-qa.over-haul.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date
Mon, 08 May 2023 04:02:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 28 Apr 2023 14:11:40 GMT
server
cloudflare
etag
W/"644bd41c-302c"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript
cache-control
max-age=172800, public
cf-ray
7c3ecf518d00372c-FRA
expires
Wed, 10 May 2023 04:02:54 GMT
root-app-X2YMEUBGjs.js
microsoft-qa.over-haul.com/ 		1 MB
421 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://microsoft-qa.over-haul.com/root-app-X2YMEUBGjs.js
Requested by
Host: microsoft-qa.over-haul.com
URL: https://microsoft-qa.over-haul.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:13bb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
87e19a071d8446a65b75026f87a61699e1d4f9197de129efc67646e3b347f521
Security Headers
Name Value
Content-Security-Policy default-src 'self'; child-src 'self' blob: app.pendo.io app.eu.pendo.io; frame-src 'self' app.pendo.io app.eu.pendo.io *.microsoft.com over-haul.app.box.com iframe-overhaul-simulator.web.app over-haul.com; frame-ancestors 'self' app.pendo.io app.eu.pendo.io *.microsoft.com over-haul.app.box.com iframe-overhaul-simulator.web.app; script-src 'self' *.over-haul.com 'unsafe-eval' 'unsafe-inline' unleash-proxy.oh-aws-us-east-1-app-dev.ovhl.io unleash-proxy.oh-aws-us-east-1-app-stage.ovhl.io unleash-proxy.oh-aws-us-east-1-app-prod.ovhl.io app.pendo.io *.storage.googleapis.com cdn.pendo.io data.pendo.io app.eu.pendo.io pendo-eu-static.storage.googleapis.com cdn.eu.pendo.io data.eu.pendo.io www.googletagmanager.com edge.fullstory.com assets.zendesk.com static.zdassets.com stats.pusher.com; connect-src 'self' unleash-proxy.oh-aws-us-east-1-app-dev.ovhl.io unleash-proxy.oh-aws-us-east-1-app-stage.ovhl.io unleash-proxy.oh-aws-us-east-1-app-prod.ovhl.io app.pendo.io data.pendo.io app.eu.pendo.io data.eu.pendo.io *.storage.googleapis.com *.over-haul.com *.browser-intake-datadoghq.com rs.fullstory.com api.tiles.mapbox.com events.mapbox.com api.mapbox.com ohhelp.zendesk.com ekr.zdassets.com wss:; style-src 'self' *.over-haul.com 'unsafe-inline' unleash-proxy.oh-aws-us-east-1-app-dev.ovhl.io unleash-proxy.oh-aws-us-east-1-app-stage.ovhl.io unleash-proxy.oh-aws-us-east-1-app-prod.ovhl.io app.pendo.io cdn.pendo.io fonts.googleapis.com app.eu.pendo.io cdn.eu.pendo.io *.storage.googleapis.com; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com unleash-proxy.oh-aws-us-east-1-app-dev.ovhl.io unleash-proxy.oh-aws-us-east-1-app-stage.ovhl.io unleash-proxy.oh-aws-us-east-1-app-prod.ovhl.io; img-src 'self' *.over-haul.com unleash-proxy.oh-aws-us-east-1-app-dev.ovhl.io unleash-proxy.oh-aws-us-east-1-app-stage.ovhl.io unleash-proxy.oh-aws-us-east-1-app-prod.ovhl.io cdn.pendo.io app.pendo.io *.storage.googleapis.com data.pendo.io cdn.eu.pendo.io app.eu.pendo.io data.eu.pendo.io data: blob: qa-overhaul-com.s3.amazonaws.com cdnjs.cloudflare.com; media-src 'self' static.zdassets.com; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://microsoft-qa.over-haul.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date
Mon, 08 May 2023 04:02:55 GMT
content-security-policy
default-src 'self'; child-src 'self' blob: app.pendo.io app.eu.pendo.io; frame-src 'self' app.pendo.io app.eu.pendo.io *.microsoft.com over-haul.app.box.com iframe-overhaul-simulator.web.app over-haul.com; frame-ancestors 'self' app.pendo.io app.eu.pendo.io *.microsoft.com over-haul.app.box.com iframe-overhaul-simulator.web.app; script-src 'self' *.over-haul.com 'unsafe-eval' 'unsafe-inline' unleash-proxy.oh-aws-us-east-1-app-dev.ovhl.io unleash-proxy.oh-aws-us-east-1-app-stage.ovhl.io unleash-proxy.oh-aws-us-east-1-app-prod.ovhl.io app.pendo.io *.storage.googleapis.com cdn.pendo.io data.pendo.io app.eu.pendo.io pendo-eu-static.storage.googleapis.com cdn.eu.pendo.io data.eu.pendo.io www.googletagmanager.com edge.fullstory.com assets.zendesk.com static.zdassets.com stats.pusher.com; connect-src 'self' unleash-proxy.oh-aws-us-east-1-app-dev.ovhl.io unleash-proxy.oh-aws-us-east-1-app-stage.ovhl.io unleash-proxy.oh-aws-us-east-1-app-prod.ovhl.io app.pendo.io data.pendo.io app.eu.pendo.io data.eu.pendo.io *.storage.googleapis.com *.over-haul.com *.browser-intake-datadoghq.com rs.fullstory.com api.tiles.mapbox.com events.mapbox.com api.mapbox.com ohhelp.zendesk.com ekr.zdassets.com wss:; style-src 'self' *.over-haul.com 'unsafe-inline' unleash-proxy.oh-aws-us-east-1-app-dev.ovhl.io unleash-proxy.oh-aws-us-east-1-app-stage.ovhl.io unleash-proxy.oh-aws-us-east-1-app-prod.ovhl.io app.pendo.io cdn.pendo.io fonts.googleapis.com app.eu.pendo.io cdn.eu.pendo.io *.storage.googleapis.com; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com unleash-proxy.oh-aws-us-east-1-app-dev.ovhl.io unleash-proxy.oh-aws-us-east-1-app-stage.ovhl.io unleash-proxy.oh-aws-us-east-1-app-prod.ovhl.io; img-src 'self' *.over-haul.com unleash-proxy.oh-aws-us-east-1-app-dev.ovhl.io unleash-proxy.oh-aws-us-east-1-app-stage.ovhl.io unleash-proxy.oh-aws-us-east-1-app-prod.ovhl.io cdn.pendo.io app.pendo.io *.storage.googleapis.com data.pendo.io cdn.eu.pendo.io app.eu.pendo.io data.eu.pendo.io data: blob: qa-overhaul-com.s3.amazonaws.com cdnjs.cloudflare.com; media-src 'self' static.zdassets.com; worker-src 'self' blob:;
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Sun, 07 May 2023 19:03:26 GMT
server
cloudflare
cf-cache-status
MISS
etag
W/"6457f5fe-173654"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=315360000
cf-ray
7c3ecf530e3c372c-FRA
expires
Thu, 31 Dec 2037 23:55:55 GMT
2ba48fd5-48c0-44cf-9883-19c8d7f00121
https://microsoft-qa.over-haul.com/ 		26 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://microsoft-qa.over-haul.com/2ba48fd5-48c0-44cf-9883-19c8d7f00121
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3e2ea7d777b328fa198cad542be403191525980e9e5f660f3b2d906030cc0f39

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Content-Length
26893
Content-Type
proxy
unleash-proxy.az-dev.over-haul.com/ 		6 KB
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://unleash-proxy.az-dev.over-haul.com/proxy?sessionId=287907711&appName=d8292afd5f20c84e29d9c20ae1659c0e20245a1e&environment=development
Requested by
Host: microsoft-qa.over-haul.com
URL: https://microsoft-qa.over-haul.com/root-app-X2YMEUBGjs.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
20.83.139.45 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
1f7914b8d4b2d1b2187b2a206f3911ce6e78d6a2955c8b65ac6890f45c904b43

Request headers

Accept
application/json
Referer
https://microsoft-qa.over-haul.com/
If-None-Match
accept-language
de-DE,de;q=0.9
Authorization
6a51726a-b64f-4813-a59c-9a4c77399ed2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type
application/json

Response headers

date
Mon, 08 May 2023 04:02:55 GMT
content-encoding
gzip
etag
W/"175f-dJOXqhOHy6RCmwgjjdoQodvQEsU"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
ETag
cache-control
public, max-age=2
proxy
unleash-proxy.az-dev.over-haul.com/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://unleash-proxy.az-dev.over-haul.com/proxy?sessionId=287907711&appName=d8292afd5f20c84e29d9c20ae1659c0e20245a1e&environment=development
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
20.83.139.45 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type,if-none-match
Access-Control-Request-Method
GET
Origin
https://microsoft-qa.over-haul.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

access-control-allow-headers
authorization,content-type,if-none-match
access-control-allow-methods
GET, POST
access-control-allow-origin
*
access-control-expose-headers
ETag
access-control-max-age
172800
content-length
0
date
Mon, 08 May 2023 04:02:55 GMT
vary
Access-Control-Request-Headers
logo-F65PBVPV.svg
microsoft-qa.over-haul.com/ 		5 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://microsoft-qa.over-haul.com/logo-F65PBVPV.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:13bb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f17c08acbd168d6213ad4927d9931a3c3e103076446b9f6555b33200ab191d6f
Security Headers
Name Value
Content-Security-Policy default-src 'self'; child-src 'self' blob: app.pendo.io app.eu.pendo.io; frame-src 'self' app.pendo.io app.eu.pendo.io *.microsoft.com over-haul.app.box.com iframe-overhaul-simulator.web.app over-haul.com; frame-ancestors 'self' app.pendo.io app.eu.pendo.io *.microsoft.com over-haul.app.box.com iframe-overhaul-simulator.web.app; script-src 'self' *.over-haul.com 'unsafe-eval' 'unsafe-inline' unleash-proxy.oh-aws-us-east-1-app-dev.ovhl.io unleash-proxy.oh-aws-us-east-1-app-stage.ovhl.io unleash-proxy.oh-aws-us-east-1-app-prod.ovhl.io app.pendo.io *.storage.googleapis.com cdn.pendo.io data.pendo.io app.eu.pendo.io pendo-eu-static.storage.googleapis.com cdn.eu.pendo.io data.eu.pendo.io www.googletagmanager.com edge.fullstory.com assets.zendesk.com static.zdassets.com stats.pusher.com; connect-src 'self' unleash-proxy.oh-aws-us-east-1-app-dev.ovhl.io unleash-proxy.oh-aws-us-east-1-app-stage.ovhl.io unleash-proxy.oh-aws-us-east-1-app-prod.ovhl.io app.pendo.io data.pendo.io app.eu.pendo.io data.eu.pendo.io *.storage.googleapis.com *.over-haul.com *.browser-intake-datadoghq.com rs.fullstory.com api.tiles.mapbox.com events.mapbox.com api.mapbox.com ohhelp.zendesk.com ekr.zdassets.com wss:; style-src 'self' *.over-haul.com 'unsafe-inline' unleash-proxy.oh-aws-us-east-1-app-dev.ovhl.io unleash-proxy.oh-aws-us-east-1-app-stage.ovhl.io unleash-proxy.oh-aws-us-east-1-app-prod.ovhl.io app.pendo.io cdn.pendo.io fonts.googleapis.com app.eu.pendo.io cdn.eu.pendo.io *.storage.googleapis.com; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com unleash-proxy.oh-aws-us-east-1-app-dev.ovhl.io unleash-proxy.oh-aws-us-east-1-app-stage.ovhl.io unleash-proxy.oh-aws-us-east-1-app-prod.ovhl.io; img-src 'self' *.over-haul.com unleash-proxy.oh-aws-us-east-1-app-dev.ovhl.io unleash-proxy.oh-aws-us-east-1-app-stage.ovhl.io unleash-proxy.oh-aws-us-east-1-app-prod.ovhl.io cdn.pendo.io app.pendo.io *.storage.googleapis.com data.pendo.io cdn.eu.pendo.io app.eu.pendo.io data.eu.pendo.io data: blob: qa-overhaul-com.s3.amazonaws.com cdnjs.cloudflare.com; media-src 'self' static.zdassets.com; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://microsoft-qa.over-haul.com/app/sign-in
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date
Mon, 08 May 2023 04:02:56 GMT
content-security-policy
default-src 'self'; child-src 'self' blob: app.pendo.io app.eu.pendo.io; frame-src 'self' app.pendo.io app.eu.pendo.io *.microsoft.com over-haul.app.box.com iframe-overhaul-simulator.web.app over-haul.com; frame-ancestors 'self' app.pendo.io app.eu.pendo.io *.microsoft.com over-haul.app.box.com iframe-overhaul-simulator.web.app; script-src 'self' *.over-haul.com 'unsafe-eval' 'unsafe-inline' unleash-proxy.oh-aws-us-east-1-app-dev.ovhl.io unleash-proxy.oh-aws-us-east-1-app-stage.ovhl.io unleash-proxy.oh-aws-us-east-1-app-prod.ovhl.io app.pendo.io *.storage.googleapis.com cdn.pendo.io data.pendo.io app.eu.pendo.io pendo-eu-static.storage.googleapis.com cdn.eu.pendo.io data.eu.pendo.io www.googletagmanager.com edge.fullstory.com assets.zendesk.com static.zdassets.com stats.pusher.com; connect-src 'self' unleash-proxy.oh-aws-us-east-1-app-dev.ovhl.io unleash-proxy.oh-aws-us-east-1-app-stage.ovhl.io unleash-proxy.oh-aws-us-east-1-app-prod.ovhl.io app.pendo.io data.pendo.io app.eu.pendo.io data.eu.pendo.io *.storage.googleapis.com *.over-haul.com *.browser-intake-datadoghq.com rs.fullstory.com api.tiles.mapbox.com events.mapbox.com api.mapbox.com ohhelp.zendesk.com ekr.zdassets.com wss:; style-src 'self' *.over-haul.com 'unsafe-inline' unleash-proxy.oh-aws-us-east-1-app-dev.ovhl.io unleash-proxy.oh-aws-us-east-1-app-stage.ovhl.io unleash-proxy.oh-aws-us-east-1-app-prod.ovhl.io app.pendo.io cdn.pendo.io fonts.googleapis.com app.eu.pendo.io cdn.eu.pendo.io *.storage.googleapis.com; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com unleash-proxy.oh-aws-us-east-1-app-dev.ovhl.io unleash-proxy.oh-aws-us-east-1-app-stage.ovhl.io unleash-proxy.oh-aws-us-east-1-app-prod.ovhl.io; img-src 'self' *.over-haul.com unleash-proxy.oh-aws-us-east-1-app-dev.ovhl.io unleash-proxy.oh-aws-us-east-1-app-stage.ovhl.io unleash-proxy.oh-aws-us-east-1-app-prod.ovhl.io cdn.pendo.io app.pendo.io *.storage.googleapis.com data.pendo.io cdn.eu.pendo.io app.eu.pendo.io data.eu.pendo.io data: blob: qa-overhaul-com.s3.amazonaws.com cdnjs.cloudflare.com; media-src 'self' static.zdassets.com; worker-src 'self' blob:;
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Sun, 07 May 2023 19:03:26 GMT
server
cloudflare
cf-cache-status
MISS
etag
W/"6457f5fe-13d0"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=315360000
cf-ray
7c3ecf5bacd4372c-FRA
expires
Thu, 31 Dec 2037 23:55:55 GMT
replay
session-replay.browser-intake-datadoghq.com/api/v2/ 		53 B
305 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://session-replay.browser-intake-datadoghq.com/api/v2/replay?ddsource=browser&ddtags=sdk_version%3A4.36.0%2Capi%3Afetch%2Cenv%3Adev%2Cservice%3Aoverhaul-frontend%2Cversion%3A1.0.0%2Bd8292afd5f20c84e29d9c20ae1659c0e20245a1e&dd-api-key=pub26d7fa6f93d79d06df1c8f7c8f72fb0d&dd-evp-origin-version=4.36.0&dd-evp-origin=browser&dd-request-id=36934b6e-52cb-4727-9d5c-84766c4b3b7d
Requested by
Host: microsoft-qa.over-haul.com
URL: https://microsoft-qa.over-haul.com/root-app-X2YMEUBGjs.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:24e6:b900:d460:696e:c2e7:54c7 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
22971e7980d77eda1e353471b7d299bfb86f115fd69fd26abf98cae4045f089d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://microsoft-qa.over-haul.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type
multipart/form-data; boundary=----WebKitFormBoundary4QemLruFfVrI4s4b

Response headers

date
Mon, 08 May 2023 04:02:56 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
accept-encoding
identity,gzip,x-gzip,deflate,x-deflate,zstd
content-type
application/json
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
53
portal
microsoft-qa.over-haul.com/api/v3/public/ 		204 B
530 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://microsoft-qa.over-haul.com/api/v3/public/portal
Requested by
Host: microsoft-qa.over-haul.com
URL: https://microsoft-qa.over-haul.com/root-app-X2YMEUBGjs.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:13bb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
34056f44068c14c2796c0fc5f7ada3ee75d94bb33a9dd82181b2bea405a585f1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Client-Device
web
accept-language
de-DE,de;q=0.9
x-datadog-origin
rum
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
x-datadog-sampling-priority
1
Referer
https://microsoft-qa.over-haul.com/app/sign-in
x-datadog-parent-id
7743527639499738478
x-datadog-trace-id
9004786125371677266

Response headers

date
Mon, 08 May 2023 04:02:56 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
x-xss-protection
1; mode=block
x-request-id
4c14329b-04dc-4ea9-9ce2-41a091d84269
x-runtime
0.026505
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"064ba4123f7da31731e4d6dd4bcab747"
x-download-options
noopen
vary
Accept-Encoding, Origin
x-frame-options
SAMEORIGIN
content-type
application/json; charset=utf-8
cache-control
max-age=0, private, must-revalidate
cf-ray
7c3ecf5bbcdf372c-FRA
83a710d59f.png
qa-static-assets.over-haul.com/uploads/portal/logo/198/ 		49 KB
49 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://qa-static-assets.over-haul.com/uploads/portal/logo/198/83a710d59f.png?mac=9DGwKTvvXqlQTe4OY1bkQZQEhudUFcwA%2FZLIateQ%2FTI%3D&expiry=1683519603000
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:12bb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9a3eb279f1e08456ad2c5d2327f64004eee8c453b3a7600bf1ee4781ef9d47b8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://microsoft-qa.over-haul.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date
Mon, 08 May 2023 04:02:56 GMT
x-amz-version-id
null
cf-cache-status
BYPASS
last-modified
Thu, 14 May 2020 16:11:42 GMT
server
cloudflare
x-amz-request-id
W77XCBXEHVFH77AP
etag
"ffabf57f943a06f0bc5b676b66f18616"
vary
Accept-Encoding
content-type
image/png
accept-ranges
bytes
cf-ray
7c3ecf5d2c86377c-FRA
content-length
49732
x-amz-id-2
UcBeP0Dlc/ZoBsCRibMcNy/187Q+Icw3o1ioNJB+DcMF6VOzgKpVbd0Bv9KWccdvMURQFKimGYU=

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| __cfQR boolean| __cfRLUnblockHandlers number| 2f1acc6c3a606b082e5eef5e54414ffb number| activeHttpCount object| DD_RUM boolean| isOhAppLoaded

1 Cookies

Domain/Path Name / Value
microsoft-qa.over-haul.com/ Name: _dd_s
Value: rum=1&id=58954d9c-55af-48fa-a9b1-70c4f8b887d0&created=1683518575454&expire=1683519475454

1 Console Messages

Source Level URL
Text
network error URL: https://microsoft-qa.over-haul.com/null
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; child-src 'self' blob: app.pendo.io app.eu.pendo.io; frame-src 'self' app.pendo.io app.eu.pendo.io *.microsoft.com over-haul.app.box.com iframe-overhaul-simulator.web.app over-haul.com; frame-ancestors 'self' app.pendo.io app.eu.pendo.io *.microsoft.com over-haul.app.box.com iframe-overhaul-simulator.web.app; script-src 'self' *.over-haul.com 'unsafe-eval' 'unsafe-inline' unleash-proxy.oh-aws-us-east-1-app-dev.ovhl.io unleash-proxy.oh-aws-us-east-1-app-stage.ovhl.io unleash-proxy.oh-aws-us-east-1-app-prod.ovhl.io app.pendo.io *.storage.googleapis.com cdn.pendo.io data.pendo.io app.eu.pendo.io pendo-eu-static.storage.googleapis.com cdn.eu.pendo.io data.eu.pendo.io www.googletagmanager.com edge.fullstory.com assets.zendesk.com static.zdassets.com stats.pusher.com; connect-src 'self' unleash-proxy.oh-aws-us-east-1-app-dev.ovhl.io unleash-proxy.oh-aws-us-east-1-app-stage.ovhl.io unleash-proxy.oh-aws-us-east-1-app-prod.ovhl.io app.pendo.io data.pendo.io app.eu.pendo.io data.eu.pendo.io *.storage.googleapis.com *.over-haul.com *.browser-intake-datadoghq.com rs.fullstory.com api.tiles.mapbox.com events.mapbox.com api.mapbox.com ohhelp.zendesk.com ekr.zdassets.com wss:; style-src 'self' *.over-haul.com 'unsafe-inline' unleash-proxy.oh-aws-us-east-1-app-dev.ovhl.io unleash-proxy.oh-aws-us-east-1-app-stage.ovhl.io unleash-proxy.oh-aws-us-east-1-app-prod.ovhl.io app.pendo.io cdn.pendo.io fonts.googleapis.com app.eu.pendo.io cdn.eu.pendo.io *.storage.googleapis.com; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com unleash-proxy.oh-aws-us-east-1-app-dev.ovhl.io unleash-proxy.oh-aws-us-east-1-app-stage.ovhl.io unleash-proxy.oh-aws-us-east-1-app-prod.ovhl.io; img-src 'self' *.over-haul.com unleash-proxy.oh-aws-us-east-1-app-dev.ovhl.io unleash-proxy.oh-aws-us-east-1-app-stage.ovhl.io unleash-proxy.oh-aws-us-east-1-app-prod.ovhl.io cdn.pendo.io app.pendo.io *.storage.googleapis.com data.pendo.io cdn.eu.pendo.io app.eu.pendo.io data.eu.pendo.io data: blob: qa-overhaul-com.s3.amazonaws.com cdnjs.cloudflare.com; media-src 'self' static.zdassets.com; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains