microsoftportal.net Open in urlscan Pro
91.218.230.124 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://microsoftportal.net.admin-mcas.ms/
Effective URL:
https://microsoftportal.net/
Submission Tags: @phishunt_io
Submission: On June 18 via api (June 18th 2021, 1:20:07 am UTC) from DE

Summary HTTP 173 Redirects Links 11 Behaviour Indicators

Summary

This website contacted 47 IPs in 8 countries across 55 domains to perform 173 HTTP transactions. The main IP is 91.218.230.124, located in Russian Federation and belongs to EUROBYTE Eurobyte LLC, Moscow, Russia, RU. The main domain is microsoftportal.net.
TLS certificate: Issued by R3 on May 3rd 2021. Valid for: 3 months.

This is the only time microsoftportal.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	52.155.166.50 52.155.166.50	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3	2a02:26f0:170... 2a02:26f0:1700:d::1737:6ea4	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
34	91.218.230.124 91.218.230.124	210079 (EUROBYTE ...) (EUROBYTE Eurobyte LLC)
13	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
3 11	2a02:6b8::1:119 2a02:6b8::1:119	13238 (YANDEX) (YANDEX)
1 5	217.69.133.145 217.69.133.145	47764 (MAILRU-AS...) (MAILRU-AS Mail.Ru)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2 11	46.4.121.26 46.4.121.26	24940 (HETZNER-AS) (HETZNER-AS)
2 3	88.212.201.204 88.212.201.204	39134 (UNITEDNET) (UNITEDNET)
2	81.19.89.16 81.19.89.16	24638 (RAMBLER-T...) (RAMBLER-TELECOM-AS)
7	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
2 3	188.42.191.196 188.42.191.196	7979 (SERVERS-COM) (SERVERS-COM)
1 1	157.90.179.219 157.90.179.219	24940 (HETZNER-AS) (HETZNER-AS)
3	195.201.243.71 195.201.243.71	24940 (HETZNER-AS) (HETZNER-AS)
2 2	193.232.148.147 193.232.148.147	48061 (UMA-TECH-AS) (UMA-TECH-AS)
1	2a00:1148:db0... 2a00:1148:db00::17	47764 (MAILRU-AS...) (MAILRU-AS Mail.Ru)
2 2	195.209.108.48 195.209.108.48	52007 (ADRIVER-AS) (ADRIVER-AS)
2	81.222.128.216 81.222.128.216	20597 (ELTEL-AS) (ELTEL-AS)
1	2606:4700:20:... 2606:4700:20::681a:4db	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	194.190.117.93 194.190.117.93	204600 (REPUBLER-AS) (REPUBLER-AS)
3 5	31.172.81.159 31.172.81.159	44066 (DE-FIRSTC...) (DE-FIRSTCOLO www.first-colo.net)
3 3	31.172.81.160 31.172.81.160	44066 (DE-FIRSTC...) (DE-FIRSTCOLO www.first-colo.net)
1	37.18.16.16 37.18.16.16	205675 (HYBRID-AS) (HYBRID-AS)
2	185.15.175.157 185.15.175.157	43226 (SAFEDATA ...) (SAFEDATA Uplinks)
1	116.202.85.93 116.202.85.93	24940 (HETZNER-AS) (HETZNER-AS)
2 7	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
1 1	109.248.237.36 109.248.237.36	201009 (SUPPORTIT-AS) (SUPPORTIT-AS)
1	95.211.66.35 95.211.66.35	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
1	95.163.37.253 95.163.37.253	47764 (MAILRU-AS...) (MAILRU-AS Mail.Ru)
3 3	188.34.131.130 188.34.131.130	24940 (HETZNER-AS) (HETZNER-AS)
3 4	95.216.101.186 95.216.101.186	24940 (HETZNER-AS) (HETZNER-AS)
2 2	35.190.16.14 35.190.16.14	15169 (GOOGLE) (GOOGLE)
1 1	193.106.92.202 193.106.92.202	48614 (ITSOFT-AS) (ITSOFT-AS)
2 4	89.108.119.28 89.108.119.28	197695 (AS-REG) (AS-REG)
1 1	80.64.106.148 80.64.106.148	20764 (RASCOM-AS...) (RASCOM-AS CJSC RASCOM ISP)
1 1	37.9.245.57 37.9.245.57	16345 (BEE-AS Ru...) (BEE-AS Russia)
1 1	89.108.97.2 89.108.97.2	197695 (AS-REG) (AS-REG)
4 4	217.66.147.169 217.66.147.169	29209 (SPBMTS-AS...) (SPBMTS-AS Malaya Monetnaya Street 2-A)
2 2	213.87.44.207 213.87.44.207	13174 (MTSNET Mo...) (MTSNET Moscow)
1 4	2a02:6b8::90 2a02:6b8::90	13238 (YANDEX) (YANDEX)
1 1	144.76.118.200 144.76.118.200	24940 (HETZNER-AS) (HETZNER-AS)
1 1	31.220.27.134 31.220.27.134	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
1	217.65.2.150 217.65.2.150	3175 (CITYTELEC...) (CITYTELECOM-MSK)
1	93.95.102.105 93.95.102.105	48347 (MTW-AS) (MTW-AS)
2	2606:4700:10:... 2606:4700:10::6816:557	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	142.250.185.98 142.250.185.98	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
1 1	88.212.233.108 88.212.233.108	7979 (SERVERS-COM) (SERVERS-COM)
1 2	35.244.223.69 35.244.223.69	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:802::200a	15169 (GOOGLE) (GOOGLE)
20	2a00:1450:400... 2a00:1450:4001:827::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:802::2003	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
2 4	185.15.175.148 185.15.175.148	43226 (SAFEDATA ...) (SAFEDATA Uplinks)
1	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:813::2006	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:811::2004	15169 (GOOGLE) (GOOGLE)
1	2620:116:800d... 2620:116:800d:21:5a23:9c4e:e774:96c1	16509 (AMAZON-02) (AMAZON-02)
1 1	34.246.227.69 34.246.227.69	16509 (AMAZON-02) (AMAZON-02)
1	34.98.67.61 34.98.67.61	15169 (GOOGLE) (GOOGLE)
2 2	35.186.253.211 35.186.253.211	15169 (GOOGLE) (GOOGLE)
2 2	185.64.189.115 185.64.189.115	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
9	2606:4700::68... 2606:4700::6810:d40	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
173	47

1 52.155.166.50 (Dublin, Ireland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

microsoftportal.net.admin-mcas.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:26f0:1700:d::1737:6ea4 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

mcasproxy.azureedge.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

34 91.218.230.124 (Russian Federation)

ASN210079 (EUROBYTE Eurobyte LLC, Moscow, Russia, RU)
PTR: hosted-by.ihc.ru

microsoftportal.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a02:6b8::1:119 (Moscow, Russian Federation) 3 redirects

ASN13238 (YANDEX, RU)

informer.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mc.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mc.yandex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 217.69.133.145 (Russian Federation) 1 redirects

ASN47764 (MAILRU-AS Mail.Ru, RU)
PTR: top-fwz1.mail.ru

top-fwz1.mail.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 46.4.121.26 (Germany) 2 redirects

ASN24940 (HETZNER-AS, DE)
PTR: hz1271109.aucourant.info

www.acint.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 88.212.201.204 (Russian Federation) 2 redirects

ASN39134 (UNITEDNET, RU)
PTR: host204.rax.ru

counter.yadro.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 81.19.89.16 (Moscow, Russian Federation)

ASN24638 (RAMBLER-TELECOM-AS, RU)
PTR: kraken.rambler.ru

st.top100.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
kraken.rambler.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 188.42.191.196 (Luxembourg) 2 redirects

ASN7979 (SERVERS-COM, US)

ads.betweendigital.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 157.90.179.219 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: hz1407627.sapientru.net

ssp-rtb.sape.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 195.201.243.71 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: ingolstadt.aucourant.info

acint.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 193.232.148.147 (Russian Federation) 2 redirects

ASN48061 (UMA-TECH-AS, RU)

px.adhigh.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1148:db00::17 (Russian Federation)

ASN47764 (MAILRU-AS Mail.Ru, RU)

ad.mail.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 195.209.108.48 (Russian Federation) 2 redirects

ASN52007 (ADRIVER-AS, RU)

ad.adriver.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 81.222.128.216 (Russian Federation)

ASN20597 (ELTEL-AS, RU)
PTR: ad16.adriver.ru

ssp.adriver.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:4db (United States)

ASN13335 (CLOUDFLARENET, US)

a.utraff.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 194.190.117.93 (Russian Federation) 2 redirects

ASN204600 (REPUBLER-AS, RU)
PTR: carp.bspb1.kavanga.ru

sync.republer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 31.172.81.159 (Germany) 3 redirects

ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE)

sync.bumlam.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 31.172.81.160 (Germany) 3 redirects

ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE)

sync3.adsniper.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.18.16.16 (Netherlands)

ASN205675 (HYBRID-AS, RU)

dm.hybrid.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.15.175.157 (Russian Federation)

ASN43226 (SAFEDATA Uplinks, RU)

tag.digitaltarget.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 116.202.85.93 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.93.85.202.116.clients.your-server.de

sync.dmp.otm-r.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 142.250.186.162 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 109.248.237.36 (Moscow, Russian Federation) 1 redirects

ASN201009 (SUPPORTIT-AS, RU)

stat.adlabs.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 95.211.66.35 (Wjelsryp, Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: hosted-by.leaseweb.com

adlmerge.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 95.163.37.253 (Russian Federation)

ASN47764 (MAILRU-AS Mail.Ru, RU)
PTR: relap.io

relap.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 188.34.131.130 (Germany) 3 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.130.131.34.188.clients.your-server.de

adx.com.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 95.216.101.186 (Helsinki, Finland) 3 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.186.101.216.95.clients.your-server.de

sync.1dmp.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.16.14 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 14.16.190.35.bc.googleusercontent.com

redirect.frontend.weborama.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.106.92.202 (Russian Federation) 1 redirects

ASN48614 (ITSOFT-AS, RU)

prodmp.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 89.108.119.28 (Russian Federation) 2 redirects

ASN197695 (AS-REG, RU)
PTR: d51802.reg.regrucolo.ru

x01.aidata.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 80.64.106.148 (Russian Federation) 1 redirects

ASN20764 (RASCOM-AS CJSC RASCOM ISP, RU)
PTR: s-fr3.rutarget.ru

sape-sync.rutarget.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.9.245.57 (Russian Federation) 1 redirects

ASN16345 (BEE-AS Russia, RU)

0100007fb1f4cb602c04435602231722-sp.ops.beeline.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 89.108.97.2 (Russian Federation) 1 redirects

ASN197695 (AS-REG, RU)
PTR: d50603.reg.regrucolo.ru

ut.rktch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 217.66.147.169 (St Petersburg, Russian Federation) 4 redirects

ASN29209 (SPBMTS-AS Malaya Monetnaya Street 2-A, RU)
PTR: host-169-147-66-217.spbmts.ru

sm.rtb.mts.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.87.44.207 (Moscow, Russian Federation) 2 redirects

ASN13174 (MTSNET Moscow, Russia, RU)
PTR: infrastructure-207-44.mts.ru

tech.rtb.mts.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:6b8::90 (Moscow, Russian Federation) 1 redirects

ASN13238 (YANDEX, RU)

an.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 144.76.118.200 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)

exchange.buzzoola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 31.220.27.134 (Amsterdam, Netherlands) 1 redirects

ASN39572 (ADVANCEDHOSTERS-AS, NL)

s.uuidksinc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 217.65.2.150 (Moscow, Russian Federation)

ASN3175 (CITYTELECOM-MSK, RU)

match.new-programmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 93.95.102.105 (Podolsk, Russian Federation)

ASN48347 (MTW-AS, RU)
PTR: unspecified.mtw.ru

fcgi4.gnezdo.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::6816:557 (United States)

ASN13335 (CLOUDFLARENET, US)

s3.advarkads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 88.212.233.108 (Russian Federation) 1 redirects

ASN7979 (SERVERS-COM, US)

api.advarkads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.223.69 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 69.223.244.35.bc.googleusercontent.com

wf.frontend.weborama.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:802::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2a00:1450:4001:827::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.15.175.148 (Russian Federation) 2 redirects

ASN43226 (SAFEDATA Uplinks, RU)

dmg.digitaltarget.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:811::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:5a23:9c4e:e774:96c1 (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.246.227.69 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

pixel.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.67.61 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 61.67.98.34.bc.googleusercontent.com

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.186.253.211 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 211.253.186.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.189.115 (United Kingdom) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.139 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:4700::6810:d40 (United States)

ASN13335 (CLOUDFLARENET, US)

c.bannerflow.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

ade.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
34	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com ade.googlesyndication.com	309 KB
34	microsoftportal.net microsoftportal.net	1 MB
15	doubleclick.net 2 redirects googleads.g.doubleclick.net cm.g.doubleclick.net googleads4.g.doubleclick.net	85 KB
14	acint.net 2 redirects www.acint.net acint.net	14 KB
9	bannerflow.net c.bannerflow.net	106 KB
8	yandex.com 2 redirects mc.yandex.com	2 KB
7	gstatic.com www.gstatic.com fonts.gstatic.com	110 KB
7	yandex.ru 2 redirects informer.yandex.ru mc.yandex.ru an.yandex.ru	72 KB
6	mts.ru 6 redirects sm.rtb.mts.ru tech.rtb.mts.ru	4 KB
6	digitaltarget.ru 2 redirects tag.digitaltarget.ru dmg.digitaltarget.ru	22 KB
6	mail.ru 1 redirects top-fwz1.mail.ru ad.mail.ru	15 KB
5	bumlam.com 3 redirects sync.bumlam.com	3 KB
4	googletagservices.com www.googletagservices.com	140 KB
4	aidata.io 2 redirects x01.aidata.io	2 KB
4	weborama.fr 3 redirects redirect.frontend.weborama.fr wf.frontend.weborama.fr	1 KB
4	1dmp.io 3 redirects sync.1dmp.io	2 KB
4	adriver.ru 2 redirects ad.adriver.ru ssp.adriver.ru	2 KB
3	google.com adservice.google.com www.google.com	1 KB
3	advarkads.com 1 redirects s3.advarkads.com api.advarkads.com	8 KB
3	com.ru 3 redirects adx.com.ru	1 KB
3	adsniper.ru 3 redirects sync3.adsniper.ru	2 KB
3	betweendigital.com 2 redirects ads.betweendigital.com	1014 B
3	yadro.ru 2 redirects counter.yadro.ru	2 KB
3	azureedge.net mcasproxy.azureedge.net	71 KB
2	pubmatic.com 2 redirects image6.pubmatic.com	1 KB
2	openx.net 2 redirects rtb.openx.net	761 B
2	2mdn.net s0.2mdn.net	40 KB
2	googleapis.com fonts.googleapis.com	1 KB
2	republer.com 2 redirects sync.republer.com	950 B
2	adhigh.net 2 redirects px.adhigh.net	824 B
2	facebook.net connect.facebook.net	75 KB
1	rubiconproject.com 1 redirects pixel.rubiconproject.com	456 B
1	mookie1.com odr.mookie1.com	324 B
1	everesttech.net 1 redirects pixel.everesttech.net	376 B
1	quantserve.com cms.quantserve.com	464 B
1	rambler.ru kraken.rambler.ru	1 KB
1	google.de adservice.google.de	853 B
1	googleadservices.com partner.googleadservices.com	664 B
1	gnezdo.ru fcgi4.gnezdo.ru	190 B
1	new-programmatic.com match.new-programmatic.com	215 B
1	uuidksinc.net 1 redirects s.uuidksinc.net	325 B
1	buzzoola.com 1 redirects exchange.buzzoola.com	176 B
1	rktch.com 1 redirects ut.rktch.com	544 B
1	beeline.ru 1 redirects 0100007fb1f4cb602c04435602231722-sp.ops.beeline.ru	634 B
1	rutarget.ru 1 redirects sape-sync.rutarget.ru	416 B
1	prodmp.ru 1 redirects prodmp.ru	278 B
1	relap.io relap.io	1 KB
1	adlmerge.com adlmerge.com	115 B
1	adlabs.ru 1 redirects stat.adlabs.ru	108 B
1	otm-r.com sync.dmp.otm-r.com	70 B
1	hybrid.ai dm.hybrid.ai	238 B
1	utraff.com a.utraff.com	746 B
1	sape.ru 1 redirects ssp-rtb.sape.ru	566 B
1	top100.ru st.top100.ru	49 KB
1	admin-mcas.ms microsoftportal.net.admin-mcas.ms	837 B
173	55

	Domain	Requested by
34	microsoftportal.net	microsoftportal.net
20	tpc.googlesyndication.com	googleads.g.doubleclick.net microsoftportal.net.admin-mcas.ms tpc.googlesyndication.com pagead2.googlesyndication.com
13	pagead2.googlesyndication.com	microsoftportal.net pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
11	www.acint.net	2 redirects microsoftportal.net www.acint.net
9	c.bannerflow.net	s0.2mdn.net microsoftportal.net c.bannerflow.net
8	mc.yandex.com	2 redirects microsoftportal.net mc.yandex.ru
7	cm.g.doubleclick.net	2 redirects microsoftportal.net googleads.g.doubleclick.net
7	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net
5	fonts.gstatic.com	fonts.googleapis.com
5	sync.bumlam.com	3 redirects www.acint.net
5	top-fwz1.mail.ru	1 redirects microsoftportal.net top-fwz1.mail.ru
4	dmg.digitaltarget.ru	2 redirects www.acint.net
4	www.googletagservices.com	pagead2.googlesyndication.com googleads.g.doubleclick.net
4	an.yandex.ru	1 redirects www.acint.net
4	sm.rtb.mts.ru	4 redirects
4	x01.aidata.io	2 redirects www.acint.net
4	sync.1dmp.io	3 redirects www.acint.net
3	adx.com.ru	3 redirects
3	sync3.adsniper.ru	3 redirects
3	acint.net	www.acint.net
3	ads.betweendigital.com	2 redirects www.acint.net
3	counter.yadro.ru	2 redirects microsoftportal.net
3	mcasproxy.azureedge.net	microsoftportal.net.admin-mcas.ms mcasproxy.azureedge.net
2	image6.pubmatic.com	2 redirects
2	rtb.openx.net	2 redirects
2	www.google.com	googleads.g.doubleclick.net tpc.googlesyndication.com
2	s0.2mdn.net	microsoftportal.net.admin-mcas.ms s0.2mdn.net
2	www.gstatic.com	googleads.g.doubleclick.net
2	fonts.googleapis.com	googleads.g.doubleclick.net
2	wf.frontend.weborama.fr	1 redirects s3.advarkads.com
2	s3.advarkads.com	www.acint.net s3.advarkads.com
2	tech.rtb.mts.ru	2 redirects
2	redirect.frontend.weborama.fr	2 redirects
2	tag.digitaltarget.ru	www.acint.net tag.digitaltarget.ru
2	sync.republer.com	2 redirects
2	ssp.adriver.ru	www.acint.net
2	ad.adriver.ru	2 redirects
2	px.adhigh.net	2 redirects
2	mc.yandex.ru	1 redirects microsoftportal.net
2	connect.facebook.net	microsoftportal.net connect.facebook.net
1	ade.googlesyndication.com
1	pixel.rubiconproject.com	1 redirects
1	odr.mookie1.com	googleads.g.doubleclick.net
1	pixel.everesttech.net	1 redirects
1	cms.quantserve.com	googleads.g.doubleclick.net
1	googleads4.g.doubleclick.net	microsoftportal.net.admin-mcas.ms
1	api.advarkads.com	1 redirects
1	kraken.rambler.ru	microsoftportal.net
1	adservice.google.com	pagead2.googlesyndication.com
1	adservice.google.de	pagead2.googlesyndication.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	fcgi4.gnezdo.ru	www.acint.net
1	match.new-programmatic.com	www.acint.net
1	s.uuidksinc.net	1 redirects
1	exchange.buzzoola.com	1 redirects
1	ut.rktch.com	1 redirects
1	0100007fb1f4cb602c04435602231722-sp.ops.beeline.ru	1 redirects
1	sape-sync.rutarget.ru	1 redirects
1	prodmp.ru	1 redirects
1	relap.io	www.acint.net
1	adlmerge.com	www.acint.net
1	stat.adlabs.ru	1 redirects
1	sync.dmp.otm-r.com	www.acint.net
1	dm.hybrid.ai	www.acint.net
1	a.utraff.com	www.acint.net
1	ad.mail.ru	www.acint.net
1	ssp-rtb.sape.ru	1 redirects
1	st.top100.ru	microsoftportal.net
1	informer.yandex.ru	microsoftportal.net
1	microsoftportal.net.admin-mcas.ms
173	70

This site contains links to these domains. Also see Links.

Domain
www.liveinternet.ru
metrika.yandex.ru
top100.rambler.ru
top.mail.ru
www.facebook.com
www.odnoklassniki.ru
vk.com
twitter.com
www.youtube.com
steamcommunity.com
plus.google.com

Subject Issuer	Validity	Valid
*.mcas.ms Microsoft Azure TLS Issuing CA 01	`2021-06-17` - `2022-06-12`	a year	crt.sh
*.azureedge.net DigiCert SHA2 Secure Server CA	`2020-11-21` - `2021-11-30`	a year	crt.sh
microsoftportal.net R3	`2021-05-03` - `2021-08-01`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-05-17` - `2021-08-09`	3 months	crt.sh
mc.yandex.ru Yandex CA	`2021-02-27` - `2021-08-09`	5 months	crt.sh
*.mail.ru GeoTrust ECC CA 2018	`2020-11-13` - `2021-11-17`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-05-26` - `2021-08-24`	3 months	crt.sh
*.acint.net R3	`2021-06-15` - `2021-09-13`	3 months	crt.sh
counter.yadro.ru R3	`2021-05-29` - `2021-08-27`	3 months	crt.sh
*.top100.ru RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2021-02-15` - `2022-02-14`	a year	crt.sh
ads.betweendigital.com Sectigo RSA Domain Validation Secure Server CA	`2020-11-19` - `2021-12-20`	a year	crt.sh
*.adriver.ru RapidSSL RSA CA 2018	`2020-04-03` - `2022-04-24`	2 years	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-07-19` - `2021-07-19`	a year	crt.sh
*.bumlam.com R3	`2021-04-02` - `2021-07-01`	3 months	crt.sh
*.hybrid.ai Sectigo RSA Domain Validation Secure Server CA	`2020-07-07` - `2022-10-05`	2 years	crt.sh
tag.digitaltarget.ru R3	`2021-06-07` - `2021-09-05`	3 months	crt.sh
sync.dmp.otm-r.com Sectigo RSA Domain Validation Secure Server CA	`2021-05-18` - `2022-06-18`	a year	crt.sh
adlmerge.com R3	`2021-04-19` - `2021-07-18`	3 months	crt.sh
relap.io GeoTrust RSA CA 2018	`2020-10-01` - `2021-10-06`	a year	crt.sh
my.aidata.me Sectigo RSA Domain Validation Secure Server CA	`2020-02-25` - `2022-02-25`	2 years	crt.sh
sync.1dmp.io R3	`2021-05-31` - `2021-08-29`	3 months	crt.sh
bs.yandex.ru Yandex CA	`2021-05-31` - `2021-11-29`	6 months	crt.sh
new-programmatic.com R3	`2021-05-20` - `2021-08-18`	3 months	crt.sh
fcgi4.gnezdo.ru R3	`2021-05-11` - `2021-08-09`	3 months	crt.sh
advarkads.com Cloudflare Inc ECC CA-3	`2021-06-08` - `2022-06-07`	a year	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-05-24` - `2021-08-16`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-05-24` - `2021-08-16`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-05-24` - `2021-08-16`	3 months	crt.sh
*.rambler.ru RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2021-05-20` - `2022-05-19`	a year	crt.sh
*.frontend.weborama.fr Go Daddy Secure Certificate Authority - G2	`2021-02-20` - `2022-03-24`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2021-05-17` - `2021-08-09`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-05-24` - `2021-08-16`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-05-17` - `2021-08-09`	3 months	crt.sh
dmg.digitaltarget.ru R3	`2021-06-07` - `2021-09-05`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-05-17` - `2021-08-09`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-05-24` - `2021-08-16`	3 months	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2020-10-02` - `2021-10-07`	a year	crt.sh
*.mookie1.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-22` - `2022-03-25`	a year	crt.sh

This page contains 18 frames:

Primary Page: https://microsoftportal.net/
Frame ID: 3FDC686ACD01114C35FFDEAD3908BF07
Requests: 67 HTTP requests in this frame

Frame: https://mcasproxy.azureedge.net/proxyweb/0.202.31/html/session-context-restore.html?action=store&contextData=https%3A%2F%2Fmicrosoftportal.net%2F
Frame ID: 4906B657F4D94B7D088B1B94B21B9126
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210616/r20190131/zrt_lookup.html
Frame ID: 6618EAAE4FD36EF28ABC30DDE0372E91
Requests: 1 HTTP requests in this frame

Frame: https://www.acint.net/mc/?dp=10&tc=1
Frame ID: F91AB3FCE2381B4E723ACED774AD1AA9
Requests: 32 HTTP requests in this frame

Frame: https://s3.advarkads.com/modules/match/frame.html?id=8113-1-1&uid=0100007FB1F4CB602C04435602231722
Frame ID: CF2C330FDCB37C19538FE0F0C3EE173D
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8396851324217908&output=html&h=90&slotname=2908634292&adk=3175562939&adf=658274708&pi=t.ma~as.2908634292&w=728&lmt=1623979185&psa=0&format=728x90&url=https%3A%2F%2Fmicrosoftportal.net%2F%3F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1623979185723&bpp=3&bdt=319&idt=88&shv=r20210616&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&correlator=4819059036576&frm=20&pv=2&ga_vid=1915006618.1623979186&ga_sid=1623979186&ga_hid=1699597303&ga_fc=0&u_tz=120&u_his=3&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=202&ady=250&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=145003549783568&ref=https%3A%2F%2Fmicrosoftportal.net.admin-mcas.ms%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=8g8xvqRfCA&p=https%3A//microsoftportal.net&dtd=113
Frame ID: 0F59ECECAEEF579D1DBDD05618A673FB
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8396851324217908&output=html&h=600&slotname=2618197074&adk=2460103794&adf=3305433536&pi=t.ma~as.2618197074&w=300&fwrn=4&fwrnh=100&lmt=1623979185&rafmt=1&psa=0&format=300x600&url=https%3A%2F%2Fmicrosoftportal.net%2F%3F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1623979185726&bpp=1&bdt=322&idt=127&shv=r20210616&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=4819059036576&frm=20&pv=1&ga_vid=1915006618.1623979186&ga_sid=1623979186&ga_hid=1699597303&ga_fc=0&u_tz=120&u_his=3&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1099&ady=365&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=145003549783568&ref=https%3A%2F%2Fmicrosoftportal.net.admin-mcas.ms%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=WBKw8VLyXC&p=https%3A//microsoftportal.net&dtd=130
Frame ID: E3332117298C9A018257954F0A7A0180
Requests: 17 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8396851324217908&output=html&h=280&slotname=7615861873&adk=1353954373&adf=392815488&pi=t.ma~as.7615861873&w=1197&fwrn=4&fwrnh=100&lmt=1623979185&rafmt=1&psa=0&format=1197x280&url=https%3A%2F%2Fmicrosoftportal.net%2F%3F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1623979185727&bpp=1&bdt=323&idt=165&shv=r20210616&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C300x600&correlator=4819059036576&frm=20&pv=1&ga_vid=1915006618.1623979186&ga_sid=1623979186&ga_hid=1699597303&ga_fc=0&u_tz=120&u_his=3&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=202&ady=2232&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=145003549783568&ref=https%3A%2F%2Fmicrosoftportal.net.admin-mcas.ms%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=N8b3RWDEwB&p=https%3A//microsoftportal.net&dtd=167
Frame ID: 0706D731CADE847806A7155642249E14
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8396851324217908&output=html&adk=1812271804&adf=3025194257&lmt=1623979185&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fmicrosoftportal.net%2F%3F&ea=0&flash=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1623979185735&bpp=1&bdt=331&idt=181&shv=r20210616&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C300x600%2C1197x280&nras=1&correlator=4819059036576&frm=20&pv=1&ga_vid=1915006618.1623979186&ga_sid=1623979186&ga_hid=1699597303&ga_fc=0&u_tz=120&u_his=3&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=145003549783568&ref=https%3A%2F%2Fmicrosoftportal.net.admin-mcas.ms%2F&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=4&uci=a!4&fsb=1&dtd=186
Frame ID: F0F40527E35FF647FE775191A34812D6
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/r9UBjISocNAIJlYpJ9js6qS1QkxlF8WeLwKBT19OnPk.js
Frame ID: E39FDA384712F174A8B49002A8749A7A
Requests: 1 HTTP requests in this frame

Frame: https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssO9hr6jrTCUaEL1FjI4TKPsyacVQ4HOBHE8tVmu26knFJJPR357wQ1yuieIf_CShMDFFI-W9XnvUjKbLoCvqK76D-WuJpJJ_CecpzsBUZRYQeJdx5SqGB40hGYAzSwMbK1CzMNq4xHfdIVEdHX2N25uAOAXkuJn7mMPDLCmJ98uxgTaE1G_Q2tajTQLdp9Bg1Oe1I0Ovmi1_FfVp5LB9guADlb7yJdubuXSVPr0X3AVJ04ilFuFodgs2Y7qLIBBHPSRY5Jl918o6bGNbl7_zhGoyuKZ2q7pF2JKjK_m0tM8Mq_jM83Cv-NFJt8eor2dtzautFLKRCrFLMnJh6BICSMwEIF3na5iEilIGlGqbkuwUTj1n8X3x24s10U5O7Tu1CDaCTvYwAzeueKM1XY6Yks9fL64NvsKXCmGAkXoN0kzw-SW7OWt6ovIOHp-1FNlwbgRMHY_d6u9rrDcNyyG76YDtw2HnUwawbMJTIWBzShX30qa0t3DpW55jg83SyYVQApyMTpTcvyvejIl_vxPTpuRw0pPtlYp2YV3tpBOOdyv6jQhUe5TtcmjDAmwngCKn0uXh_fuapqZ_kpGv20ZIPxTBF0YI8IVLA-zBXSjEMReYaNBIw688dxPlDhySoHfrwm3W2zedVYshg_tYsgIYj8_-PQjcH4aTIY6TFGXt06V9SnBLrEqy2Pa5QEFhI35_4lrJ4pfqXkrZmBPjIp-_Htxe6HlzkV4DYvVT7lSSTZoaQvZVHH9M8BGgNM3lyS9eLBwuipZorbaCeprkVd-K-REkkMmi_klM_rWhp66j5YHMLB43GjY-w2atRPDuXMqg_i4mqm7oQ2Sih3TZpddPbD9oBHIIs9u8Umx8FQbK3gXkeGv8nlVQ25dHNN-iSdBk8SeOD3zjLfNrYq_tbx_Npp7UlRAaGMSGNuyg0cNSqQSpYyCvwQ2HJLlI3IZcgbcNZQDAyoLGhS6sFNGhHgwC9dymEM7hNOo8I&sig=Cg0ArKJSzKv9q1ZnMgQ7EAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&adurl=
Frame ID: 9FD5359DDBEB99E7352E56589FC2F49C
Requests: 11 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 2560567D29F0D8B9DB25253A7C5F03FA
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 1501DB80C3CB3C9C695DE660FF44A7C5
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/r9UBjISocNAIJlYpJ9js6qS1QkxlF8WeLwKBT19OnPk.js
Frame ID: 5EFDF109021F69250C54BAA529F48E98
Requests: 1 HTTP requests in this frame

Frame: https://s0.2mdn.net/6418128/1617813969298/DE_T2_Shares_DE_FixedCommission_black_Prospecting-German-970x250-637534107678057419-f6b96f81-61c1-4a52-b8e5-51816cdb5dfa.html
Frame ID: 5D5F95D9928E9AD36A87F4C7457C3605
Requests: 9 HTTP requests in this frame

Frame: https://c.bannerflow.net/io/api/image/optimize?u=https%3A%2F%2Fc.bannerflow.net%2Faccounts%2Fcmc-markets%2F560bd8d24d47fc28fc84259d%2Fimages%2Fbd038b86-adff-4382-83f7-3a5e61a783ec.png&w=311&h=231&q=90&f=webp&rt=contain
Frame ID: 8BC7DC393A55F95ECB3FD183141341AF
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/223/runner.html
Frame ID: 48EB8A53894C20EE7BE9CC6BC693190F
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 9FEA53410A06231018040909654F3474
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://microsoftportal.net.admin-mcas.ms/ Page URL
https://microsoftportal.net/ Page URL

Detected technologies

DataLife Engine (CMS) Expand

Overall confidence: 100%
Detected patterns

meta generator /DataLife Engine/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

meta generator /DataLife Engine/i

Lua (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers server /openresty(?:\/([\d.]+))?/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /openresty(?:\/([\d.]+))?/i

OpenResty (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /openresty(?:\/([\d.]+))?/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

meta generator /DataLife Engine/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googlesyndication\.com\//i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

173
Requests

99 %
HTTPS

30 %
IPv6

55
Domains

70
Subdomains

47
IPs

8
Countries

2561 kB
Transfer

4297 kB
Size

1
Cookies

11 Outgoing links

These are links going to different origins than the main page.

URL: https://www.liveinternet.ru/click

Search URL Search Domain Scan URL

URL: https://metrika.yandex.ru/stat/?id=10478836&from=informer

Search URL Search Domain Scan URL

URL: https://top100.rambler.ru/home?id=2584737

Search URL Search Domain Scan URL

URL: https://top.mail.ru/jump?from=2124891
Title:

Search URL Search Domain Scan URL

URL: https://www.facebook.com/microsoftportal

Search URL Search Domain Scan URL

URL: http://www.odnoklassniki.ru/group/51631113764995

Search URL Search Domain Scan URL

URL: http://vk.com/microsoftportal

Search URL Search Domain Scan URL

URL: https://twitter.com/microsoftportal

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCiih5R_7C82ChX0YqUAWTtA

Search URL Search Domain Scan URL

URL: http://steamcommunity.com/groups/microsoftportal

Search URL Search Domain Scan URL

URL: https://plus.google.com/+MicrosoftPortalNET/posts

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://microsoftportal.net.admin-mcas.ms/ Page URL
https://microsoftportal.net/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 27

https://top-fwz1.mail.ru/counter?id=2124891;t=433;l=1 HTTP 302
https://top-fwz1.mail.ru/counter2?id=2124891;t=433;l=1

Request Chain 39

https://counter.yadro.ru/hit?t15.1;rhttps%3A//microsoftportal.net.admin-mcas.ms/;s1600*1200*24;uhttps%3A//microsoftportal.net/%3F;hMSPortal;0.8743503093879439 HTTP 302
https://counter.yadro.ru/hit?q;t15.1;rhttps%3A//microsoftportal.net.admin-mcas.ms/;s1600*1200*24;uhttps%3A//microsoftportal.net/%3F;hMSPortal;0.8743503093879439

Request Chain 49

https://www.acint.net/mc/?dp=10 HTTP 302
https://www.acint.net/mc/?dp=10&tc=1

Request Chain 51

https://ads.betweendigital.com/match?bidder_id=73&external_user_id=0100007FB1F4CB602C04435602231722 HTTP 302
https://ads.betweendigital.com/match?bidder_id=73&external_user_id=0100007FB1F4CB602C04435602231722&crf=1

Request Chain 52

https://ssp-rtb.sape.ru/rmatch/?r=https%3A%2F%2Facint.net%2Fmatch%3Fdp%3D14%26euid%3D%24%7BUSER_ID%7D HTTP 302
https://acint.net/match?dp=14&euid=0100007FB1F4CB601800F26B02968D03

Request Chain 53

https://px.adhigh.net/p/cm/sape?u=0100007FB1F4CB602C04435602231722 HTTP 302
https://px.adhigh.net/p/cm/sape?u=0100007FB1F4CB602C04435602231722&bounced=1 HTTP 302
https://acint.net/match?dp=17&euid=gekTUbILh29.AikABlF6HLPXEQ

Request Chain 55

https://ad.adriver.ru/cgi-bin/rle.cgi?sid=1&ad=608223&bt=21&pid=2551979&bid=6438691 HTTP 302
https://ad.adriver.ru/cgi-bin/rle.cgi?sid=1&ad=608223&bt=21&pid=2551979&bid=6438691&tuid=-5738094577 HTTP 302
https://www.acint.net/rmatch?dp=45&euid=AA4yv4LohxlSRLMTPci7gGw&r=https%3A%2F%2Fssp.adriver.ru%2Fcgi-bin%2Fsync.cgi%3Fssp_id%3D43%26external_id%3D%24%7BUSER_ID%7D HTTP 302
https://ssp.adriver.ru/cgi-bin/sync.cgi?ssp_id=43&external_id=0100007FB1F4CB602C04435602231722

Request Chain 57

https://sync.republer.com/match?dsp=sape HTTP 307
https://sync.republer.com/match?dsp=sape&qset=1 HTTP 307
https://sync.bumlam.com/?src=rp1&uid=eb252af8-901f-4a3e-8409-58cd9ad309d3 HTTP 302
https://sync3.adsniper.ru/?src=ss1&s_data=CAEQABiy6a-GBlIEioaQK2IkZWIyNTJhZjgtOTAxZi00YTNlLTg0MDktNThjZDlhZDMwOWQz HTTP 302
https://sync3.adsniper.ru/?src=ss1&s_data=CAIQARiy6a-GBlIEioaQK2IkZWIyNTJhZjgtOTAxZi00YTNlLTg0MDktNThjZDlhZDMwOWQzogEQRKmChs_TEeuKUwzEem0v7w** HTTP 302
https://sync.bumlam.com/?src=rp1&s_data=CAIQABiy6a-GBmIkZWIyNTJhZjgtOTAxZi00YTNlLTg0MDktNThjZDlhZDMwOWQzogEQRKmChs_TEeuKUwzEem0v7w** HTTP 302
https://sync.bumlam.com/?src=rp1&s_data=CAIQARiy6a-GBmIkZWIyNTJhZjgtOTAxZi00YTNlLTg0MDktNThjZDlhZDMwOWQzogEQRKmChs_TEeuKUwzEem0v7w**

Request Chain 61

https://cm.g.doubleclick.net/pixel?google_nid=agentstvo_sape_limited&google_hm=AQAAf7H0y2AsBENWAiMXIg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agentstvo_sape_limited&google_hm=AQAAf7H0y2AsBENWAiMXIg&google_tc= HTTP 302
https://www.acint.net/match?dp=77&euid=

Request Chain 62

https://stat.adlabs.ru/merge_gpsid/?sid=50&id=0100007FB1F4CB602C04435602231722 HTTP 302
https://adlmerge.com/merge_gpsid/?sid=50&id=0100007FB1F4CB602C04435602231722

Request Chain 65

https://adx.com.ru/sape-sync?uid=0100007FB1F4CB602C04435602231722 HTTP 302
https://adx.com.ru/sync?sspKey=25&sspUserID=0100007FB1F4CB602C04435602231722 HTTP 302
https://sync.1dmp.io/pixel.gif?cid=1ff6bf67-bdc8-400e-bc26-d735d8654ed6&pid=w&uid=60cbf4b1d41e065bb90a43ac&ru=https%3A%2F%2Fredirect.frontend.weborama.fr%2Frd%3Furl%3Dhttps%253A%252F%252Fadx.com.ru%252Fweborama-sync%253Furl%253Dhttps%25253A%25252F%25252Fprodmp.ru%25252Fyabbi.gif%25253Fuid%25253D60cbf4b1d41e065bb90a43ac%252526r%25253Dhttps%2525253A%2525252F%2525252Fx01.aidata.io%2525252F0.gif%2525253Fpid%2525253D9712851%25252526id%2525253D60cbf4b1d41e065bb90a43ac%25252526dest%2525253D%2526webouid%253D%7BWEBO_CID%7D HTTP 302
https://sync.1dmp.io/pixel.gif?cid=1ff6bf67-bdc8-400e-bc26-d735d8654ed6&pid=w&uid=60cbf4b1d41e065bb90a43ac&ru=https%3A%2F%2Fredirect.frontend.weborama.fr%2Frd%3Furl%3Dhttps%253A%252F%252Fadx.com.ru%252Fweborama-sync%253Furl%253Dhttps%25253A%25252F%25252Fprodmp.ru%25252Fyabbi.gif%25253Fuid%25253D60cbf4b1d41e065bb90a43ac%252526r%25253Dhttps%2525253A%2525252F%2525252Fx01.aidata.io%2525252F0.gif%2525253Fpid%2525253D9712851%25252526id%2525253D60cbf4b1d41e065bb90a43ac%25252526dest%2525253D%2526webouid%253D%7BWEBO_CID%7D&cs=1 HTTP 302
https://redirect.frontend.weborama.fr/rd?url=https%3A%2F%2Fadx.com.ru%2Fweborama-sync%3Furl%3Dhttps%253A%252F%252Fprodmp.ru%252Fyabbi.gif%253Fuid%253D60cbf4b1d41e065bb90a43ac%2526r%253Dhttps%25253A%25252F%25252Fx01.aidata.io%25252F0.gif%25253Fpid%25253D9712851%252526id%25253D60cbf4b1d41e065bb90a43ac%252526dest%25253D%26webouid%3D{WEBO_CID} HTTP 302
https://redirect.frontend.weborama.fr/rd?url=https%3A%2F%2Fadx.com.ru%2Fweborama-sync%3Furl%3Dhttps%253A%252F%252Fprodmp.ru%252Fyabbi.gif%253Fuid%253D60cbf4b1d41e065bb90a43ac%2526r%253Dhttps%25253A%25252F%25252Fx01.aidata.io%25252F0.gif%25253Fpid%25253D9712851%252526id%25253D60cbf4b1d41e065bb90a43ac%252526dest%25253D%26webouid%3D%7BWEBO_CID%7D&bounce=1&random=3097225592 HTTP 302
https://adx.com.ru/weborama-sync?url=https%3A%2F%2Fprodmp.ru%2Fyabbi.gif%3Fuid%3D60cbf4b1d41e065bb90a43ac%26r%3Dhttps%253A%252F%252Fx01.aidata.io%252F0.gif%253Fpid%253D9712851%2526id%253D60cbf4b1d41e065bb90a43ac%2526dest%253D&webouid=idUSSIY5fcu1JG4ejJTaYu HTTP 302
https://prodmp.ru/yabbi.gif?uid=60cbf4b1d41e065bb90a43ac&r=https%3A%2F%2Fx01.aidata.io%2F0.gif%3Fpid%3D9712851%26id%3D60cbf4b1d41e065bb90a43ac%26dest%3D HTTP 302
https://x01.aidata.io/0.gif?pid=9712851&id=60cbf4b1d41e065bb90a43ac&dest=

Request Chain 66

https://sync.1dmp.io/pixel.gif?cid=4c144084-0ce0-4f71-a147-2abe600b8908&brid=ba2b253b-6888-4e47-a573-9ffc06d95cd1&pid=w&uid=0100007FB1F4CB602C04435602231722 HTTP 302
https://sync.1dmp.io/pixel.gif?cid=4c144084-0ce0-4f71-a147-2abe600b8908&brid=ba2b253b-6888-4e47-a573-9ffc06d95cd1&pid=w&uid=0100007FB1F4CB602C04435602231722&cs=1

Request Chain 67

https://sape-sync.rutarget.ru/sync HTTP 302
https://www.acint.net/match?dp=104&euid=cerNklUh1--4

Request Chain 68

https://ads.betweendigital.com/match?bidder_id=35313&callback_url=https%3A%2F%2Facint.net%2Fmatch%3Fdp%3D107%26euid%3D%24%7BUSER_ID%7D HTTP 302
https://acint.net/match?dp=107&euid=3f04def9-236d-52a9-b59f-8291d5547620

Request Chain 69

https://0100007fb1f4cb602c04435602231722-sp.ops.beeline.ru/p?ssp=sp&id=0100007FB1F4CB602C04435602231722 HTTP 301
https://www.acint.net/match?dp=111&euid=62f076c6-a0e2-4d18-9e3a-20dba096bad4

Request Chain 70

https://ut.rktch.com/matchspm?pi=1000005&pui=0100007FB1F4CB602C04435602231722 HTTP 302
https://sm.rtb.mts.ru/p?ssp=natimatica&id=b2f3cb50180064f19a39028f8a4755eb7256 HTTP 301
https://sm.rtb.mts.ru/match/second?r=https%3A%2F%2Fut.rktch.com%2Fmatchsbm%3Fbi%3D29%26bui%3D240f7097-83d0-4e66-ae90-64b4a797d3de&ssp=natimatica&exu=b2f3cb50180064f19a39028f8a4755eb7256 HTTP 301
https://tech.rtb.mts.ru/?dsp_uid=240f7097-83d0-4e66-ae90-64b4a797d3de&return_url=https%3A%2F%2Fan.yandex.ru%2Fsetud%2Fmts_banner%2FJA9wl4PQTmaukGS0p5fT3g%3Flocation%3Dhttps%253A%252F%252Fut.rktch.com%252Fmatchsbm%253Fbi%253D29%2526bui%253D240f7097-83d0-4e66-ae90-64b4a797d3de%26sign%3D1318329968 HTTP 302
https://an.yandex.ru/setud/mts_banner/JA9wl4PQTmaukGS0p5fT3g?location=https%3A%2F%2Fut.rktch.com%2Fmatchsbm%3Fbi%3D29%26bui%3D240f7097-83d0-4e66-ae90-64b4a797d3de&sign=1318329968

Request Chain 71

https://sm.rtb.mts.ru/p?ssp=sape&id=0100007FB1F4CB602C04435602231722 HTTP 301
https://sm.rtb.mts.ru/match/second?r=https%3A%2F%2Fwww.acint.net%2Fmatch%3Fdp%3D125%26euid%3D240f7097-83d0-4e66-ae90-64b4a797d3de&ssp=sape&exu=0100007FB1F4CB602C04435602231722 HTTP 301
https://tech.rtb.mts.ru/?dsp_uid=240f7097-83d0-4e66-ae90-64b4a797d3de&return_url=https%3A%2F%2Fan.yandex.ru%2Fsetud%2Fmts_banner%2FJA9wl4PQTmaukGS0p5fT3g%3Flocation%3Dhttps%253A%252F%252Fwww.acint.net%252Fmatch%253Fdp%253D125%2526euid%253D240f7097-83d0-4e66-ae90-64b4a797d3de%26sign%3D2912159475 HTTP 302
https://an.yandex.ru/setud/mts_banner/JA9wl4PQTmaukGS0p5fT3g?location=https%3A%2F%2Fwww.acint.net%2Fmatch%3Fdp%3D125%26euid%3D240f7097-83d0-4e66-ae90-64b4a797d3de&sign=2912159475

Request Chain 72

https://exchange.buzzoola.com/cookiesync/redirect/sape?redirect_url=https%3A%2F%2Fwww.acint.net%2Fmatch%3Fdp%3D126%26euid%3D%24%7BUUID%7D HTTP 301
https://www.acint.net/match?dp=126&euid=d202c49c-d984-4bc8-7eba-61deef405619

Request Chain 73

https://s.uuidksinc.net/match/396/0100007FB1F4CB602C04435602231722 HTTP 302
https://www.acint.net/match?dp=127&euid=adBQJFAv6ubpUeRVeeVh

Request Chain 76

https://x01.aidata.io/0.gif?pid=9401454&id=0100007FB1F4CB602C04435602231722 HTTP 302
https://x01.aidata.io/0.gif?pid=9401454&id=0100007FB1F4CB602C04435602231722&bounce=1 HTTP 302
https://counter.yadro.ru/id-redir/aidata.gif?back=STOP HTTP 302
https://x01.aidata.io/0.gif?pid=LIVE&id=&back=STOP

Request Chain 77

https://sync.bumlam.com/?src=sap1&uid=0100007FB1F4CB602C04435602231722 HTTP 302
https://sync3.adsniper.ru/?src=ss1&s_data=CAEQABiy6a-GBlIFrbKc-w9iIDAxMDAwMDdGQjFGNENCNjAyQzA0NDM1NjAyMjMxNzIy HTTP 302
https://sync.bumlam.com/?src=sap1&s_data=CAIQABiy6a-GBmIgMDEwMDAwN0ZCMUY0Q0I2MDJDMDQ0MzU2MDIyMzE3MjKiARBEqYKGz9MR64pTDMR6bS_v

Request Chain 78

https://an.yandex.ru/mapuid/sapeis/0100007FB1F4CB602C04435602231722 HTTP 302
https://an.yandex.ru/mapuid/sapeis/0100007FB1F4CB602C04435602231722?redir-setuniq=1

Request Chain 87

https://mc.yandex.com/sync_cookie_image_check HTTP 302
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=9307.JPQX8AuodB4EFZtR9RT2LRg_fZZkZkjMFCclN2NCPUFdNYkvRI1AR59L6em0wCv0.Ml8eEaVjnYcWxsNahfs1Q-BK4XE%2C HTTP 302
https://mc.yandex.com/sync_cookie_image_decide?token=9307.u0f2JqS_YhoJ8NWezVO0qDZ3afSOR-u1rRO-Nj9vrDrlcdc8NdqSC1YPo8UoZb0J0cz2b--u4Jcq2uIGhXjJDA%2C%2C.GFgRnnFnQoivUFC3d6fuQfFwYB8%2C

Request Chain 95

https://api.advarkads.com/api/statistic/match?id=8113-1-1&uid=0100007FB1F4CB602C04435602231722 HTTP 302
https://wf.frontend.weborama.fr/streampixel/?wamid=8179&Wvar=%7B%22userid%22%3A%22EAIRMrlopkm_1m4vLF7aRQ%22%7D&d.r=216020 HTTP 302
https://wf.frontend.weborama.fr/streampixel/?wamid=8179&Wvar=%7B%22userid%22%3A%22EAIRMrlopkm_1m4vLF7aRQ%22%7D&d.r=216020&bounce=1&random=529896554

Request Chain 96

https://mc.yandex.com/watch/10478836?wmode=7&page-url=https%3A%2F%2Fmicrosoftportal.net%2F%3F&page-ref=https%3A%2F%2Fmicrosoftportal.net.admin-mcas.ms%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Alvg2sn1re62lx62l%3Afp%3A733%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A562%3Acn%3A1%3Adp%3A0%3Als%3A622167061354%3Ahid%3A753955658%3Az%3A120%3Ai%3A20210618031945%3Aet%3A1623979186%3Ac%3A1%3Arn%3A505851989%3Au%3A1623979186653232680%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Ans%3A1623979184930%3Ads%3A1%2C109%2C359%2C1%2C0%2C0%2C%2C283%2C4%2C%2C%2C%2C771%3Adsn%3A1%2C109%2C359%2C1%2C0%2C0%2C%2C287%2C4%2C%2C%2C%2C771%3Awv%3A2%3Arqnl%3A1%3Aadb%3A2%3Ati%3A2%3Ast%3A1623979186%3At%3AMSPortal HTTP 302
https://mc.yandex.com/watch/10478836/1?wmode=7&page-url=https%3A%2F%2Fmicrosoftportal.net%2F%3F&page-ref=https%3A%2F%2Fmicrosoftportal.net.admin-mcas.ms%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Alvg2sn1re62lx62l%3Afp%3A733%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A562%3Acn%3A1%3Adp%3A0%3Als%3A622167061354%3Ahid%3A753955658%3Az%3A120%3Ai%3A20210618031945%3Aet%3A1623979186%3Ac%3A1%3Arn%3A505851989%3Au%3A1623979186653232680%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Ans%3A1623979184930%3Ads%3A1%2C109%2C359%2C1%2C0%2C0%2C%2C283%2C4%2C%2C%2C%2C771%3Adsn%3A1%2C109%2C359%2C1%2C0%2C0%2C%2C287%2C4%2C%2C%2C%2C771%3Awv%3A2%3Arqnl%3A1%3Aadb%3A2%3Ati%3A2%3Ast%3A1623979186%3At%3AMSPortal

Request Chain 112

https://dmg.digitaltarget.ru/1/1093/i/i?i=314215965892823.385457833839027&a=77&e=0100007FB1F4CB602C04435602231722&pref=https%3A%2F%2Fmicrosoftportal.net%2F&c=ss:77.up:0100007FB1F4CB602C04435602231722.sync:up.xdua:dugTjNoYSRdn4Q5gSaJsyYGb.xps:xpsPmQrNnHPpe1sG4YEFKPjcD.dn:acint__net.adcm:hit.tg:adcmjs_init%20adcmjs_noorient HTTP 307
https://dmg.digitaltarget.ru/awg/custom/1093/i/i?call_source=awg&i=314215965892823.385457833839027&a=77&e=0100007FB1F4CB602C04435602231722&pref=https%3A%2F%2Fmicrosoftportal.net%2F&c=ss:77.up:0100007FB1F4CB602C04435602231722.sync:up.xdua:dugTjNoYSRdn4Q5gSaJsyYGb.xps:xpsPmQrNnHPpe1sG4YEFKPjcD.dn:acint__net.adcm:hit.tg:adcmjs_init%20adcmjs_noorient

Request Chain 113

https://dmg.digitaltarget.ru/1/1093/i/i?i=314215965892823.126076461216087&a=77&e=0100007FB1F4CB602C04435602231722&pref=https%3A%2F%2Fmicrosoftportal.net%2F&c=ss:77.up:0100007FB1F4CB602C04435602231722.sync:up.xdua:dugTjNoYSRdn4Q5gSaJsyYGb.xps:xpsPmQrNnHPpe1sG4YEFKPjcD.dn:acint__net.adcm:hit.tg:adcmjs_noorient HTTP 307
https://dmg.digitaltarget.ru/awg/custom/1093/i/i?call_source=awg&i=314215965892823.126076461216087&a=77&e=0100007FB1F4CB602C04435602231722&pref=https%3A%2F%2Fmicrosoftportal.net%2F&c=ss:77.up:0100007FB1F4CB602C04435602231722.sync:up.xdua:dugTjNoYSRdn4Q5gSaJsyYGb.xps:xpsPmQrNnHPpe1sG4YEFKPjcD.dn:acint__net.adcm:hit.tg:adcmjs_noorient

Request Chain 144

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPLG7EoZEsXip2z_VMcG8AG4GAIOuq7kf42N8gDBegkA44IuurvC9-zaXgLHANBW-bx3pAlEXAbugJTL3HbaD29RymQP1WkX&google_gid=CAESEAH2Xs5rFANxP0O4ehcYklw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WU12MHNnQUFBT1o4Vm1Jbw&google_push=AYg5qPLG7EoZEsXip2z_VMcG8AG4GAIOuq7kf42N8gDBegkA44IuurvC9-zaXgLHANBW-bx3pAlEXAbugJTL3HbaD29RymQP1WkX

Request Chain 146

https://rtb.openx.net/sync/dds?google_gid=CAESEO7FXP_mPQbcRt6syXaDXBc&google_cver=1&google_push=AYg5qPLIcVvzMxDACkrTzncJVjIzf27h9tOqIAcUsRQve7RvLnoBNr3oy8karCK4RkUKITO2AJnFGat-4K6glkJwomkdaPyF1ouc HTTP 302
https://rtb.openx.net/sync/dds?google_gid=CAESEO7FXP_mPQbcRt6syXaDXBc&google_cver=1&google_push=AYg5qPLIcVvzMxDACkrTzncJVjIzf27h9tOqIAcUsRQve7RvLnoBNr3oy8karCK4RkUKITO2AJnFGat-4K6glkJwomkdaPyF1ouc&ox_sc=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLIcVvzMxDACkrTzncJVjIzf27h9tOqIAcUsRQve7RvLnoBNr3oy8karCK4RkUKITO2AJnFGat-4K6glkJwomkdaPyF1ouc&google_hm=5nIOeLBfwl0q_-X3rMkgbQ==

Request Chain 147

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEP3hAlAYWIQSuUYXDxLU8CE&google_cver=1&google_push=AYg5qPKZVBxXaNNXfaw8YBLYHliOLNtmNW1u1hKy2c4Dpbk_tAdL3bvHFxGTjWw-eEAIoRoPCL4PXSl1wg5wOjkPPLl0DoDHvbnH HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEP3hAlAYWIQSuUYXDxLU8CE&google_cver=1&google_push=AYg5qPKZVBxXaNNXfaw8YBLYHliOLNtmNW1u1hKy2c4Dpbk_tAdL3bvHFxGTjWw-eEAIoRoPCL4PXSl1wg5wOjkPPLl0DoDHvbnH&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=LSoRD-5yTk6WsORAohfhFw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKZVBxXaNNXfaw8YBLYHliOLNtmNW1u1hKy2c4Dpbk_tAdL3bvHFxGTjWw-eEAIoRoPCL4PXSl1wg5wOjkPPLl0DoDHvbnH

Request Chain 148

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESECOiqWZHf0o5ObqYBCbu8E4&google_cver=1&google_push=AYg5qPInkLmj1P4Ms5VVwajhUDuv2raB-PDJUnVq9t2ppdyeqQgGdZ9NaW6cpI3u0vifUeBJ18RIOxartAKG3k0YD3VPWQ_dx4U HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1ExTkExM1QtQS04NzlY&google_push=AYg5qPInkLmj1P4Ms5VVwajhUDuv2raB-PDJUnVq9t2ppdyeqQgGdZ9NaW6cpI3u0vifUeBJ18RIOxartAKG3k0YD3VPWQ_dx4U

Request Chain 149

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESELWJJQyzXc10sEgJ5R8s9lY&google_cver=1&google_push=AYg5qPJ2I9m-zNtoXrx2bocT-D5eHtwxFpoVRAIiwQdFDAGfuwxOCnBYe_C0bmA-RTtr411K4ePQ75QMt6GoMSXmh_DSNH7-ElXV HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESELWJJQyzXc10sEgJ5R8s9lY&google_push=AYg5qPJ2I9m-zNtoXrx2bocT-D5eHtwxFpoVRAIiwQdFDAGfuwxOCnBYe_C0bmA-RTtr411K4ePQ75QMt6GoMSXmh_DSNH7-ElXV&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YMv0s77XKohobRW_Nh2O8AAABHYAAAIB&google_cver=1&google_gid=CAESELWJJQyzXc10sEgJ5R8s9lY&google_push=AYg5qPJ2I9m-zNtoXrx2bocT-D5eHtwxFpoVRAIiwQdFDAGfuwxOCnBYe_C0bmA-RTtr411K4ePQ75QMt6GoMSXmh_DSNH7-ElXV HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YMv0s77XKohobRW_Nh2O8AAABHYAAAIB&google_cver=1&google_gid=CAESELWJJQyzXc10sEgJ5R8s9lY&google_push=AYg5qPJ2I9m-zNtoXrx2bocT-D5eHtwxFpoVRAIiwQdFDAGfuwxOCnBYe_C0bmA-RTtr411K4ePQ75QMt6GoMSXmh_DSNH7-ElXV&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YMv0s77XKohobRW_Nh2O8AAABHYAAAIB&google_cver=1&google_gid=CAESELWJJQyzXc10sEgJ5R8s9lY&google_push=AYg5qPJ2I9m-zNtoXrx2bocT-D5eHtwxFpoVRAIiwQdFDAGfuwxOCnBYe_C0bmA-RTtr411K4ePQ75QMt6GoMSXmh_DSNH7-ElXV&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YMv0s77XKohobRW_Nh2O8AAABHYAAAIB&google_cver=1&google_gid=CAESELWJJQyzXc10sEgJ5R8s9lY&google_push=AYg5qPJ2I9m-zNtoXrx2bocT-D5eHtwxFpoVRAIiwQdFDAGfuwxOCnBYe_C0bmA-RTtr411K4ePQ75QMt6GoMSXmh_DSNH7-ElXV&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YMv0s77XKohobRW_Nh2O8AAABHYAAAIB&google_cver=1&google_gid=CAESELWJJQyzXc10sEgJ5R8s9lY&google_push=AYg5qPJ2I9m-zNtoXrx2bocT-D5eHtwxFpoVRAIiwQdFDAGfuwxOCnBYe_C0bmA-RTtr411K4ePQ75QMt6GoMSXmh_DSNH7-ElXV&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YMv0s77XKohobRW_Nh2O8AAABHYAAAIB&google_cver=1&google_gid=CAESELWJJQyzXc10sEgJ5R8s9lY&google_push=AYg5qPJ2I9m-zNtoXrx2bocT-D5eHtwxFpoVRAIiwQdFDAGfuwxOCnBYe_C0bmA-RTtr411K4ePQ75QMt6GoMSXmh_DSNH7-ElXV&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YMv0s77XKohobRW_Nh2O8AAABHYAAAIB&google_cver=1&google_gid=CAESELWJJQyzXc10sEgJ5R8s9lY&google_push=AYg5qPJ2I9m-zNtoXrx2bocT-D5eHtwxFpoVRAIiwQdFDAGfuwxOCnBYe_C0bmA-RTtr411K4ePQ75QMt6GoMSXmh_DSNH7-ElXV&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YMv0s77XKohobRW_Nh2O8AAABHYAAAIB&google_cver=1&google_gid=CAESELWJJQyzXc10sEgJ5R8s9lY&google_push=AYg5qPJ2I9m-zNtoXrx2bocT-D5eHtwxFpoVRAIiwQdFDAGfuwxOCnBYe_C0bmA-RTtr411K4ePQ75QMt6GoMSXmh_DSNH7-ElXV&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YMv0s77XKohobRW_Nh2O8AAABHYAAAIB&google_cver=1&google_gid=CAESELWJJQyzXc10sEgJ5R8s9lY&google_push=AYg5qPJ2I9m-zNtoXrx2bocT-D5eHtwxFpoVRAIiwQdFDAGfuwxOCnBYe_C0bmA-RTtr411K4ePQ75QMt6GoMSXmh_DSNH7-ElXV&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YMv0s77XKohobRW_Nh2O8AAABHYAAAIB&google_cver=1&google_gid=CAESELWJJQyzXc10sEgJ5R8s9lY&google_push=AYg5qPJ2I9m-zNtoXrx2bocT-D5eHtwxFpoVRAIiwQdFDAGfuwxOCnBYe_C0bmA-RTtr411K4ePQ75QMt6GoMSXmh_DSNH7-ElXV&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YMv0s77XKohobRW_Nh2O8AAABHYAAAIB&google_cver=1&google_gid=CAESELWJJQyzXc10sEgJ5R8s9lY&google_push=AYg5qPJ2I9m-zNtoXrx2bocT-D5eHtwxFpoVRAIiwQdFDAGfuwxOCnBYe_C0bmA-RTtr411K4ePQ75QMt6GoMSXmh_DSNH7-ElXV&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YMv0s77XKohobRW_Nh2O8AAABHYAAAIB&google_cver=1&google_gid=CAESELWJJQyzXc10sEgJ5R8s9lY&google_push=AYg5qPJ2I9m-zNtoXrx2bocT-D5eHtwxFpoVRAIiwQdFDAGfuwxOCnBYe_C0bmA-RTtr411K4ePQ75QMt6GoMSXmh_DSNH7-ElXV&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YMv0s77XKohobRW_Nh2O8AAABHYAAAIB&google_cver=1&google_gid=CAESELWJJQyzXc10sEgJ5R8s9lY&google_push=AYg5qPJ2I9m-zNtoXrx2bocT-D5eHtwxFpoVRAIiwQdFDAGfuwxOCnBYe_C0bmA-RTtr411K4ePQ75QMt6GoMSXmh_DSNH7-ElXV&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YMv0s77XKohobRW_Nh2O8AAABHYAAAIB&google_cver=1&google_gid=CAESELWJJQyzXc10sEgJ5R8s9lY&google_push=AYg5qPJ2I9m-zNtoXrx2bocT-D5eHtwxFpoVRAIiwQdFDAGfuwxOCnBYe_C0bmA-RTtr411K4ePQ75QMt6GoMSXmh_DSNH7-ElXV&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YMv0s77XKohobRW_Nh2O8AAABHYAAAIB&google_cver=1&google_gid=CAESELWJJQyzXc10sEgJ5R8s9lY&google_push=AYg5qPJ2I9m-zNtoXrx2bocT-D5eHtwxFpoVRAIiwQdFDAGfuwxOCnBYe_C0bmA-RTtr411K4ePQ75QMt6GoMSXmh_DSNH7-ElXV&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YMv0s77XKohobRW_Nh2O8AAABHYAAAIB&google_cver=1&google_gid=CAESELWJJQyzXc10sEgJ5R8s9lY&google_push=AYg5qPJ2I9m-zNtoXrx2bocT-D5eHtwxFpoVRAIiwQdFDAGfuwxOCnBYe_C0bmA-RTtr411K4ePQ75QMt6GoMSXmh_DSNH7-ElXV&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YMv0s77XKohobRW_Nh2O8AAABHYAAAIB&google_cver=1&google_gid=CAESELWJJQyzXc10sEgJ5R8s9lY&google_push=AYg5qPJ2I9m-zNtoXrx2bocT-D5eHtwxFpoVRAIiwQdFDAGfuwxOCnBYe_C0bmA-RTtr411K4ePQ75QMt6GoMSXmh_DSNH7-ElXV&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YMv0s77XKohobRW_Nh2O8AAABHYAAAIB&google_cver=1&google_gid=CAESELWJJQyzXc10sEgJ5R8s9lY&google_push=AYg5qPJ2I9m-zNtoXrx2bocT-D5eHtwxFpoVRAIiwQdFDAGfuwxOCnBYe_C0bmA-RTtr411K4ePQ75QMt6GoMSXmh_DSNH7-ElXV&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YMv0s77XKohobRW_Nh2O8AAABHYAAAIB&google_cver=1&google_gid=CAESELWJJQyzXc10sEgJ5R8s9lY&google_push=AYg5qPJ2I9m-zNtoXrx2bocT-D5eHtwxFpoVRAIiwQdFDAGfuwxOCnBYe_C0bmA-RTtr411K4ePQ75QMt6GoMSXmh_DSNH7-ElXV&google_tc=

173 HTTP transactions
6 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 / Show response
microsoftportal.net.admin-mcas.ms/ 1020 B
837 B 239ms
30ms Document
text/html 52.155.166.50
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://microsoftportal.net.admin-mcas.ms/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.155.166.50 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

openresty /

Resource Hash

63657066db27c8ce3693cfb94c4783225a6dad8bc96e8be31f89b8891b051bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:method: GET
:authority: microsoftportal.net.admin-mcas.ms
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type: text/html; charset=utf-8
server: openresty
date: Fri, 18 Jun 2021 01:19:44 GMT
x-mcas-request-id: 2655bba82e911b87645f40392bc5372f
expires: Mon, 01-Jan-1990 00:00:00 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
strict-transport-security: max-age=31536000
x-mcas-upstream-time: n/a
x-mcas-processing-time: 2
content-encoding: gzip
x-mcas-cache-status: MISS

GET
H2 200 session-context-store-helper.min.js Show response
mcasproxy.azureedge.net/proxyweb/0.202.31/js/ 5 KB
5 KB 23ms
8ms Script
application/javascript 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mcasproxy.azureedge.net/proxyweb/0.202.31/js/session-context-store-helper.min.js
Requested by: Host: microsoftportal.net.admin-mcas.ms
URL: https://microsoftportal.net.admin-mcas.ms/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1700:d::1737:6ea4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: b3d9a37c3110d0d5edf534a4dd964bb85d8661820e4c39e4c63c96bd2813b726

Request headers

Referer: https://microsoftportal.net.admin-mcas.ms/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Fri, 18 Jun 2021 01:19:44 GMT
last-modified: Sun, 06 Jun 2021 10:11:38 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
content-md5: npsIWjlCWsd9fFNnNdaKMw==
etag: 0x8D928D378D9E6FE
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 315d36c7-401e-009a-0526-60d811000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=3483
x-ms-version: 2009-09-19
content-length: 4994

GET
H2 200 session-context-restore.html Show response
mcasproxy.azureedge.net/proxyweb/0.202.31/html/ Frame 4906 281 B
727 B 7ms
6ms Document
text/html 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mcasproxy.azureedge.net/proxyweb/0.202.31/html/session-context-restore.html?action=store&contextData=https%3A%2F%2Fmicrosoftportal.net%2F
Requested by: Host: mcasproxy.azureedge.net
URL: https://mcasproxy.azureedge.net/proxyweb/0.202.31/js/session-context-store-helper.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1700:d::1737:6ea4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: d593eab937ae208334c866b7afc56b0703787c857dae8bb562aefbbd3ca15ee6

Request headers

:method: GET
:authority: mcasproxy.azureedge.net
:scheme: https
:path: /proxyweb/0.202.31/html/session-context-restore.html?action=store&contextData=https%3A%2F%2Fmicrosoftportal.net%2F
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://microsoftportal.net.admin-mcas.ms/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://microsoftportal.net.admin-mcas.ms/

Response headers

content-length: 281
content-type: text/html
content-md5: vDuuGHIdcY/gQtnraxH9qw==
last-modified: Sun, 06 Jun 2021 10:07:47 GMT
etag: 0x8D928D2EFA4E6B1
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 396a02f8-001e-00bf-54d6-5c40a2000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: public, max-age=2239
date: Fri, 18 Jun 2021 01:19:44 GMT

GET
H2 200 session-context-restore.min.js Show response
mcasproxy.azureedge.net/proxyweb/0.202.31/js/ Frame 4906 65 KB
65 KB 7ms
7ms Script
application/javascript 2a02:26f0:1700:d::1737:6ea4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mcasproxy.azureedge.net/proxyweb/0.202.31/js/session-context-restore.min.js
Requested by: Host: mcasproxy.azureedge.net
URL: https://mcasproxy.azureedge.net/proxyweb/0.202.31/html/session-context-restore.html?action=store&contextData=https%3A%2F%2Fmicrosoftportal.net%2F
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1700:d::1737:6ea4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: b2eca33e22a23b0c12aac7e2ad38816163ca0000cf9ce2116d708c58b6b25557

Request headers

Referer: https://mcasproxy.azureedge.net/proxyweb/0.202.31/html/session-context-restore.html?action=store&contextData=https%3A%2F%2Fmicrosoftportal.net%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Fri, 18 Jun 2021 01:19:44 GMT
last-modified: Sun, 06 Jun 2021 10:11:37 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
content-md5: rZFM577IGPvHJeu7h26jjw==
etag: 0x8D928D3788F143B
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: c601f2fe-901e-007d-2bd6-5cc81c000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=1748
x-ms-version: 2009-09-19
content-length: 66160

GET
H/1.1 200
OK Primary Request Cookie set / Show response
microsoftportal.net/ 38 KB
11 KB 469ms
359ms Document
text/html 91.218.230.124
EUROBYTE Eurobyte...

General

Check archive.org

Show headers Download Go to

Full URL

https://microsoftportal.net/?

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.218.230.124 , Russian Federation, ASN210079 (EUROBYTE Eurobyte LLC, Moscow, Russia, RU),

Reverse DNS

hosted-by.ihc.ru

Software

nginx/1.16.1 / PHP/7.2.26

Resource Hash

edb239fcc4a9585615afa400ba273650698cf6b2df1764db6633f37274ddebed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Host: microsoftportal.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: document
Referer: https://microsoftportal.net.admin-mcas.ms/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://microsoftportal.net.admin-mcas.ms/

Response headers

Server: nginx/1.16.1
Date: Fri, 18 Jun 2021 01:19:45 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.2.26
Set-Cookie: PHPSESSID=1752ce9cf0211ace9b31064e6ce58b98; path=/; secure; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000;

GET
H/1.1 200
OK index.php Show response
microsoftportal.net/engine/classes/min/ 84 KB
30 KB 63ms
63ms Script
application/x-javascript 91.218.230.124
EUROBYTE Eurobyte...

General

Check archive.org

Show headers Download Go to

Full URL

https://microsoftportal.net/engine/classes/min/index.php?g=general&v=27

Requested by

Host: microsoftportal.net
URL: https://microsoftportal.net/?

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.218.230.124 , Russian Federation, ASN210079 (EUROBYTE Eurobyte LLC, Moscow, Russia, RU),

Reverse DNS

hosted-by.ihc.ru

Software

nginx/1.16.1 / PHP/7.2.26

Resource Hash

b409c14a10b4caad6b54844aa63a5faf748b83eecc2dd0d4fb1d913f8de55365

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: microsoftportal.net
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://microsoftportal.net/?
Cookie: PHPSESSID=1752ce9cf0211ace9b31064e6ce58b98
Connection: keep-alive
Referer: https://microsoftportal.net/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 01:19:45 GMT
Content-Encoding: gzip
Last-Modified: Sat, 28 Dec 2019 11:45:54 GMT
Server: nginx/1.16.1
X-Powered-By: PHP/7.2.26
ETag: "pub1577533554;gz"
Vary: Accept-Encoding
Connection: keep-alive
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: max-age=31536000
Strict-Transport-Security: max-age=31536000;
Content-Length: 29779
Expires: Sat, 18 Jun 2022 01:19:45 GMT

GET
H/1.1 200
OK index.php Show response
microsoftportal.net/engine/classes/min/ 128 KB
34 KB 237ms
95ms Script
application/x-javascript 91.218.230.124
EUROBYTE Eurobyte...

General

Check archive.org

Show headers Download Go to

Full URL

https://microsoftportal.net/engine/classes/min/index.php?f=engine/classes/js/jqueryui.js,engine/classes/js/dle_js.js&v=27

Requested by

Host: microsoftportal.net
URL: https://microsoftportal.net/?

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.218.230.124 , Russian Federation, ASN210079 (EUROBYTE Eurobyte LLC, Moscow, Russia, RU),

Reverse DNS

hosted-by.ihc.ru

Software

nginx/1.16.1 / PHP/7.2.26

Resource Hash

f60527825f5eb56b1f7bf9f6ab37c9c865bb6ef2ace55674b4f1cccd4209b670

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: microsoftportal.net
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://microsoftportal.net/?
Cookie: PHPSESSID=1752ce9cf0211ace9b31064e6ce58b98
Connection: keep-alive
Referer: https://microsoftportal.net/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 01:19:45 GMT
Content-Encoding: gzip
Last-Modified: Sat, 28 Dec 2019 11:45:54 GMT
Server: nginx/1.16.1
X-Powered-By: PHP/7.2.26
ETag: "pub1577533554;gz"
Vary: Accept-Encoding
Connection: keep-alive
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: max-age=31536000
Strict-Transport-Security: max-age=31536000;
Content-Length: 34007
Expires: Sat, 18 Jun 2022 01:19:45 GMT

GET
H/1.1 200
OK engine.css
microsoftportal.net/templates/MSPortal/style/ 61 KB
61 KB 179ms
87ms Stylesheet
text/css 91.218.230.124
EUROBYTE Eurobyte...

General

Check archive.org

Show headers Download Go to

Full URL

https://microsoftportal.net/templates/MSPortal/style/engine.css

Requested by

Host: microsoftportal.net
URL: https://microsoftportal.net/?

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.218.230.124 , Russian Federation, ASN210079 (EUROBYTE Eurobyte LLC, Moscow, Russia, RU),

Reverse DNS

hosted-by.ihc.ru

Software

nginx/1.16.1 /

Resource Hash

572e2f25267f2879b7d5c14151314133fc8c67293837ce4bb184153664694160

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: microsoftportal.net
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://microsoftportal.net/?
Cookie: PHPSESSID=1752ce9cf0211ace9b31064e6ce58b98
Connection: keep-alive
Referer: https://microsoftportal.net/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 01:19:45 GMT
Last-Modified: Sun, 28 Jan 2018 23:35:29 GMT
Server: nginx/1.16.1
ETag: "5a6e5e41-f36f"
Strict-Transport-Security: max-age=31536000;
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 62319

GET
H/1.1 200
OK styles.css
microsoftportal.net/templates/MSPortal/style/ 27 KB
27 KB 180ms
87ms Stylesheet
text/css 91.218.230.124
EUROBYTE Eurobyte...

General

Check archive.org

Show headers Download Go to

Full URL

https://microsoftportal.net/templates/MSPortal/style/styles.css

Requested by

Host: microsoftportal.net
URL: https://microsoftportal.net/?

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.218.230.124 , Russian Federation, ASN210079 (EUROBYTE Eurobyte LLC, Moscow, Russia, RU),

Reverse DNS

hosted-by.ihc.ru

Software

nginx/1.16.1 /

Resource Hash

f0c9f90c27c6cbac55ffd616c55711f9693d0a52ae63c6948d23e3f62ae4385b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: microsoftportal.net
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://microsoftportal.net/?
Cookie: PHPSESSID=1752ce9cf0211ace9b31064e6ce58b98
Connection: keep-alive
Referer: https://microsoftportal.net/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 01:19:45 GMT
Last-Modified: Fri, 28 May 2021 19:36:55 GMT
Server: nginx/1.16.1
ETag: "60b14657-6c27"
Strict-Transport-Security: max-age=31536000;
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 27687

GET
H/1.1 200
OK libs.js Show response
microsoftportal.net/templates/MSPortal/js/ 1 KB
2 KB 157ms
52ms Script
application/javascript 91.218.230.124
EUROBYTE Eurobyte...

General

Check archive.org

Show headers Download Go to

Full URL

https://microsoftportal.net/templates/MSPortal/js/libs.js

Requested by

Host: microsoftportal.net
URL: https://microsoftportal.net/?

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.218.230.124 , Russian Federation, ASN210079 (EUROBYTE Eurobyte LLC, Moscow, Russia, RU),

Reverse DNS

hosted-by.ihc.ru

Software

nginx/1.16.1 /

Resource Hash

a61eeea560e1f947cd3e50db09d52da15eebe911865e29f5398bb44cb0d9252e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: microsoftportal.net
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://microsoftportal.net/?
Cookie: PHPSESSID=1752ce9cf0211ace9b31064e6ce58b98
Connection: keep-alive
Referer: https://microsoftportal.net/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 01:19:45 GMT
Last-Modified: Sun, 28 Jan 2018 23:35:32 GMT
Server: nginx/1.16.1
ETag: "5a6e5e44-500"
Strict-Transport-Security: max-age=31536000;
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1280

GET
H/1.1 200
OK style.css
microsoftportal.net/templates/MSPortal/icomm/ 838 B
1 KB 139ms
47ms Stylesheet
text/css 91.218.230.124
EUROBYTE Eurobyte...

General

Check archive.org

Show headers Download Go to

Full URL

https://microsoftportal.net/templates/MSPortal/icomm/style.css

Requested by

Host: microsoftportal.net
URL: https://microsoftportal.net/?

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.218.230.124 , Russian Federation, ASN210079 (EUROBYTE Eurobyte LLC, Moscow, Russia, RU),

Reverse DNS

hosted-by.ihc.ru

Software

nginx/1.16.1 /

Resource Hash

18f0f623763901aeeb156407ed6a37d5c0716ff174ba9a6ce09fbb5ed9d45d4f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: microsoftportal.net
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://microsoftportal.net/?
Cookie: PHPSESSID=1752ce9cf0211ace9b31064e6ce58b98
Connection: keep-alive
Referer: https://microsoftportal.net/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 01:19:45 GMT
Last-Modified: Sun, 28 Jan 2018 23:35:31 GMT
Server: nginx/1.16.1
ETag: "5a6e5e43-346"
Strict-Transport-Security: max-age=31536000;
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 838

GET
H/1.1 200
OK tipsy.css
microsoftportal.net/templates/MSPortal/js/ 607 B
890 B 156ms
52ms Stylesheet
text/css 91.218.230.124
EUROBYTE Eurobyte...

General

Check archive.org

Show headers Download Go to

Full URL

https://microsoftportal.net/templates/MSPortal/js/tipsy.css

Requested by

Host: microsoftportal.net
URL: https://microsoftportal.net/?

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.218.230.124 , Russian Federation, ASN210079 (EUROBYTE Eurobyte LLC, Moscow, Russia, RU),

Reverse DNS

hosted-by.ihc.ru

Software

nginx/1.16.1 /

Resource Hash

65b45154530acccb3435ac25e0f1bc131589c2388bfd67481526cbe2ed521eca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: microsoftportal.net
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://microsoftportal.net/?
Cookie: PHPSESSID=1752ce9cf0211ace9b31064e6ce58b98
Connection: keep-alive
Referer: https://microsoftportal.net/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 01:19:45 GMT
Last-Modified: Sun, 28 Jan 2018 23:35:32 GMT
Server: nginx/1.16.1
ETag: "5a6e5e44-25f"
Strict-Transport-Security: max-age=31536000;
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 607

GET
H/1.1 200
OK jquery.tipsy.js Show response
microsoftportal.net/templates/MSPortal/js/ 2 KB
2 KB 159ms
52ms Script
application/javascript 91.218.230.124
EUROBYTE Eurobyte...

General

Check archive.org

Show headers Download Go to

Full URL

https://microsoftportal.net/templates/MSPortal/js/jquery.tipsy.js

Requested by

Host: microsoftportal.net
URL: https://microsoftportal.net/?

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.218.230.124 , Russian Federation, ASN210079 (EUROBYTE Eurobyte LLC, Moscow, Russia, RU),

Reverse DNS

hosted-by.ihc.ru

Software

nginx/1.16.1 /

Resource Hash

449ef4a890525256bc3bc16dea519e857a7a694c5048820cc7271e713766652b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: microsoftportal.net
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://microsoftportal.net/?
Cookie: PHPSESSID=1752ce9cf0211ace9b31064e6ce58b98
Connection: keep-alive
Referer: https://microsoftportal.net/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 01:19:45 GMT
Last-Modified: Sun, 28 Jan 2018 23:35:32 GMT
Server: nginx/1.16.1
ETag: "5a6e5e44-86b"
Strict-Transport-Security: max-age=31536000;
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2155

GET
H/1.1 200
OK noavatar.png
microsoftportal.net/templates/MSPortal/dleimages/ 1 KB
1 KB 49ms
46ms Image
image/png 91.218.230.124
EUROBYTE Eurobyte...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://microsoftportal.net/templates/MSPortal/dleimages/noavatar.png

Requested by

Host: microsoftportal.net
URL: https://microsoftportal.net/?

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.218.230.124 , Russian Federation, ASN210079 (EUROBYTE Eurobyte LLC, Moscow, Russia, RU),

Reverse DNS

hosted-by.ihc.ru

Software

nginx/1.16.1 /

Resource Hash

479b699a76b4f1c5d74bf82e7351685c455b79547d10b6891680fbfa590e68ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: microsoftportal.net
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://microsoftportal.net/?
Cookie: PHPSESSID=1752ce9cf0211ace9b31064e6ce58b98
Connection: keep-alive
Referer: https://microsoftportal.net/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 01:19:45 GMT
Last-Modified: Sun, 28 Jan 2018 23:35:28 GMT
Server: nginx/1.16.1
ETag: "5a6e5e40-4c7"
Strict-Transport-Security: max-age=31536000;
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1223

GET
H/1.1 200
OK logo.png
microsoftportal.net/templates/MSPortal/images/ 22 KB
22 KB 57ms
55ms Image
image/png 91.218.230.124
EUROBYTE Eurobyte...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://microsoftportal.net/templates/MSPortal/images/logo.png

Requested by

Host: microsoftportal.net
URL: https://microsoftportal.net/?

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.218.230.124 , Russian Federation, ASN210079 (EUROBYTE Eurobyte LLC, Moscow, Russia, RU),

Reverse DNS

hosted-by.ihc.ru

Software

nginx/1.16.1 /

Resource Hash

2ac0b867fa66324ed79b248a5fa546bde07c503e90754be44773cfa368d3217e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: microsoftportal.net
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://microsoftportal.net/?
Cookie: PHPSESSID=1752ce9cf0211ace9b31064e6ce58b98
Connection: keep-alive
Referer: https://microsoftportal.net/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 01:19:45 GMT
Last-Modified: Sun, 28 Jan 2018 23:35:31 GMT
Server: nginx/1.16.1
ETag: "5a6e5e43-56f0"
Strict-Transport-Security: max-age=31536000;
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 22256

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 135 KB
48 KB 25ms
23ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: microsoftportal.net
URL: https://microsoftportal.net/?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3796cf12ca9b6f5f93255046f5bf7d70a82c6b389698ed6c007903940c17c5ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://microsoftportal.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 01:19:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48867
x-xss-protection: 0
server: cafe
etag: 2918852401321146490
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 18 Jun 2021 01:19:45 GMT

GET
H/1.1 200
OK 1623962780_microsoft-windows-developer-event.jpg
microsoftportal.net/uploads/posts/2021-06/thumbs/ 27 KB
28 KB 101ms
100ms Image
image/jpeg 91.218.230.124
EUROBYTE Eurobyte...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://microsoftportal.net/uploads/posts/2021-06/thumbs/1623962780_microsoft-windows-developer-event.jpg

Requested by

Host: microsoftportal.net
URL: https://microsoftportal.net/?

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.218.230.124 , Russian Federation, ASN210079 (EUROBYTE Eurobyte LLC, Moscow, Russia, RU),

Reverse DNS

hosted-by.ihc.ru

Software

nginx/1.16.1 /

Resource Hash

9e018935eebac438d9cc1329be07bf7d4a08d034eefa786c20928c45f4c167bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: microsoftportal.net
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://microsoftportal.net/?
Cookie: PHPSESSID=1752ce9cf0211ace9b31064e6ce58b98
Connection: keep-alive
Referer: https://microsoftportal.net/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 01:19:45 GMT
Last-Modified: Thu, 17 Jun 2021 20:45:03 GMT
Server: nginx/1.16.1
ETag: "60cbb44f-6df6"
Strict-Transport-Security: max-age=31536000;
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 28150

GET
H/1.1 200
OK 1623961250_visual-studio.png
microsoftportal.net/uploads/posts/2021-06/thumbs/ 124 KB
125 KB 100ms
98ms Image
image/png 91.218.230.124
EUROBYTE Eurobyte...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://microsoftportal.net/uploads/posts/2021-06/thumbs/1623961250_visual-studio.png

Requested by

Host: microsoftportal.net
URL: https://microsoftportal.net/?

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.218.230.124 , Russian Federation, ASN210079 (EUROBYTE Eurobyte LLC, Moscow, Russia, RU),

Reverse DNS

hosted-by.ihc.ru

Software

nginx/1.16.1 /

Resource Hash

b91f9feae4212deb2d3243b37c49b6d1d71e9a9511d4f4110d9c1e30c97e1f65

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: microsoftportal.net
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://microsoftportal.net/?
Cookie: PHPSESSID=1752ce9cf0211ace9b31064e6ce58b98
Connection: keep-alive
Referer: https://microsoftportal.net/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 01:19:45 GMT
Last-Modified: Thu, 17 Jun 2021 20:19:46 GMT
Server: nginx/1.16.1
ETag: "60cbae62-1f1b7"
Strict-Transport-Security: max-age=31536000;
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 127415

GET
H/1.1 200
OK 1623958674_microsoft-teams-viva-insights-headspace.jpg
microsoftportal.net/uploads/posts/2021-06/thumbs/ 32 KB
33 KB 48ms
48ms Image
image/jpeg 91.218.230.124
EUROBYTE Eurobyte...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://microsoftportal.net/uploads/posts/2021-06/thumbs/1623958674_microsoft-teams-viva-insights-headspace.jpg

Requested by

Host: microsoftportal.net
URL: https://microsoftportal.net/?

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.218.230.124 , Russian Federation, ASN210079 (EUROBYTE Eurobyte LLC, Moscow, Russia, RU),

Reverse DNS

hosted-by.ihc.ru

Software

nginx/1.16.1 /

Resource Hash

15eb5bd635ec9808b47f89ee196155c39d8e2db3bb317f1fe49182ccc98115db

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: microsoftportal.net
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://microsoftportal.net/?
Cookie: PHPSESSID=1752ce9cf0211ace9b31064e6ce58b98
Connection: keep-alive
Referer: https://microsoftportal.net/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 01:19:45 GMT
Last-Modified: Thu, 17 Jun 2021 19:36:32 GMT
Server: nginx/1.16.1
ETag: "60cba440-8114"
Strict-Transport-Security: max-age=31536000;
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 33044

GET
H/1.1 200
OK 1623946768_3_image_mtr-front-row.png
microsoftportal.net/uploads/posts/2021-06/thumbs/ 352 KB
353 KB 124ms
55ms Image
image/png 91.218.230.124
EUROBYTE Eurobyte...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://microsoftportal.net/uploads/posts/2021-06/thumbs/1623946768_3_image_mtr-front-row.png

Requested by

Host: microsoftportal.net
URL: https://microsoftportal.net/?

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.218.230.124 , Russian Federation, ASN210079 (EUROBYTE Eurobyte LLC, Moscow, Russia, RU),

Reverse DNS

hosted-by.ihc.ru

Software

nginx/1.16.1 /

Resource Hash

a7094e07dda6a9c6dd1497043e83be8f04e84f5da84becab84d044a9bc6e6be5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: microsoftportal.net
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://microsoftportal.net/?
Cookie: PHPSESSID=1752ce9cf0211ace9b31064e6ce58b98
Connection: keep-alive
Referer: https://microsoftportal.net/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 01:19:45 GMT
Last-Modified: Thu, 17 Jun 2021 16:17:52 GMT
Server: nginx/1.16.1
ETag: "60cb75b0-58194"
Strict-Transport-Security: max-age=31536000;
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 360852

GET
H/1.1 200
OK 1623944331_2_gif_coauthored-message.gif
microsoftportal.net/uploads/posts/2021-06/thumbs/ 60 KB
60 KB 116ms
47ms Image
image/gif 91.218.230.124
EUROBYTE Eurobyte...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://microsoftportal.net/uploads/posts/2021-06/thumbs/1623944331_2_gif_coauthored-message.gif

Requested by

Host: microsoftportal.net
URL: https://microsoftportal.net/?

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.218.230.124 , Russian Federation, ASN210079 (EUROBYTE Eurobyte LLC, Moscow, Russia, RU),

Reverse DNS

hosted-by.ihc.ru

Software

nginx/1.16.1 /

Resource Hash

2d71c3596d208b2b7c50692ebcd1e3278dddc12ae65ca95b1bf2244f73d50369

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: microsoftportal.net
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://microsoftportal.net/?
Cookie: PHPSESSID=1752ce9cf0211ace9b31064e6ce58b98
Connection: keep-alive
Referer: https://microsoftportal.net/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 01:19:45 GMT
Last-Modified: Thu, 17 Jun 2021 15:38:41 GMT
Server: nginx/1.16.1
ETag: "60cb6c81-f017"
Strict-Transport-Security: max-age=31536000;
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 61463

GET
H/1.1 200
OK 1623942707_1506348305_img_2674_story.jpg
microsoftportal.net/uploads/posts/2021-06/thumbs/ 37 KB
37 KB 52ms
49ms Image
image/jpeg 91.218.230.124
EUROBYTE Eurobyte...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://microsoftportal.net/uploads/posts/2021-06/thumbs/1623942707_1506348305_img_2674_story.jpg

Requested by

Host: microsoftportal.net
URL: https://microsoftportal.net/?

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.218.230.124 , Russian Federation, ASN210079 (EUROBYTE Eurobyte LLC, Moscow, Russia, RU),

Reverse DNS

hosted-by.ihc.ru

Software

nginx/1.16.1 /

Resource Hash

1341fc0005dbe71c32e421f13c283429aaeb74a0b151a6b9f83205b5ee516d3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: microsoftportal.net
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://microsoftportal.net/?
Cookie: PHPSESSID=1752ce9cf0211ace9b31064e6ce58b98; fid=7803d352-1fb9-42ae-948a-ef8d9e3d14a5
Connection: keep-alive
Referer: https://microsoftportal.net/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 01:19:45 GMT
Last-Modified: Thu, 17 Jun 2021 15:10:49 GMT
Server: nginx/1.16.1
ETag: "60cb65f9-93e1"
Strict-Transport-Security: max-age=31536000;
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 37857

GET
H/1.1 200
OK 1623884502_1544615596_windows_10_wallpaper_by_archi_techi-da25m0q.png
microsoftportal.net/uploads/posts/2021-06/thumbs/ 66 KB
67 KB 48ms
47ms Image
image/png 91.218.230.124
EUROBYTE Eurobyte...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://microsoftportal.net/uploads/posts/2021-06/thumbs/1623884502_1544615596_windows_10_wallpaper_by_archi_techi-da25m0q.png

Requested by

Host: microsoftportal.net
URL: https://microsoftportal.net/?

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.218.230.124 , Russian Federation, ASN210079 (EUROBYTE Eurobyte LLC, Moscow, Russia, RU),

Reverse DNS

hosted-by.ihc.ru

Software

nginx/1.16.1 /

Resource Hash

8ba9595c642523b828dee1741119b88d2d022ba8be8a8f0966600ce11dddd7e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: microsoftportal.net
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://microsoftportal.net/?
Cookie: PHPSESSID=1752ce9cf0211ace9b31064e6ce58b98; fid=7803d352-1fb9-42ae-948a-ef8d9e3d14a5
Connection: keep-alive
Referer: https://microsoftportal.net/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 01:19:45 GMT
Last-Modified: Wed, 16 Jun 2021 23:00:33 GMT
Server: nginx/1.16.1
ETag: "60ca8291-108e6"
Strict-Transport-Security: max-age=31536000;
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 67814

GET
H/1.1 200
OK 1623867961_1pmhwyc.png
microsoftportal.net/uploads/posts/2021-06/thumbs/ 135 KB
135 KB 56ms
54ms Image
image/png 91.218.230.124
EUROBYTE Eurobyte...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://microsoftportal.net/uploads/posts/2021-06/thumbs/1623867961_1pmhwyc.png

Requested by

Host: microsoftportal.net
URL: https://microsoftportal.net/?

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.218.230.124 , Russian Federation, ASN210079 (EUROBYTE Eurobyte LLC, Moscow, Russia, RU),

Reverse DNS

hosted-by.ihc.ru

Software

nginx/1.16.1 /

Resource Hash

b6790cf785e814bb1152eb00cabb27cafb3593393ca3aec19ebe5dbc5dfbe8b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: microsoftportal.net
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://microsoftportal.net/?
Cookie: PHPSESSID=1752ce9cf0211ace9b31064e6ce58b98; fid=7803d352-1fb9-42ae-948a-ef8d9e3d14a5
Connection: keep-alive
Referer: https://microsoftportal.net/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 01:19:45 GMT
Last-Modified: Wed, 16 Jun 2021 18:25:56 GMT
Server: nginx/1.16.1
ETag: "60ca4234-21ccf"
Strict-Transport-Security: max-age=31536000;
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 138447

GET
H/1.1 200
OK 1623863742_rlxr1vb.png
microsoftportal.net/uploads/posts/2021-06/thumbs/ 198 KB
198 KB 51ms
49ms Image
image/png 91.218.230.124
EUROBYTE Eurobyte...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://microsoftportal.net/uploads/posts/2021-06/thumbs/1623863742_rlxr1vb.png

Requested by

Host: microsoftportal.net
URL: https://microsoftportal.net/?

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.218.230.124 , Russian Federation, ASN210079 (EUROBYTE Eurobyte LLC, Moscow, Russia, RU),

Reverse DNS

hosted-by.ihc.ru

Software

nginx/1.16.1 /

Resource Hash

42d9aedcbe73adba235a1302073902183b440cac6b8e81e6560a0644d049875e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: microsoftportal.net
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://microsoftportal.net/?
Cookie: PHPSESSID=1752ce9cf0211ace9b31064e6ce58b98; fid=7803d352-1fb9-42ae-948a-ef8d9e3d14a5
Connection: keep-alive
Referer: https://microsoftportal.net/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 01:19:45 GMT
Last-Modified: Wed, 16 Jun 2021 17:15:13 GMT
Server: nginx/1.16.1
ETag: "60ca31a1-3169d"
Strict-Transport-Security: max-age=31536000;
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 202397

GET
H/1.1 200
OK 1623863454_original.jpg
microsoftportal.net/uploads/posts/2021-06/thumbs/ 98 KB
98 KB 56ms
55ms Image
image/jpeg 91.218.230.124
EUROBYTE Eurobyte...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://microsoftportal.net/uploads/posts/2021-06/thumbs/1623863454_original.jpg

Requested by

Host: microsoftportal.net
URL: https://microsoftportal.net/?

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.218.230.124 , Russian Federation, ASN210079 (EUROBYTE Eurobyte LLC, Moscow, Russia, RU),

Reverse DNS

hosted-by.ihc.ru

Software

nginx/1.16.1 /

Resource Hash

b641fcc6977163e5c0f29d3f2f9216bb20c9a8b6be3b8bb7029393421e8cfdb8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: microsoftportal.net
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://microsoftportal.net/?
Cookie: PHPSESSID=1752ce9cf0211ace9b31064e6ce58b98; fid=7803d352-1fb9-42ae-948a-ef8d9e3d14a5
Connection: keep-alive
Referer: https://microsoftportal.net/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 01:19:45 GMT
Last-Modified: Wed, 16 Jun 2021 17:09:49 GMT
Server: nginx/1.16.1
ETag: "60ca305d-187df"
Strict-Transport-Security: max-age=31536000;
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 100319

GET
H/1.1 200
OK default.js Show response
microsoftportal.net/engine/skins/ 11 KB
11 KB 47ms
47ms Script
application/javascript 91.218.230.124
EUROBYTE Eurobyte...

General

Check archive.org

Show headers Download Go to

Full URL

https://microsoftportal.net/engine/skins/default.js

Requested by

Host: microsoftportal.net
URL: https://microsoftportal.net/?

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.218.230.124 , Russian Federation, ASN210079 (EUROBYTE Eurobyte LLC, Moscow, Russia, RU),

Reverse DNS

hosted-by.ihc.ru

Software

nginx/1.16.1 /

Resource Hash

b912455480572174b87986b8f195eae651c900ef3b6fb85d72310b6aad0c878c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: microsoftportal.net
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://microsoftportal.net/?
Cookie: PHPSESSID=1752ce9cf0211ace9b31064e6ce58b98
Connection: keep-alive
Referer: https://microsoftportal.net/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 01:19:45 GMT
Last-Modified: Sat, 28 Dec 2019 11:44:05 GMT
Server: nginx/1.16.1
ETag: "5e074005-2ae5"
Strict-Transport-Security: max-age=31536000;
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 10981

GET
H2 200 3_0_FFFFFFFF_EFEFEFFF_0_pageviews
informer.yandex.ru/informer/10478836/ 1 KB
1 KB 54ms
53ms Image
image/png 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://informer.yandex.ru/informer/10478836/3_0_FFFFFFFF_EFEFEFFF_0_pageviews

Requested by

Host: microsoftportal.net
URL: https://microsoftportal.net/?

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

116ef7e18c938d214a7b656fd0d94e8f7ac6b8828ad1eaf7398ce3322b1125f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://microsoftportal.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
last-modified: Fri, 18-Jun-2021 01:19:45 GMT
content-type: image/png
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-length: 1263
x-xss-protection: 1; mode=block
expires: Fri, 18-Jun-2021 01:19:45 GMT

GET
H2

200

counter2
top-fwz1.mail.ru/
Redirect Chain

https://top-fwz1.mail.ru/counter?id=2124891;t=433;l=1
https://top-fwz1.mail.ru/counter2?id=2124891;t=433;l=1

1 KB
2 KB

47ms
45ms

Image
image/gif

217.69.133.145
MAILRU-AS Mail.Ru

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://top-fwz1.mail.ru/counter2?id=2124891;t=433;l=1

Requested by

Host: microsoftportal.net
URL: https://microsoftportal.net/?

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

217.69.133.145 , Russian Federation, ASN47764 (MAILRU-AS Mail.Ru, RU),

Reverse DNS

top-fwz1.mail.ru

Software

nginx /

Resource Hash

95333c6cddcbfc1989165da8f528836efa1b5e53d6ba000cbb564b4d1982744d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://microsoftportal.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 01:19:45 GMT
x-content-type-options: nosniff
p3p: CP="NOI DSP COR NID CUR PSA OUR NOR"
content-length: 1392
pragma: no-cache
amp-access-control-allow-source-origin: *
server: nginx
access-control-allow-methods: GET, POST, HEAD, PUT, OPTIONS
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: private, no-cache, no-store, max-age=0
access-control-allow-credentials: true
accept-ch-lifetime: 86400
accept-ch: DPR, Width, Viewport-Width, Downlink, Device-Memory
timing-allow-origin: *
access-control-allow-headers: *

Redirect headers

date: Fri, 18 Jun 2021 01:19:45 GMT
x-content-type-options: nosniff
access-control-allow-origin: *
p3p: CP="NOI DSP COR NID CUR PSA OUR NOR"
content-length: 0
pragma: no-cache
amp-access-control-allow-source-origin: *
server: nginx
access-control-allow-methods: GET, POST, HEAD, PUT, OPTIONS
location: https://top-fwz1.mail.ru/counter2?id=2124891;t=433;l=1
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: private, no-cache, no-store, max-age=0
access-control-allow-credentials: true
accept-ch-lifetime: 86400
accept-ch: DPR, Width, Viewport-Width, Downlink, Device-Memory
timing-allow-origin: *
access-control-allow-headers: *

GET
H2 200 all.js Show response
connect.facebook.net/ru_RU/ 3 KB
2 KB 7ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/ru_RU/all.js

Requested by

Host: microsoftportal.net
URL: https://microsoftportal.net/?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

909fd79bccfdb9483ba03810bd63f6da15b6afbb5e958782ce1e2e8094028ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://microsoftportal.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: gWBrCDSjOnfQcv1l0H4Sww==
cross-origin-resource-policy: cross-origin
expires: Fri, 18 Jun 2021 01:39:01 GMT
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 1778
x-fb-rlafr: 0
x-fb-debug: 0gxbblMFzl1w/vyObU3ygEtXIPlv24Ro1QsqIv8UrK46ZlRhibwTjOSbd733t9yz0UOVF6fYjEvBFa69PpebeQ==
x-fb-trip-id: 686109401
x-fb-content-md5: 6d1ddce23e2955b7834d5d0b60f3989b
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Fri, 18 Jun 2021 01:19:45 GMT
x-frame-options: DENY
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "dbb08d7977de17843386bb03e68f5f20"
timing-allow-origin: *
priority: u=3,i
access-control-expose-headers: X-FB-Content-MD5

GET
H/1.1 200
OK img9.jpg
microsoftportal.net/templates/MSPortal/images/ 59 KB
60 KB 70ms
47ms Image
image/jpeg 91.218.230.124
EUROBYTE Eurobyte...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://microsoftportal.net/templates/MSPortal/images/img9.jpg

Requested by

Host: microsoftportal.net
URL: https://microsoftportal.net/templates/MSPortal/style/styles.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.218.230.124 , Russian Federation, ASN210079 (EUROBYTE Eurobyte LLC, Moscow, Russia, RU),

Reverse DNS

hosted-by.ihc.ru

Software

nginx/1.16.1 /

Resource Hash

edea62b6792791e90490e04ecbdb167677f4c84c09fe19efba4dbdc6494efb10

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: microsoftportal.net
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://microsoftportal.net/templates/MSPortal/style/styles.css
Cookie: PHPSESSID=1752ce9cf0211ace9b31064e6ce58b98
Connection: keep-alive
Referer: https://microsoftportal.net/templates/MSPortal/style/styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 01:19:45 GMT
Last-Modified: Sun, 28 Jan 2018 23:35:32 GMT
Server: nginx/1.16.1
ETag: "5a6e5e44-edfb"
Strict-Transport-Security: max-age=31536000;
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 60923

GET
H/1.1 200
OK login_ic.png
microsoftportal.net/templates/MSPortal/images/ 4 KB
4 KB 88ms
52ms Image
image/png 91.218.230.124
EUROBYTE Eurobyte...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://microsoftportal.net/templates/MSPortal/images/login_ic.png

Requested by

Host: microsoftportal.net
URL: https://microsoftportal.net/templates/MSPortal/style/styles.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.218.230.124 , Russian Federation, ASN210079 (EUROBYTE Eurobyte LLC, Moscow, Russia, RU),

Reverse DNS

hosted-by.ihc.ru

Software

nginx/1.16.1 /

Resource Hash

a8cf59007153a1d366dd69c66f54edbbcfec46a32330626a714f1b22934ec468

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: microsoftportal.net
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://microsoftportal.net/templates/MSPortal/style/styles.css
Cookie: PHPSESSID=1752ce9cf0211ace9b31064e6ce58b98
Connection: keep-alive
Referer: https://microsoftportal.net/templates/MSPortal/style/styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 01:19:45 GMT
Last-Modified: Sun, 28 Jan 2018 23:35:32 GMT
Server: nginx/1.16.1
ETag: "5a6e5e44-edb"
Strict-Transport-Security: max-age=31536000;
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3803

GET
H/1.1 200
OK search_bg.png
microsoftportal.net/templates/MSPortal/images/ 3 KB
3 KB 74ms
46ms Image
image/png 91.218.230.124
EUROBYTE Eurobyte...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://microsoftportal.net/templates/MSPortal/images/search_bg.png

Requested by

Host: microsoftportal.net
URL: https://microsoftportal.net/templates/MSPortal/style/styles.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.218.230.124 , Russian Federation, ASN210079 (EUROBYTE Eurobyte LLC, Moscow, Russia, RU),

Reverse DNS

hosted-by.ihc.ru

Software

nginx/1.16.1 /

Resource Hash

3b9e8d070eb3d3a740240f79b731159e34f993842e3d80dd07a2114c69ed8075

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: microsoftportal.net
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://microsoftportal.net/templates/MSPortal/style/styles.css
Cookie: PHPSESSID=1752ce9cf0211ace9b31064e6ce58b98
Connection: keep-alive
Referer: https://microsoftportal.net/templates/MSPortal/style/styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 01:19:45 GMT
Last-Modified: Sun, 28 Jan 2018 23:35:32 GMT
Server: nginx/1.16.1
ETag: "5a6e5e44-ae6"
Strict-Transport-Security: max-age=31536000;
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2790

GET
H/1.1 200
OK search_ic.png
microsoftportal.net/templates/MSPortal/images/ 3 KB
3 KB 88ms
47ms Image
image/png 91.218.230.124
EUROBYTE Eurobyte...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://microsoftportal.net/templates/MSPortal/images/search_ic.png

Requested by

Host: microsoftportal.net
URL: https://microsoftportal.net/templates/MSPortal/style/styles.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.218.230.124 , Russian Federation, ASN210079 (EUROBYTE Eurobyte LLC, Moscow, Russia, RU),

Reverse DNS

hosted-by.ihc.ru

Software

nginx/1.16.1 /

Resource Hash

8f281ebc45c293d64b39f0a23399a3cccbd542c3a1245019dd33e2139d45ed3f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: microsoftportal.net
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://microsoftportal.net/templates/MSPortal/style/styles.css
Cookie: PHPSESSID=1752ce9cf0211ace9b31064e6ce58b98
Connection: keep-alive
Referer: https://microsoftportal.net/templates/MSPortal/style/styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 01:19:45 GMT
Last-Modified: Sun, 28 Jan 2018 23:35:31 GMT
Server: nginx/1.16.1
ETag: "5a6e5e43-c7e"
Strict-Transport-Security: max-age=31536000;
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3198

GET
H/1.1 200
OK bt_ic.png
microsoftportal.net/templates/MSPortal/images/ 3 KB
3 KB 102ms
46ms Image
image/png 91.218.230.124
EUROBYTE Eurobyte...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://microsoftportal.net/templates/MSPortal/images/bt_ic.png

Requested by

Host: microsoftportal.net
URL: https://microsoftportal.net/templates/MSPortal/style/styles.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.218.230.124 , Russian Federation, ASN210079 (EUROBYTE Eurobyte LLC, Moscow, Russia, RU),

Reverse DNS

hosted-by.ihc.ru

Software

nginx/1.16.1 /

Resource Hash

c2a53a2ff6fe4b87169761f63876c4239639b5710db7c5e2861dd24e8e347180

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: microsoftportal.net
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://microsoftportal.net/templates/MSPortal/style/styles.css
Cookie: PHPSESSID=1752ce9cf0211ace9b31064e6ce58b98
Connection: keep-alive
Referer: https://microsoftportal.net/templates/MSPortal/style/styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 01:19:45 GMT
Last-Modified: Sun, 28 Jan 2018 23:35:31 GMT
Server: nginx/1.16.1
ETag: "5a6e5e43-c84"
Strict-Transport-Security: max-age=31536000;
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3204

GET
H/1.1 200
OK auth_line.png
microsoftportal.net/templates/MSPortal/images/ 3 KB
3 KB 101ms
46ms Image
image/png 91.218.230.124
EUROBYTE Eurobyte...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://microsoftportal.net/templates/MSPortal/images/auth_line.png

Requested by

Host: microsoftportal.net
URL: https://microsoftportal.net/templates/MSPortal/style/styles.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.218.230.124 , Russian Federation, ASN210079 (EUROBYTE Eurobyte LLC, Moscow, Russia, RU),

Reverse DNS

hosted-by.ihc.ru

Software

nginx/1.16.1 /

Resource Hash

f32de53959fd8081d100f1e31199a913a86804e58d7cd8498124dded214f74d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: microsoftportal.net
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://microsoftportal.net/templates/MSPortal/style/styles.css
Cookie: PHPSESSID=1752ce9cf0211ace9b31064e6ce58b98
Connection: keep-alive
Referer: https://microsoftportal.net/templates/MSPortal/style/styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 01:19:45 GMT
Last-Modified: Sun, 28 Jan 2018 23:35:32 GMT
Server: nginx/1.16.1
ETag: "5a6e5e44-aec"
Strict-Transport-Security: max-age=31536000;
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2796

GET
H/1.1 200
OK short_ic.png
microsoftportal.net/templates/MSPortal/images/ 3 KB
4 KB 113ms
53ms Image
image/png 91.218.230.124
EUROBYTE Eurobyte...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://microsoftportal.net/templates/MSPortal/images/short_ic.png

Requested by

Host: microsoftportal.net
URL: https://microsoftportal.net/templates/MSPortal/style/styles.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.218.230.124 , Russian Federation, ASN210079 (EUROBYTE Eurobyte LLC, Moscow, Russia, RU),

Reverse DNS

hosted-by.ihc.ru

Software

nginx/1.16.1 /

Resource Hash

c654e1b1768e9ee4ef211ea90736e7e99679d7af202faa4f2782db9447bdf548

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: microsoftportal.net
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://microsoftportal.net/templates/MSPortal/style/styles.css
Cookie: PHPSESSID=1752ce9cf0211ace9b31064e6ce58b98
Connection: keep-alive
Referer: https://microsoftportal.net/templates/MSPortal/style/styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 01:19:45 GMT
Last-Modified: Sun, 28 Jan 2018 23:35:31 GMT
Server: nginx/1.16.1
ETag: "5a6e5e43-d12"
Strict-Transport-Security: max-age=31536000;
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3346

GET
H/1.1 200
OK page_nav.png
microsoftportal.net/templates/MSPortal/images/ 3 KB
3 KB 47ms
46ms Image
image/png 91.218.230.124
EUROBYTE Eurobyte...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://microsoftportal.net/templates/MSPortal/images/page_nav.png

Requested by

Host: microsoftportal.net
URL: https://microsoftportal.net/templates/MSPortal/style/styles.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.218.230.124 , Russian Federation, ASN210079 (EUROBYTE Eurobyte LLC, Moscow, Russia, RU),

Reverse DNS

hosted-by.ihc.ru

Software

nginx/1.16.1 /

Resource Hash

77affbd2fb12370b0c53ff6b46dfa66c313f0d29f4e4148913a42d5789ac6451

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: microsoftportal.net
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://microsoftportal.net/templates/MSPortal/style/styles.css
Cookie: PHPSESSID=1752ce9cf0211ace9b31064e6ce58b98; fid=7803d352-1fb9-42ae-948a-ef8d9e3d14a5
Connection: keep-alive
Referer: https://microsoftportal.net/templates/MSPortal/style/styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 01:19:45 GMT
Last-Modified: Sun, 28 Jan 2018 23:35:31 GMT
Server: nginx/1.16.1
ETag: "5a6e5e43-bf1"
Strict-Transport-Security: max-age=31536000;
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3057

GET
H3-29 200 all.js Show response
connect.facebook.net/ru_RU/ 247 KB
73 KB 13ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/ru_RU/all.js?hash=07d88eb108960db6eb7ebe4e738b3da5&ua=modern_es6

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/ru_RU/all.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b95214dac0b2f1843bb487d97ed047870b55f73c0981f1fc9ea0e90eebced9f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Origin: https://microsoftportal.net
Referer: https://microsoftportal.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: 8hJrC5Fn3pXoC+uLFSAhwg==
cross-origin-resource-policy: cross-origin
expires: Fri, 17 Jun 2022 23:45:36 GMT
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 74511
x-fb-rlafr: 0
x-fb-debug: mT8iiAIZuCdIT7LagMI1n+UaXiyfBP3NbxvJbmXuL+X1MbUyJI3cazSS15Nj6yxlU9KnkaaNnqZHXRswXL0wTw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: 2a4a5fac5448e547ede3fdcc600444c9
cross-origin-opener-policy: same-origin-allow-popups
date: Fri, 18 Jun 2021 01:19:45 GMT
x-frame-options: DENY
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "fc5c2a29d45e796768e57d293d59b951"
timing-allow-origin: *
priority: u=3,i
access-control-expose-headers: X-FB-Content-MD5

GET
H2 200 aci.js Show response
www.acint.net/ 21 KB
7 KB 37ms
11ms Script
application/x-javascript 46.4.121.26
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.acint.net/aci.js
Requested by: Host: microsoftportal.net
URL: https://microsoftportal.net/?
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 46.4.121.26 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: hz1271109.aucourant.info
Software: openresty /
Resource Hash: 8efda3f0b5d984306920023fe9e82a919bfac7109db64ed89f752720408c888b

Request headers

Referer: https://microsoftportal.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 01:19:45 GMT
content-encoding: gzip
last-modified: Sat, 02 Jan 2021 18:29:12 GMT
server: openresty
etag: "5ff0bb78-1baf"
content-type: application/x-javascript
cache-control: max-age=43200
content-length: 7087
expires: Fri, 18 Jun 2021 13:19:45 GMT

GET
H/1.1

200
OK

hit
counter.yadro.ru/
Redirect Chain

https://counter.yadro.ru/hit?t15.1;rhttps%3A//microsoftportal.net.admin-mcas.ms/;s1600*1200*24;uhttps%3A//microsoftportal.net/%3F;hMSPortal;0.8743503093879439
https://counter.yadro.ru/hit?q;t15.1;rhttps%3A//microsoftportal.net.admin-mcas.ms/;s1600*1200*24;uhttps%3A//microsoftportal.net/%3F;hMSPortal;0.8743503093879439

240 B
726 B

45ms
45ms

Image
image/gif

88.212.201.204
UNITEDNET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://counter.yadro.ru/hit?q;t15.1;rhttps%3A//microsoftportal.net.admin-mcas.ms/;s1600*1200*24;uhttps%3A//microsoftportal.net/%3F;hMSPortal;0.8743503093879439

Requested by

Host: microsoftportal.net
URL: https://microsoftportal.net/?

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

88.212.201.204 , Russian Federation, ASN39134 (UNITEDNET, RU),

Reverse DNS

host204.rax.ru

Software

nginx/1.17.9 /

Resource Hash

1e47e82c9464a8c56bb6d7c82f5a6dad8c23ec4e3f375c9f601a61bc80f4d282

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://microsoftportal.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 18 Jun 2021 01:19:45 GMT
Server: nginx/1.17.9
Strict-Transport-Security: max-age=86400
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Access-Control-Allow-Origin: *
Cache-control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 240
Expires: Wed, 17 Jun 2020 21:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 18 Jun 2021 01:19:45 GMT
Server: nginx/1.17.9
Strict-Transport-Security: max-age=86400
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Location: https://counter.yadro.ru/hit?q;t15.1;rhttps%3A//microsoftportal.net.admin-mcas.ms/;s1600*1200*24;uhttps%3A//microsoftportal.net/%3F;hMSPortal;0.8743503093879439
Cache-control: no-cache
Connection: keep-alive
Content-Type: text/html
Content-Length: 32
Expires: Wed, 17 Jun 2020 21:00:00 GMT

GET
H2 200 tag.js Show response
mc.yandex.ru/metrika/ 218 KB
69 KB 46ms
45ms Script
application/javascript 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/metrika/tag.js

Requested by

Host: microsoftportal.net
URL: https://microsoftportal.net/?

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

c6754c3241a18169afee078352f5e11c9c8eec97b9e2fb173f541ce2d07dd210

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://microsoftportal.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 01:19:45 GMT
content-encoding: br
last-modified: Thu, 17 Jun 2021 09:26:05 GMT
etag: "60bf3bc8-114ef"
strict-transport-security: max-age=31536000
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
content-length: 70895
expires: Fri, 18 Jun 2021 02:19:45 GMT

GET
H2 200 top100.js Show response
st.top100.ru/top100/ 139 KB
49 KB 170ms
77ms Script
application/javascript 81.19.89.16
RAMBLER-TELECOM-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://st.top100.ru/top100/top100.js
Requested by: Host: microsoftportal.net
URL: https://microsoftportal.net/?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 81.19.89.16 Moscow, Russian Federation, ASN24638 (RAMBLER-TELECOM-AS, RU),
Reverse DNS: kraken.rambler.ru
Software: nginx/1.19.4 /
Resource Hash: be44428e9433183b9c2bd006073440dcb939976988ea245a9a8b98984d0400f3

Request headers

Referer: https://microsoftportal.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 01:19:45 GMT
content-encoding: gzip
last-modified: Thu, 17 Jun 2021 12:49:53 GMT
server: nginx/1.19.4
etag: W/"60cb44f1-22b21"
vary: Accept-Encoding
p3p: CP="NON DSP NID ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
cache-control: max-age=3600
content-type: application/javascript
expires: Fri, 18 Jun 2021 02:19:45 GMT

GET
H2 200 code.js Show response
top-fwz1.mail.ru/js/ 24 KB
10 KB 128ms
83ms Script
application/javascript 217.69.133.145
MAILRU-AS Mail.Ru

General

Check archive.org

Show headers Download Go to

Full URL

https://top-fwz1.mail.ru/js/code.js

Requested by

Host: microsoftportal.net
URL: https://microsoftportal.net/?

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

217.69.133.145 , Russian Federation, ASN47764 (MAILRU-AS Mail.Ru, RU),

Reverse DNS

top-fwz1.mail.ru

Software

nginx /

Resource Hash

71a0c6830d978bf08f7540a19d77b7f0802d31e16156fd7f944063f0f96c61b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://microsoftportal.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 01:19:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="NOI DSP COR NID CUR PSA OUR NOR"
amp-access-control-allow-source-origin: *
last-modified: Tue, 08 Jun 2021 17:06:07 GMT
server: nginx
etag: W/"60bfa37f-6083"
access-control-allow-methods: GET, POST, HEAD, PUT, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: max-age=3600, private
access-control-allow-credentials: true
accept-ch-lifetime: 86400
accept-ch: DPR, Width, Viewport-Width, Downlink, Device-Memory
timing-allow-origin: *
access-control-allow-headers: *
expires: Fri, 18 Jun 2021 02:19:45 GMT

GET
H/1.1 200
OK b_title_ic.png
microsoftportal.net/templates/MSPortal/images/ 7 KB
7 KB 129ms
47ms Image
image/png 91.218.230.124
EUROBYTE Eurobyte...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://microsoftportal.net/templates/MSPortal/images/b_title_ic.png

Requested by

Host: microsoftportal.net
URL: https://microsoftportal.net/templates/MSPortal/style/styles.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.218.230.124 , Russian Federation, ASN210079 (EUROBYTE Eurobyte LLC, Moscow, Russia, RU),

Reverse DNS

hosted-by.ihc.ru

Software

nginx/1.16.1 /

Resource Hash

91cfab827f1f7c9aca0933e30f433ed72d44546deef812d3ef4e6f0745ba3f4a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: microsoftportal.net
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://microsoftportal.net/templates/MSPortal/style/styles.css
Cookie: PHPSESSID=1752ce9cf0211ace9b31064e6ce58b98
Connection: keep-alive
Referer: https://microsoftportal.net/templates/MSPortal/style/styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 01:19:45 GMT
Last-Modified: Sun, 28 Jan 2018 23:35:32 GMT
Server: nginx/1.16.1
ETag: "5a6e5e44-1a44"
Strict-Transport-Security: max-age=31536000;
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6724

GET
H/1.1 200
OK bar-bg.png
microsoftportal.net/templates/MSPortal/images/ 313 B
597 B 146ms
52ms Image
image/png 91.218.230.124
EUROBYTE Eurobyte...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://microsoftportal.net/templates/MSPortal/images/bar-bg.png

Requested by

Host: microsoftportal.net
URL: https://microsoftportal.net/?

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.218.230.124 , Russian Federation, ASN210079 (EUROBYTE Eurobyte LLC, Moscow, Russia, RU),

Reverse DNS

hosted-by.ihc.ru

Software

nginx/1.16.1 /

Resource Hash

c5c44afc84eb882c171355b664f14b251d5c34db9023b719ba29dac938b6554e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: microsoftportal.net
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://microsoftportal.net/?
Cookie: PHPSESSID=1752ce9cf0211ace9b31064e6ce58b98
Connection: keep-alive
Referer: https://microsoftportal.net/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 01:19:45 GMT
Last-Modified: Sun, 28 Jan 2018 23:35:32 GMT
Server: nginx/1.16.1
ETag: "5a6e5e44-139"
Strict-Transport-Security: max-age=31536000;
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 313

GET
H/1.1 200
OK bar-blue.png
microsoftportal.net/templates/MSPortal/images/ 253 B
536 B 130ms
47ms Image
image/png 91.218.230.124
EUROBYTE Eurobyte...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://microsoftportal.net/templates/MSPortal/images/bar-blue.png

Requested by

Host: microsoftportal.net
URL: https://microsoftportal.net/?

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.218.230.124 , Russian Federation, ASN210079 (EUROBYTE Eurobyte LLC, Moscow, Russia, RU),

Reverse DNS

hosted-by.ihc.ru

Software

nginx/1.16.1 /

Resource Hash

694b3d44092af2be786c584ad80546df912fb0bf621e760a9bfd8d0c8f986be9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: microsoftportal.net
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://microsoftportal.net/?
Cookie: PHPSESSID=1752ce9cf0211ace9b31064e6ce58b98
Connection: keep-alive
Referer: https://microsoftportal.net/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 01:19:45 GMT
Last-Modified: Sun, 28 Jan 2018 23:35:31 GMT
Server: nginx/1.16.1
ETag: "5a6e5e43-fd"
Strict-Transport-Security: max-age=31536000;
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 253

GET
H/1.1 200
OK soc.png
microsoftportal.net/templates/MSPortal/images/ 7 KB
8 KB 47ms
47ms Image
image/png 91.218.230.124
EUROBYTE Eurobyte...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://microsoftportal.net/templates/MSPortal/images/soc.png

Requested by

Host: microsoftportal.net
URL: https://microsoftportal.net/templates/MSPortal/style/styles.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.218.230.124 , Russian Federation, ASN210079 (EUROBYTE Eurobyte LLC, Moscow, Russia, RU),

Reverse DNS

hosted-by.ihc.ru

Software

nginx/1.16.1 /

Resource Hash

27a9105727943397b059ee354ee7f2f665f3d5a7a6fb0df68aad37b7f43b7cac

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: microsoftportal.net
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://microsoftportal.net/templates/MSPortal/style/styles.css
Cookie: PHPSESSID=1752ce9cf0211ace9b31064e6ce58b98; fid=7803d352-1fb9-42ae-948a-ef8d9e3d14a5; _ym_uid=1623979186653232680; _ym_d=1623979186
Connection: keep-alive
Referer: https://microsoftportal.net/templates/MSPortal/style/styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 01:19:45 GMT
Last-Modified: Sun, 28 Jan 2018 23:35:31 GMT
Server: nginx/1.16.1
ETag: "5a6e5e43-1dbf"
Strict-Transport-Security: max-age=31536000;
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7615

GET
H3-29 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20210616/r20190131/ 233 KB
86 KB 42ms
28ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210616/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-8396851324217908&plah=microsoftportal.net&amaexp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1ea901577fd64178b72730a9f203acbda8801a66f7caf920b59257b13876eae2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://microsoftportal.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 01:19:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 88106
x-xss-protection: 0
server: cafe
etag: 14514754445097133811
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 18 Jun 2021 01:19:45 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210616/r20190131/ Frame 6618 10 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210616/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

20b3bad1427e2212dd847357841f993f025b5061c4af1d382dcc727e102cc1e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210616/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://microsoftportal.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://microsoftportal.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Thu, 17 Jun 2021 19:02:37 GMT
expires: Thu, 01 Jul 2021 19:02:37 GMT
content-type: text/html; charset=UTF-8
etag: 15579341980913220427
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4579
x-xss-protection: 0
age: 22628
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2

200

/ Show response
www.acint.net/mc/ Frame F91A
Redirect Chain

https://www.acint.net/mc/?dp=10
https://www.acint.net/mc/?dp=10&tc=1

3 KB
4 KB

12ms
11ms

Document
text/html

46.4.121.26
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.acint.net/mc/?dp=10&tc=1
Requested by: Host: www.acint.net
URL: https://www.acint.net/aci.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 46.4.121.26 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: hz1271109.aucourant.info
Software: openresty /
Resource Hash: e7db2432d033e8aaa788222b02d05643d72b369689c9ab00dc63bb8be2487171

Request headers

:method: GET
:authority: www.acint.net
:scheme: https
:path: /mc/?dp=10&tc=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://microsoftportal.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission; aid=fwAAAWDL9LFWQwQsIhcjAiCXYQ/aQMkQe0fQhBwXz7fsftTW
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://microsoftportal.net/

Response headers

server: openresty
date: Fri, 18 Jun 2021 01:19:45 GMT
content-type: text/html
set-cookie: cSyncDp7v2=1623979185; expires=Sun, 18-Jul-21 01:19:45 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp14v3=1623979185; expires=Sun, 18-Jul-21 01:19:45 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp17=1623979185; expires=Sun, 18-Jul-21 01:19:45 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp32=1623979185; expires=Sun, 18-Jul-21 01:19:45 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp45v3=1623979185; expires=Sat, 19-Jun-21 01:19:45 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp53=1623979185; expires=Sun, 18-Jul-21 01:19:45 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp54v2=1623979185; expires=Sun, 18-Jul-21 01:19:45 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp62=1623979185; expires=Sun, 18-Jul-21 01:19:45 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp67v2=1623979185; expires=Sun, 18-Jul-21 01:19:45 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp68=1623979185; expires=Sun, 18-Jul-21 01:19:45 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp77=1623979185; expires=Fri, 02-Jul-21 01:19:45 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp84=1623979185; expires=Sun, 18-Jul-21 01:19:45 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp85=1623979185; expires=Sun, 18-Jul-21 01:19:45 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp88=1623979185; expires=Sun, 18-Jul-21 01:19:45 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp95v2=1623979185; expires=Sun, 18-Jul-21 01:19:45 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp101=1623979185; expires=Sun, 18-Jul-21 01:19:45 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp104v2=1623979185; expires=Fri, 02-Jul-21 01:19:45 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp107=1623979185; expires=Sun, 18-Jul-21 01:19:45 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp111v2=1623979185; expires=Fri, 02-Jul-21 01:19:45 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp112v2=1623979185; expires=Sun, 18-Jul-21 01:19:45 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp125=1623979185; expires=Sun, 18-Jul-21 01:19:45 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp126=1623979185; expires=Sun, 18-Jul-21 01:19:45 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp127=1623979185; expires=Sun, 18-Jul-21 01:19:45 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp136=1623979185; expires=Sun, 18-Jul-21 01:19:45 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp138=1623979185; expires=Sun, 18-Jul-21 01:19:45 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp144=1623979185; expires=Sun, 18-Jul-21 01:19:45 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp146=1623979185; expires=Sun, 18-Jul-21 01:19:45 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp149=1623979185; expires=Sun, 18-Jul-21 01:19:45 GMT; path=/; Secure; SameSite=None; domain=.acint.net cSyncDp151=1623979185; expires=Sun, 18-Jul-21 01:19:45 GMT; path=/; Secure; SameSite=None; domain=.acint.net
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
content-encoding: gzip

Redirect headers

server: openresty
date: Fri, 18 Jun 2021 01:19:45 GMT
content-type: text/html
content-length: 154
set-cookie: test_cookie=CheckForPermission; path=/; Secure; SameSite=None; domain=.acint.net; expires=Fri, 18-Jun-21 01:29:45 GMT aid=fwAAAWDL9LFWQwQsIhcjAiCXYQ/aQMkQe0fQhBwXz7fsftTW; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.acint.net; path=/; Secure; SameSite=None
location: /mc/?dp=10&tc=1

GET
H2 200 /
www.acint.net/hit/ 43 B
340 B 11ms
11ms Image
image/gif 46.4.121.26
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.acint.net/hit/?v=0.3.0&uid=a5f391d6-ea2a-4406-a8da-d920f438ccde&dp=10&tz=%2B02%3A00&nc=18339548&u=https%3A%2F%2Fmicrosoftportal.net%2F%3F&r=https%3A%2F%2Fmicrosoftportal.net.admin-mcas.ms%2F&rs=1600x1200&t=MSPortal&oE=1&oP=1&dT=2021-06-18T03%3A19%3A45.762&fu=7803d352-1fb9-42ae-948a-ef8d9e3d14a5
Requested by: Host: microsoftportal.net
URL: https://microsoftportal.net/?
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 46.4.121.26 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: hz1271109.aucourant.info
Software: openresty /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://microsoftportal.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 01:19:45 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
server: openresty
content-type: image/gif
content-length: 43
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2

200

match
ads.betweendigital.com/ Frame F91A
Redirect Chain

https://ads.betweendigital.com/match?bidder_id=73&external_user_id=0100007FB1F4CB602C04435602231722
https://ads.betweendigital.com/match?bidder_id=73&external_user_id=0100007FB1F4CB602C04435602231722&crf=1

68 B
159 B

34ms
33ms

Image
image/png

188.42.191.196
SERVERS-COM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.betweendigital.com/match?bidder_id=73&external_user_id=0100007FB1F4CB602C04435602231722&crf=1
Requested by: Host: www.acint.net
URL: https://www.acint.net/mc/?dp=10&tc=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 188.42.191.196 , Luxembourg, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software: /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

Referer: https://www.acint.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 68
content-type: image/png

Redirect headers

location: /match?bidder_id=73&external_user_id=0100007FB1F4CB602C04435602231722&crf=1
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 0

GET
H2

200

match
acint.net/ Frame F91A
Redirect Chain

https://ssp-rtb.sape.ru/rmatch/?r=https%3A%2F%2Facint.net%2Fmatch%3Fdp%3D14%26euid%3D%24%7BUSER_ID%7D
https://acint.net/match?dp=14&euid=0100007FB1F4CB601800F26B02968D03

43 B
270 B

37ms
12ms

Image
image/gif

195.201.243.71
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://acint.net/match?dp=14&euid=0100007FB1F4CB601800F26B02968D03
Requested by: Host: www.acint.net
URL: https://www.acint.net/mc/?dp=10&tc=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.201.243.71 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: ingolstadt.aucourant.info
Software: openresty /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.acint.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 01:19:45 GMT
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
server: openresty
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
content-length: 43
expires: Wed, 19 Apr 2000 11:43:00 GMT

Redirect headers

Date: Fri, 18 Jun 2021 01:19:45 GMT
Server: openresty
P3P: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
Location: https://acint.net/match?dp=14&euid=0100007FB1F4CB601800F26B02968D03
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Type: text/html
Content-Length: 142
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2

200

match
acint.net/ Frame F91A
Redirect Chain

https://px.adhigh.net/p/cm/sape?u=0100007FB1F4CB602C04435602231722
https://px.adhigh.net/p/cm/sape?u=0100007FB1F4CB602C04435602231722&bounced=1
https://acint.net/match?dp=17&euid=gekTUbILh29.AikABlF6HLPXEQ

43 B
269 B

11ms
11ms

Image
image/gif

195.201.243.71
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://acint.net/match?dp=17&euid=gekTUbILh29.AikABlF6HLPXEQ
Requested by: Host: www.acint.net
URL: https://www.acint.net/mc/?dp=10&tc=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.201.243.71 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: ingolstadt.aucourant.info
Software: openresty /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.acint.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 01:19:46 GMT
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
server: openresty
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
content-length: 43
expires: Wed, 19 Apr 2000 11:43:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 18 Jun 2021 01:19:45 GMT
server: nginx
access-control-allow-origin: *
x-backend-id: f8-ru
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://acint.net/match?dp=17&euid=gekTUbILh29.AikABlF6HLPXEQ
cache-control: no-cache, no-store
access-control-allow-credentials: true
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK cm.gif
ad.mail.ru/ Frame F91A 43 B
635 B 140ms
47ms Image
image/gif 2a00:1148:db00::17
MAILRU-AS Mail.Ru

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.mail.ru/cm.gif?p=48&id=0100007FB1F4CB602C04435602231722
Requested by: Host: www.acint.net
URL: https://www.acint.net/mc/?dp=10&tc=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a00:1148:db00::17 , Russian Federation, ASN47764 (MAILRU-AS Mail.Ru, RU),
Reverse DNS
Software: nginx /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.acint.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 01:19:45 GMT
Last-Modified: Fri, 18 Jun 2021 01:19:45 GMT
Server: nginx
Content-Type: image/gif
Cache-Control: max-age=21600
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 43
Expires: Fri, 18 Jun 2021 07:19:45 GMT

GET
H/1.1

200
OK

sync.cgi
ssp.adriver.ru/cgi-bin/ Frame F91A
Redirect Chain

https://ad.adriver.ru/cgi-bin/rle.cgi?sid=1&ad=608223&bt=21&pid=2551979&bid=6438691
https://ad.adriver.ru/cgi-bin/rle.cgi?sid=1&ad=608223&bt=21&pid=2551979&bid=6438691&tuid=-5738094577
https://www.acint.net/rmatch?dp=45&euid=AA4yv4LohxlSRLMTPci7gGw&r=https%3A%2F%2Fssp.adriver.ru%2Fcgi-bin%2Fsync.cgi%3Fssp_id%3D43%26external_id%3D%24%7BUSER_ID%7D
https://ssp.adriver.ru/cgi-bin/sync.cgi?ssp_id=43&external_id=0100007FB1F4CB602C04435602231722

42 B
201 B

176ms
71ms

Image
image/gif

81.222.128.216
ELTEL-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssp.adriver.ru/cgi-bin/sync.cgi?ssp_id=43&external_id=0100007FB1F4CB602C04435602231722
Requested by: Host: www.acint.net
URL: https://www.acint.net/mc/?dp=10&tc=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 81.222.128.216 , Russian Federation, ASN20597 (ELTEL-AS, RU),
Reverse DNS: ad16.adriver.ru
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://www.acint.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 01:19:46 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: image/gif

Redirect headers

date: Fri, 18 Jun 2021 01:19:46 GMT
server: openresty
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
location: https://ssp.adriver.ru/cgi-bin/sync.cgi?ssp_id=43&external_id=0100007FB1F4CB602C04435602231722
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: text/html
content-length: 154
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 204 sync
a.utraff.com/ Frame F91A 0
746 B 35ms
16ms Image
text/plain 2606:4700:20::681a:4db
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.utraff.com/sync?ssp=sape
Requested by: Host: www.acint.net
URL: https://www.acint.net/mc/?dp=10&tc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:4db , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.acint.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 01:19:45 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
access-control-allow-methods: GET, POST, OPTIONS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=OF%2FQrfh2WA5TVr7mfNrH9JNrMTi%2Fm2f0yTFcgs03Ip9nRHy98rdk0NPBUEtfaacIJ9B3A3P3hptfaKjQd47ZSKmKuF%2Fupcc0%2BbFz267dydaC7J7LME3x3jkSdGrKoFBhV4tvAvE%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers: Content-Length,Content-Range
access-control-allow-credentials: true
cf-ray: 6610b0f76fac4e44-FRA
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
cf-request-id: 0abe4cee9c00004e449f843000000001

GET
H/1.1

200
OK

/
sync.bumlam.com/ Frame F91A
Redirect Chain

https://sync.republer.com/match?dsp=sape
https://sync.republer.com/match?dsp=sape&qset=1
https://sync.bumlam.com/?src=rp1&uid=eb252af8-901f-4a3e-8409-58cd9ad309d3
https://sync3.adsniper.ru/?src=ss1&s_data=CAEQABiy6a-GBlIEioaQK2IkZWIyNTJhZjgtOTAxZi00YTNlLTg0MDktNThjZDlhZDMwOWQz
https://sync3.adsniper.ru/?src=ss1&s_data=CAIQARiy6a-GBlIEioaQK2IkZWIyNTJhZjgtOTAxZi00YTNlLTg0MDktNThjZDlhZDMwOWQzogEQRKmChs_TEeuKUwzEem0v7w**
https://sync.bumlam.com/?src=rp1&s_data=CAIQABiy6a-GBmIkZWIyNTJhZjgtOTAxZi00YTNlLTg0MDktNThjZDlhZDMwOWQzogEQRKmChs_TEeuKUwzEem0v7w**
https://sync.bumlam.com/?src=rp1&s_data=CAIQARiy6a-GBmIkZWIyNTJhZjgtOTAxZi00YTNlLTg0MDktNThjZDlhZDMwOWQzogEQRKmChs_TEeuKUwzEem0v7w**

43 B
552 B

21ms
20ms

Image
image/gif

31.172.81.159
DE-FIRSTCOLO www....

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.bumlam.com/?src=rp1&s_data=CAIQARiy6a-GBmIkZWIyNTJhZjgtOTAxZi00YTNlLTg0MDktNThjZDlhZDMwOWQzogEQRKmChs_TEeuKUwzEem0v7w**
Requested by: Host: www.acint.net
URL: https://www.acint.net/mc/?dp=10&tc=1
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 31.172.81.159 , Germany, ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE),
Reverse DNS
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://www.acint.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 01:19:46 GMT
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate, s-maxage=0
Server: nginx
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

Redirect headers

Date: Fri, 18 Jun 2021 01:19:46 GMT
Server: nginx
ETag: 44a98286-cfd3-11eb-8a53-0cc47a6d2fef
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Location: //sync.bumlam.com/?src=rp1&s_data=CAIQARiy6a-GBmIkZWIyNTJhZjgtOTAxZi00YTNlLTg0MDktNThjZDlhZDMwOWQzogEQRKmChs_TEeuKUwzEem0v7w**
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0

GET
H2 204 match
dm.hybrid.ai/ Frame F91A 0
238 B 126ms
40ms Image
text/plain 37.18.16.16
HYBRID-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dm.hybrid.ai/match?id=106&vid=0100007FB1F4CB602C04435602231722

Requested by

Host: www.acint.net
URL: https://www.acint.net/mc/?dp=10&tc=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

37.18.16.16 , Netherlands, ASN205675 (HYBRID-AS, RU),

Reverse DNS

Software

Hybrid Web Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.acint.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Jun 2021 01:19:45 GMT
server: Hybrid Web Server
p3p: CP="NOI DSP COR CUR ADMa DEVo TAIo PSAo PSDo IVAo IVDo OUR IND COM NAV INT STA OTC"
access-control-allow-origin: *
cache-control: no-cache, no-store
x-mode: 117
x-xss-protection: 1; mode=block
expires: -1

GET
H/1.1 200
OK adcm.js Show response
tag.digitaltarget.ru/ Frame F91A 3 KB
3 KB 200ms
64ms Script
application/javascript 185.15.175.157
SAFEDATA Uplinks

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.digitaltarget.ru/adcm.js
Requested by: Host: www.acint.net
URL: https://www.acint.net/mc/?dp=10&tc=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.15.175.157 , Russian Federation, ASN43226 (SAFEDATA Uplinks, RU),
Reverse DNS
Software: nginx /
Resource Hash: 7c078e5032ba5da0fdf4e333ac30ad283aaa9de5d935e716c6fd7e1b5d4e9d2e

Request headers

Referer: https://www.acint.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 01:19:45 GMT
Last-Modified: Thu, 13 May 2021 10:40:41 GMT
Server: nginx
ETag: "609d0229-c11"
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3089

GET
H2 204 sape
sync.dmp.otm-r.com/match/ Frame F91A 0
70 B 42ms
11ms Image
text/plain 116.202.85.93
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.dmp.otm-r.com/match/sape?id=0100007FB1F4CB602C04435602231722
Requested by: Host: www.acint.net
URL: https://www.acint.net/mc/?dp=10&tc=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 116.202.85.93 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.93.85.202.116.clients.your-server.de
Software: nginx/1.17.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.acint.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Fri, 18 Jun 2021 01:19:45 GMT
server: nginx/1.17.10

GET
H2

200

match
www.acint.net/ Frame F91A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=agentstvo_sape_limited&google_hm=AQAAf7H0y2AsBENWAiMXIg
https://cm.g.doubleclick.net/pixel?google_nid=agentstvo_sape_limited&google_hm=AQAAf7H0y2AsBENWAiMXIg&google_tc=
https://www.acint.net/match?dp=77&euid=

43 B
269 B

11ms
11ms

Image
image/gif

46.4.121.26
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.acint.net/match?dp=77&euid=
Requested by: Host: www.acint.net
URL: https://www.acint.net/mc/?dp=10&tc=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 46.4.121.26 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: hz1271109.aucourant.info
Software: openresty /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.acint.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 01:19:45 GMT
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
server: openresty
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
content-length: 43
expires: Wed, 19 Apr 2000 11:43:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 18 Jun 2021 01:19:45 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://www.acint.net/match?dp=77&euid=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 240
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
adlmerge.com/merge_gpsid/ Frame F91A
Redirect Chain

https://stat.adlabs.ru/merge_gpsid/?sid=50&id=0100007FB1F4CB602C04435602231722
https://adlmerge.com/merge_gpsid/?sid=50&id=0100007FB1F4CB602C04435602231722

43 B
115 B

46ms
15ms

Image
image/gif

95.211.66.35
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://adlmerge.com/merge_gpsid/?sid=50&id=0100007FB1F4CB602C04435602231722
Requested by: Host: www.acint.net
URL: https://www.acint.net/mc/?dp=10&tc=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.211.66.35 Wjelsryp, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS: hosted-by.leaseweb.com
Software: nginx/1.16.0 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.acint.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

iseu: eu
server: nginx/1.16.0
date: Fri, 18 Jun 2021 01:19:46 GMT
content-type: image/gif

Redirect headers

location: //adlmerge.com/merge_gpsid/?sid=50&id=0100007FB1F4CB602C04435602231722
date: Fri, 18 Jun 2021 01:17:36 GMT
server: nginx
content-length: 0

GET
H/1.1 200
OK sync.cgi
ssp.adriver.ru/cgi-bin/ Frame F91A 42 B
201 B 272ms
66ms Image
image/gif 81.222.128.216
ELTEL-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssp.adriver.ru/cgi-bin/sync.cgi?dsp_id=153&external_id=0100007FB1F4CB602C04435602231722
Requested by: Host: www.acint.net
URL: https://www.acint.net/mc/?dp=10&tc=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 81.222.128.216 , Russian Federation, ASN20597 (ELTEL-AS, RU),
Reverse DNS: ad16.adriver.ru
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://www.acint.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 01:19:46 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: image/gif

GET
H/1.1 200
OK sprcs
relap.io/partners/ Frame F91A 43 B
1 KB 168ms
59ms Image
image/gif 95.163.37.253
MAILRU-AS Mail.Ru

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://relap.io/partners/sprcs?uid=0100007FB1F4CB602C04435602231722

Requested by

Host: www.acint.net
URL: https://www.acint.net/mc/?dp=10&tc=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

95.163.37.253 , Russian Federation, ASN47764 (MAILRU-AS Mail.Ru, RU),

Reverse DNS

relap.io

Software

nginx /

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=5184000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block; report=https://cspreport.mail.ru/xxssprotection

Request headers

Referer: https://www.acint.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 18 Jun 2021 01:19:46 GMT
X-Content-Type-Options: nosniff
Server: nginx
Strict-Transport-Security: max-age=5184000; includeSubdomains;
Content-Type: image/gif
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 43
X-XSS-Protection: 1; mode=block; report=https://cspreport.mail.ru/xxssprotection

GET
H2

204

0.gif
x01.aidata.io/ Frame F91A
Redirect Chain

https://adx.com.ru/sape-sync?uid=0100007FB1F4CB602C04435602231722
https://adx.com.ru/sync?sspKey=25&sspUserID=0100007FB1F4CB602C04435602231722
https://sync.1dmp.io/pixel.gif?cid=1ff6bf67-bdc8-400e-bc26-d735d8654ed6&pid=w&uid=60cbf4b1d41e065bb90a43ac&ru=https%3A%2F%2Fredirect.frontend.weborama.fr%2Frd%3Furl%3Dhttps%253A%252F%252Fadx.com.ru...
https://sync.1dmp.io/pixel.gif?cid=1ff6bf67-bdc8-400e-bc26-d735d8654ed6&pid=w&uid=60cbf4b1d41e065bb90a43ac&ru=https%3A%2F%2Fredirect.frontend.weborama.fr%2Frd%3Furl%3Dhttps%253A%252F%252Fadx.com.ru...
https://redirect.frontend.weborama.fr/rd?url=https%3A%2F%2Fadx.com.ru%2Fweborama-sync%3Furl%3Dhttps%253A%252F%252Fprodmp.ru%252Fyabbi.gif%253Fuid%253D60cbf4b1d41e065bb90a43ac%2526r%253Dhttps%25253A...
https://redirect.frontend.weborama.fr/rd?url=https%3A%2F%2Fadx.com.ru%2Fweborama-sync%3Furl%3Dhttps%253A%252F%252Fprodmp.ru%252Fyabbi.gif%253Fuid%253D60cbf4b1d41e065bb90a43ac%2526r%253Dhttps%25253A...
https://adx.com.ru/weborama-sync?url=https%3A%2F%2Fprodmp.ru%2Fyabbi.gif%3Fuid%3D60cbf4b1d41e065bb90a43ac%26r%3Dhttps%253A%252F%252Fx01.aidata.io%252F0.gif%253Fpid%253D9712851%2526id%253D60cbf4b1d4...
https://prodmp.ru/yabbi.gif?uid=60cbf4b1d41e065bb90a43ac&r=https%3A%2F%2Fx01.aidata.io%2F0.gif%3Fpid%3D9712851%26id%3D60cbf4b1d41e065bb90a43ac%26dest%3D
https://x01.aidata.io/0.gif?pid=9712851&id=60cbf4b1d41e065bb90a43ac&dest=

0
401 B

53ms
53ms

Image
text/plain

89.108.119.28
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x01.aidata.io/0.gif?pid=9712851&id=60cbf4b1d41e065bb90a43ac&dest=
Requested by: Host: www.acint.net
URL: https://www.acint.net/mc/?dp=10&tc=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.108.119.28 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: d51802.reg.regrucolo.ru
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.acint.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Jun 2021 01:19:47 GMT
cache-control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
expires: Fri, 18 Jun 2021 01:19:46 GMT
last-modified: Fri, 18 Jun 2021 01:19:46 GMT
server: nginx
p3p: CP='NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA'

Redirect headers

location: https://x01.aidata.io/0.gif?pid=9712851&id=60cbf4b1d41e065bb90a43ac&dest=
date: Fri, 18 Jun 2021 01:19:47 GMT
access-control-allow-credentials: true
server: nginx
content-type: image/gif
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

pixel.gif
sync.1dmp.io/ Frame F91A
Redirect Chain

https://sync.1dmp.io/pixel.gif?cid=4c144084-0ce0-4f71-a147-2abe600b8908&brid=ba2b253b-6888-4e47-a573-9ffc06d95cd1&pid=w&uid=0100007FB1F4CB602C04435602231722
https://sync.1dmp.io/pixel.gif?cid=4c144084-0ce0-4f71-a147-2abe600b8908&brid=ba2b253b-6888-4e47-a573-9ffc06d95cd1&pid=w&uid=0100007FB1F4CB602C04435602231722&cs=1

35 B
378 B

42ms
41ms

Image
image/gif

95.216.101.186
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.1dmp.io/pixel.gif?cid=4c144084-0ce0-4f71-a147-2abe600b8908&brid=ba2b253b-6888-4e47-a573-9ffc06d95cd1&pid=w&uid=0100007FB1F4CB602C04435602231722&cs=1
Requested by: Host: www.acint.net
URL: https://www.acint.net/mc/?dp=10&tc=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 95.216.101.186 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.186.101.216.95.clients.your-server.de
Software: nginx /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

Referer: https://www.acint.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 01:19:46 GMT
cache-control: private, no-cache, no-store, no-cache=Set-Cookie, proxy-revalidate
server: nginx
content-type: image/gif
content-length: 35
expires: 0

Redirect headers

location: /pixel.gif?cid=4c144084-0ce0-4f71-a147-2abe600b8908&brid=ba2b253b-6888-4e47-a573-9ffc06d95cd1&pid=w&uid=0100007FB1F4CB602C04435602231722&cs=1
date: Fri, 18 Jun 2021 01:19:46 GMT
cache-control: private, no-cache, no-store, no-cache=Set-Cookie, proxy-revalidate
server: nginx
content-length: 0
expires: 0

GET
H2

200

match
www.acint.net/ Frame F91A
Redirect Chain

https://sape-sync.rutarget.ru/sync
https://www.acint.net/match?dp=104&euid=cerNklUh1--4

43 B
269 B

13ms
11ms

Image
image/gif

46.4.121.26
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.acint.net/match?dp=104&euid=cerNklUh1--4
Requested by: Host: www.acint.net
URL: https://www.acint.net/mc/?dp=10&tc=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 46.4.121.26 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: hz1271109.aucourant.info
Software: openresty /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.acint.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 01:19:46 GMT
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
server: openresty
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
content-length: 43
expires: Wed, 19 Apr 2000 11:43:00 GMT

Redirect headers

Location: https://www.acint.net/match?dp=104&euid=cerNklUh1--4
Date: Fri, 18 Jun 2021 01:19:46 GMT
Server: nginx
Connection: keep-alive
Content-Length: 0
P3P: CP="This is not a P3P policy. Please visit http://rutarget.ru/p3p/ to get more information."

GET
H2

200

match
acint.net/ Frame F91A
Redirect Chain

https://ads.betweendigital.com/match?bidder_id=35313&callback_url=https%3A%2F%2Facint.net%2Fmatch%3Fdp%3D107%26euid%3D%24%7BUSER_ID%7D
https://acint.net/match?dp=107&euid=3f04def9-236d-52a9-b59f-8291d5547620

43 B
269 B

11ms
11ms

Image
image/gif

195.201.243.71
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://acint.net/match?dp=107&euid=3f04def9-236d-52a9-b59f-8291d5547620
Requested by: Host: www.acint.net
URL: https://www.acint.net/mc/?dp=10&tc=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.201.243.71 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: ingolstadt.aucourant.info
Software: openresty /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.acint.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 01:19:46 GMT
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
server: openresty
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
content-length: 43
expires: Wed, 19 Apr 2000 11:43:00 GMT

Redirect headers

location: https://acint.net/match?dp=107&euid=3f04def9-236d-52a9-b59f-8291d5547620
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 0

GET
H2

200

match
www.acint.net/ Frame F91A
Redirect Chain

https://0100007fb1f4cb602c04435602231722-sp.ops.beeline.ru/p?ssp=sp&id=0100007FB1F4CB602C04435602231722
https://www.acint.net/match?dp=111&euid=62f076c6-a0e2-4d18-9e3a-20dba096bad4

43 B
269 B

17ms
10ms

Image
image/gif

46.4.121.26
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.acint.net/match?dp=111&euid=62f076c6-a0e2-4d18-9e3a-20dba096bad4
Requested by: Host: www.acint.net
URL: https://www.acint.net/mc/?dp=10&tc=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 46.4.121.26 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: hz1271109.aucourant.info
Software: openresty /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.acint.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 01:19:46 GMT
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
server: openresty
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
content-length: 43
expires: Wed, 19 Apr 2000 11:43:00 GMT

Redirect headers

date: Fri, 18 Jun 2021 01:19:46 GMT
x-route: http://upstream_cookiesync
server: nginx
location: https://www.acint.net/match?dp=111&euid=62f076c6-a0e2-4d18-9e3a-20dba096bad4
access-control-allow-methods: HEAD,GET,POST,PUT,DELETE,OPTIONS, GET, HEAD, POST, OPTIONS, PUT, DELETE
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true, true
x-host: 192.168.152.63
access-control-allow-headers: authorization, Content-Type, Authorization, Origin, X-Requested-With, Accept, Key, Accept-Encoding, DNT
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

404

JA9wl4PQTmaukGS0p5fT3g
an.yandex.ru/setud/mts_banner/ Frame F91A
Redirect Chain

https://ut.rktch.com/matchspm?pi=1000005&pui=0100007FB1F4CB602C04435602231722
https://sm.rtb.mts.ru/p?ssp=natimatica&id=b2f3cb50180064f19a39028f8a4755eb7256
https://sm.rtb.mts.ru/match/second?r=https%3A%2F%2Fut.rktch.com%2Fmatchsbm%3Fbi%3D29%26bui%3D240f7097-83d0-4e66-ae90-64b4a797d3de&ssp=natimatica&exu=b2f3cb50180064f19a39028f8a4755eb7256
https://tech.rtb.mts.ru/?dsp_uid=240f7097-83d0-4e66-ae90-64b4a797d3de&return_url=https%3A%2F%2Fan.yandex.ru%2Fsetud%2Fmts_banner%2FJA9wl4PQTmaukGS0p5fT3g%3Flocation%3Dhttps%253A%252F%252Fut.rktch.c...
https://an.yandex.ru/setud/mts_banner/JA9wl4PQTmaukGS0p5fT3g?location=https%3A%2F%2Fut.rktch.com%2Fmatchsbm%3Fbi%3D29%26bui%3D240f7097-83d0-4e66-ae90-64b4a797d3de&sign=1318329968

43 B
80 B

65ms
65ms

Image
image/gif

2a02:6b8::90
YANDEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://an.yandex.ru/setud/mts_banner/JA9wl4PQTmaukGS0p5fT3g?location=https%3A%2F%2Fut.rktch.com%2Fmatchsbm%3Fbi%3D29%26bui%3D240f7097-83d0-4e66-ae90-64b4a797d3de&sign=1318329968

Requested by

Host: www.acint.net
URL: https://www.acint.net/mc/?dp=10&tc=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a02:6b8::90 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

ccb150b1878d5aa777543222f9e47636d4258687e3dd57e625988f09a96bda64

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.acint.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Jun 2021 01:19:46 GMT
content-encoding: gzip
last-modified: Fri, 18 Jun 2021 01:19:46 GMT
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
strict-transport-security: max-age=31536000
content-type: image/gif; charset=windows-1251
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
timing-allow-origin: *
x-xss-protection: 1; mode=block
expires: Fri, 18 Jun 2021 01:19:46 GMT

Redirect headers

Date: Fri, 18 Jun 2021 01:19:46 GMT
Server: nginx/1.13.12
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Content-Type: text/html; charset=utf-8
Location: https://an.yandex.ru/setud/mts_banner/JA9wl4PQTmaukGS0p5fT3g?location=https%3A%2F%2Fut.rktch.com%2Fmatchsbm%3Fbi%3D29%26bui%3D240f7097-83d0-4e66-ae90-64b4a797d3de&sign=1318329968
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With

GET
H2

404

JA9wl4PQTmaukGS0p5fT3g
an.yandex.ru/setud/mts_banner/ Frame F91A
Redirect Chain

https://sm.rtb.mts.ru/p?ssp=sape&id=0100007FB1F4CB602C04435602231722
https://sm.rtb.mts.ru/match/second?r=https%3A%2F%2Fwww.acint.net%2Fmatch%3Fdp%3D125%26euid%3D240f7097-83d0-4e66-ae90-64b4a797d3de&ssp=sape&exu=0100007FB1F4CB602C04435602231722
https://tech.rtb.mts.ru/?dsp_uid=240f7097-83d0-4e66-ae90-64b4a797d3de&return_url=https%3A%2F%2Fan.yandex.ru%2Fsetud%2Fmts_banner%2FJA9wl4PQTmaukGS0p5fT3g%3Flocation%3Dhttps%253A%252F%252Fwww.acint....
https://an.yandex.ru/setud/mts_banner/JA9wl4PQTmaukGS0p5fT3g?location=https%3A%2F%2Fwww.acint.net%2Fmatch%3Fdp%3D125%26euid%3D240f7097-83d0-4e66-ae90-64b4a797d3de&sign=2912159475

43 B
103 B

59ms
59ms

Image
image/gif

2a02:6b8::90
YANDEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://an.yandex.ru/setud/mts_banner/JA9wl4PQTmaukGS0p5fT3g?location=https%3A%2F%2Fwww.acint.net%2Fmatch%3Fdp%3D125%26euid%3D240f7097-83d0-4e66-ae90-64b4a797d3de&sign=2912159475

Requested by

Host: www.acint.net
URL: https://www.acint.net/mc/?dp=10&tc=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a02:6b8::90 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

ccb150b1878d5aa777543222f9e47636d4258687e3dd57e625988f09a96bda64

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.acint.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Jun 2021 01:19:46 GMT
content-encoding: gzip
last-modified: Fri, 18 Jun 2021 01:19:46 GMT
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
strict-transport-security: max-age=31536000
content-type: image/gif; charset=windows-1251
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
timing-allow-origin: *
x-xss-protection: 1; mode=block
expires: Fri, 18 Jun 2021 01:19:46 GMT

Redirect headers

Date: Fri, 18 Jun 2021 01:19:46 GMT
Server: nginx/1.13.12
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Content-Type: text/html; charset=utf-8
Location: https://an.yandex.ru/setud/mts_banner/JA9wl4PQTmaukGS0p5fT3g?location=https%3A%2F%2Fwww.acint.net%2Fmatch%3Fdp%3D125%26euid%3D240f7097-83d0-4e66-ae90-64b4a797d3de&sign=2912159475
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With

GET
H2

200

match
www.acint.net/ Frame F91A
Redirect Chain

https://exchange.buzzoola.com/cookiesync/redirect/sape?redirect_url=https%3A%2F%2Fwww.acint.net%2Fmatch%3Fdp%3D126%26euid%3D%24%7BUUID%7D
https://www.acint.net/match?dp=126&euid=d202c49c-d984-4bc8-7eba-61deef405619

43 B
269 B

11ms
11ms

Image
image/gif

46.4.121.26
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.acint.net/match?dp=126&euid=d202c49c-d984-4bc8-7eba-61deef405619
Requested by: Host: www.acint.net
URL: https://www.acint.net/mc/?dp=10&tc=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 46.4.121.26 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: hz1271109.aucourant.info
Software: openresty /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.acint.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 01:19:46 GMT
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
server: openresty
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
content-length: 43
expires: Wed, 19 Apr 2000 11:43:00 GMT

Redirect headers

location: https://www.acint.net/match?dp=126&euid=d202c49c-d984-4bc8-7eba-61deef405619
date: Fri, 18 Jun 2021 01:19:46 GMT
server: nginx
content-length: 115
serverid: TODO
content-type: text/html; charset=utf-8

GET
H2

200

match
www.acint.net/ Frame F91A
Redirect Chain

https://s.uuidksinc.net/match/396/0100007FB1F4CB602C04435602231722
https://www.acint.net/match?dp=127&euid=adBQJFAv6ubpUeRVeeVh

43 B
269 B

11ms
11ms

Image
image/gif

46.4.121.26
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.acint.net/match?dp=127&euid=adBQJFAv6ubpUeRVeeVh
Requested by: Host: www.acint.net
URL: https://www.acint.net/mc/?dp=10&tc=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 46.4.121.26 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: hz1271109.aucourant.info
Software: openresty /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.acint.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 01:19:46 GMT
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
server: openresty
p3p: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
content-length: 43
expires: Wed, 19 Apr 2000 11:43:00 GMT

Redirect headers

date: Fri, 18 Jun 2021 01:19:46 GMT
server: nginx/1.19.0
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json; charset=utf-8
location: https://www.acint.net/match?dp=127&euid=adBQJFAv6ubpUeRVeeVh
access-control-allow-headers: Content-Type
content-length: 0

GET
H/1.1 204
No Content userbind
match.new-programmatic.com/ Frame F91A 0
215 B 153ms
50ms Image
text/plain 217.65.2.150
CITYTELECOM-MSK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.new-programmatic.com/userbind?src=sape&id=0100007FB1F4CB602C04435602231722
Requested by: Host: www.acint.net
URL: https://www.acint.net/mc/?dp=10&tc=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 217.65.2.150 Moscow, Russian Federation, ASN3175 (CITYTELECOM-MSK, RU),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.acint.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Fri, 18 Jun 2021 01:19:43 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0
Connection: keep-alive
Content-Length: 0
Vary: Origin

GET
H2 204 0100007FB1F4CB602C04435602231722
fcgi4.gnezdo.ru/cookie_matching_ssp/Sape-dsp/ Frame F91A 0
190 B 422ms
57ms Image
text/plain 93.95.102.105
MTW-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://fcgi4.gnezdo.ru/cookie_matching_ssp/Sape-dsp/0100007FB1F4CB602C04435602231722
Requested by: Host: www.acint.net
URL: https://www.acint.net/mc/?dp=10&tc=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 93.95.102.105 Podolsk, Russian Federation, ASN48347 (MTW-AS, RU),
Reverse DNS: unspecified.mtw.ru
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.acint.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 01:19:46 GMT
server: nginx
p3p: policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID"

GET
H2

204

0.gif
x01.aidata.io/ Frame F91A
Redirect Chain

https://x01.aidata.io/0.gif?pid=9401454&id=0100007FB1F4CB602C04435602231722
https://x01.aidata.io/0.gif?pid=9401454&id=0100007FB1F4CB602C04435602231722&bounce=1
https://counter.yadro.ru/id-redir/aidata.gif?back=STOP
https://x01.aidata.io/0.gif?pid=LIVE&id=&back=STOP

0
401 B

54ms
54ms

Image
text/plain

89.108.119.28
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x01.aidata.io/0.gif?pid=LIVE&id=&back=STOP
Requested by: Host: www.acint.net
URL: https://www.acint.net/mc/?dp=10&tc=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.108.119.28 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: d51802.reg.regrucolo.ru
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.acint.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Jun 2021 01:19:47 GMT
cache-control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
expires: Fri, 18 Jun 2021 01:19:46 GMT
last-modified: Fri, 18 Jun 2021 01:19:46 GMT
server: nginx
p3p: CP='NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA'

Redirect headers

Location: https://x01.aidata.io/0.gif?pid=LIVE&id=&back=STOP
Date: Fri, 18 Jun 2021 01:19:47 GMT
Server: nginx/1.17.9
Connection: keep-alive
Content-Length: 242
Strict-Transport-Security: max-age=86400
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1

200
OK

/
sync.bumlam.com/ Frame F91A
Redirect Chain

https://sync.bumlam.com/?src=sap1&uid=0100007FB1F4CB602C04435602231722
https://sync3.adsniper.ru/?src=ss1&s_data=CAEQABiy6a-GBlIFrbKc-w9iIDAxMDAwMDdGQjFGNENCNjAyQzA0NDM1NjAyMjMxNzIy
https://sync.bumlam.com/?src=sap1&s_data=CAIQABiy6a-GBmIgMDEwMDAwN0ZCMUY0Q0I2MDJDMDQ0MzU2MDIyMzE3MjKiARBEqYKGz9MR64pTDMR6bS_v

0
523 B

41ms
20ms

Image
text/html

31.172.81.159
DE-FIRSTCOLO www....

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.bumlam.com/?src=sap1&s_data=CAIQABiy6a-GBmIgMDEwMDAwN0ZCMUY0Q0I2MDJDMDQ0MzU2MDIyMzE3MjKiARBEqYKGz9MR64pTDMR6bS_v
Requested by: Host: www.acint.net
URL: https://www.acint.net/mc/?dp=10&tc=1
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 31.172.81.159 , Germany, ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.acint.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 01:19:46 GMT
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate, s-maxage=0
Server: nginx
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

Redirect headers

Date: Fri, 18 Jun 2021 01:19:46 GMT
Server: nginx
ETag: 44a98286-cfd3-11eb-8a53-0cc47a6d2fef
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Location: //sync.bumlam.com/?src=sap1&s_data=CAIQABiy6a-GBmIgMDEwMDAwN0ZCMUY0Q0I2MDJDMDQ0MzU2MDIyMzE3MjKiARBEqYKGz9MR64pTDMR6bS_v
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0

GET
H2

200

0100007FB1F4CB602C04435602231722
an.yandex.ru/mapuid/sapeis/ Frame F91A
Redirect Chain

https://an.yandex.ru/mapuid/sapeis/0100007FB1F4CB602C04435602231722
https://an.yandex.ru/mapuid/sapeis/0100007FB1F4CB602C04435602231722?redir-setuniq=1

43 B
99 B

61ms
60ms

Image
image/gif

2a02:6b8::90
YANDEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://an.yandex.ru/mapuid/sapeis/0100007FB1F4CB602C04435602231722?redir-setuniq=1

Requested by

Host: www.acint.net
URL: https://www.acint.net/mc/?dp=10&tc=1

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a02:6b8::90 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.acint.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Jun 2021 01:19:46 GMT
content-encoding: gzip
last-modified: Fri, 18 Jun 2021 01:19:46 GMT
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
strict-transport-security: max-age=31536000
content-type: image/gif; charset=utf-8
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
timing-allow-origin: *
x-xss-protection: 1; mode=block
expires: Fri, 18 Jun 2021 01:19:46 GMT

Redirect headers

pragma: no-cache
date: Fri, 18 Jun 2021 01:19:46 GMT
content-encoding: gzip
last-modified: Fri, 18 Jun 2021 01:19:46 GMT
strict-transport-security: max-age=31536000
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
location: https://an.yandex.ru/mapuid/sapeis/0100007FB1F4CB602C04435602231722?redir-setuniq=1
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
timing-allow-origin: *
x-xss-protection: 1; mode=block
expires: Fri, 18 Jun 2021 01:19:46 GMT

GET
H2 200 frame.html Show response
s3.advarkads.com/modules/match/ Frame CF2C 187 B
439 B 98ms
79ms Document
text/html 2606:4700:10::6816:557
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s3.advarkads.com/modules/match/frame.html?id=8113-1-1&uid=0100007FB1F4CB602C04435602231722
Requested by: Host: www.acint.net
URL: https://www.acint.net/mc/?dp=10&tc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:557 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 53e4cb1ec1da57e5fec65ec5f5b19b050fa8bd6e19e9030c2704456846e4d106

Request headers

:method: GET
:authority: s3.advarkads.com
:scheme: https
:path: /modules/match/frame.html?id=8113-1-1&uid=0100007FB1F4CB602C04435602231722
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.acint.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.acint.net/

Response headers

date: Fri, 18 Jun 2021 01:19:45 GMT
content-type: text/html
cache-control: max-age=60
last-modified: Sat, 25 Apr 2020 07:44:34 GMT
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: DYNAMIC
cf-request-id: 0abe4ceea400004e797d3fb000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6610b0f769904e79-FRA
content-encoding: gzip

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 209 B
664 B 79ms
50ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=microsoftportal.net&callback=_gfp_s_&client=ca-pub-8396851324217908

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210616/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-8396851324217908&plah=microsoftportal.net&amaexp=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

e2a5ed37fa56d547b16b841360b8d0fa99617169cb6f70266b8ed04e184da26e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://microsoftportal.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 01:19:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 198
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
853 B 38ms
14ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=microsoftportal.net

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://microsoftportal.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 18 Jun 2021 01:19:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
570 B 38ms
15ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=microsoftportal.net

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://microsoftportal.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 18 Jun 2021 01:19:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 0F59 74 KB
25 KB 371ms
371ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8396851324217908&output=html&h=90&slotname=2908634292&adk=3175562939&adf=658274708&pi=t.ma~as.2908634292&w=728&lmt=1623979185&psa=0&format=728x90&url=https%3A%2F%2Fmicrosoftportal.net%2F%3F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1623979185723&bpp=3&bdt=319&idt=88&shv=r20210616&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&correlator=4819059036576&frm=20&pv=2&ga_vid=1915006618.1623979186&ga_sid=1623979186&ga_hid=1699597303&ga_fc=0&u_tz=120&u_his=3&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=202&ady=250&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=145003549783568&ref=https%3A%2F%2Fmicrosoftportal.net.admin-mcas.ms%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=8g8xvqRfCA&p=https%3A//microsoftportal.net&dtd=113

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

95670c61cea51012201db49e26658c4452fff67828f05e59ef02c67d11d5aaf9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-8396851324217908&output=html&h=90&slotname=2908634292&adk=3175562939&adf=658274708&pi=t.ma~as.2908634292&w=728&lmt=1623979185&psa=0&format=728x90&url=https%3A%2F%2Fmicrosoftportal.net%2F%3F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1623979185723&bpp=3&bdt=319&idt=88&shv=r20210616&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&correlator=4819059036576&frm=20&pv=2&ga_vid=1915006618.1623979186&ga_sid=1623979186&ga_hid=1699597303&ga_fc=0&u_tz=120&u_his=3&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=202&ady=250&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=145003549783568&ref=https%3A%2F%2Fmicrosoftportal.net.admin-mcas.ms%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=8g8xvqRfCA&p=https%3A//microsoftportal.net&dtd=113
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://microsoftportal.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://microsoftportal.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Fri, 18 Jun 2021 01:19:46 GMT
server: cafe
content-length: 25330
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 18-Jun-2021 01:34:45 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 18 Jun 2021 01:19:46 GMT
cache-control: private

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
28 KB 34ms
14ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e3d2fb5e2edecc03632d4232f8956dfc6cea25557cdd082cab892d00f2769bc4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://microsoftportal.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 01:19:45 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1623842926269324"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28241
x-xss-protection: 0
expires: Fri, 18 Jun 2021 01:19:45 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 14ms
13ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=adfil-imp&wp=ca-pub-8396851324217908&c=2&e=2570847921467975139&n=0&t=0&w=434&x=3

Requested by

Host: microsoftportal.net
URL: https://microsoftportal.net/?

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://microsoftportal.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Jun 2021 01:19:45 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame E333 73 KB
25 KB 551ms
551ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8396851324217908&output=html&h=600&slotname=2618197074&adk=2460103794&adf=3305433536&pi=t.ma~as.2618197074&w=300&fwrn=4&fwrnh=100&lmt=1623979185&rafmt=1&psa=0&format=300x600&url=https%3A%2F%2Fmicrosoftportal.net%2F%3F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1623979185726&bpp=1&bdt=322&idt=127&shv=r20210616&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=4819059036576&frm=20&pv=1&ga_vid=1915006618.1623979186&ga_sid=1623979186&ga_hid=1699597303&ga_fc=0&u_tz=120&u_his=3&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1099&ady=365&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=145003549783568&ref=https%3A%2F%2Fmicrosoftportal.net.admin-mcas.ms%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=WBKw8VLyXC&p=https%3A//microsoftportal.net&dtd=130

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38b79f0a42931a0be4deaeb1dd58f3b1d4fc021041af67cf2e33f892f5464bb3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-8396851324217908&output=html&h=600&slotname=2618197074&adk=2460103794&adf=3305433536&pi=t.ma~as.2618197074&w=300&fwrn=4&fwrnh=100&lmt=1623979185&rafmt=1&psa=0&format=300x600&url=https%3A%2F%2Fmicrosoftportal.net%2F%3F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1623979185726&bpp=1&bdt=322&idt=127&shv=r20210616&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=4819059036576&frm=20&pv=1&ga_vid=1915006618.1623979186&ga_sid=1623979186&ga_hid=1699597303&ga_fc=0&u_tz=120&u_his=3&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1099&ady=365&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=145003549783568&ref=https%3A%2F%2Fmicrosoftportal.net.admin-mcas.ms%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=WBKw8VLyXC&p=https%3A//microsoftportal.net&dtd=130
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://microsoftportal.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://microsoftportal.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Fri, 18 Jun 2021 01:19:46 GMT
server: cafe
content-length: 25301
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 18-Jun-2021 01:34:45 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 18 Jun 2021 01:19:46 GMT
cache-control: private

GET
H2

400

sync_cookie_image_decide
mc.yandex.com/
Redirect Chain

https://mc.yandex.com/sync_cookie_image_check
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=9307.JPQX8AuodB4EFZtR9RT2LRg_fZZkZkjMFCclN2NCPUFdNYkvRI1AR59L6em0wCv0.Ml8eEaVjnYcWxsNahfs1Q-BK4XE%2C
https://mc.yandex.com/sync_cookie_image_decide?token=9307.u0f2JqS_YhoJ8NWezVO0qDZ3afSOR-u1rRO-Nj9vrDrlcdc8NdqSC1YPo8UoZb0J0cz2b--u4Jcq2uIGhXjJDA%2C%2C.GFgRnnFnQoivUFC3d6fuQfFwYB8%2C

75 B
75 B

49ms
48ms

Image
text/html

2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/sync_cookie_image_decide?token=9307.u0f2JqS_YhoJ8NWezVO0qDZ3afSOR-u1rRO-Nj9vrDrlcdc8NdqSC1YPo8UoZb0J0cz2b--u4Jcq2uIGhXjJDA%2C%2C.GFgRnnFnQoivUFC3d6fuQfFwYB8%2C

Requested by

Host: microsoftportal.net
URL: https://microsoftportal.net/?

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

8398a026313c016324f186d1c9b24a46813109d4bc5477d910a683079cbf1434

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://microsoftportal.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 01:19:46 GMT
strict-transport-security: max-age=31536000
content-length: 75
x-xss-protection: 1; mode=block
content-type: text/html; charset=utf-8

Redirect headers

location: https://mc.yandex.com/sync_cookie_image_decide?token=9307.u0f2JqS_YhoJ8NWezVO0qDZ3afSOR-u1rRO-Nj9vrDrlcdc8NdqSC1YPo8UoZb0J0cz2b--u4Jcq2uIGhXjJDA%2C%2C.GFgRnnFnQoivUFC3d6fuQfFwYB8%2C
date: Fri, 18 Jun 2021 01:19:46 GMT
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 0706 71 KB
29 KB 540ms
539ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8396851324217908&output=html&h=280&slotname=7615861873&adk=1353954373&adf=392815488&pi=t.ma~as.7615861873&w=1197&fwrn=4&fwrnh=100&lmt=1623979185&rafmt=1&psa=0&format=1197x280&url=https%3A%2F%2Fmicrosoftportal.net%2F%3F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1623979185727&bpp=1&bdt=323&idt=165&shv=r20210616&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C300x600&correlator=4819059036576&frm=20&pv=1&ga_vid=1915006618.1623979186&ga_sid=1623979186&ga_hid=1699597303&ga_fc=0&u_tz=120&u_his=3&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=202&ady=2232&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=145003549783568&ref=https%3A%2F%2Fmicrosoftportal.net.admin-mcas.ms%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=N8b3RWDEwB&p=https%3A//microsoftportal.net&dtd=167

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eb33a129d1093d5a35727b202a165f527147869649c4301e8cbee51702a73e35

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-8396851324217908&output=html&h=280&slotname=7615861873&adk=1353954373&adf=392815488&pi=t.ma~as.7615861873&w=1197&fwrn=4&fwrnh=100&lmt=1623979185&rafmt=1&psa=0&format=1197x280&url=https%3A%2F%2Fmicrosoftportal.net%2F%3F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1623979185727&bpp=1&bdt=323&idt=165&shv=r20210616&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C300x600&correlator=4819059036576&frm=20&pv=1&ga_vid=1915006618.1623979186&ga_sid=1623979186&ga_hid=1699597303&ga_fc=0&u_tz=120&u_his=3&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=202&ady=2232&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=145003549783568&ref=https%3A%2F%2Fmicrosoftportal.net.admin-mcas.ms%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=N8b3RWDEwB&p=https%3A//microsoftportal.net&dtd=167
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://microsoftportal.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://microsoftportal.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Fri, 18 Jun 2021 01:19:46 GMT
server: cafe
content-length: 30084
x-xss-protection: 0
set-cookie: IDE=AHWqTUmaAXndk1hYAa2b8xUuYQxgOMJKrBygNOaB7-FL6Aj73YUVF2z3yLTj0srHm5w; expires=Wed, 13-Jul-2022 01:19:45 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 18 Jun 2021 01:19:46 GMT
cache-control: private

GET
H2 200 advert.gif
mc.yandex.com/metrika/ 43 B
100 B 46ms
44ms Image
image/gif 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/metrika/advert.gif

Requested by

Host: microsoftportal.net
URL: https://microsoftportal.net/?

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://microsoftportal.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 01:19:45 GMT
last-modified: Thu, 17 Jun 2021 09:26:05 GMT
etag: "60bf3bc8-2b"
strict-transport-security: max-age=31536000
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
content-length: 43
expires: Fri, 18 Jun 2021 02:19:45 GMT

POST
H2 200 counter
top-fwz1.mail.ru/ 43 B
811 B 46ms
46ms Ping
image/gif 217.69.133.145
MAILRU-AS Mail.Ru

General

Check archive.org

Show headers Download Go to

Full URL

https://top-fwz1.mail.ru/counter?js=13;id=2124891;u=https%3A//microsoftportal.net/%3F;r=https%3A//microsoftportal.net.admin-mcas.ms/;st=1623979185687;title=MSPortal;s=1600*1200;vp=1600*1200;touch=0;hds=1;flash=;sid=5ae6bd563f55087a;ver=60.3.0;tz=-120%2FEurope%2FBerlin;ni=9.7//4g/0/0/;lvid=1623979185906%3A1623979185914%3A1%3Ac2c9eebb523386c4cb5fa061cd626c00;_=0.7232100232854772

Requested by

Host: top-fwz1.mail.ru
URL: https://top-fwz1.mail.ru/js/code.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

217.69.133.145 , Russian Federation, ASN47764 (MAILRU-AS Mail.Ru, RU),

Reverse DNS

top-fwz1.mail.ru

Software

nginx /

Resource Hash

24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://microsoftportal.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Fri, 18 Jun 2021 01:19:45 GMT
x-content-type-options: nosniff
p3p: CP="NOI DSP COR NID CUR PSA OUR NOR"
content-length: 43
pragma: no-cache
amp-access-control-allow-source-origin: https://microsoftportal.net
server: nginx
access-control-allow-methods: GET, POST, HEAD, PUT, OPTIONS
content-type: image/gif
access-control-allow-origin: https://microsoftportal.net
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: private, no-cache, no-store, max-age=0
access-control-allow-credentials: true
accept-ch-lifetime: 86400
accept-ch: DPR, Width, Viewport-Width, Downlink, Device-Memory
timing-allow-origin: https://microsoftportal.net
access-control-allow-headers: *

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame F0F4 0
20 B 15ms
15ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8396851324217908&output=html&adk=1812271804&adf=3025194257&lmt=1623979185&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fmicrosoftportal.net%2F%3F&ea=0&flash=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1623979185735&bpp=1&bdt=331&idt=181&shv=r20210616&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C300x600%2C1197x280&nras=1&correlator=4819059036576&frm=20&pv=1&ga_vid=1915006618.1623979186&ga_sid=1623979186&ga_hid=1699597303&ga_fc=0&u_tz=120&u_his=3&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=145003549783568&ref=https%3A%2F%2Fmicrosoftportal.net.admin-mcas.ms%2F&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=4&uci=a!4&fsb=1&dtd=186

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-8396851324217908&output=html&adk=1812271804&adf=3025194257&lmt=1623979185&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fmicrosoftportal.net%2F%3F&ea=0&flash=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1623979185735&bpp=1&bdt=331&idt=181&shv=r20210616&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C300x600%2C1197x280&nras=1&correlator=4819059036576&frm=20&pv=1&ga_vid=1915006618.1623979186&ga_sid=1623979186&ga_hid=1699597303&ga_fc=0&u_tz=120&u_his=3&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=145003549783568&ref=https%3A%2F%2Fmicrosoftportal.net.admin-mcas.ms%2F&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=4&uci=a!4&fsb=1&dtd=186
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://microsoftportal.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://microsoftportal.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Fri, 18 Jun 2021 01:19:45 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Fri, 01-Aug-2008 22:45:55 GMT; SameSite=none; Secure IDE=AHWqTUmQJEUF2eXPifiZaCHW3I9vGJfNsHE7gfYK1N1UAFC1yL6cYVp6zxZRqNSM; expires=Wed, 13-Jul-2022 01:19:45 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 18 Jun 2021 01:19:45 GMT
cache-control: private

GET
H2 200 /
kraken.rambler.ru/cnt/ 595 B
1 KB 127ms
41ms Image
image/gif 81.19.89.16
RAMBLER-TELECOM-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://kraken.rambler.ru/cnt/?et=pv&pid=2584737&rid=1623979185.935-1464152250&tid=t1.2584737.1704144651.1623979185936&v=1.18.11&exp=exp_bot%2Csplit_a%2Cexp_ab3%2Cb&rn=1258645770&bs=1600x1200&ce=1&rf=https%3A%2F%2Fmicrosoftportal.net.admin-mcas.ms%2F&en=UTF-8&pt=MSPortal&sr=1600x1200&cd=24-bit&la=en-US&ja=0&acn=Mozilla&an=Netscape&pl=Linux%20x86_64&tz=-120&fv&sv&lv&le=0&url=https%3A%2F%2Fmicrosoftportal.net%2F%3F
Requested by: Host: microsoftportal.net
URL: https://microsoftportal.net/?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 81.19.89.16 Moscow, Russian Federation, ASN24638 (RAMBLER-TELECOM-AS, RU),
Reverse DNS: kraken.rambler.ru
Software: nginx/1.19.4 /
Resource Hash: fd4b37401b665299f555320c5f46a1421d791bcbba1b23cba58dba9f01fc6f9a

Request headers

Referer: https://microsoftportal.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 01:19:46 GMT
last-modified: Tue, 12 Nov 2019 12:50:59 GMT
server: nginx/1.19.4
etag: "5dcaaab3-253"
access-control-allow-methods: GET, POST, OPTIONS
p3p: CP="NON DSP NID ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
access-control-allow-credentials: true
accept-ranges: bytes
content-type: image/gif
access-control-allow-headers: content-type
content-length: 595

GET
H2 200 frame.js Show response
s3.advarkads.com/modules/match/ Frame CF2C 20 KB
7 KB 13ms
13ms Script
application/javascript 2606:4700:10::6816:557
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s3.advarkads.com/modules/match/frame.js
Requested by: Host: s3.advarkads.com
URL: https://s3.advarkads.com/modules/match/frame.html?id=8113-1-1&uid=0100007FB1F4CB602C04435602231722
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:557 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2fa34cb36e7f351ad5936818f0720f0eb56d1da511631cef4055976078260046

Request headers

Referer: https://s3.advarkads.com/modules/match/frame.html?id=8113-1-1&uid=0100007FB1F4CB602C04435602231722
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 01:19:46 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 27
content-length: 6671
cf-request-id: 0abe4cef5b00004e79910e7000000001
last-modified: Thu, 10 Jun 2021 13:17:22 GMT
server: cloudflare
etag: "05d5bf2fa5dd71:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=60
accept-ranges: bytes
cf-ray: 6610b0f89ad74e79-FRA

GET
H/1.1 200
OK processor.js Show response
tag.digitaltarget.ru/ Frame F91A 15 KB
16 KB 124ms
123ms Script
application/javascript 185.15.175.157
SAFEDATA Uplinks

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.digitaltarget.ru/processor.js?i=112279652370500
Requested by: Host: tag.digitaltarget.ru
URL: https://tag.digitaltarget.ru/adcm.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.15.175.157 , Russian Federation, ASN43226 (SAFEDATA Uplinks, RU),
Reverse DNS
Software: nginx /
Resource Hash: 5a0da3f86d0505c67db1fb2287ce92548014d4ba7969eb76b7f716a5d5009e8f

Request headers

Referer: https://www.acint.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 01:19:46 GMT
Last-Modified: Thu, 13 May 2021 10:40:42 GMT
Server: nginx
ETag: "609d022a-3da5"
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 15781

GET
H2

200

/
wf.frontend.weborama.fr/streampixel/ Frame CF2C
Redirect Chain

https://api.advarkads.com/api/statistic/match?id=8113-1-1&uid=0100007FB1F4CB602C04435602231722
https://wf.frontend.weborama.fr/streampixel/?wamid=8179&Wvar=%7B%22userid%22%3A%22EAIRMrlopkm_1m4vLF7aRQ%22%7D&d.r=216020
https://wf.frontend.weborama.fr/streampixel/?wamid=8179&Wvar=%7B%22userid%22%3A%22EAIRMrlopkm_1m4vLF7aRQ%22%7D&d.r=216020&bounce=1&random=529896554

67 B
142 B

15ms
15ms

Image
image/gif

35.244.223.69
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://wf.frontend.weborama.fr/streampixel/?wamid=8179&Wvar=%7B%22userid%22%3A%22EAIRMrlopkm_1m4vLF7aRQ%22%7D&d.r=216020&bounce=1&random=529896554
Requested by: Host: s3.advarkads.com
URL: https://s3.advarkads.com/modules/match/frame.html?id=8113-1-1&uid=0100007FB1F4CB602C04435602231722
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.223.69 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 69.223.244.35.bc.googleusercontent.com
Software: nginx/1.12.0 /
Resource Hash: 09d46019c7a75b96187202c3c8412182f27c413a9c3661857923dc8e94e91b7b

Request headers

Referer: https://s3.advarkads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Jun 2021 01:19:47 GMT
via: 1.1 google
last-modified: Fri, 18 Jun 2021 01:19:47 GMT
server: nginx/1.12.0
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
content-type: image/gif
alt-svc: clear
content-length: 67
expires: Tue, 03 Jul 2001 06:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 18 Jun 2021 01:19:47 GMT
via: 1.1 google
last-modified: Fri, 18 Jun 2021 01:19:47 GMT
server: nginx/1.12.0
location: https://wf.frontend.weborama.fr/streampixel/?wamid=8179&Wvar=%7B%22userid%22%3A%22EAIRMrlopkm_1m4vLF7aRQ%22%7D&d.r=216020&bounce=1&random=529896554
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
content-length: 0
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2

200

1 Show response
mc.yandex.com/watch/10478836/
Redirect Chain

https://mc.yandex.com/watch/10478836?wmode=7&page-url=https%3A%2F%2Fmicrosoftportal.net%2F%3F&page-ref=https%3A%2F%2Fmicrosoftportal.net.admin-mcas.ms%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A...
https://mc.yandex.com/watch/10478836/1?wmode=7&page-url=https%3A%2F%2Fmicrosoftportal.net%2F%3F&page-ref=https%3A%2F%2Fmicrosoftportal.net.admin-mcas.ms%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%...

184 B
306 B

49ms
49ms

XHR
application/json

2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/watch/10478836/1?wmode=7&page-url=https%3A%2F%2Fmicrosoftportal.net%2F%3F&page-ref=https%3A%2F%2Fmicrosoftportal.net.admin-mcas.ms%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Alvg2sn1re62lx62l%3Afp%3A733%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A562%3Acn%3A1%3Adp%3A0%3Als%3A622167061354%3Ahid%3A753955658%3Az%3A120%3Ai%3A20210618031945%3Aet%3A1623979186%3Ac%3A1%3Arn%3A505851989%3Au%3A1623979186653232680%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Ans%3A1623979184930%3Ads%3A1%2C109%2C359%2C1%2C0%2C0%2C%2C283%2C4%2C%2C%2C%2C771%3Adsn%3A1%2C109%2C359%2C1%2C0%2C0%2C%2C287%2C4%2C%2C%2C%2C771%3Awv%3A2%3Arqnl%3A1%3Aadb%3A2%3Ati%3A2%3Ast%3A1623979186%3At%3AMSPortal

Requested by

Host: microsoftportal.net
URL: https://microsoftportal.net/?

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

230def4495a1533451a5b5154ebef45630011bc7e0399f3b43ec6e41d378faac

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://microsoftportal.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Jun 2021 01:19:46 GMT
x-content-type-options: nosniff
last-modified: Fri, 18-Jun-2021 01:19:46 GMT
strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
access-control-allow-origin: https://microsoftportal.net
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 184
x-xss-protection: 1; mode=block
expires: Fri, 18-Jun-2021 01:19:46 GMT

Redirect headers

pragma: no-cache
date: Fri, 18 Jun 2021 01:19:46 GMT
last-modified: Fri, 18-Jun-2021 01:19:46 GMT
location: /watch/10478836/1?wmode=7&page-url=https%3A%2F%2Fmicrosoftportal.net%2F%3F&page-ref=https%3A%2F%2Fmicrosoftportal.net.admin-mcas.ms%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Alvg2sn1re62lx62l%3Afp%3A733%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A562%3Acn%3A1%3Adp%3A0%3Als%3A622167061354%3Ahid%3A753955658%3Az%3A120%3Ai%3A20210618031945%3Aet%3A1623979186%3Ac%3A1%3Arn%3A505851989%3Au%3A1623979186653232680%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Ans%3A1623979184930%3Ads%3A1%2C109%2C359%2C1%2C0%2C0%2C%2C283%2C4%2C%2C%2C%2C771%3Adsn%3A1%2C109%2C359%2C1%2C0%2C0%2C%2C287%2C4%2C%2C%2C%2C771%3Awv%3A2%3Arqnl%3A1%3Aadb%3A2%3Ati%3A2%3Ast%3A1623979186%3At%3AMSPortal
strict-transport-security: max-age=31536000
access-control-allow-origin: https://microsoftportal.net
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
expires: Fri, 18-Jun-2021 01:19:46 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 0F59 3 KB
674 B 17ms
17ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8396851324217908&output=html&h=90&slotname=2908634292&adk=3175562939&adf=658274708&pi=t.ma~as.2908634292&w=728&lmt=1623979185&psa=0&format=728x90&url=https%3A%2F%2Fmicrosoftportal.net%2F%3F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1623979185723&bpp=3&bdt=319&idt=88&shv=r20210616&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&correlator=4819059036576&frm=20&pv=2&ga_vid=1915006618.1623979186&ga_sid=1623979186&ga_hid=1699597303&ga_fc=0&u_tz=120&u_his=3&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=202&ady=250&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=145003549783568&ref=https%3A%2F%2Fmicrosoftportal.net.admin-mcas.ms%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=8g8xvqRfCA&p=https%3A//microsoftportal.net&dtd=113

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

599325d39743959cdacb163b742dd6f622443a73f155364bbcc465a291ce0b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 17 Jun 2021 23:25:17 GMT
server: ESF
date: Fri, 18 Jun 2021 01:19:46 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 18 Jun 2021 01:19:46 GMT

GET
H2 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210616/r20110914/client/ Frame 0F59 1 KB
990 B 40ms
11ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210616/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

49aea8d1206dbb5e3c8a7d4db9274d2efa2111d8b53acb901efc378b1feca381

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 17 Jun 2021 22:36:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 9771
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 882
x-xss-protection: 0
server: cafe
etag: 11243716317595354070
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 01 Jul 2021 22:36:55 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210616/r20110914/ Frame 0F59 17 KB
7 KB 35ms
6ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210616/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

15b886992795015ddf192ba7c46ea89376cef0fec304d850d735da268c332226

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 00:59:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1188
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7072
x-xss-protection: 0
server: cafe
etag: 14457676323939599074
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Jul 2021 00:59:58 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/10455295848701671561/ Frame 0F59 6 KB
6 KB 37ms
11ms Image
image/jpeg 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/10455295848701671561/downsize_200k_v1?w=195&h=102

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

15cf8f82cb88e536dd1ae95abb309c25cea23a65dabc97dd1b495be415f88da2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 12 Jun 2021 22:07:09 GMT
x-content-type-options: nosniff
age: 443557
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5937
x-xss-protection: 0
last-modified: Fri, 21 Aug 2020 10:30:02 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 Jun 2022 22:07:09 GMT

GET
DATA 200
OK truncated
/ Frame 0F59 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210616/r20110914/client/ Frame 0F59 3 KB
1 KB 15ms
11ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210616/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d1c009c83f73450bedc9ef5decc272e84e1acf87fd721112bd6b6fa270e44caa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 00:25:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3269
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1385
x-xss-protection: 0
server: cafe
etag: 10711834930267210186
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Jul 2021 00:25:17 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0F59 122 KB
37 KB 28ms
14ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e09c5507d6f189744d043d993a3a28a63d12322f3dc978426ef895517b98b567

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 01:19:46 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1623842920177421"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38075
x-xss-protection: 0
expires: Fri, 18 Jun 2021 01:19:46 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210616/r20110914/client/ Frame 0F59 13 KB
6 KB 11ms
7ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210616/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eea6dc59229104927a1ca1a416794d0ae3fb326b2ed6926abda0dd2a8cf693be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 01:05:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 836
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5706
x-xss-protection: 0
server: cafe
etag: 10674426802404029766
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Jul 2021 01:05:50 GMT

GET
H2 200 37c44ba5c7c2e56e86b2dceff03da5e6.js Show response
www.gstatic.com/mysidia/ Frame 0F59 25 KB
11 KB 32ms
8ms Script
text/javascript 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/37c44ba5c7c2e56e86b2dceff03da5e6.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

754e4f25470d9263afc25125dce868bae633ea3d59f1b7dc8a0e740292fa68a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 16 Jun 2021 13:27:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 129160
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10651
x-xss-protection: 0
last-modified: Thu, 10 Jun 2021 06:35:23 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 14 Sep 2021 13:27:06 GMT

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 0F59 0
0 16ms
16ms Fetch
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CKxENsfTLYImONOKKjuwPr4itqAf946PCX4HGiIHtC4nH_d8FEAEgkvDDMGCVAqABzOXi9APIAQmpAowBTrck-LM-qAMByAPLBKoEuQFP0DCucyyH-JSE_H07LLUUNdVtAP26lR7i6xjaS9AG_Kr-_aCQnw3pxH1a3S5r5z4BezmSa9iAJdlDmvSPmk7kGelbiwnuxCTXC_H0ycYrER0K6wi0sRutvMVvYXFaKz_1kan0UAvLsZI6gT_nkEYXrvN-uzPiRHsdbxqWobBBfsLPBAeaUzsRZq7Wv9jXISzsTRMkFAT47gFcQg43b64thV-3BIvLYmatPR_5d_5dJ8Cre2x6I6XSdcAEqNr8p9kBkgUECAQYAZIFBAgFGASgBi6AB5yanQuoB4qcsQKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwDyBwQQlIwP0ggJCIDhgBAQARgfgAoByAsBuBOIJ9gTDYgUBtAVAYAXAbIXGgoYCAASFHB1Yi04Mzk2ODUxMzI0MjE3OTA4&sigh=2srKBTSPNn8&template_id=5000

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8396851324217908&output=html&h=90&slotname=2908634292&adk=3175562939&adf=658274708&pi=t.ma~as.2908634292&w=728&lmt=1623979185&psa=0&format=728x90&url=https%3A%2F%2Fmicrosoftportal.net%2F%3F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1623979185723&bpp=3&bdt=319&idt=88&shv=r20210616&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&correlator=4819059036576&frm=20&pv=2&ga_vid=1915006618.1623979186&ga_sid=1623979186&ga_hid=1699597303&ga_fc=0&u_tz=120&u_his=3&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=202&ady=250&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=145003549783568&ref=https%3A%2F%2Fmicrosoftportal.net.admin-mcas.ms%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=8g8xvqRfCA&p=https%3A//microsoftportal.net&dtd=113
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Fri, 18 Jun 2021 01:19:46 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 0F59 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5a3ad5a022e6c55cfcf4a06b3d299a9f3b1544c3f7503566a71e496e4a1d1890

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame 0F59 21 KB
21 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f2c761ee3ce27469f940a05b64e38a829a400427727cd0bdbb4e36f1d572afd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 12 Jun 2021 05:38:27 GMT
x-content-type-options: nosniff
age: 502879
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21716
x-xss-protection: 0
last-modified: Wed, 11 Nov 2020 20:26:21 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 Jun 2022 05:38:27 GMT

GET
H2 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame 0F59 21 KB
21 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1cf04407e728ea1ebf82dc1c6b45d12632cb3202ff8f4556f380b16e57484f27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 12 Jun 2021 09:42:26 GMT
x-content-type-options: nosniff
age: 488240
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21552
x-xss-protection: 0
last-modified: Wed, 11 Nov 2020 20:26:16 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 Jun 2022 09:42:26 GMT

GET
H3-29 200 r9UBjISocNAIJlYpJ9js6qS1QkxlF8WeLwKBT19OnPk.js Show response
pagead2.googlesyndication.com/bg/ Frame E39F 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/r9UBjISocNAIJlYpJ9js6qS1QkxlF8WeLwKBT19OnPk.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

afd5018c84a870d00826562927d8eceaa4b5424c6517c59e2f02814f5f4e9cf9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 15 Jun 2021 18:18:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 198093
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5758
x-xss-protection: 0
last-modified: Mon, 14 Jun 2021 13:18:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 15 Jun 2022 18:18:13 GMT

GET
H3-29 200 css
fonts.googleapis.com/ Frame E333 6 KB
669 B 25ms
23ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8396851324217908&output=html&h=600&slotname=2618197074&adk=2460103794&adf=3305433536&pi=t.ma~as.2618197074&w=300&fwrn=4&fwrnh=100&lmt=1623979185&rafmt=1&psa=0&format=300x600&url=https%3A%2F%2Fmicrosoftportal.net%2F%3F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1623979185726&bpp=1&bdt=322&idt=127&shv=r20210616&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=4819059036576&frm=20&pv=1&ga_vid=1915006618.1623979186&ga_sid=1623979186&ga_hid=1699597303&ga_fc=0&u_tz=120&u_his=3&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1099&ady=365&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=145003549783568&ref=https%3A%2F%2Fmicrosoftportal.net.admin-mcas.ms%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=WBKw8VLyXC&p=https%3A//microsoftportal.net&dtd=130

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

fbe1583d8642d89d0c349b00c0125e485dd55976282165a6b5f2d29ea9d44549

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 17 Jun 2021 23:36:25 GMT
server: ESF
date: Fri, 18 Jun 2021 01:19:46 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 18 Jun 2021 01:19:46 GMT

GET
H/1.1

200
OK

i
dmg.digitaltarget.ru/awg/custom/1093/i/ Frame F91A
Redirect Chain

https://dmg.digitaltarget.ru/1/1093/i/i?i=314215965892823.385457833839027&a=77&e=0100007FB1F4CB602C04435602231722&pref=https%3A%2F%2Fmicrosoftportal.net%2F&c=ss:77.up:0100007FB1F4CB602C044356022317...
https://dmg.digitaltarget.ru/awg/custom/1093/i/i?call_source=awg&i=314215965892823.385457833839027&a=77&e=0100007FB1F4CB602C04435602231722&pref=https%3A%2F%2Fmicrosoftportal.net%2F&c=ss:77.up:01000...

49 B
602 B

117ms
63ms

Image
image/gif

185.15.175.148
SAFEDATA Uplinks

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dmg.digitaltarget.ru/awg/custom/1093/i/i?call_source=awg&i=314215965892823.385457833839027&a=77&e=0100007FB1F4CB602C04435602231722&pref=https%3A%2F%2Fmicrosoftportal.net%2F&c=ss:77.up:0100007FB1F4CB602C04435602231722.sync:up.xdua:dugTjNoYSRdn4Q5gSaJsyYGb.xps:xpsPmQrNnHPpe1sG4YEFKPjcD.dn:acint__net.adcm:hit.tg:adcmjs_init%20adcmjs_noorient

Requested by

Host: www.acint.net
URL: https://www.acint.net/mc/?dp=10&tc=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.15.175.148 , Russian Federation, ASN43226 (SAFEDATA Uplinks, RU),

Reverse DNS

Software

nginx /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.acint.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 01:19:46 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: master-only
Request-Time: 8
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 64
X-XSS-Protection: 1; mode=block
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
Server: nginx
X-Frame-Options: DENY
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Credentials: true

Redirect headers

Date: Fri, 18 Jun 2021 01:19:46 GMT
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
Server: nginx
X-Frame-Options: DENY
Access-Control-Allow-Methods: GET, POST, OPTIONS
Location: https://dmg.digitaltarget.ru/awg/custom/1093/i/i?call_source=awg&i=314215965892823.385457833839027&a=77&e=0100007FB1F4CB602C04435602231722&pref=https%3A%2F%2Fmicrosoftportal.net%2F&c=ss:77.up:0100007FB1F4CB602C04435602231722.sync:up.xdua:dugTjNoYSRdn4Q5gSaJsyYGb.xps:xpsPmQrNnHPpe1sG4YEFKPjcD.dn:acint__net.adcm:hit.tg:adcmjs_init%20adcmjs_noorient
X-XSS-Protection: 1; mode=block
X-Permitted-Cross-Domain-Policies: master-only
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 86400
Connection: keep-alive
Request-Time: 0
Content-Length: 0
X-Content-Type-Options: nosniff

GET
H/1.1

200
OK

i
dmg.digitaltarget.ru/awg/custom/1093/i/ Frame F91A
Redirect Chain

https://dmg.digitaltarget.ru/1/1093/i/i?i=314215965892823.126076461216087&a=77&e=0100007FB1F4CB602C04435602231722&pref=https%3A%2F%2Fmicrosoftportal.net%2F&c=ss:77.up:0100007FB1F4CB602C044356022317...
https://dmg.digitaltarget.ru/awg/custom/1093/i/i?call_source=awg&i=314215965892823.126076461216087&a=77&e=0100007FB1F4CB602C04435602231722&pref=https%3A%2F%2Fmicrosoftportal.net%2F&c=ss:77.up:01000...

49 B
602 B

113ms
63ms

Image
image/gif

185.15.175.148
SAFEDATA Uplinks

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dmg.digitaltarget.ru/awg/custom/1093/i/i?call_source=awg&i=314215965892823.126076461216087&a=77&e=0100007FB1F4CB602C04435602231722&pref=https%3A%2F%2Fmicrosoftportal.net%2F&c=ss:77.up:0100007FB1F4CB602C04435602231722.sync:up.xdua:dugTjNoYSRdn4Q5gSaJsyYGb.xps:xpsPmQrNnHPpe1sG4YEFKPjcD.dn:acint__net.adcm:hit.tg:adcmjs_noorient

Requested by

Host: www.acint.net
URL: https://www.acint.net/mc/?dp=10&tc=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.15.175.148 , Russian Federation, ASN43226 (SAFEDATA Uplinks, RU),

Reverse DNS

Software

nginx /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.acint.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 01:19:47 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: master-only
Request-Time: 9
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 64
X-XSS-Protection: 1; mode=block
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
Server: nginx
X-Frame-Options: DENY
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Credentials: true

Redirect headers

Date: Fri, 18 Jun 2021 01:19:46 GMT
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
Server: nginx
X-Frame-Options: DENY
Access-Control-Allow-Methods: GET, POST, OPTIONS
Location: https://dmg.digitaltarget.ru/awg/custom/1093/i/i?call_source=awg&i=314215965892823.126076461216087&a=77&e=0100007FB1F4CB602C04435602231722&pref=https%3A%2F%2Fmicrosoftportal.net%2F&c=ss:77.up:0100007FB1F4CB602C04435602231722.sync:up.xdua:dugTjNoYSRdn4Q5gSaJsyYGb.xps:xpsPmQrNnHPpe1sG4YEFKPjcD.dn:acint__net.adcm:hit.tg:adcmjs_noorient
X-XSS-Protection: 1; mode=block
X-Permitted-Cross-Domain-Policies: master-only
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 86400
Connection: keep-alive
Request-Time: 0
Content-Length: 0
X-Content-Type-Options: nosniff

GET
H3-29 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210616/r20110914/client/ Frame E333 1 KB
909 B 24ms
9ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210616/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

49aea8d1206dbb5e3c8a7d4db9274d2efa2111d8b53acb901efc378b1feca381

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 17 Jun 2021 22:36:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 9771
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 882
x-xss-protection: 0
server: cafe
etag: 11243716317595354070
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 01 Jul 2021 22:36:55 GMT

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210616/r20110914/ Frame E333 17 KB
7 KB 21ms
7ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210616/r20110914/abg_lite_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

15b886992795015ddf192ba7c46ea89376cef0fec304d850d735da268c332226

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 00:59:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1188
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7072
x-xss-protection: 0
server: cafe
etag: 14457676323939599074
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Jul 2021 00:59:58 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210616/r20110914/client/ Frame E333 3 KB
1 KB 18ms
9ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210616/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d1c009c83f73450bedc9ef5decc272e84e1acf87fd721112bd6b6fa270e44caa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 00:25:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3269
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1385
x-xss-protection: 0
server: cafe
etag: 10711834930267210186
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Jul 2021 00:25:17 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E333 122 KB
37 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e09c5507d6f189744d043d993a3a28a63d12322f3dc978426ef895517b98b567

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 01:19:46 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1623842920177421"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38075
x-xss-protection: 0
expires: Fri, 18 Jun 2021 01:19:46 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210616/r20110914/client/ Frame E333 13 KB
6 KB 16ms
6ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210616/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eea6dc59229104927a1ca1a416794d0ae3fb326b2ed6926abda0dd2a8cf693be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 01:05:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 836
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5706
x-xss-protection: 0
server: cafe
etag: 10674426802404029766
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Jul 2021 01:05:50 GMT

GET
H3-29 200 37c44ba5c7c2e56e86b2dceff03da5e6.js Show response
www.gstatic.com/mysidia/ Frame E333 25 KB
10 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/37c44ba5c7c2e56e86b2dceff03da5e6.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

754e4f25470d9263afc25125dce868bae633ea3d59f1b7dc8a0e740292fa68a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 17 Jun 2021 14:56:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 37422
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10651
x-xss-protection: 0
last-modified: Thu, 10 Jun 2021 06:35:23 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 15 Sep 2021 14:56:04 GMT

GET
H3-29 200 transparent.png
tpc.googlesyndication.com/pagead/images/ Frame 0706 67 B
91 B 19ms
11ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/transparent.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8396851324217908&output=html&h=280&slotname=7615861873&adk=1353954373&adf=392815488&pi=t.ma~as.7615861873&w=1197&fwrn=4&fwrnh=100&lmt=1623979185&rafmt=1&psa=0&format=1197x280&url=https%3A%2F%2Fmicrosoftportal.net%2F%3F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1623979185727&bpp=1&bdt=323&idt=165&shv=r20210616&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C300x600&correlator=4819059036576&frm=20&pv=1&ga_vid=1915006618.1623979186&ga_sid=1623979186&ga_hid=1699597303&ga_fc=0&u_tz=120&u_his=3&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=202&ady=2232&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=145003549783568&ref=https%3A%2F%2Fmicrosoftportal.net.admin-mcas.ms%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=N8b3RWDEwB&p=https%3A//microsoftportal.net&dtd=167

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bdf72009ad226c17f1954ba602292902a780b80af07dbcbab1322bdf5c32be66

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 17 Jun 2021 04:46:03 GMT
x-content-type-options: nosniff
server: cafe
age: 74023
etag: 2462972746714251406
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 67
x-xss-protection: 0
expires: Fri, 18 Jun 2021 04:46:03 GMT

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame E333 0
0 19ms
17ms Fetch
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CF9BwsfTLYJKiNYfO3gPCnZjoBtHE8b9iqLHA6IwOi43IopskEAEgkvDDMGCVAqAB94eI0QPIAQmpAowBTrck-LM-qAMByAPLBKoEvQFP0BCGiVUMrZpCOzIO6tzajxxWM3jD4xMDrTreBJ8Dxn8SU4psWarWMHzoEJpoBzPtA4xutYblgC6UwvfyDjGqs2ZXt_ti6pDI7CHw6JVRUllNBZZeVYHn2ZoLtLIfG0v-U5Qg6RRBFsi64G8ErMt35soaTHzcDhHFKNUXT8yZRTvl3os4QkePVox2rci2zdjaZXMAm8XiCZxic8XAEvgkIqu3B6fcvlknweVv1H3rbBYTcUnR89TF74zsofnABPHs9ovPA5IFBAgEGAGSBQQIBRgEoAYugAfx9_cuqAeKnLECqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcA8gcEEO7dL9IICQiA4YAQEAEYH4AKAcgLAdgTDdAVAYAXAbIXGgoYCAASFHB1Yi04Mzk2ODUxMzI0MjE3OTA4&sigh=yeqd41BM_Qw&template_id=484

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8396851324217908&output=html&h=600&slotname=2618197074&adk=2460103794&adf=3305433536&pi=t.ma~as.2618197074&w=300&fwrn=4&fwrnh=100&lmt=1623979185&rafmt=1&psa=0&format=300x600&url=https%3A%2F%2Fmicrosoftportal.net%2F%3F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1623979185726&bpp=1&bdt=322&idt=127&shv=r20210616&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=4819059036576&frm=20&pv=1&ga_vid=1915006618.1623979186&ga_sid=1623979186&ga_hid=1699597303&ga_fc=0&u_tz=120&u_his=3&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1099&ady=365&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=145003549783568&ref=https%3A%2F%2Fmicrosoftportal.net.admin-mcas.ms%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=WBKw8VLyXC&p=https%3A//microsoftportal.net&dtd=130
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Fri, 18 Jun 2021 01:19:46 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 2076313506083323656
tpc.googlesyndication.com/simgad/3628818974182831758/ Frame E333 38 KB
38 KB 12ms
9ms Image
image/jpeg 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/3628818974182831758/2076313506083323656

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c4e05016df0987ff738f7b0cef94f55b2500ff98fd7f5ff5c526d6b02fc3fc2d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 12 Jun 2021 08:53:59 GMT
x-content-type-options: nosniff
age: 491147
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38491
x-xss-protection: 0
last-modified: Wed, 28 Apr 2021 14:34:34 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 Jun 2022 08:53:59 GMT

GET
H3-29 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/4570866813699490989/ Frame E333 8 KB
8 KB 13ms
11ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/4570866813699490989/downsize_200k_v1?w=100&h=100

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

68532c15bfa6e31c5005c8a6172d2c8f697309fbfa1f08f80cab81987a97529c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 12 Jun 2021 06:25:36 GMT
x-content-type-options: nosniff
age: 500050
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8088
x-xss-protection: 0
last-modified: Thu, 14 Feb 2019 12:55:11 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 Jun 2022 06:25:36 GMT

GET
DATA 200
OK truncated
/ Frame E333 221 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 9FD5 0
0 322ms
49ms Fetch
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssO9hr6jrTCUaEL1FjI4TKPsyacVQ4HOBHE8tVmu26knFJJPR357wQ1yuieIf_CShMDFFI-W9XnvUjKbLoCvqK76D-WuJpJJ_CecpzsBUZRYQeJdx5SqGB40hGYAzSwMbK1CzMNq4xHfdIVEdHX2N25uAOAXkuJn7mMPDLCmJ98uxgTaE1G_Q2tajTQLdp9Bg1Oe1I0Ovmi1_FfVp5LB9guADlb7yJdubuXSVPr0X3AVJ04ilFuFodgs2Y7qLIBBHPSRY5Jl918o6bGNbl7_zhGoyuKZ2q7pF2JKjK_m0tM8Mq_jM83Cv-NFJt8eor2dtzautFLKRCrFLMnJh6BICSMwEIF3na5iEilIGlGqbkuwUTj1n8X3x24s10U5O7Tu1CDaCTvYwAzeueKM1XY6Yks9fL64NvsKXCmGAkXoN0kzw-SW7OWt6ovIOHp-1FNlwbgRMHY_d6u9rrDcNyyG76YDtw2HnUwawbMJTIWBzShX30qa0t3DpW55jg83SyYVQApyMTpTcvyvejIl_vxPTpuRw0pPtlYp2YV3tpBOOdyv6jQhUe5TtcmjDAmwngCKn0uXh_fuapqZ_kpGv20ZIPxTBF0YI8IVLA-zBXSjEMReYaNBIw688dxPlDhySoHfrwm3W2zedVYshg_tYsgIYj8_-PQjcH4aTIY6TFGXt06V9SnBLrEqy2Pa5QEFhI35_4lrJ4pfqXkrZmBPjIp-_Htxe6HlzkV4DYvVT7lSSTZoaQvZVHH9M8BGgNM3lyS9eLBwuipZorbaCeprkVd-K-REkkMmi_klM_rWhp66j5YHMLB43GjY-w2atRPDuXMqg_i4mqm7oQ2Sih3TZpddPbD9oBHIIs9u8Umx8FQbK3gXkeGv8nlVQ25dHNN-iSdBk8SeOD3zjLfNrYq_tbx_Npp7UlRAaGMSGNuyg0cNSqQSpYyCvwQ2HJLlI3IZcgbcNZQDAyoLGhS6sFNGhHgwC9dymEM7hNOo8I&sig=Cg0ArKJSzKv9q1ZnMgQ7EAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&adurl=

Requested by

Host: microsoftportal.net.admin-mcas.ms
URL: https://microsoftportal.net.admin-mcas.ms/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Fri, 18 Jun 2021 01:19:46 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 express_html_inpage_rendering_lib_200_271.js Show response
s0.2mdn.net/879366/ Frame 9FD5 111 KB
39 KB 26ms
7ms Script
text/javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js

Requested by

Host: microsoftportal.net.admin-mcas.ms
URL: https://microsoftportal.net.admin-mcas.ms/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f49b1d1bd49f5c61c93e08dc9b8427ae046c513af8ce30fa8d04162bb6f5b9df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 17 Jun 2021 14:57:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 37335
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39287
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 18:02:50 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 18 Jun 2021 14:57:31 GMT

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 9FD5 41 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: microsoftportal.net.admin-mcas.ms
URL: https://microsoftportal.net.admin-mcas.ms/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 17 Jun 2021 17:39:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 27645
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 17 Jun 2022 17:39:01 GMT

GET
H3-29 200 m_js_controller_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210616/r20110914/client/ Frame 9FD5 30 KB
12 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210616/r20110914/client/m_js_controller_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ec14b3fdd1ac41055a51cb0228e9058093ffa65aa501adc152435809793e9cd0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 17 Jun 2021 22:23:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 10574
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12110
x-xss-protection: 0
server: cafe
etag: 8488912266301132371
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 01 Jul 2021 22:23:32 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210616/r20110914/client/ Frame 9FD5 3 KB
1 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210616/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d1c009c83f73450bedc9ef5decc272e84e1acf87fd721112bd6b6fa270e44caa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 00:25:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3269
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1385
x-xss-protection: 0
server: cafe
etag: 10711834930267210186
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Jul 2021 00:25:17 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9FD5 122 KB
37 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e09c5507d6f189744d043d993a3a28a63d12322f3dc978426ef895517b98b567

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 01:19:46 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1623842920177421"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38075
x-xss-protection: 0
expires: Fri, 18 Jun 2021 01:19:46 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210616/r20110914/client/ Frame 9FD5 13 KB
6 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210616/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eea6dc59229104927a1ca1a416794d0ae3fb326b2ed6926abda0dd2a8cf693be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 01:05:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 836
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5706
x-xss-protection: 0
server: cafe
etag: 10674426802404029766
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Jul 2021 01:05:50 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 9FD5 0
0 15ms
14ms Image
text/html 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSvTobu6H5j8OidGg8xsCghJ8iwAQi6q-Y1h3CyFUanMheOYgThNXr4aYgmkBVrZOgCzEEK5jwUoF59Ra7GKYr5nzSv2A
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8396851324217908&output=html&h=280&slotname=7615861873&adk=1353954373&adf=392815488&pi=t.ma~as.7615861873&w=1197&fwrn=4&fwrnh=100&lmt=1623979185&rafmt=1&psa=0&format=1197x280&url=https%3A%2F%2Fmicrosoftportal.net%2F%3F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1623979185727&bpp=1&bdt=323&idt=165&shv=r20210616&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C300x600&correlator=4819059036576&frm=20&pv=1&ga_vid=1915006618.1623979186&ga_sid=1623979186&ga_hid=1699597303&ga_fc=0&u_tz=120&u_his=3&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=202&ady=2232&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=145003549783568&ref=https%3A%2F%2Fmicrosoftportal.net.admin-mcas.ms%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=N8b3RWDEwB&p=https%3A//microsoftportal.net&dtd=167
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210616/r20110914/ Frame 9FD5 17 KB
7 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210616/r20110914/abg_lite_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

15b886992795015ddf192ba7c46ea89376cef0fec304d850d735da268c332226

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 00:59:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1188
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7072
x-xss-protection: 0
server: cafe
etag: 14457676323939599074
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Jul 2021 00:59:58 GMT

GET
DATA 200
OK truncated
/ Frame E333 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f175118a276677f95246f49950b1f767d295d1a1fcbe2c7e7af2557b97701851

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v27/ Frame E333 15 KB
15 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 12 Jun 2021 17:35:42 GMT
x-content-type-options: nosniff
age: 459844
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:35 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 Jun 2022 17:35:42 GMT

GET
H3-29 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ Frame E333 15 KB
15 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 12 Jun 2021 15:02:11 GMT
x-content-type-options: nosniff
age: 469055
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:46 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 Jun 2022 15:02:11 GMT

GET
H3-29 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ Frame E333 15 KB
15 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 12 Jun 2021 05:12:17 GMT
x-content-type-options: nosniff
age: 504449
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15732
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:39 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 Jun 2022 05:12:17 GMT

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 2560 1 KB
749 B 6ms
6ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Thu, 17 Jun 2021 11:20:29 GMT
expires: Fri, 18 Jun 2021 11:20:29 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 50357
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 1501 22 KB
8 KB 7ms
7ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Thu, 17 Jun 2021 17:39:02 GMT
expires: Fri, 17 Jun 2022 17:39:02 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 27644
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 9FD5 207 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 53c398b97f143a9a4e8f5ff7ea781a0703b0caabebc459bc4a90745242c5f1dc

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 r9UBjISocNAIJlYpJ9js6qS1QkxlF8WeLwKBT19OnPk.js Show response
pagead2.googlesyndication.com/bg/ Frame 5EFD 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/r9UBjISocNAIJlYpJ9js6qS1QkxlF8WeLwKBT19OnPk.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

afd5018c84a870d00826562927d8eceaa4b5424c6517c59e2f02814f5f4e9cf9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 15 Jun 2021 18:18:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 198093
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5758
x-xss-protection: 0
last-modified: Mon, 14 Jun 2021 13:18:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 15 Jun 2022 18:18:13 GMT

GET
H3-29 200 DE_T2_Shares_DE_FixedCommission_black_Prospecting-German-970x250-637534107678057419-f6b96f81-61c1-4a52-b8e5-51816cdb5dfa.html Show response
s0.2mdn.net/6418128/1617813969298/ Frame 5D5F 4 KB
1 KB 20ms
6ms Document
text/html 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/6418128/1617813969298/DE_T2_Shares_DE_FixedCommission_black_Prospecting-German-970x250-637534107678057419-f6b96f81-61c1-4a52-b8e5-51816cdb5dfa.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b1388b9e7d871a64d53b8fed4f0207cec7c312435918f0061f5413f0f9e9f30c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /6418128/1617813969298/DE_T2_Shares_DE_FixedCommission_black_Prospecting-German-970x250-637534107678057419-f6b96f81-61c1-4a52-b8e5-51816cdb5dfa.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 1426
date: Thu, 17 Jun 2021 15:23:24 GMT
expires: Fri, 18 Jun 2021 15:23:24 GMT
last-modified: Wed, 07 Apr 2021 16:46:09 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
age: 35782
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 dpixel
cms.quantserve.com/ Frame 2560 35 B
464 B 26ms
8ms Image
image/gif 2620:116:800d:21:5a23:9c4e:e774:96c1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEL_KyDUS32aZS4kH16O9Sko&google_cver=1&google_push=AYg5qPJNT-Tg6mQh0rvM6FRdsXL6Uw1kJSeUJG7CmE_8extpcusna0gw4Ke7eBvaQ_dSUkfdqJjVZpR-tHOH3ZSNoXjcCRzzxubM

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:5a23:9c4e:e774:96c1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Jun 2021 01:19:46 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 2560
Redirect Chain

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPLG7EoZEsXip2z_VMcG8AG4GAIOuq7kf42N8gD...
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WU12MHNnQUFBT1o4Vm1Jbw&google_push=AYg5qPLG7EoZEsXip2z_VMcG8AG4GAIOuq7kf42N8gDBegkA44IuurvC9-zaXgLHANBW-bx3pAlEXAbugJTL3HbaD29RymQP1WkX

170 B
188 B

17ms
17ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WU12MHNnQUFBT1o4Vm1Jbw&google_push=AYg5qPLG7EoZEsXip2z_VMcG8AG4GAIOuq7kf42N8gDBegkA44IuurvC9-zaXgLHANBW-bx3pAlEXAbugJTL3HbaD29RymQP1WkX

Requested by

Host: microsoftportal.net
URL: https://microsoftportal.net/?

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Jun 2021 01:19:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WU12MHNnQUFBT1o4Vm1Jbw&google_push=AYg5qPLG7EoZEsXip2z_VMcG8AG4GAIOuq7kf42N8gDBegkA44IuurvC9-zaXgLHANBW-bx3pAlEXAbugJTL3HbaD29RymQP1WkX
Date: Fri, 18 Jun 2021 01:19:46 GMT
Server: Apache
Connection: keep-alive
Content-Length: 391
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 sync
odr.mookie1.com/t/v2/ Frame 2560 43 B
324 B 34ms
16ms Image
image/gif 34.98.67.61
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEP_oRZhe3WdU1XnO1GEkuck&google_push=AYg5qPKUx0QA5iCjq6xyq61EtHNfCSizwwUjYuRuJLeLCTgcGBLRULZAVHEwWh0i2JKPtOxqXJeoFv2QsGA2yLsuZ7qsjnaYL4HN&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8396851324217908&output=html&h=280&slotname=7615861873&adk=1353954373&adf=392815488&pi=t.ma~as.7615861873&w=1197&fwrn=4&fwrnh=100&lmt=1623979185&rafmt=1&psa=0&format=1197x280&url=https%3A%2F%2Fmicrosoftportal.net%2F%3F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1623979185727&bpp=1&bdt=323&idt=165&shv=r20210616&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C300x600&correlator=4819059036576&frm=20&pv=1&ga_vid=1915006618.1623979186&ga_sid=1623979186&ga_hid=1699597303&ga_fc=0&u_tz=120&u_his=3&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=202&ady=2232&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=145003549783568&ref=https%3A%2F%2Fmicrosoftportal.net.admin-mcas.ms%2F&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=N8b3RWDEwB&p=https%3A//microsoftportal.net&dtd=167
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Jun 2021 01:19:46 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: clear
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 2560
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEO7FXP_mPQbcRt6syXaDXBc&google_cver=1&google_push=AYg5qPLIcVvzMxDACkrTzncJVjIzf27h9tOqIAcUsRQve7RvLnoBNr3oy8karCK4RkUKITO2AJnFGat-4K6glkJwomkdaPyF1ouc
https://rtb.openx.net/sync/dds?google_gid=CAESEO7FXP_mPQbcRt6syXaDXBc&google_cver=1&google_push=AYg5qPLIcVvzMxDACkrTzncJVjIzf27h9tOqIAcUsRQve7RvLnoBNr3oy8karCK4RkUKITO2AJnFGat-4K6glkJwomkdaPyF1ouc&...
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLIcVvzMxDACkrTzncJVjIzf27h9tOqIAcUsRQve7RvLnoBNr3oy8karCK4RkUKITO2AJnFGat-4K6glkJwomkdaPyF1ouc&google_hm=5nIOeLBfwl0q_-X3rMkgbQ==

170 B
188 B

18ms
18ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLIcVvzMxDACkrTzncJVjIzf27h9tOqIAcUsRQve7RvLnoBNr3oy8karCK4RkUKITO2AJnFGat-4K6glkJwomkdaPyF1ouc&google_hm=5nIOeLBfwl0q_-X3rMkgbQ==

Requested by

Host: microsoftportal.net
URL: https://microsoftportal.net/?

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Jun 2021 01:19:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 18 Jun 2021 01:19:46 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLIcVvzMxDACkrTzncJVjIzf27h9tOqIAcUsRQve7RvLnoBNr3oy8karCK4RkUKITO2AJnFGat-4K6glkJwomkdaPyF1ouc&google_hm=5nIOeLBfwl0q_-X3rMkgbQ==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: c9fnq6llge86m6jvgq0mj9u2in6b2gjp

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 2560
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=LSoRD-5yTk6WsORAohfhFw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

16ms
16ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=LSoRD-5yTk6WsORAohfhFw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKZVBxXaNNXfaw8YBLYHliOLNtmNW1u1hKy2c4Dpbk_tAdL3bvHFxGTjWw-eEAIoRoPCL4PXSl1wg5wOjkPPLl0DoDHvbnH

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Jun 2021 01:19:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=LSoRD-5yTk6WsORAohfhFw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKZVBxXaNNXfaw8YBLYHliOLNtmNW1u1hKy2c4Dpbk_tAdL3bvHFxGTjWw-eEAIoRoPCL4PXSl1wg5wOjkPPLl0DoDHvbnH
date: Fri, 18 Jun 2021 01:19:46 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 2560
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESECOiqWZHf0o5ObqYBCbu8E4&google_cver=1&google_push=AYg5qPInkLmj1P4Ms5VVwajhUDuv2raB-PDJUnVq9t2ppdyeqQgGdZ9NaW6cpI3u0vifUeBJ18R...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1ExTkExM1QtQS04NzlY&google_push=AYg5qPInkLmj1P4Ms5VVwajhUDuv2raB-PDJUnVq9t2ppdyeqQgGdZ9NaW6cpI3u0vifUeBJ18RIOxartAKG3k0YD3VPWQ_dx4U

170 B
188 B

16ms
16ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1ExTkExM1QtQS04NzlY&google_push=AYg5qPInkLmj1P4Ms5VVwajhUDuv2raB-PDJUnVq9t2ppdyeqQgGdZ9NaW6cpI3u0vifUeBJ18RIOxartAKG3k0YD3VPWQ_dx4U

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Jun 2021 01:19:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1ExTkExM1QtQS04NzlY&google_push=AYg5qPInkLmj1P4Ms5VVwajhUDuv2raB-PDJUnVq9t2ppdyeqQgGdZ9NaW6cpI3u0vifUeBJ18RIOxartAKG3k0YD3VPWQ_dx4U
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 6f9fd0201ed801884e5299d5aabca094
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame 2560
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESELWJJQyzXc10sEgJ5R8s9lY&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESELWJJQyzXc10sEgJ5R8s9lY&google_push=AY...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YMv0s77XKohobRW_Nh2O8AAABHYAAAIB&google_cver=1&google_gid=CAESELWJJQyzXc10sEgJ5R8s9lY&google_push=AYg5qPJ2I9m-zNtoXrx2bocT-D5eHtwxFpoVR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YMv0s77XKohobRW_Nh2O8AAABHYAAAIB&google_cver=1&google_gid=CAESELWJJQyzXc10sEgJ5R8s9lY&google_push=AYg5qPJ2I9m-zNtoXrx2bocT-D5eHtwxFpoVR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YMv0s77XKohobRW_Nh2O8AAABHYAAAIB&google_cver=1&google_gid=CAESELWJJQyzXc10sEgJ5R8s9lY&google_push=AYg5qPJ2I9m-zNtoXrx2bocT-D5eHtwxFpoVR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YMv0s77XKohobRW_Nh2O8AAABHYAAAIB&google_cver=1&google_gid=CAESELWJJQyzXc10sEgJ5R8s9lY&google_push=AYg5qPJ2I9m-zNtoXrx2bocT-D5eHtwxFpoVR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YMv0s77XKohobRW_Nh2O8AAABHYAAAIB&google_cver=1&google_gid=CAESELWJJQyzXc10sEgJ5R8s9lY&google_push=AYg5qPJ2I9m-zNtoXrx2bocT-D5eHtwxFpoVR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YMv0s77XKohobRW_Nh2O8AAABHYAAAIB&google_cver=1&google_gid=CAESELWJJQyzXc10sEgJ5R8s9lY&google_push=AYg5qPJ2I9m-zNtoXrx2bocT-D5eHtwxFpoVR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YMv0s77XKohobRW_Nh2O8AAABHYAAAIB&google_cver=1&google_gid=CAESELWJJQyzXc10sEgJ5R8s9lY&google_push=AYg5qPJ2I9m-zNtoXrx2bocT-D5eHtwxFpoVR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YMv0s77XKohobRW_Nh2O8AAABHYAAAIB&google_cver=1&google_gid=CAESELWJJQyzXc10sEgJ5R8s9lY&google_push=AYg5qPJ2I9m-zNtoXrx2bocT-D5eHtwxFpoVR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YMv0s77XKohobRW_Nh2O8AAABHYAAAIB&google_cver=1&google_gid=CAESELWJJQyzXc10sEgJ5R8s9lY&google_push=AYg5qPJ2I9m-zNtoXrx2bocT-D5eHtwxFpoVR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YMv0s77XKohobRW_Nh2O8AAABHYAAAIB&google_cver=1&google_gid=CAESELWJJQyzXc10sEgJ5R8s9lY&google_push=AYg5qPJ2I9m-zNtoXrx2bocT-D5eHtwxFpoVR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YMv0s77XKohobRW_Nh2O8AAABHYAAAIB&google_cver=1&google_gid=CAESELWJJQyzXc10sEgJ5R8s9lY&google_push=AYg5qPJ2I9m-zNtoXrx2bocT-D5eHtwxFpoVR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YMv0s77XKohobRW_Nh2O8AAABHYAAAIB&google_cver=1&google_gid=CAESELWJJQyzXc10sEgJ5R8s9lY&google_push=AYg5qPJ2I9m-zNtoXrx2bocT-D5eHtwxFpoVR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YMv0s77XKohobRW_Nh2O8AAABHYAAAIB&google_cver=1&google_gid=CAESELWJJQyzXc10sEgJ5R8s9lY&google_push=AYg5qPJ2I9m-zNtoXrx2bocT-D5eHtwxFpoVR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YMv0s77XKohobRW_Nh2O8AAABHYAAAIB&google_cver=1&google_gid=CAESELWJJQyzXc10sEgJ5R8s9lY&google_push=AYg5qPJ2I9m-zNtoXrx2bocT-D5eHtwxFpoVR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YMv0s77XKohobRW_Nh2O8AAABHYAAAIB&google_cver=1&google_gid=CAESELWJJQyzXc10sEgJ5R8s9lY&google_push=AYg5qPJ2I9m-zNtoXrx2bocT-D5eHtwxFpoVR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YMv0s77XKohobRW_Nh2O8AAABHYAAAIB&google_cver=1&google_gid=CAESELWJJQyzXc10sEgJ5R8s9lY&google_push=AYg5qPJ2I9m-zNtoXrx2bocT-D5eHtwxFpoVR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YMv0s77XKohobRW_Nh2O8AAABHYAAAIB&google_cver=1&google_gid=CAESELWJJQyzXc10sEgJ5R8s9lY&google_push=AYg5qPJ2I9m-zNtoXrx2bocT-D5eHtwxFpoVR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YMv0s77XKohobRW_Nh2O8AAABHYAAAIB&google_cver=1&google_gid=CAESELWJJQyzXc10sEgJ5R8s9lY&google_push=AYg5qPJ2I9m-zNtoXrx2bocT-D5eHtwxFpoVR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YMv0s77XKohobRW_Nh2O8AAABHYAAAIB&google_cver=1&google_gid=CAESELWJJQyzXc10sEgJ5R8s9lY&google_push=AYg5qPJ2I9m-zNtoXrx2bocT-D5eHtwxFpoVR...

0
0

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame 2560 0
12 B 15ms
14ms Image
text/html 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LkMbXIpqVV6iFhe6OhdnUQ6RB4rOYAE3_VeHXU8rCGpgc_kvSSKjcRN5oOVwF_8h2oniWv

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 01:19:46 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29 200 r9UBjISocNAIJlYpJ9js6qS1QkxlF8WeLwKBT19OnPk.js Show response
pagead2.googlesyndication.com/bg/ Frame 1501 14 KB
6 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/r9UBjISocNAIJlYpJ9js6qS1QkxlF8WeLwKBT19OnPk.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

afd5018c84a870d00826562927d8eceaa4b5424c6517c59e2f02814f5f4e9cf9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 15 Jun 2021 18:18:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 198093
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5758
x-xss-protection: 0
last-modified: Mon, 14 Jun 2021 13:18:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 15 Jun 2022 18:18:13 GMT

GET
H2 200 606de166b3521e8b1b19f4ed Show response
c.bannerflow.net/a/ Frame 5D5F 54 KB
18 KB 49ms
32ms Script
application/javascript 2606:4700::6810:d40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.bannerflow.net/a/606de166b3521e8b1b19f4ed?did=5ced17d285b1c200019c3fe1&deeplink=on&&redirecturl=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjsuJCdlVqqQboJ3S7pPUiKLXovp3Qf_Ja6AzhzYy53l1syGJmSP9Yr4oNfRoF05VYNUp_le7z9VLR-rPu8vB_XQS9rXvRHbJ0gpMc_lvcaAbe6CLm7ukkz7m9t1-IyJxa7i2ZM0_m4TLUk3DCrWDMdGVwV3gHjpipQqDMTHgu65hmJMnn9rJHlg0H4sc3QKLG5TxfwNtvARsJYJHbwUIEWty3KDjY-6K6hvn8agzsg_e4iZPSUAFuan1v-UwzCx8FNmCIxq-vNzhso8Ez9ucq-1rm6DujpIPvHIyA-20E4mP-PTddwZMUBHCQrVYGeG1XLJa7kD9SL1HAKOp5sBIqpAQhtJbO82mFDWDWwnul014eD4IryM8rsAGvKsnJbxBn80YikE-2VS4t22yxQtEag2dzvMFOMjj2AMmznrg1n6bcfAp-9KDRthD-Rx991UQo1bASCzQUH_HUU40YeOL-CBmIMnd4772EE9Wym4J9XHIoIcgZwu7hDyjir04jlxiNeh0ArWjUAqyAuGm4577ZoritWZtPEzbfwShFXEvkNbUJs8HEZhqJwYkxP12_1IOKG0vhs2m9n7MR7183s6HAOwUXy4WkLhievu2I_Ik8NoVxKxTUwG0TGS9gG8a0WkRTROTo3LWLPg6MD952TpnwOF2ebakV4wMEdaLbIPTwE8yOjhLOGvc25lKdojeZ2VUOs64FIcOTjGBgo6H9HLDK63HqrtZGWKVXRp4hOiu7xYIl_m-35GdWsgiFhL9o_BxkyosJYJ-e1Cx1HXDwkNsWEkNPZaQsYO3UoGij1dRrHVbeudUmjGaB5cf1cSzDs23G04LGVgHRJTYmOJiGdPrvR7bog6azDxQQoyBvXtOG95FoLfoahCd3muPfogEI-mU8P4gn5mc0DC-wP0wt-aMzrTM2Sy30LS9EVz0rcW6_uUwg85q7FgYMRv-Eq0YUGgtzG96kAU3tMnBwtANGWFi3Q%26sig%3DCg0ArKJSzJQDNoycgurtEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26rm_eid%3D4192616%26adurl%3Dhttps%253A%252F%252Fwww.cmcmarkets.com%252Fde-de%252Flp%252Ffixekommissionen%253Fdclid%253D%2525edclid!%2526utm_source%253Dgdn%2526utm_medium%253Ddisplay%2526utm_term%253Dprogrammatic%2526utm_campaign%253Dde-prospecting
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/6418128/1617813969298/DE_T2_Shares_DE_FixedCommission_black_Prospecting-German-970x250-637534107678057419-f6b96f81-61c1-4a52-b8e5-51816cdb5dfa.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:d40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 77de4f0f78a9b95744ea6228db435d57570e9f50d7c16d239527ae2081574863

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 01:19:46 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: application/javascript
cf-ray: 6610b0fd1cf21766-FRA
link: <https://c.bannerflow.net/accounts/cmc-markets/560bd8d24d47fc28fc84259d/published/584386/760287/preload.jpg>; rel=preload; as=image
cf-request-id: 0abe4cf22f00001766b0b72000000001
request-context: appId=cid-v1:8ccc0d93-c9cf-4965-a9de-1823f9df557e

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1501 0
20 B 15ms
15ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BToRosfTLYJvrN9f43gPU5YCQAwAAAAA4AeAEAg&bg=!GBulG1_NAAZktE7iZLQ7ACkAdvg8WtdE2zAZSAQxxxdMOtoL4Ld5NrMyb2K0xMgkILmsoQUaF1lt0QIAAABCUgAAAAxoAQcKAGkk8_pqQpsgU_O5JukauE6pJMjlAoKiHoCEf4C7CMYUgzf5388yrkoh0FUxQ5VkB8goGrtIUcZwY73kjsPWgVjwaH7pVkEbBkoprgneL2fmHYaHumJNsrCzHMUYstArHSwuhOakNNt2qI6ZAsijIjSYE_jMiU2DlK680Mn34FafzGGNopNMdGM_DIH9BJL9dstCayZEwYDduaVQX8BrqWdy01H2c0Gp4P_S2mNNnPRoXGAYHx50IIc85EPWxjtgI-kceMt3xVf-k_PmzuvxENoGTNP3UygvFEkLF0E1RGUf3VxVFjD40nKDMqc27MFsZD0V4vGTT8HPlxwkSqM6Wg1haccWsa4wQTvK8No9NlJlUV5Uu-nCMJzEpvYn0DyEJ3Gs5KgMAqiZgQWDgaCEfNL71C_DCtREzYWDTaud-MUcWh4lCkEtUvxZcnU6O3M7nm159TPql7jD3tL0Glwvt5O8WSQzX0w_HgBrhHTDMjIOm5Tx9K3IM4HKNBBEu7SfBrSThuiBiiJgQeXVLh3J-va6gdCiyZ2Ew0nE5vDyyGjBwMyko0pXczz_wiL0HL0woNzPDla16oMPeqprkzoMHAlOUlA0osWbB993qbrxBEUTbvFuaZ05UaWNu8N3Zii4S3xsVHHj54JRcE_ICoGvs964sNYic8_wq_b-81gWt26_iFHtSTYESA0-VRgDWS51V8sna5-3oHwzVmfe74ImllZwdnof1Cvi3QIEViYpxRxzJhr1ZPqZvOsg5Z1mcd9J7NrMGAyzbUxleWamX_YIFPQNCE5kxliI4PlF56w6yo72oFk-5MQ-scjKD75VONJFQ_phuKLQOBL7SYqjdmbnJWOWYstWUTDFfS1gEL5WS6yTELlecbRZlUyIxlNvblQ1XWHjnmu9DH1xTBCycV1AzeGd_Ts2Iga1OAwSnszy6cXIz48GMxS3pDOtkNLALbbvV1S-HHjaLt3U9Vzc6S7Lbs3Fdg5dXKtjLnyhcapKXL6Ci801NPAU5Qm8hU1dVpKHfTT5JpRNRzqANQLtZaVmJPqxR192ZtVuQhCMIXCn0Y1t-BanQktQTfaMUPE1_f7mO3TW8j48

Requested by

Host: microsoftportal.net
URL: https://microsoftportal.net/?

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Jun 2021 01:19:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 preload.jpg
c.bannerflow.net/accounts/cmc-markets/560bd8d24d47fc28fc84259d/published/584386/760287/ Frame 5D5F 14 KB
14 KB 19ms
18ms Image
image/jpeg 2606:4700::6810:d40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.bannerflow.net/accounts/cmc-markets/560bd8d24d47fc28fc84259d/published/584386/760287/preload.jpg
Requested by: Host: microsoftportal.net
URL: https://microsoftportal.net/?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:d40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 83ac25bde45a760a2cb49715ce32d1ff385ca923f01afd5f32b650e7cd3394f5

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 18 Jun 2021 01:19:46 GMT
cf-cache-status: HIT
age: 1274365
content-length: 14039
cf-request-id: 0abe4cf25300001766d02ca000000001
x-ms-lease-status: unlocked
last-modified: Wed, 07 Apr 2021 16:45:02 GMT
server: cloudflare
etag: 0x8D8F9E47D699C72
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
x-ms-request-id: bf0dc893-e01e-0018-5948-583241000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public,max-age=31536000,immutable
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6610b0fd4d291766-FRA
cf-bgj: h2pri

GET
H2 200 document.6fdb260980.js Show response
c.bannerflow.net/accounts/cmc-markets/560bd8d24d47fc28fc84259d/published/584386/760287/ Frame 5D5F 57 KB
6 KB 20ms
20ms Script
application/javascript 2606:4700::6810:d40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.bannerflow.net/accounts/cmc-markets/560bd8d24d47fc28fc84259d/published/584386/760287/document.6fdb260980.js
Requested by: Host: c.bannerflow.net
URL: https://c.bannerflow.net/a/606de166b3521e8b1b19f4ed?did=5ced17d285b1c200019c3fe1&deeplink=on&&redirecturl=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjsuJCdlVqqQboJ3S7pPUiKLXovp3Qf_Ja6AzhzYy53l1syGJmSP9Yr4oNfRoF05VYNUp_le7z9VLR-rPu8vB_XQS9rXvRHbJ0gpMc_lvcaAbe6CLm7ukkz7m9t1-IyJxa7i2ZM0_m4TLUk3DCrWDMdGVwV3gHjpipQqDMTHgu65hmJMnn9rJHlg0H4sc3QKLG5TxfwNtvARsJYJHbwUIEWty3KDjY-6K6hvn8agzsg_e4iZPSUAFuan1v-UwzCx8FNmCIxq-vNzhso8Ez9ucq-1rm6DujpIPvHIyA-20E4mP-PTddwZMUBHCQrVYGeG1XLJa7kD9SL1HAKOp5sBIqpAQhtJbO82mFDWDWwnul014eD4IryM8rsAGvKsnJbxBn80YikE-2VS4t22yxQtEag2dzvMFOMjj2AMmznrg1n6bcfAp-9KDRthD-Rx991UQo1bASCzQUH_HUU40YeOL-CBmIMnd4772EE9Wym4J9XHIoIcgZwu7hDyjir04jlxiNeh0ArWjUAqyAuGm4577ZoritWZtPEzbfwShFXEvkNbUJs8HEZhqJwYkxP12_1IOKG0vhs2m9n7MR7183s6HAOwUXy4WkLhievu2I_Ik8NoVxKxTUwG0TGS9gG8a0WkRTROTo3LWLPg6MD952TpnwOF2ebakV4wMEdaLbIPTwE8yOjhLOGvc25lKdojeZ2VUOs64FIcOTjGBgo6H9HLDK63HqrtZGWKVXRp4hOiu7xYIl_m-35GdWsgiFhL9o_BxkyosJYJ-e1Cx1HXDwkNsWEkNPZaQsYO3UoGij1dRrHVbeudUmjGaB5cf1cSzDs23G04LGVgHRJTYmOJiGdPrvR7bog6azDxQQoyBvXtOG95FoLfoahCd3muPfogEI-mU8P4gn5mc0DC-wP0wt-aMzrTM2Sy30LS9EVz0rcW6_uUwg85q7FgYMRv-Eq0YUGgtzG96kAU3tMnBwtANGWFi3Q%26sig%3DCg0ArKJSzJQDNoycgurtEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26rm_eid%3D4192616%26adurl%3Dhttps%253A%252F%252Fwww.cmcmarkets.com%252Fde-de%252Flp%252Ffixekommissionen%253Fdclid%253D%2525edclid!%2526utm_source%253Dgdn%2526utm_medium%253Ddisplay%2526utm_term%253Dprogrammatic%2526utm_campaign%253Dde-prospecting
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:d40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 19d81c89eb052960e487f55793c8216ba4df21bfd096c7c7f1987280228df44d

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 18 Jun 2021 01:19:46 GMT
content-encoding: br
cf-cache-status: HIT
content-md5: b9smCYDtuxUavmTjGzuxRA==
age: 1274365
cf-polished: origSize=65074
cf-request-id: 0abe4cf25a00001766b2b3d000000001
x-ms-lease-status: unlocked
last-modified: Wed, 07 Apr 2021 16:45:04 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: cc292ece-001e-0010-4848-58284e000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public,max-age=31536000,immutable
x-ms-version: 2009-09-19
cf-ray: 6610b0fd5d391766-FRA
cf-bgj: minify

GET
H2 200 animated-creative.d2b931beb0c8e53510f4.js Show response
c.bannerflow.net/scripts/ Frame 5D5F 126 KB
39 KB 23ms
23ms Script
application/javascript 2606:4700::6810:d40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.bannerflow.net/scripts/animated-creative.d2b931beb0c8e53510f4.js
Requested by: Host: c.bannerflow.net
URL: https://c.bannerflow.net/a/606de166b3521e8b1b19f4ed?did=5ced17d285b1c200019c3fe1&deeplink=on&&redirecturl=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjsuJCdlVqqQboJ3S7pPUiKLXovp3Qf_Ja6AzhzYy53l1syGJmSP9Yr4oNfRoF05VYNUp_le7z9VLR-rPu8vB_XQS9rXvRHbJ0gpMc_lvcaAbe6CLm7ukkz7m9t1-IyJxa7i2ZM0_m4TLUk3DCrWDMdGVwV3gHjpipQqDMTHgu65hmJMnn9rJHlg0H4sc3QKLG5TxfwNtvARsJYJHbwUIEWty3KDjY-6K6hvn8agzsg_e4iZPSUAFuan1v-UwzCx8FNmCIxq-vNzhso8Ez9ucq-1rm6DujpIPvHIyA-20E4mP-PTddwZMUBHCQrVYGeG1XLJa7kD9SL1HAKOp5sBIqpAQhtJbO82mFDWDWwnul014eD4IryM8rsAGvKsnJbxBn80YikE-2VS4t22yxQtEag2dzvMFOMjj2AMmznrg1n6bcfAp-9KDRthD-Rx991UQo1bASCzQUH_HUU40YeOL-CBmIMnd4772EE9Wym4J9XHIoIcgZwu7hDyjir04jlxiNeh0ArWjUAqyAuGm4577ZoritWZtPEzbfwShFXEvkNbUJs8HEZhqJwYkxP12_1IOKG0vhs2m9n7MR7183s6HAOwUXy4WkLhievu2I_Ik8NoVxKxTUwG0TGS9gG8a0WkRTROTo3LWLPg6MD952TpnwOF2ebakV4wMEdaLbIPTwE8yOjhLOGvc25lKdojeZ2VUOs64FIcOTjGBgo6H9HLDK63HqrtZGWKVXRp4hOiu7xYIl_m-35GdWsgiFhL9o_BxkyosJYJ-e1Cx1HXDwkNsWEkNPZaQsYO3UoGij1dRrHVbeudUmjGaB5cf1cSzDs23G04LGVgHRJTYmOJiGdPrvR7bog6azDxQQoyBvXtOG95FoLfoahCd3muPfogEI-mU8P4gn5mc0DC-wP0wt-aMzrTM2Sy30LS9EVz0rcW6_uUwg85q7FgYMRv-Eq0YUGgtzG96kAU3tMnBwtANGWFi3Q%26sig%3DCg0ArKJSzJQDNoycgurtEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26rm_eid%3D4192616%26adurl%3Dhttps%253A%252F%252Fwww.cmcmarkets.com%252Fde-de%252Flp%252Ffixekommissionen%253Fdclid%253D%2525edclid!%2526utm_source%253Dgdn%2526utm_medium%253Ddisplay%2526utm_term%253Dprogrammatic%2526utm_campaign%253Dde-prospecting
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:d40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c2b802b44819289fdb059a102d74115535379bee52041fa52583dbab4e3282b7

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 18 Jun 2021 01:19:46 GMT
content-encoding: br
cf-cache-status: HIT
content-md5: x/M5KPZN780/Go5GcYCOHQ==
age: 1274401
cf-polished: origSize=129416
cf-request-id: 0abe4cf25b00001766daa60000000001
x-ms-lease-status: unlocked
last-modified: Wed, 07 Apr 2021 11:56:11 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 95e2dcc6-401e-0087-5648-587e43000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public,max-age=31536000,immutable
x-ms-version: 2009-09-19
cf-ray: 6610b0fd5d3a1766-FRA
cf-bgj: minify

GET
DATA 200
OK truncated
/ Frame 5D5F 66 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b71c20271d9c80d1a71aa0ab9935281c4fa8ac404533f1a0747d7fb03fc68e79

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/webp

GET
H2 200 font
c.bannerflow.net/fs/api/v2/ Frame 5D5F 8 KB
8 KB 26ms
13ms Font
font/woff 2606:4700::6810:d40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.bannerflow.net/fs/api/v2/font?u=https%3A%2F%2Ffontmanagerstorage.blob.core.windows.net%2Ffontmanagerfonts%2F550abe329445702310657a53%2F560bd8d24d47fc28fc84259d%2F34270135-00c1-4a61-88c5-45e4f527aa4f.woff&t=%20%2C.15%3AACDEFGHIKMNRSTVXabcdefghiklmnoprstuvwxz%7C%C3%9F%C3%A4%C3%B6%C3%BC%E2%82%AC
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/6418128/1617813969298/DE_T2_Shares_DE_FixedCommission_black_Prospecting-German-970x250-637534107678057419-f6b96f81-61c1-4a52-b8e5-51816cdb5dfa.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:d40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 38b035a0bea8b15d460919bb686c4caf0d0c51a8f51b328609ebf228ed02ec61

Request headers

Origin: https://s0.2mdn.net
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 01:19:46 GMT
cf-cache-status: HIT
server: cloudflare
age: 4341
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: font/woff
access-control-allow-origin: *
cache-control: public, s-maxage=31536000, max-age=31536000, stale-if-error=86400, stale-while-revalidate=86400
content-disposition: attachment; filename=34270135-00c1-4a61-88c5-45e4f527aa4f-subset.woff
cf-ray: 6610b0fe787c4dc4-FRA
cf-request-id: 0abe4cf30e00004dc4c3b05000000001
expires: Sat, 18 Jun 2022 00:07:25 GMT

GET
H2 200 font
c.bannerflow.net/fs/api/v2/ Frame 5D5F 6 KB
7 KB 28ms
14ms Font
font/woff 2606:4700::6810:d40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.bannerflow.net/fs/api/v2/font?u=https%3A%2F%2Ffontmanagerstorage.blob.core.windows.net%2Ffontmanagerfonts%2F550abe329445702310657a53%2F560bd8d24d47fc28fc84259d%2F34467d9a-b412-4353-984f-b34c15f2df1c.woff&t=%20%25-.37ACDFGHKabdefgiklmnorstv%C2%A0
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/6418128/1617813969298/DE_T2_Shares_DE_FixedCommission_black_Prospecting-German-970x250-637534107678057419-f6b96f81-61c1-4a52-b8e5-51816cdb5dfa.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:d40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 94222909a0f6f3be28d12597499a224a8e1b86417c5ea379cb0ee81b164e1e7b

Request headers

Origin: https://s0.2mdn.net
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 01:19:46 GMT
cf-cache-status: HIT
server: cloudflare
age: 6159891
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: font/woff
access-control-allow-origin: *
cache-control: public, s-maxage=31536000, max-age=31536000, stale-if-error=86400, stale-while-revalidate=86400
content-disposition: attachment; filename=34467d9a-b412-4353-984f-b34c15f2df1c-subset.woff
cf-ray: 6610b0fe787e4dc4-FRA
cf-request-id: 0abe4cf30e00004dc4fc0cc000000001
expires: Thu, 07 Apr 2022 18:14:55 GMT

GET
H2 200 optimize
c.bannerflow.net/io/api/image/ Frame 8BC7 12 KB
12 KB 16ms
16ms Image
image/webp 2606:4700::6810:d40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.bannerflow.net/io/api/image/optimize?u=https%3A%2F%2Fc.bannerflow.net%2Faccounts%2Fcmc-markets%2F560bd8d24d47fc28fc84259d%2Fimages%2Fbd038b86-adff-4382-83f7-3a5e61a783ec.png&w=311&h=231&q=90&f=webp&rt=contain
Requested by: Host: microsoftportal.net
URL: https://microsoftportal.net/?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:d40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 33fb7cb72d25a25211a8ba449bb30b998b577d39939f583b765d0745a59e12d1

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 01:19:47 GMT
cf-cache-status: HIT
api-supported-versions: 2.0
age: 40670
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
cache-control: public, max-age=86400,stale-if-error=86400,stale-while-revalidate=86400
accept-ranges: bytes
cf-ray: 6610b0ff8f021766-FRA
content-length: 12020
cf-request-id: 0abe4cf3b700001766038e6000000001
server: cloudflare
request-context: appId=cid-v1:aa2d0cc3-fd7d-4ac0-80ca-1db03d937ce1

GET
H2 200 optimize
c.bannerflow.net/io/api/image/ Frame 8BC7 2 KB
2 KB 17ms
17ms Image
image/webp 2606:4700::6810:d40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.bannerflow.net/io/api/image/optimize?u=https%3A%2F%2Fc.bannerflow.net%2Faccounts%2Fcmc-markets%2F560bd8d24d47fc28fc84259d%2Fimages%2F0f7d384c-494d-4b00-b910-80b6777b7929.png&w=132&h=101&q=90&f=webp&rt=contain
Requested by: Host: microsoftportal.net
URL: https://microsoftportal.net/?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:d40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 12e58673d51613d17e9cff942a292face4e268e841809201f07c8c34a86c5143

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 01:19:47 GMT
cf-cache-status: HIT
api-supported-versions: 2.0
age: 761
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
cache-control: public, max-age=86400,stale-if-error=86400,stale-while-revalidate=86400
accept-ranges: bytes
cf-ray: 6610b0ff8f041766-FRA
content-length: 1854
cf-request-id: 0abe4cf3b70000176627a43000000001
server: cloudflare
request-context: appId=cid-v1:aa2d0cc3-fd7d-4ac0-80ca-1db03d937ce1

POST
H2 200 pixel
c.bannerflow.net/tr/v2/ Frame 5D5F 0
99 B 29ms
29ms Ping
text/plain 2606:4700::6810:d40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.bannerflow.net/tr/v2/pixel
Requested by: Host: c.bannerflow.net
URL: https://c.bannerflow.net/a/606de166b3521e8b1b19f4ed?did=5ced17d285b1c200019c3fe1&deeplink=on&&redirecturl=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjsuJCdlVqqQboJ3S7pPUiKLXovp3Qf_Ja6AzhzYy53l1syGJmSP9Yr4oNfRoF05VYNUp_le7z9VLR-rPu8vB_XQS9rXvRHbJ0gpMc_lvcaAbe6CLm7ukkz7m9t1-IyJxa7i2ZM0_m4TLUk3DCrWDMdGVwV3gHjpipQqDMTHgu65hmJMnn9rJHlg0H4sc3QKLG5TxfwNtvARsJYJHbwUIEWty3KDjY-6K6hvn8agzsg_e4iZPSUAFuan1v-UwzCx8FNmCIxq-vNzhso8Ez9ucq-1rm6DujpIPvHIyA-20E4mP-PTddwZMUBHCQrVYGeG1XLJa7kD9SL1HAKOp5sBIqpAQhtJbO82mFDWDWwnul014eD4IryM8rsAGvKsnJbxBn80YikE-2VS4t22yxQtEag2dzvMFOMjj2AMmznrg1n6bcfAp-9KDRthD-Rx991UQo1bASCzQUH_HUU40YeOL-CBmIMnd4772EE9Wym4J9XHIoIcgZwu7hDyjir04jlxiNeh0ArWjUAqyAuGm4577ZoritWZtPEzbfwShFXEvkNbUJs8HEZhqJwYkxP12_1IOKG0vhs2m9n7MR7183s6HAOwUXy4WkLhievu2I_Ik8NoVxKxTUwG0TGS9gG8a0WkRTROTo3LWLPg6MD952TpnwOF2ebakV4wMEdaLbIPTwE8yOjhLOGvc25lKdojeZ2VUOs64FIcOTjGBgo6H9HLDK63HqrtZGWKVXRp4hOiu7xYIl_m-35GdWsgiFhL9o_BxkyosJYJ-e1Cx1HXDwkNsWEkNPZaQsYO3UoGij1dRrHVbeudUmjGaB5cf1cSzDs23G04LGVgHRJTYmOJiGdPrvR7bog6azDxQQoyBvXtOG95FoLfoahCd3muPfogEI-mU8P4gn5mc0DC-wP0wt-aMzrTM2Sy30LS9EVz0rcW6_uUwg85q7FgYMRv-Eq0YUGgtzG96kAU3tMnBwtANGWFi3Q%26sig%3DCg0ArKJSzJQDNoycgurtEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26rm_eid%3D4192616%26adurl%3Dhttps%253A%252F%252Fwww.cmcmarkets.com%252Fde-de%252Flp%252Ffixekommissionen%253Fdclid%253D%2525edclid!%2526utm_source%253Dgdn%2526utm_medium%253Ddisplay%2526utm_term%253Dprogrammatic%2526utm_campaign%253Dde-prospecting
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:d40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Fri, 18 Jun 2021 01:19:47 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 6610b0ffcf441766-FRA
content-length: 0
cf-request-id: 0abe4cf3de000017661336c000000001
request-context: appId=cid-v1:1d9bcaa3-5ddc-4e5d-973c-949d7ceab63e

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 0F59 42 B
518 B 35ms
16ms Fetch
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuo7zL_g3A0FPwwrSWQuXVDW8dBr9oojZp7qCPYKfxxQFlgnJfSHU1vTdGS7ktAct64-TkKu4PrytqNOgPwSbUIFEsw0MBgN1ES1uHejqInI-4j4Fx_A2Kl-wUaUw&sai=AMfl-YRDo6jrE_aZVcwE_KRzkDg3IrNkUlQMbSq-Oz1iEJ4YKLJWWpGxMrJ9YMTuIe3fp02qUVcl_xG4m6Qd&sig=Cg0ArKJSzC9iGr7qKH5fEAE&id=lidar2&mcvt=1000&p=250,202,340,930&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20210616&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=22&adk=3175562939&rs=2&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosm=0&rst=1623979185839&dlt=387&rpt=123&isd=0&msd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Jun 2021 01:19:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
8 KB 30ms
17ms XHR
application/json 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210616&st=env

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8411f59d13eb0ca959531c08d0a23f1d8b7d701bc4bf17eedc5c4cb41e196dcc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://microsoftportal.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 18 Jun 2021 01:19:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8467
x-xss-protection: 0

POST
H2 200 tracker
top-fwz1.mail.ru/ 43 B
678 B 46ms
45ms Ping
image/gif 217.69.133.145
MAILRU-AS Mail.Ru

General

Check archive.org

Show headers Download Go to

Full URL

https://top-fwz1.mail.ru/tracker?js=13;id=2124891;u=https%3A//microsoftportal.net/%3F;r=https%3A//microsoftportal.net.admin-mcas.ms/;st=1623979185687;s=1600*1200;vp=1600*1200;touch=0;hds=1;flash=;sid=5ae6bd563f55087a;ver=60.3.0;tz=-120%2FEurope%2FBerlin;nt=0/0/1623979184930/////0/1/2/2/111/7/111/470/471/474/757/771/775/2575/2575/;ni=9.7//4g/0/0/;lvid=1623979185906%3A1623979187510%3A2%3Ac2c9eebb523386c4cb5fa061cd626c00;_=0.6767079115440795;e=RT/load;et=1623979187509

Requested by

Host: top-fwz1.mail.ru
URL: https://top-fwz1.mail.ru/js/code.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

217.69.133.145 , Russian Federation, ASN47764 (MAILRU-AS Mail.Ru, RU),

Reverse DNS

top-fwz1.mail.ru

Software

nginx /

Resource Hash

24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://microsoftportal.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Fri, 18 Jun 2021 01:19:47 GMT
x-content-type-options: nosniff
p3p: CP="NOI DSP COR NID CUR PSA OUR NOR"
content-length: 43
pragma: no-cache
amp-access-control-allow-source-origin: https://microsoftportal.net
server: nginx
access-control-allow-methods: GET, POST, HEAD, PUT, OPTIONS
content-type: image/gif
access-control-allow-origin: https://microsoftportal.net
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: private, no-cache, no-store, max-age=0
access-control-allow-credentials: true
accept-ch-lifetime: 86400
accept-ch: DPR, Width, Viewport-Width, Downlink, Device-Memory
timing-allow-origin: https://microsoftportal.net
access-control-allow-headers: *

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e684839cbcef6b16753dae73e92a49b7115f55e83662ead12d5e05bf7b9915fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://microsoftportal.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 01:19:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1622653785071769"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Fri, 18 Jun 2021 01:19:47 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame E333 42 B
64 B 15ms
15ms Fetch
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssWnIiELNFmtkZyKQXApshz3TDl6fxdoin97_L6tBhqpep4IZ7gnmalBwGooUMJ7SGaoF-uq3hkGJRDuyKSxMXhPPLooNU0kkBlz_jvfGUMpQ_fiqivUDHQ54fTRw&sai=AMfl-YQjvUNA-rIHW3V5UpmD_A4iYmOxCJe-AKmM9tEWvKzLZVxaVbsPi3axMNQwHnKE3XugzJ6WvSxK-Ib3&sig=Cg0ArKJSzMTrAA_6_VQMEAE&id=lidar2&mcvt=1000&p=365,1099,965,1399&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20210616&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=22&adk=2460103794&rs=2&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosm=0&rst=1623979185858&dlt=590&rpt=98&isd=0&msd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Jun 2021 01:19:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/223/ Frame 48EB 12 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/223/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de7dd7e8a5f2257d16c23c395b9262c6fa04689c81b0e2b8bf7f5bae9f4177dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/223/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://microsoftportal.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://microsoftportal.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Thu, 17 Jun 2021 21:43:36 GMT
expires: Fri, 17 Jun 2022 21:43:36 GMT
last-modified: Wed, 17 Mar 2021 18:24:30 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 12971
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 9FEA 783 B
782 B 15ms
15ms Document
text/html 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

79ca2ab1802655bdb7c495bd4e069b66373c5aa88319826a3fb216452e79b35b

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-07WUf02gMpxGITN6fXnXig' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://microsoftportal.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://microsoftportal.net/

Response headers

expires: Fri, 18 Jun 2021 01:19:47 GMT
date: Fri, 18 Jun 2021 01:19:47 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-07WUf02gMpxGITN6fXnXig' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 r9UBjISocNAIJlYpJ9js6qS1QkxlF8WeLwKBT19OnPk.js Show response
pagead2.googlesyndication.com/bg/ Frame 48EB 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/r9UBjISocNAIJlYpJ9js6qS1QkxlF8WeLwKBT19OnPk.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/223/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

afd5018c84a870d00826562927d8eceaa4b5424c6517c59e2f02814f5f4e9cf9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 15 Jun 2021 18:18:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 198094
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5758
x-xss-protection: 0
last-modified: Mon, 14 Jun 2021 13:18:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 15 Jun 2022 18:18:13 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 14ms
14ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=223&t=2&li=gda_r20210616&jk=145003549783568&bg=!FhWlFVHNAAZktE7iZLQ7ACkAdvg8WhL18gQtnedSeHfGSVDDL4Vcei4R6qTIdxxDpGW6APxRM3KjsAIAAABJUgAAAA1oAQeZAnSdCIbr6DumnSboIV82htpOu3qTXc7vnOIcV4WjCgTAVsEEQvwEL2ZNTTE0pbS6CXVTTVZyqwsce6C2VX0BdJiNUHXJpAxL4_yahnmQy7geanC4dID4eqGW-Rmg9Kd2PivLBu5Q2pc9WRwUsz8qZl6OkfhdDN-QOz3I67pv5itacMzq2KRoV95Kyoz0y3xEGfkzYk2GkYKVrY1n2NfqQacE0BB0lFHCpGGMnA7hvPTr0EOwPGIhjPSINBhFlhXTNgvoAkfsOAzTir0GIdXPekH3ZxrNwoO8uCqxMh9lRfTSsnqedbwJon7FKN9TGOigFOv7CZLQ331WlS67xGqMiHK9_1daw4SR2M3tR0aDdXaf0uTqEt7ABcmUgIn72nJ8FWW7_Et5TII39vAtTrhVdDvwUdEg6kxRmx4wGBoeMsaXX5gYfaSYoCiAnSN1vnjN_gb74yDwksippenD3EGwUyOZdtWt04BWeLY70Nrpd6Mmn6X6u9lFBSAP5SiyrIc_YN5XG17GSFlbrqfd0p9qVbu0JQ_2UqimaheOuvRa8jqhmIOHYR9N4tWXWDa0ssGHWViikWEIZ5ttyZgwsYTOnUTg5qYPcpor06Aihy94_YLI6XDTYEJhBZHcWofy5xprhnKyBPENKbIaxXO9NzFmQ6neEZwwbYseeEW7LCVIVv9TKQge5iIdabxpFFXNAivXPoxk0auy8TRKsM1mLHryFGX3l1sjL83zjnVWaABWLgrf9Qv0aLv2xCU9hxL9cqLufJ3peH8Z242FgEjRkCgCmKPP5RYQ68T2rF6hGEKtyrpr6Tb1WggFM2bC6QID7tihA-xHpTwv

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://microsoftportal.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Jun 2021 01:19:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 10478836 Show response
mc.yandex.com/webvisor/ 43 B
73 B 187ms
95ms XHR
image/gif 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/webvisor/10478836?wmode=0&wv-part=1&wv-hit=753955658&page-url=https%3A%2F%2Fmicrosoftportal.net%2F%3F&rn=137728616&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1623979188%3Aw%3A1600x1200%3Av%3A562%3Az%3A120%3Ai%3A20210618031948%3Au%3A1623979186653232680%3Avf%3Alvg2sn1re62lx62l%3Awe%3A1%3Ati%3A2%3Ast%3A1623979188

Requested by

Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://microsoftportal.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 18 Jun 2021 01:19:48 GMT
last-modified: Fri, 18-Jun-2021 01:19:48 GMT
strict-transport-security: max-age=31536000
content-type: image/gif
access-control-allow-origin: https://microsoftportal.net
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Fri, 18-Jun-2021 01:19:48 GMT

POST
H2 200 10478836 Show response
mc.yandex.com/webvisor/ 43 B
230 B 138ms
51ms XHR
image/gif 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/webvisor/10478836?wmode=0&wv-part=1&wv-hit=753955658&page-url=https%3A%2F%2Fmicrosoftportal.net%2F%3F&rn=1049677635&wv-type=3&browser-info=gdpr%3A14%3Aet%3A1623979188%3Aw%3A1600x1200%3Av%3A562%3Az%3A120%3Ai%3A20210618031948%3Au%3A1623979186653232680%3Avf%3Alvg2sn1re62lx62l%3Awe%3A1%3Ati%3A2%3Ast%3A1623979188

Requested by

Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://microsoftportal.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 18 Jun 2021 01:19:48 GMT
last-modified: Fri, 18-Jun-2021 01:19:48 GMT
strict-transport-security: max-age=31536000
content-type: image/gif
access-control-allow-origin: https://microsoftportal.net
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Fri, 18-Jun-2021 01:19:48 GMT

GET
H2 200 /
www.acint.net/ping/ 43 B
341 B 12ms
11ms Image
image/gif 46.4.121.26
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.acint.net/ping/?v=0.3.0&uid=a5f391d6-ea2a-4406-a8da-d920f438ccde&dp=10&tz=%2B02%3A00&nc=18567716&dT=2021-06-18T03%3A19%3A48.764
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 46.4.121.26 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: hz1271109.aucourant.info
Software: openresty /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://microsoftportal.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 01:19:48 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
server: openresty
content-type: image/gif
content-length: 43
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 200 10478836 Show response
mc.yandex.com/webvisor/ 43 B
145 B 45ms
45ms XHR
image/gif 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/webvisor/10478836?wmode=0&wv-part=2&wv-hit=753955658&page-url=https%3A%2F%2Fmicrosoftportal.net%2F%3F&rn=798589110&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1623979190%3Aw%3A1600x1200%3Av%3A562%3Az%3A120%3Ai%3A20210618031950%3Au%3A1623979186653232680%3Avf%3Alvg2sn1re62lx62l%3Awe%3A1%3Ati%3A2%3Ast%3A1623979190

Requested by

Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://microsoftportal.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 18 Jun 2021 01:19:50 GMT
last-modified: Fri, 18-Jun-2021 01:19:50 GMT
strict-transport-security: max-age=31536000
content-type: image/gif
access-control-allow-origin: https://microsoftportal.net
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Fri, 18-Jun-2021 01:19:50 GMT

GET
H2 200 dc_oe=ChMI24f_84Gg8QIVV7x3Ch3UMgAyEAEYACCr24BH;met=1;&timestamp=1623979196662;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame 9FD5 42 B
515 B 39ms
16ms Image
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMI24f_84Gg8QIVV7x3Ch3UMgAyEAEYACCr24BH;met=1;&timestamp=1623979196662;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Jun 2021 01:19:56 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST tracker
top-fwz1.mail.ru/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YMv0s77XKohobRW_Nh2O8AAABHYAAAIB&google_cver=1&google_gid=CAESELWJJQyzXc10sEgJ5R8s9lY&google_push=AYg5qPJ2I9m-zNtoXrx2bocT-D5eHtwxFpoVRAIiwQdFDAGfuwxOCnBYe_C0bmA-RTtr411K4ePQ75QMt6GoMSXmh_DSNH7-ElXV&google_tc=

Domain: top-fwz1.mail.ru
URL: https://top-fwz1.mail.ru/tracker?js=13;id=2124891;u=https%3A//microsoftportal.net/%3F;r=https%3A//microsoftportal.net.admin-mcas.ms/;st=1623979185687;title=MSPortal;s=1600*1200;vp=1600*1200;touch=0;hds=1;flash=;sid=5ae6bd563f55087a;ver=60.3.0;tz=-120%2FEurope%2FBerlin;ni=9.7//4g/0/0/;detect=0;lvid=1623979185906%3A1623979202512%3A3%3Ac2c9eebb523386c4cb5fa061cd626c00;_=0.40933756402721655;e=PVT/15

Verdicts & Comments Add Verdict or Comment

187 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.microsoftportal.net/	1970-01-20 03:05:50	Name: tmr_reqNum Value: 2

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0100007fb1f4cb602c04435602231722-sp.ops.beeline.ru
a.utraff.com
acint.net
ad.adriver.ru
ad.mail.ru
ade.googlesyndication.com
adlmerge.com
ads.betweendigital.com
adservice.google.com
adservice.google.de
adx.com.ru
an.yandex.ru
api.advarkads.com
c.bannerflow.net
cm.g.doubleclick.net
cms.quantserve.com
connect.facebook.net
counter.yadro.ru
dm.hybrid.ai
dmg.digitaltarget.ru
exchange.buzzoola.com
fcgi4.gnezdo.ru
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
image6.pubmatic.com
informer.yandex.ru
kraken.rambler.ru
match.new-programmatic.com
mc.yandex.com
mc.yandex.ru
mcasproxy.azureedge.net
microsoftportal.net
microsoftportal.net.admin-mcas.ms
odr.mookie1.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.everesttech.net
pixel.rubiconproject.com
prodmp.ru
px.adhigh.net
redirect.frontend.weborama.fr
relap.io
rtb.openx.net
s.uuidksinc.net
s0.2mdn.net
s3.advarkads.com
sape-sync.rutarget.ru
sm.rtb.mts.ru
ssp-rtb.sape.ru
ssp.adriver.ru
st.top100.ru
stat.adlabs.ru
sync.1dmp.io
sync.bumlam.com
sync.dmp.otm-r.com
sync.republer.com
sync3.adsniper.ru
tag.digitaltarget.ru
tech.rtb.mts.ru
top-fwz1.mail.ru
tpc.googlesyndication.com
ut.rktch.com
wf.frontend.weborama.fr
www.acint.net
www.google.com
www.googletagservices.com
www.gstatic.com
x01.aidata.io
cm.g.doubleclick.net
top-fwz1.mail.ru
109.248.237.36
116.202.85.93
142.250.181.226
142.250.185.194
142.250.185.98
142.250.186.162
144.76.118.200
157.90.179.219
185.15.175.148
185.15.175.157
185.64.189.115
188.34.131.130
188.42.191.196
193.106.92.202
193.232.148.147
194.190.117.93
195.201.243.71
195.209.108.48
213.87.44.207
217.65.2.150
217.66.147.169
217.69.133.145
2606:4700:10::6816:557
2606:4700:20::681a:4db
2606:4700::6810:d40
2620:116:800d:21:5a23:9c4e:e774:96c1
2a00:1148:db00::17
2a00:1450:4001:800::2003
2a00:1450:4001:802::2003
2a00:1450:4001:802::200a
2a00:1450:4001:811::2004
2a00:1450:4001:813::2002
2a00:1450:4001:813::2006
2a00:1450:4001:827::2001
2a00:1450:4001:829::2002
2a00:1450:4001:82a::2002
2a00:1450:4001:82f::2002
2a00:1450:4001:831::2002
2a02:26f0:1700:d::1737:6ea4
2a02:6b8::1:119
2a02:6b8::90
2a03:2880:f01c:8012:face:b00c:0:3
31.172.81.159
31.172.81.160
31.220.27.134
34.246.227.69
34.98.67.61
35.186.253.211
35.190.16.14
35.244.223.69
37.18.16.16
37.9.245.57
46.4.121.26
52.155.166.50
69.173.144.139
80.64.106.148
81.19.89.16
81.222.128.216
88.212.201.204
88.212.233.108
89.108.119.28
89.108.97.2
91.218.230.124
93.95.102.105
95.163.37.253
95.211.66.35
95.216.101.186
09d46019c7a75b96187202c3c8412182f27c413a9c3661857923dc8e94e91b7b
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
116ef7e18c938d214a7b656fd0d94e8f7ac6b8828ad1eaf7398ce3322b1125f1
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
12e58673d51613d17e9cff942a292face4e268e841809201f07c8c34a86c5143
1341fc0005dbe71c32e421f13c283429aaeb74a0b151a6b9f83205b5ee516d3d
15b886992795015ddf192ba7c46ea89376cef0fec304d850d735da268c332226
15cf8f82cb88e536dd1ae95abb309c25cea23a65dabc97dd1b495be415f88da2
15eb5bd635ec9808b47f89ee196155c39d8e2db3bb317f1fe49182ccc98115db
18f0f623763901aeeb156407ed6a37d5c0716ff174ba9a6ce09fbb5ed9d45d4f
19d81c89eb052960e487f55793c8216ba4df21bfd096c7c7f1987280228df44d
1cf04407e728ea1ebf82dc1c6b45d12632cb3202ff8f4556f380b16e57484f27
1e47e82c9464a8c56bb6d7c82f5a6dad8c23ec4e3f375c9f601a61bc80f4d282
1ea901577fd64178b72730a9f203acbda8801a66f7caf920b59257b13876eae2
20b3bad1427e2212dd847357841f993f025b5061c4af1d382dcc727e102cc1e4
230def4495a1533451a5b5154ebef45630011bc7e0399f3b43ec6e41d378faac
24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db
27a9105727943397b059ee354ee7f2f665f3d5a7a6fb0df68aad37b7f43b7cac
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
2ac0b867fa66324ed79b248a5fa546bde07c503e90754be44773cfa368d3217e
2d71c3596d208b2b7c50692ebcd1e3278dddc12ae65ca95b1bf2244f73d50369
2fa34cb36e7f351ad5936818f0720f0eb56d1da511631cef4055976078260046
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
33fb7cb72d25a25211a8ba449bb30b998b577d39939f583b765d0745a59e12d1
3796cf12ca9b6f5f93255046f5bf7d70a82c6b389698ed6c007903940c17c5ad
38b035a0bea8b15d460919bb686c4caf0d0c51a8f51b328609ebf228ed02ec61
38b79f0a42931a0be4deaeb1dd58f3b1d4fc021041af67cf2e33f892f5464bb3
3b9e8d070eb3d3a740240f79b731159e34f993842e3d80dd07a2114c69ed8075
42d9aedcbe73adba235a1302073902183b440cac6b8e81e6560a0644d049875e
449ef4a890525256bc3bc16dea519e857a7a694c5048820cc7271e713766652b
479b699a76b4f1c5d74bf82e7351685c455b79547d10b6891680fbfa590e68ae
49aea8d1206dbb5e3c8a7d4db9274d2efa2111d8b53acb901efc378b1feca381
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
53c398b97f143a9a4e8f5ff7ea781a0703b0caabebc459bc4a90745242c5f1dc
53e4cb1ec1da57e5fec65ec5f5b19b050fa8bd6e19e9030c2704456846e4d106
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
572e2f25267f2879b7d5c14151314133fc8c67293837ce4bb184153664694160
599325d39743959cdacb163b742dd6f622443a73f155364bbcc465a291ce0b5a
5a0da3f86d0505c67db1fb2287ce92548014d4ba7969eb76b7f716a5d5009e8f
5a3ad5a022e6c55cfcf4a06b3d299a9f3b1544c3f7503566a71e496e4a1d1890
613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155
63657066db27c8ce3693cfb94c4783225a6dad8bc96e8be31f89b8891b051bda
65b45154530acccb3435ac25e0f1bc131589c2388bfd67481526cbe2ed521eca
68532c15bfa6e31c5005c8a6172d2c8f697309fbfa1f08f80cab81987a97529c
694b3d44092af2be786c584ad80546df912fb0bf621e760a9bfd8d0c8f986be9
71a0c6830d978bf08f7540a19d77b7f0802d31e16156fd7f944063f0f96c61b4
754e4f25470d9263afc25125dce868bae633ea3d59f1b7dc8a0e740292fa68a5
77affbd2fb12370b0c53ff6b46dfa66c313f0d29f4e4148913a42d5789ac6451
77de4f0f78a9b95744ea6228db435d57570e9f50d7c16d239527ae2081574863
79ca2ab1802655bdb7c495bd4e069b66373c5aa88319826a3fb216452e79b35b
7c078e5032ba5da0fdf4e333ac30ad283aaa9de5d935e716c6fd7e1b5d4e9d2e
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8398a026313c016324f186d1c9b24a46813109d4bc5477d910a683079cbf1434
83ac25bde45a760a2cb49715ce32d1ff385ca923f01afd5f32b650e7cd3394f5
8411f59d13eb0ca959531c08d0a23f1d8b7d701bc4bf17eedc5c4cb41e196dcc
8ba9595c642523b828dee1741119b88d2d022ba8be8a8f0966600ce11dddd7e7
8efda3f0b5d984306920023fe9e82a919bfac7109db64ed89f752720408c888b
8f281ebc45c293d64b39f0a23399a3cccbd542c3a1245019dd33e2139d45ed3f
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
909fd79bccfdb9483ba03810bd63f6da15b6afbb5e958782ce1e2e8094028ef8
91cfab827f1f7c9aca0933e30f433ed72d44546deef812d3ef4e6f0745ba3f4a
94222909a0f6f3be28d12597499a224a8e1b86417c5ea379cb0ee81b164e1e7b
95333c6cddcbfc1989165da8f528836efa1b5e53d6ba000cbb564b4d1982744d
95670c61cea51012201db49e26658c4452fff67828f05e59ef02c67d11d5aaf9
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9e018935eebac438d9cc1329be07bf7d4a08d034eefa786c20928c45f4c167bb
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a61eeea560e1f947cd3e50db09d52da15eebe911865e29f5398bb44cb0d9252e
a7094e07dda6a9c6dd1497043e83be8f04e84f5da84becab84d044a9bc6e6be5
a8cf59007153a1d366dd69c66f54edbbcfec46a32330626a714f1b22934ec468
afd5018c84a870d00826562927d8eceaa4b5424c6517c59e2f02814f5f4e9cf9
b1388b9e7d871a64d53b8fed4f0207cec7c312435918f0061f5413f0f9e9f30c
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2eca33e22a23b0c12aac7e2ad38816163ca0000cf9ce2116d708c58b6b25557
b3d9a37c3110d0d5edf534a4dd964bb85d8661820e4c39e4c63c96bd2813b726
b409c14a10b4caad6b54844aa63a5faf748b83eecc2dd0d4fb1d913f8de55365
b641fcc6977163e5c0f29d3f2f9216bb20c9a8b6be3b8bb7029393421e8cfdb8
b6790cf785e814bb1152eb00cabb27cafb3593393ca3aec19ebe5dbc5dfbe8b3
b71c20271d9c80d1a71aa0ab9935281c4fa8ac404533f1a0747d7fb03fc68e79
b912455480572174b87986b8f195eae651c900ef3b6fb85d72310b6aad0c878c
b91f9feae4212deb2d3243b37c49b6d1d71e9a9511d4f4110d9c1e30c97e1f65
b95214dac0b2f1843bb487d97ed047870b55f73c0981f1fc9ea0e90eebced9f9
bdf72009ad226c17f1954ba602292902a780b80af07dbcbab1322bdf5c32be66
be44428e9433183b9c2bd006073440dcb939976988ea245a9a8b98984d0400f3
c2a53a2ff6fe4b87169761f63876c4239639b5710db7c5e2861dd24e8e347180
c2b802b44819289fdb059a102d74115535379bee52041fa52583dbab4e3282b7
c4e05016df0987ff738f7b0cef94f55b2500ff98fd7f5ff5c526d6b02fc3fc2d
c5c44afc84eb882c171355b664f14b251d5c34db9023b719ba29dac938b6554e
c654e1b1768e9ee4ef211ea90736e7e99679d7af202faa4f2782db9447bdf548
c6754c3241a18169afee078352f5e11c9c8eec97b9e2fb173f541ce2d07dd210
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
ccb150b1878d5aa777543222f9e47636d4258687e3dd57e625988f09a96bda64
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d1c009c83f73450bedc9ef5decc272e84e1acf87fd721112bd6b6fa270e44caa
d593eab937ae208334c866b7afc56b0703787c857dae8bb562aefbbd3ca15ee6
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6
de7dd7e8a5f2257d16c23c395b9262c6fa04689c81b0e2b8bf7f5bae9f4177dc
e09c5507d6f189744d043d993a3a28a63d12322f3dc978426ef895517b98b567
e2a5ed37fa56d547b16b841360b8d0fa99617169cb6f70266b8ed04e184da26e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3d2fb5e2edecc03632d4232f8956dfc6cea25557cdd082cab892d00f2769bc4
e684839cbcef6b16753dae73e92a49b7115f55e83662ead12d5e05bf7b9915fb
e7db2432d033e8aaa788222b02d05643d72b369689c9ab00dc63bb8be2487171
eb33a129d1093d5a35727b202a165f527147869649c4301e8cbee51702a73e35
ec14b3fdd1ac41055a51cb0228e9058093ffa65aa501adc152435809793e9cd0
edb239fcc4a9585615afa400ba273650698cf6b2df1764db6633f37274ddebed
edea62b6792791e90490e04ecbdb167677f4c84c09fe19efba4dbdc6494efb10
eea6dc59229104927a1ca1a416794d0ae3fb326b2ed6926abda0dd2a8cf693be
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0c9f90c27c6cbac55ffd616c55711f9693d0a52ae63c6948d23e3f62ae4385b
f175118a276677f95246f49950b1f767d295d1a1fcbe2c7e7af2557b97701851
f2c761ee3ce27469f940a05b64e38a829a400427727cd0bdbb4e36f1d572afd7
f32de53959fd8081d100f1e31199a913a86804e58d7cd8498124dded214f74d5
f49b1d1bd49f5c61c93e08dc9b8427ae046c513af8ce30fa8d04162bb6f5b9df
f60527825f5eb56b1f7bf9f6ab37c9c865bb6ef2ace55674b4f1cccd4209b670
fbe1583d8642d89d0c349b00c0125e485dd55976282165a6b5f2d29ea9d44549
fd4b37401b665299f555320c5f46a1421d791bcbba1b23cba58dba9f01fc6f9a

microsoftportal.net Open in urlscan Pro 91.218.230.124 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

173 Requests

99 %HTTPS

30 %IPv6

55 Domains

70 Subdomains

47 IPs

8 Countries

2561 kBTransfer

4297 kBSize

1 Cookies

11 Outgoing links

Page URL History

Redirected requests

173 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

microsoftportal.net Open in urlscan Pro
91.218.230.124 Public Scan

Screenshot
Live screenshot

Full Image

173
Requests

99 %
HTTPS

30 %
IPv6

55
Domains

70
Subdomains

47
IPs

8
Countries

2561 kB
Transfer

4297 kB
Size

1
Cookies

173 HTTP transactions
6 data transactions