URL: https://accountprotection.microsofts.com/
Submission Tags: @phishunt_io
Submission: On May 04 via api from DE

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 18 HTTP transactions. The main IP is 151.106.5.168, located in Strasbourg, France and belongs to VELIANET-AS velia.net Internetdienste GmbH, DE. The main domain is accountprotection.microsofts.com.
TLS certificate: Issued by R3 on May 3rd 2021. Valid for: 3 months.
This is the only time accountprotection.microsofts.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
7 151.106.5.168 29066 (VELIANET-...)
2 2a00:1450:400... 15169 (GOOGLE)
8 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
18 4
Domain Requested by
9 www.google.com accountprotection.microsofts.com
www.google.com
7 accountprotection.microsofts.com accountprotection.microsofts.com
1 afs.googleusercontent.com www.google.com
1 t0.gstatic.com www.google.com
18 4

This site contains no links.

Subject Issuer Validity Valid
accountprotection.microsofts.com
R3
2021-05-03 -
2021-08-01
3 months crt.sh
www.google.com
GTS CA 1C3
2021-04-13 -
2021-07-06
3 months crt.sh
*.google.com
GTS CA 1C3
2021-04-13 -
2021-07-06
3 months crt.sh
*.gstatic.com
GTS CA 1C3
2021-04-13 -
2021-07-06
3 months crt.sh
*.googleusercontent.com
GTS CA 1C3
2021-04-13 -
2021-07-06
3 months crt.sh

This page contains 6 frames:

Primary Page: https://accountprotection.microsofts.com/
Frame ID: 9C4920DEA5B82BAA033D4D441EB0D4AB
Requests: 10 HTTP requests in this frame

Frame: https://www.google.com/afs/ads/i/iframe.html
Frame ID: C2ACD9666E9812DC4E244F2DBC9A398F
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/afs/ads/i/iframe.html
Frame ID: 92310DB92B45237723307D952982C7AA
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/afs/ads/i/iframe.html
Frame ID: 5232C2676469637CE9670C24A1F79AD0
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/dp/ads?max_radlink_len=60&r=m&cpp=0&client=dp-bodis30_3ph&channel=pid-bodis-gcontrol47%2Cpid-bodis-gcontrol48&adtest=off&type=3&pcsa=false&psid=3407845713&swp=as-drid-2898040491288658&uiopt=false&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17300494%2C17300496%2C17300599&format=r7%7Cn3&ad=n3&num=0&output=afd_ads&domain_name=accountprotection.microsofts.com&v=3&adext=as1%2Csr1&bsl=8&u_his=2&u_tz=120&dt=1620092928773&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=1584&psh=77&frm=0&uio=sl1sr1--&cont=rs%7Cads&csize=w1584h0%7Cw1584h0%7Cw1584h0%7Cw1584h0&inames=master-1%7Cslave-1-1%7Cslave-1-a-1%7Cslave-1-b-1&jsv=11835&rurl=https%3A%2F%2Faccountprotection.microsofts.com%2F
Frame ID: 92AE0539CB2CA26C8A86E797672A5191
Requests: 4 HTTP requests in this frame

Frame: https://www.google.com/js/bg/wkpRfPPcRT5gRuVOwfaUS9di2m_GhEf8-oTDdHI7uwk.js
Frame ID: D9565A8A62FF6E1A69615E310980CD49
Requests: 1 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /openresty(?:\/([\d.]+))?/i

Overall confidence: 100%
Detected patterns
  • headers server /openresty(?:\/([\d.]+))?/i

Overall confidence: 100%
Detected patterns
  • headers server /openresty(?:\/([\d.]+))?/i

Page Statistics

18
Requests

100 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

160 kB
Transfer

431 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
accountprotection.microsofts.com/
2 KB
1 KB
Document
General
Full URL
https://accountprotection.microsofts.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
151.106.5.168 Strasbourg, France, ASN29066 (VELIANET-AS velia.net Internetdienste GmbH, DE),
Reverse DNS
Software
openresty /
Resource Hash
f6a5140d813a5ae1e77cf199585e8e4a26929474c3db1d2c015693b8a2f004cb

Request headers

:method
GET
:authority
accountprotection.microsofts.com
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

server
openresty
date
Tue, 04 May 2021 01:48:48 GMT
content-type
text/html; charset=UTF-8
x-adblock-key
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Oe0Nv/V+aPEHS7zBtm7D5mowocTZ82fZEC40yLQlmgCZdt7uOgg5aSocGJQicrS7SvMpVBzlK0KoLeiZ0zHmwQ==
x-backend-server
core152.bodis.com
content-encoding
gzip
parking.js
accountprotection.microsofts.com/js/
54 KB
18 KB
Script
General
Full URL
https://accountprotection.microsofts.com/js/parking.js?v=1620092928
Requested by
Host: accountprotection.microsofts.com
URL: https://accountprotection.microsofts.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
151.106.5.168 Strasbourg, France, ASN29066 (VELIANET-AS velia.net Internetdienste GmbH, DE),
Reverse DNS
Software
openresty /
Resource Hash
be428741570c8c8182e13e5e56027ad730f50f56526f018cdceff02b0b08ba92

Request headers

:path
/js/parking.js?v=1620092928
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
accountprotection.microsofts.com
referer
https://accountprotection.microsofts.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://accountprotection.microsofts.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 04 May 2021 01:48:48 GMT
content-encoding
gzip
etag
W/"6090755d-d89b"
last-modified
Mon, 03 May 2021 22:12:45 GMT
server
openresty
x-backend-server
core152.bodis.com
content-type
application/javascript; charset=utf-8
_fd
accountprotection.microsofts.com/
2 KB
2 KB
Fetch
General
Full URL
https://accountprotection.microsofts.com/_fd
Requested by
Host: accountprotection.microsofts.com
URL: https://accountprotection.microsofts.com/js/parking.js?v=1620092928
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
151.106.5.168 Strasbourg, France, ASN29066 (VELIANET-AS velia.net Internetdienste GmbH, DE),
Reverse DNS
Software
openresty /
Resource Hash
a39c3ee2d2a413d0154bdf8ac9194d52943bd63473f1f599a3381b152fd947dc

Request headers

sec-fetch-mode
cors
origin
https://accountprotection.microsofts.com
accept-encoding
gzip, deflate, br
accept-language
en-US
sec-fetch-dest
empty
content-length
1056
:path
/_fd
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type
application/json
accept
application/json
cache-control
no-cache
:authority
accountprotection.microsofts.com
referer
https://accountprotection.microsofts.com/
:scheme
https
sec-fetch-site
same-origin
:method
POST
Accept
application/json
Referer
https://accountprotection.microsofts.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
application/json

Response headers

x-version
2.53.15
date
Tue, 04 May 2021 01:48:48 GMT
cache-control
no-cache, private
server
openresty
content-encoding
gzip
x-backend-server
core152.bodis.com
content-type
text/html; charset=UTF-8
caf.js
www.google.com/adsense/domains/
168 KB
59 KB
Script
General
Full URL
https://www.google.com/adsense/domains/caf.js
Requested by
Host: accountprotection.microsofts.com
URL: https://accountprotection.microsofts.com/js/parking.js?v=1620092928
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
278e28e409ee1445e0065b82da52e028396ea08deec426b133ba8a76fcc48b77
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://accountprotection.microsofts.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 04 May 2021 01:48:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"15636576270585490904"
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
expires
Tue, 04 May 2021 01:48:48 GMT
px.gif
accountprotection.microsofts.com/
42 B
190 B
Image
General
Full URL
https://accountprotection.microsofts.com/px.gif?ch=1&rn=2.801425145450062
Requested by
Host: accountprotection.microsofts.com
URL: https://accountprotection.microsofts.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
151.106.5.168 Strasbourg, France, ASN29066 (VELIANET-AS velia.net Internetdienste GmbH, DE),
Reverse DNS
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

:path
/px.gif?ch=1&rn=2.801425145450062
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
accountprotection.microsofts.com
referer
https://accountprotection.microsofts.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://accountprotection.microsofts.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 04 May 2021 01:48:48 GMT
last-modified
Thu, 06 Aug 2020 15:09:01 GMT
server
openresty
etag
"5f2c1d0d-2a"
content-type
image/gif
accept-ranges
bytes
x-backend-server
core152.bodis.com
content-length
42
px.gif
accountprotection.microsofts.com/
42 B
190 B
Image
General
Full URL
https://accountprotection.microsofts.com/px.gif?ch=2&rn=2.801425145450062
Requested by
Host: accountprotection.microsofts.com
URL: https://accountprotection.microsofts.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
151.106.5.168 Strasbourg, France, ASN29066 (VELIANET-AS velia.net Internetdienste GmbH, DE),
Reverse DNS
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

:path
/px.gif?ch=2&rn=2.801425145450062
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
accountprotection.microsofts.com
referer
https://accountprotection.microsofts.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://accountprotection.microsofts.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 04 May 2021 01:48:48 GMT
last-modified
Thu, 06 Aug 2020 15:09:01 GMT
server
openresty
etag
"5f2c1d0d-2a"
content-type
image/gif
accept-ranges
bytes
x-backend-server
core152.bodis.com
content-length
42
iframe.html
www.google.com/afs/ads/i/ Frame C2AC
1 KB
663 B
Document
General
Full URL
https://www.google.com/afs/ads/i/iframe.html
Requested by
Host: www.google.com
URL: https://www.google.com/adsense/domains/caf.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
76af5e214fc325c8208178fca58810d6b214eebd28e9f5f16dd59cf557662767
Security Headers
Name Value
Content-Security-Policy script-src 'nonce-RpulbiQZKKVvYwN8qoYgLQ' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui; base-uri 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/afs/ads/i/iframe.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://accountprotection.microsofts.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://accountprotection.microsofts.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-type
text/html
content-security-policy
script-src 'nonce-RpulbiQZKKVvYwN8qoYgLQ' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui; base-uri 'none'
cross-origin-resource-policy
cross-origin
content-length
639
date
Tue, 04 May 2021 01:48:48 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
last-modified
Mon, 25 May 2020 08:30:00 GMT
x-content-type-options
nosniff
content-encoding
gzip
server
sffe
x-xss-protection
0
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
iframe.html
www.google.com/afs/ads/i/ Frame 9231
1 KB
666 B
Document
General
Full URL
https://www.google.com/afs/ads/i/iframe.html
Requested by
Host: www.google.com
URL: https://www.google.com/adsense/domains/caf.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e5cb95bc0bb876fde090ee6f2dfee7ee92e1fe665ec3b439dd18caa7a71fc0fd
Security Headers
Name Value
Content-Security-Policy script-src 'nonce-wUVwK5YRAoqlPt9gpz9cYw' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui; base-uri 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/afs/ads/i/iframe.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://accountprotection.microsofts.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://accountprotection.microsofts.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-type
text/html
content-security-policy
script-src 'nonce-wUVwK5YRAoqlPt9gpz9cYw' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui; base-uri 'none'
cross-origin-resource-policy
cross-origin
content-length
642
date
Tue, 04 May 2021 01:48:48 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
last-modified
Mon, 25 May 2020 08:30:00 GMT
x-content-type-options
nosniff
content-encoding
gzip
server
sffe
x-xss-protection
0
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
iframe.html
www.google.com/afs/ads/i/ Frame 5232
1 KB
665 B
Document
General
Full URL
https://www.google.com/afs/ads/i/iframe.html
Requested by
Host: www.google.com
URL: https://www.google.com/adsense/domains/caf.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0622483b0956d9a773c649df3838e9474b38acf7b61967d9ae8dd052acd42842
Security Headers
Name Value
Content-Security-Policy script-src 'nonce-q6WNwHI-USJa3Hgahd1qxw' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui; base-uri 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/afs/ads/i/iframe.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://accountprotection.microsofts.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://accountprotection.microsofts.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-type
text/html
content-security-policy
script-src 'nonce-q6WNwHI-USJa3Hgahd1qxw' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui; base-uri 'none'
cross-origin-resource-policy
cross-origin
content-length
641
date
Tue, 04 May 2021 01:48:48 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
last-modified
Mon, 25 May 2020 08:30:00 GMT
x-content-type-options
nosniff
content-encoding
gzip
server
sffe
x-xss-protection
0
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
ads
www.google.com/dp/ Frame 92AE
15 KB
8 KB
Document
General
Full URL
https://www.google.com/dp/ads?max_radlink_len=60&r=m&cpp=0&client=dp-bodis30_3ph&channel=pid-bodis-gcontrol47%2Cpid-bodis-gcontrol48&adtest=off&type=3&pcsa=false&psid=3407845713&swp=as-drid-2898040491288658&uiopt=false&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17300494%2C17300496%2C17300599&format=r7%7Cn3&ad=n3&num=0&output=afd_ads&domain_name=accountprotection.microsofts.com&v=3&adext=as1%2Csr1&bsl=8&u_his=2&u_tz=120&dt=1620092928773&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=1584&psh=77&frm=0&uio=sl1sr1--&cont=rs%7Cads&csize=w1584h0%7Cw1584h0%7Cw1584h0%7Cw1584h0&inames=master-1%7Cslave-1-1%7Cslave-1-a-1%7Cslave-1-b-1&jsv=11835&rurl=https%3A%2F%2Faccountprotection.microsofts.com%2F
Requested by
Host: www.google.com
URL: https://www.google.com/adsense/domains/caf.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gws /
Resource Hash
14f30737457e5e46b04450e5715598a35a6777050e53a93566976900565f1b78
Security Headers
Name Value
X-Xss-Protection 0

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/dp/ads?max_radlink_len=60&r=m&cpp=0&client=dp-bodis30_3ph&channel=pid-bodis-gcontrol47%2Cpid-bodis-gcontrol48&adtest=off&type=3&pcsa=false&psid=3407845713&swp=as-drid-2898040491288658&uiopt=false&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17300494%2C17300496%2C17300599&format=r7%7Cn3&ad=n3&num=0&output=afd_ads&domain_name=accountprotection.microsofts.com&v=3&adext=as1%2Csr1&bsl=8&u_his=2&u_tz=120&dt=1620092928773&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=1584&psh=77&frm=0&uio=sl1sr1--&cont=rs%7Cads&csize=w1584h0%7Cw1584h0%7Cw1584h0%7Cw1584h0&inames=master-1%7Cslave-1-1%7Cslave-1-a-1%7Cslave-1-b-1&jsv=11835&rurl=https%3A%2F%2Faccountprotection.microsofts.com%2F
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://accountprotection.microsofts.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://accountprotection.microsofts.com/

Response headers

content-type
text/html; charset=UTF-8
content-disposition
inline
date
Tue, 04 May 2021 01:48:48 GMT
expires
Tue, 04 May 2021 01:48:48 GMT
cache-control
private, max-age=3600
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-encoding
br
server
gws
content-length
8135
x-xss-protection
0
set-cookie
CONSENT=PENDING+225; expires=Fri, 01-Jan-2038 00:00:00 GMT; path=/; domain=.google.com
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
caf.js
www.google.com/adsense/domains/ Frame 92AE
169 KB
59 KB
Script
General
Full URL
https://www.google.com/adsense/domains/caf.js
Requested by
Host: www.google.com
URL: https://www.google.com/dp/ads?max_radlink_len=60&r=m&cpp=0&client=dp-bodis30_3ph&channel=pid-bodis-gcontrol47%2Cpid-bodis-gcontrol48&adtest=off&type=3&pcsa=false&psid=3407845713&swp=as-drid-2898040491288658&uiopt=false&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17300494%2C17300496%2C17300599&format=r7%7Cn3&ad=n3&num=0&output=afd_ads&domain_name=accountprotection.microsofts.com&v=3&adext=as1%2Csr1&bsl=8&u_his=2&u_tz=120&dt=1620092928773&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=1584&psh=77&frm=0&uio=sl1sr1--&cont=rs%7Cads&csize=w1584h0%7Cw1584h0%7Cw1584h0%7Cw1584h0&inames=master-1%7Cslave-1-1%7Cslave-1-a-1%7Cslave-1-b-1&jsv=11835&rurl=https%3A%2F%2Faccountprotection.microsofts.com%2F
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d777f0489f80c805e8c12154d9a85397c08f2366c9521dc5db5ad5b584b10403
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 04 May 2021 01:48:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"4175599526762968699"
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
expires
Tue, 04 May 2021 01:48:48 GMT
licensed-image
t0.gstatic.com/ Frame 92AE
2 KB
3 KB
Image
General
Full URL
https://t0.gstatic.com/licensed-image?q=tbn:ANd9GcQ2E72r1PaOKaomBoj3ZxMMqG7h4ifnR5bPjIg9Ty_xTf83wF2GWXnKnTAka1cuM77tt6J0nD628MXDpY3Pom2QGzvkJqIUJHEYS1Lk5tXlG4QJtrGDyui9
Requested by
Host: www.google.com
URL: https://www.google.com/dp/ads?max_radlink_len=60&r=m&cpp=0&client=dp-bodis30_3ph&channel=pid-bodis-gcontrol47%2Cpid-bodis-gcontrol48&adtest=off&type=3&pcsa=false&psid=3407845713&swp=as-drid-2898040491288658&uiopt=false&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17300494%2C17300496%2C17300599&format=r7%7Cn3&ad=n3&num=0&output=afd_ads&domain_name=accountprotection.microsofts.com&v=3&adext=as1%2Csr1&bsl=8&u_his=2&u_tz=120&dt=1620092928773&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=1584&psh=77&frm=0&uio=sl1sr1--&cont=rs%7Cads&csize=w1584h0%7Cw1584h0%7Cw1584h0%7Cw1584h0&inames=master-1%7Cslave-1-1%7Cslave-1-a-1%7Cslave-1-b-1&jsv=11835&rurl=https%3A%2F%2Faccountprotection.microsofts.com%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
50f5f40a363283c0ffd61ff1897a72f56e0959e8416ea83bf240da4bc5c09930
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 29 Apr 2021 15:35:37 GMT
x-content-type-options
nosniff
last-modified
Tue, 19 Mar 2019 01:08:42 GMT
server
sffe
age
382391
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2500
x-xss-protection
0
expires
Fri, 29 Apr 2022 15:35:37 GMT
chevron.svg
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/ Frame 92AE
200 B
259 B
Image
General
Full URL
https://afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff
Requested by
Host: www.google.com
URL: https://www.google.com/dp/ads?max_radlink_len=60&r=m&cpp=0&client=dp-bodis30_3ph&channel=pid-bodis-gcontrol47%2Cpid-bodis-gcontrol48&adtest=off&type=3&pcsa=false&psid=3407845713&swp=as-drid-2898040491288658&uiopt=false&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17300494%2C17300496%2C17300599&format=r7%7Cn3&ad=n3&num=0&output=afd_ads&domain_name=accountprotection.microsofts.com&v=3&adext=as1%2Csr1&bsl=8&u_his=2&u_tz=120&dt=1620092928773&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=1584&psh=77&frm=0&uio=sl1sr1--&cont=rs%7Cads&csize=w1584h0%7Cw1584h0%7Cw1584h0%7Cw1584h0&inames=master-1%7Cslave-1-1%7Cslave-1-a-1%7Cslave-1-b-1&jsv=11835&rurl=https%3A%2F%2Faccountprotection.microsofts.com%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
809fb4619d2a2f1a85dbda8cc69a7f1659215212d708a098d62150eee57070c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 03 May 2021 15:41:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 22 Oct 2020 21:45:00 GMT
server
sffe
age
36440
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=82800
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
174
x-xss-protection
0
expires
Tue, 04 May 2021 14:41:28 GMT
d2circle2.svg
accountprotection.microsofts.com/assets/
1 KB
1 KB
Image
General
Full URL
https://accountprotection.microsofts.com/assets/d2circle2.svg
Requested by
Host: accountprotection.microsofts.com
URL: https://accountprotection.microsofts.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
151.106.5.168 Strasbourg, France, ASN29066 (VELIANET-AS velia.net Internetdienste GmbH, DE),
Reverse DNS
Software
openresty /
Resource Hash
0718b0196837baa8a332b4aea1d667c28052b90fb270baa1061bfc97b536531f

Request headers

:path
/assets/d2circle2.svg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
accountprotection.microsofts.com
referer
https://accountprotection.microsofts.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://accountprotection.microsofts.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 04 May 2021 01:48:49 GMT
last-modified
Fri, 23 Apr 2021 12:25:11 GMT
server
openresty
etag
"6082bca7-4a7"
content-type
image/svg+xml
accept-ranges
bytes
x-backend-server
core152.bodis.com
content-length
1191
_tr
accountprotection.microsofts.com/
2 B
181 B
Fetch
General
Full URL
https://accountprotection.microsofts.com/_tr
Requested by
Host: accountprotection.microsofts.com
URL: https://accountprotection.microsofts.com/js/parking.js?v=1620092928
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
151.106.5.168 Strasbourg, France, ASN29066 (VELIANET-AS velia.net Internetdienste GmbH, DE),
Reverse DNS
Software
openresty /
Resource Hash
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

sec-fetch-mode
cors
origin
https://accountprotection.microsofts.com
accept-encoding
gzip, deflate, br
accept-language
en-US
sec-fetch-dest
empty
content-length
1941
:path
/_tr
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type
application/json
accept
application/json
cache-control
no-cache
:authority
accountprotection.microsofts.com
referer
https://accountprotection.microsofts.com/
:scheme
https
sec-fetch-site
same-origin
:method
POST
Accept
application/json
Referer
https://accountprotection.microsofts.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
application/json

Response headers

x-version
2.53.15
date
Tue, 04 May 2021 01:48:49 GMT
cache-control
no-cache, private
server
openresty
content-encoding
gzip
x-backend-server
core152.bodis.com
content-type
text/html; charset=UTF-8
wkpRfPPcRT5gRuVOwfaUS9di2m_GhEf8-oTDdHI7uwk.js
www.google.com/js/bg/ Frame D956
14 KB
6 KB
Script
General
Full URL
https://www.google.com/js/bg/wkpRfPPcRT5gRuVOwfaUS9di2m_GhEf8-oTDdHI7uwk.js
Requested by
Host: www.google.com
URL: https://www.google.com/adsense/domains/caf.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c24a517cf3dc453e6046e54ec1f6944bd762da6fc68447fcfa84c374723bbb09
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 29 Apr 2021 12:02:53 GMT
content-encoding
br
x-content-type-options
nosniff
last-modified
Thu, 08 Apr 2021 09:30:00 GMT
server
sffe
age
395156
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5710
x-xss-protection
0
expires
Fri, 29 Apr 2022 12:02:53 GMT
gen_204
www.google.com/afs/
0
15 B
Image
General
Full URL
https://www.google.com/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=akfe5eymfl0c&aqid=AKiQYMmKNN2q7APKoZygBA&psid=3407845713&pbt=bs&adbx=560&adby=161&adbh=367&adbw=480&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=11835337929394500508&csadii=23&csadr=197&lle=0&llm=1000&ifv=1&usr=1
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gws /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://accountprotection.microsofts.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 04 May 2021 01:48:50 GMT
server
gws
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-type
text/html; charset=ISO-8859-1
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
gen_204
www.google.com/afs/
0
15 B
Image
General
Full URL
https://www.google.com/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=nsn3w4vm1mov&aqid=AKiQYMmKNN2q7APKoZygBA&psid=3407845713&pbt=bv&adbx=560&adby=161&adbh=367&adbw=480&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=11835337929394500508&csadii=23&csadr=197&lle=0&llm=1000&ifv=1&usr=1
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gws /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://accountprotection.microsofts.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 04 May 2021 01:48:51 GMT
server
gws
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-type
text/html; charset=ISO-8859-1
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0

Verdicts & Comments Add Verdict or Comment

34 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated string| park object| regeneratorRuntime function| setImmediate function| clearImmediate number| googleNDT_ string| _googCsaExpIds number| _googCsaAlwaysHttps number| _googEnableCcpa number| _googEnableCcpaForCanoeV2 number| _enableLazyLoading number| _googEnableQup number| _googErrorTurnOffPersonalization number| _googTimeoutTurnOffPersonalization string| _googLazyLoadingDenyList string| _googLazyLoadingEnableList number| _googLazyLoadingRootMargin number| _googUspApiTimeout number| googleAltLoader object| google

0 Cookies