www.onmsft.com Open in urlscan Pro
104.24.121.101 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://winbeta.org/
Effective URL:
https://www.onmsft.com/
Submission: On February 15 via manual (February 15th 2020, 7:49:01 am UTC) from PH

Summary HTTP 319 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 53 IPs in 8 countries across 41 domains to perform 319 HTTP transactions. The main IP is 104.24.121.101, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.onmsft.com.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on September 22nd 2019. Valid for: a year.

This is the only time www.onmsft.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:303... 2606:4700:3034::681c:1a14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
27	104.24.121.101 104.24.121.101	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:809::200a	15169 (GOOGLE) (GOOGLE)
27	192.0.77.2 192.0.77.2	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2606:4700::68... 2606:4700::6811:4004	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
5	151.139.128.10 151.139.128.10	20446 (HIGHWINDS3) (HIGHWINDS3)
3	23.38.55.104 23.38.55.104	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	92.122.253.103 92.122.253.103	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2a00:1450:400... 2a00:1450:4001:806::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:81d::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:815::2003	15169 (GOOGLE) (GOOGLE)
4	35.186.219.42 35.186.219.42	15169 (GOOGLE) (GOOGLE)
1 3	2a00:1450:400... 2a00:1450:4001:806::200e	15169 (GOOGLE) (GOOGLE)
2	13.225.86.250 13.225.86.250	16509 (AMAZON-02) (AMAZON-02)
1 5	23.43.115.95 23.43.115.95	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 6	2.19.45.224 2.19.45.224	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2 4	54.72.110.169 54.72.110.169	16509 (AMAZON-02) (AMAZON-02)
5	2600:9000:20e... 2600:9000:20eb:d800:2:42d9:3100:93a1	16509 (AMAZON-02) (AMAZON-02)
30	172.217.18.162 172.217.18.162	15169 (GOOGLE) (GOOGLE)
1 3	35.190.59.101 35.190.59.101	15169 (GOOGLE) (GOOGLE)
3	35.201.67.47 35.201.67.47	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c00::9b	15169 (GOOGLE) (GOOGLE)
3	151.101.12.134 151.101.12.134	54113 (FASTLY) (FASTLY)
1	35.190.76.239 35.190.76.239	15169 (GOOGLE) (GOOGLE)
21	2a00:1450:400... 2a00:1450:4001:815::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:817::2002	15169 (GOOGLE) (GOOGLE)
1	35.190.40.172 35.190.40.172	15169 (GOOGLE) (GOOGLE)
1	54.172.13.155 54.172.13.155	14618 (AMAZON-AES) (AMAZON-AES)
1	95.100.78.156 95.100.78.156	16625 (AKAMAI-AS) (AKAMAI-AS)
1	52.208.18.218 52.208.18.218	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:215... 2600:9000:2156:7400:1:af78:4c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	151.101.112.175 151.101.112.175	54113 (FASTLY) (FASTLY)
1	172.217.18.102 172.217.18.102	15169 (GOOGLE) (GOOGLE)
2 2	63.33.115.128 63.33.115.128	16509 (AMAZON-02) (AMAZON-02)
2 2	147.75.102.200 147.75.102.200	54825 (PACKET) (PACKET)
1	195.181.175.52 195.181.175.52	60068 (CDN77) (CDN77)
11	54.246.208.255 54.246.208.255	16509 (AMAZON-02) (AMAZON-02)
1	23.45.237.36 23.45.237.36	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
43	2a00:1450:400... 2a00:1450:4001:808::2001	15169 (GOOGLE) (GOOGLE)
2 2	52.49.126.143 52.49.126.143	16509 (AMAZON-02) (AMAZON-02)
1	37.252.173.38 37.252.173.38	29990 (ASN-APPNEX) (ASN-APPNEX)
1	185.64.189.112 185.64.189.112	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
1 3	34.95.120.147 34.95.120.147	15169 (GOOGLE) (GOOGLE)
1	69.173.144.143 69.173.144.143	26667 (RUBICONPR...) (RUBICONPROJECT)
19	2a00:1450:400... 2a00:1450:4001:818::2002	15169 (GOOGLE) (GOOGLE)
2	2.18.232.7 2.18.232.7	16625 (AKAMAI-AS) (AKAMAI-AS)
10	2600:9000:215... 2600:9000:2156:ac00:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
25	104.244.37.20 104.244.37.20	7415 (ADSAFE-1) (ADSAFE-1)
2	23.45.108.93 23.45.108.93	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	92.122.254.4 92.122.254.4	16625 (AKAMAI-AS) (AKAMAI-AS)
25	2a00:1450:400... 2a00:1450:4001:821::2001	15169 (GOOGLE) (GOOGLE)
4 5	2a00:1450:400... 2a00:1450:4001:814::2004	15169 (GOOGLE) (GOOGLE)
1 1	172.217.22.66 172.217.22.66	15169 (GOOGLE) (GOOGLE)
1	35.201.98.64 35.201.98.64	15169 (GOOGLE) (GOOGLE)
1	34.95.92.134 34.95.92.134	15169 (GOOGLE) (GOOGLE)
319	53

1 2606:4700:3034::681c:1a14 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

winbeta.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 104.24.121.101 (United States)

ASN13335 (CLOUDFLARENET, US)

www.onmsft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:809::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 192.0.77.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: i0.wp.com

i1.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i2.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:4004 (United States)

ASN13335 (CLOUDFLARENET, US)

ajax.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 151.139.128.10 (Dallas, United States)

ASN20446 (HIGHWINDS3, US)

s.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.intergi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
p.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.38.55.104 (Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a23-38-55-104.deploy.static.akamaitechnologies.com

cdn.nsstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
g.pcmag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ns.zdbb.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 92.122.253.103 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a92-122-253-103.deploy.static.akamaitechnologies.com

contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:806::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81d::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:815::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.186.219.42 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: 42.219.186.35.bc.googleusercontent.com

chickensstation.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:806::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.225.86.250 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-86-250.fra2.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 23.43.115.95 (Netherlands) 1 redirects

ASN20940 (AKAMAI-ASN1, US)
PTR: a23-43-115-95.deploy.static.akamaitechnologies.com

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2.19.45.224 (Ascension Island) 1 redirects

ASN20940 (AKAMAI-ASN1, US)
PTR: a2-19-45-224.deploy.static.akamaitechnologies.com

cdn.static.zdbb.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
gurgle.zdbb.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.72.110.169 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-72-110-169.eu-west-1.compute.amazonaws.com

secure-us.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2600:9000:20eb:d800:2:42d9:3100:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn-gl.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

30 172.217.18.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s29-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.190.59.101 (Mountain View, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 101.59.190.35.bc.googleusercontent.com

r.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.201.67.47 (Ascension Island)

ASN15169 (GOOGLE, US)
PTR: 47.67.201.35.bc.googleusercontent.com

t.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.12.134 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

winbeta.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.76.239 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: 239.76.190.35.bc.googleusercontent.com

admiral.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2a00:1450:4001:815::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:817::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.40.172 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: 172.40.190.35.bc.googleusercontent.com

api.skimlinks.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.172.13.155 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-172-13-155.compute-1.amazonaws.com

jogger.zdbb.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 95.100.78.156 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a95-100-78-156.deploy.static.akamaitechnologies.com

tags.bkrtx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.208.18.218 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-208-18-218.eu-west-1.compute.amazonaws.com

zdbb.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:7400:1:af78:4c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

vendorlist.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.112.175 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

cdn.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.18.102 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s05-in-f102.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 63.33.115.128 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-63-33-115-128.eu-west-1.compute.amazonaws.com

x.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 147.75.102.200 (Central, Hong Kong) 2 redirects

ASN54825 (PACKET, US)

loadeu.exelator.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 195.181.175.52 (Frankfurt am Main, Germany)

ASN60068 (CDN77, GB)
PTR: unn-195-181-175-52.datapacket.com

load77.exelator.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 54.246.208.255 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-246-208-255.eu-west-1.compute.amazonaws.com

pixel.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.45.237.36 (United States)

ASN20940 (AKAMAI-ASN1, US)
PTR: a23-45-237-36.deploy.static.akamaitechnologies.com

stags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

43 2a00:1450:4001:808::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.49.126.143 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-49-126-143.eu-west-1.compute.amazonaws.com

sync.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.252.173.38 (Ascension Island)

ASN29990 (ASN-APPNEX, US)
PTR: 537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.234.21 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

as-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.95.120.147 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 147.120.95.34.bc.googleusercontent.com

ziffdavis-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
eu-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.143 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2a00:1450:4001:818::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.18.232.7 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-232-7.deploy.static.akamaitechnologies.com

a.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2600:9000:2156:ac00:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 104.244.37.20 (United States)

ASN7415 (ADSAFE-1, US)
PTR: daldt.adsafeprotected.com

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.45.108.93 (Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a23-45-108-93.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 92.122.254.4 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a92-122-254-4.deploy.static.akamaitechnologies.com

t.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 2a00:1450:4001:821::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:814::2004 (Frankfurt am Main, Germany) 4 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.22.66 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra15s17-in-f66.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.201.98.64 (Ascension Island)

ASN15169 (GOOGLE, US)
PTR: 64.98.201.35.bc.googleusercontent.com

dapperfloor.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.95.92.134 (United States)

ASN15169 (GOOGLE, US)
PTR: 134.92.95.34.bc.googleusercontent.com

my.getadmiral.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
60	googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com	581 KB
46	adsafeprotected.com pixel.adsafeprotected.com static.adsafeprotected.com dt.adsafeprotected.com	454 KB
39	doubleclick.net 1 redirects securepubads.g.doubleclick.net stats.g.doubleclick.net ad.doubleclick.net googleads.g.doubleclick.net cm.g.doubleclick.net	491 KB
29	wp.com i1.wp.com i0.wp.com i2.wp.com stats.wp.com pixel.wp.com	322 KB
27	onmsft.com www.onmsft.com	523 KB
25	ampproject.org cdn.ampproject.org	450 KB
12	skimresources.com 3 redirects s.skimresources.com r.skimresources.com t.skimresources.com p.skimresources.com x.skimresources.com	24 KB
11	googletagservices.com www.googletagservices.com	248 KB
9	imrworldwide.com 2 redirects secure-us.imrworldwide.com cdn-gl.imrworldwide.com	60 KB
9	zdbb.net 1 redirects cdn.static.zdbb.net ns.zdbb.net gurgle.zdbb.net jogger.zdbb.net zdbb.net	25 KB
8	teads.tv a.teads.tv sync.teads.tv t.teads.tv	191 KB
7	google.com 4 redirects adservice.google.com www.google.com	1 KB
5	google.de adservice.google.de	874 B
5	scorecardresearch.com 1 redirects sb.scorecardresearch.com	3 KB
4	chickensstation.com chickensstation.com	62 KB
3	openx.net 1 redirects ziffdavis-d.openx.net eu-u.openx.net us-u.openx.net	1 KB
3	exelator.com 2 redirects loadeu.exelator.com load77.exelator.com	2 KB
3	consensu.org admiral.mgr.consensu.org api.skimlinks.mgr.consensu.org vendorlist.consensu.org	18 KB
3	disqus.com winbeta.disqus.com	4 KB
3	google-analytics.com 1 redirects www.google-analytics.com	18 KB
3	googleapis.com fonts.googleapis.com ajax.googleapis.com	31 KB
2	crwdcntrl.net 2 redirects sync.crwdcntrl.net	1 KB
2	amazon-adsystem.com c.amazon-adsystem.com	3 KB
2	gstatic.com fonts.gstatic.com	42 KB
2	googletagmanager.com www.googletagmanager.com	50 KB
1	getadmiral.com my.getadmiral.com
1	dapperfloor.com dapperfloor.com	29 KB
1	rubiconproject.com fastlane.rubiconproject.com	6 KB
1	casalemedia.com as-sec.casalemedia.com	988 B
1	pubmatic.com hbopenbid.pubmatic.com	115 B
1	adnxs.com ib.adnxs.com	712 B
1	bluekai.com stags.bluekai.com
1	krxd.net cdn.krxd.net	626 B
1	bkrtx.com tags.bkrtx.com	10 KB
1	google.nl adservice.google.nl	778 B
1	pcmag.com g.pcmag.com	265 B
1	media.net contextual.media.net	118 KB
1	intergi.com cdn.intergi.com	24 KB
1	nsstatic.com cdn.nsstatic.com	124 KB
1	cloudflare.com ajax.cloudflare.com	4 KB
1	winbeta.org 1 redirects winbeta.org	300 B
319	41

	Domain	Requested by
43	tpc.googlesyndication.com	chickensstation.com securepubads.g.doubleclick.net www.onmsft.com tpc.googlesyndication.com pagead2.googlesyndication.com cdn.ampproject.org
30	securepubads.g.doubleclick.net	cdn.nsstatic.com securepubads.g.doubleclick.net www.onmsft.com www.googletagservices.com
27	www.onmsft.com	www.onmsft.com ajax.cloudflare.com chickensstation.com
25	cdn.ampproject.org	securepubads.g.doubleclick.net
25	dt.adsafeprotected.com
17	pagead2.googlesyndication.com	securepubads.g.doubleclick.net pagead2.googlesyndication.com
14	i1.wp.com	www.onmsft.com
11	www.googletagservices.com	securepubads.g.doubleclick.net pagead2.googlesyndication.com
11	pixel.adsafeprotected.com	cdn.nsstatic.com www.onmsft.com
10	static.adsafeprotected.com	pixel.adsafeprotected.com www.onmsft.com
8	i0.wp.com	www.onmsft.com
6	googleads.g.doubleclick.net	pagead2.googlesyndication.com
5	www.google.com	4 redirects www.onmsft.com
5	adservice.google.de	pagead2.googlesyndication.com www.googletagservices.com
5	cdn-gl.imrworldwide.com	cdn-gl.imrworldwide.com
5	sb.scorecardresearch.com	1 redirects cdn.nsstatic.com
5	i2.wp.com	www.onmsft.com
4	t.teads.tv
4	secure-us.imrworldwide.com	2 redirects
4	cdn.static.zdbb.net	1 redirects cdn.static.zdbb.net
4	chickensstation.com	www.onmsft.com chickensstation.com
3	winbeta.disqus.com	www.onmsft.com winbeta.disqus.com
3	p.skimresources.com
3	t.skimresources.com	s.skimresources.com
3	r.skimresources.com	1 redirects
3	www.google-analytics.com	1 redirects www.googletagmanager.com
2	sync.teads.tv	a.teads.tv
2	a.teads.tv	securepubads.g.doubleclick.net a.teads.tv
2	sync.crwdcntrl.net	2 redirects
2	loadeu.exelator.com	2 redirects
2	x.skimresources.com	2 redirects
2	adservice.google.com	securepubads.g.doubleclick.net pagead2.googlesyndication.com
2	gurgle.zdbb.net	cdn.static.zdbb.net
2	c.amazon-adsystem.com	cdn.nsstatic.com
2	fonts.gstatic.com
2	www.googletagmanager.com	ajax.cloudflare.com www.onmsft.com
2	fonts.googleapis.com	www.onmsft.com dapperfloor.com
1	my.getadmiral.com	chickensstation.com
1	dapperfloor.com	chickensstation.com
1	us-u.openx.net
1	cm.g.doubleclick.net	1 redirects
1	eu-u.openx.net	1 redirects
1	fastlane.rubiconproject.com	cdn.nsstatic.com
1	ziffdavis-d.openx.net	cdn.nsstatic.com
1	as-sec.casalemedia.com	cdn.nsstatic.com
1	hbopenbid.pubmatic.com	cdn.nsstatic.com
1	ib.adnxs.com	cdn.nsstatic.com
1	stags.bluekai.com	tags.bkrtx.com
1	load77.exelator.com
1	ad.doubleclick.net	chickensstation.com
1	cdn.krxd.net	cdn.static.zdbb.net
1	vendorlist.consensu.org	chickensstation.com
1	zdbb.net
1	tags.bkrtx.com	cdn.static.zdbb.net
1	jogger.zdbb.net	cdn.static.zdbb.net
1	api.skimlinks.mgr.consensu.org	s.skimresources.com
1	adservice.google.nl	securepubads.g.doubleclick.net
1	admiral.mgr.consensu.org	chickensstation.com
1	pixel.wp.com
1	stats.g.doubleclick.net
1	ns.zdbb.net	cdn.nsstatic.com
1	g.pcmag.com	cdn.nsstatic.com
1	ajax.googleapis.com	ajax.cloudflare.com
1	contextual.media.net	ajax.cloudflare.com
1	cdn.intergi.com	ajax.cloudflare.com
1	cdn.nsstatic.com	ajax.cloudflare.com
1	s.skimresources.com	ajax.cloudflare.com
1	stats.wp.com	ajax.cloudflare.com
1	ajax.cloudflare.com	www.onmsft.com
1	winbeta.org	1 redirects
319	70

This site contains links to these domains. Also see Links.

Domain
twitter.com
www.facebook.com
www.pinterest.com
facebook.com
www.youtube.com
azure.microsoft.com
products.office.com
wordpress.org
michael.gillett.online

Subject Issuer	Validity	Valid
sni.cloudflaressl.com CloudFlare Inc ECC CA-2	`2019-09-22` - `2020-09-21`	a year	crt.sh
*.storage.googleapis.com GTS CA 1O1	`2020-01-29` - `2020-04-22`	3 months	crt.sh
*.wp.com Go Daddy Secure Certificate Authority - G2	`2018-04-10` - `2020-05-11`	2 years	crt.sh
cloudflare.com CloudFlare Inc ECC CA-2	`2020-01-07` - `2020-10-09`	9 months	crt.sh
*.skimresources.com DigiCert SHA2 Secure Server CA	`2018-09-13` - `2020-10-07`	2 years	crt.sh
ziffdavis.com DigiCert SHA2 Secure Server CA	`2020-01-23` - `2021-04-23`	a year	crt.sh
*.intergi.com Go Daddy Secure Certificate Authority - G2	`2018-12-27` - `2021-01-21`	2 years	crt.sh
*.media.net DigiCert SHA2 Secure Server CA	`2018-12-30` - `2020-03-30`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-01-29` - `2020-04-22`	3 months	crt.sh
*.google.com GTS CA 1O1	`2020-01-29` - `2020-04-22`	3 months	crt.sh
chickensstation.com Let's Encrypt Authority X3	`2019-12-31` - `2020-03-30`	3 months	crt.sh
c.amazon-adsystem.com Amazon	`2019-10-07` - `2020-09-29`	a year	crt.sh
*.scorecardresearch.com Sectigo RSA Organization Validation Secure Server CA	`2019-12-16` - `2020-12-25`	a year	crt.sh
www.ziffdavis.com DigiCert SHA2 Extended Validation Server CA	`2018-05-18` - `2020-05-17`	2 years	crt.sh
*.imrworldwide.com DigiCert SHA2 Secure Server CA	`2019-02-25` - `2020-02-25`	a year	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-01-29` - `2020-04-22`	3 months	crt.sh
*.disqus.com DigiCert SHA2 Secure Server CA	`2018-03-28` - `2020-04-27`	2 years	crt.sh
admiral.mgr.consensu.org GTS CA 1D2	`2020-02-08` - `2020-05-08`	3 months	crt.sh
api.skimlinks.mgr.consensu.org DigiCert SHA2 Secure Server CA	`2019-10-04` - `2021-10-07`	2 years	crt.sh
*.zdbb.net COMODO RSA Domain Validation Secure Server CA	`2018-02-23` - `2021-02-22`	3 years	crt.sh
*.bkrtx.com DigiCert SHA2 Secure Server CA	`2018-12-03` - `2020-03-03`	a year	crt.sh
vendorlist.consensu.org Amazon	`2020-02-07` - `2021-03-07`	a year	crt.sh
*.c.ssl.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2019-08-23` - `2020-08-23`	a year	crt.sh
*.doubleclick.net GTS CA 1O1	`2020-01-29` - `2020-04-22`	3 months	crt.sh
1605158521.rsc.cdn77.org Let's Encrypt Authority X3	`2020-01-21` - `2020-04-20`	3 months	crt.sh
fw.adsafeprotected.com Amazon	`2020-02-03` - `2021-03-03`	a year	crt.sh
odc-prod-01.oracle.com DigiCert ECC Secure Server CA	`2018-12-10` - `2020-03-10`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2020-01-29` - `2020-04-22`	3 months	crt.sh
*.adnxs.com DigiCert ECC Secure Server CA	`2019-01-23` - `2021-03-08`	2 years	crt.sh
*.pubmatic.com Sectigo RSA Organization Validation Secure Server CA	`2019-02-22` - `2021-02-21`	2 years	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2019-07-17` - `2020-03-09`	8 months	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2018-01-04` - `2020-07-09`	3 years	crt.sh
*.rubiconproject.com DigiCert SHA2 Secure Server CA	`2019-01-10` - `2021-01-14`	2 years	crt.sh
teads.tv Let's Encrypt Authority X3	`2020-01-08` - `2020-04-07`	3 months	crt.sh
static.adsafeprotected.com Amazon	`2019-11-01` - `2020-12-01`	a year	crt.sh
*.adsafeprotected.com COMODO RSA Domain Validation Secure Server CA	`2018-08-20` - `2020-09-17`	2 years	crt.sh
misc-sni.google.com GTS CA 1O1	`2020-01-29` - `2020-04-22`	3 months	crt.sh
www.google.com GTS CA 1O1	`2020-01-29` - `2020-04-22`	3 months	crt.sh
dapperfloor.com Let's Encrypt Authority X3	`2020-01-29` - `2020-04-28`	3 months	crt.sh
my.getadmiral.com Sectigo RSA Extended Validation Secure Server CA	`2019-07-31` - `2020-07-30`	a year	crt.sh

This page contains 40 frames:

Primary Page: https://www.onmsft.com/
Frame ID: D13D828BEB024AA825C2358AA0867D7D
Requests: 171 HTTP requests in this frame

Frame: https://t.skimresources.com/api/v2/robots.txt?__skimjs_preflight__please_ignore__=true&rnd=0.7286556660893344
Frame ID: 20E8CD2111774D9127BFC11B3D9CA088
Requests: 3 HTTP requests in this frame

Frame: https://admiral.mgr.consensu.org/portal.html
Frame ID: 3432D59183C340DCFAFB3764E1F4CDA3
Requests: 1 HTTP requests in this frame

Frame: https://stags.bluekai.com/site/30629?ret=html&phint=site%3Donmsft.com&phint=referer%3Dhttps%3A%2F%2Fwww.onmsft.com%2F&phint=bbseg%3D1100530&phint=bbseg%3D7290&phint=bbseg%3D900082&phint=bbseg%3D900033&phint=bbseg%3D900136&phint=bbseg%3D900113&phint=bbseg%3D6895&phint=bbseg%3D1100015&phint=bbseg%3D6840&phint=bbseg%3D6867&phint=__bk_t%3DOnMSFT.com&phint=__bk_k%3D&phint=__bk_l%3Dhttps%3A%2F%2Fwww.onmsft.com%2F&phint=__bk_v%3D3.1.3&limit=10&r=90704123
Frame ID: 0986C42FE4D2AC5E7FAC11197690C653
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/safeframe/1-0-23/html/container.html
Frame ID: B3CBA15F47910C74214C83DFE9286CC9
Requests: 1 HTTP requests in this frame

Frame: https://cdn-gl.imrworldwide.com/novms/html/ls.html
Frame ID: 1751B366B0538CC475862A03FD1E493C
Requests: 1 HTTP requests in this frame

Frame: https://pixel.adsafeprotected.com/jload?anId=7529&campId=970x250&pubId=53576252&chanId=194640332&placementId=174132692&pubCreative=56493660332&pubOrder=169870292&cb=1553637558&adsafe_par&impId=9896d770-4fc7-11ea-898a-0661a761d26a
Frame ID: D359463E42C4FF73AD19C147B918E096
Requests: 2 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuGWsyN81tu8Sz_Jx9kUPZvcg6EQCA9rdD112b79ejkTwYfFm2o5BEI1A3s58a1nrE_5GO68FFv61qtXa1EVLRqLAHkivJeZGhB8bhwJYr0sU95yqoSw6LM2ICy78pjj7koSxE0jDn6kWreAogmI42jwpO4-M9A_5nKLoF089E9x9LgosX1PA-tZaMBKX2UvTyBtwY6Bqzr6gPDnpMBQhLxoGPCZp6xYRaHJ_Koz1ET3X29rp7zTbQAomQmtxF63l870Qofbw&sig=Cg0ArKJSzNu9Ud_PuNVrEAE&urlfix=1&adurl=
Frame ID: 0E5CC1331435C8F2E534FCAEFAB3FABA
Requests: 12 HTTP requests in this frame

Frame: https://pixel.adsafeprotected.com/jload?anId=7529&campId=300x250&pubId=53576252&chanId=194640332&placementId=104135972&pubCreative=138266785517&pubOrder=169870292&cb=735513030&adsafe_par&impId=9896d771-4fc7-11ea-898a-0661a761d26a
Frame ID: 1EA853026A03200224AEEEB2F91C1F62
Requests: 2 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvu9ygOP0FC8arGKAM8TG0uwJsjvMkF5mOcIcbkco2dH-35Q319HJok8P10dCtBSj0cELJnEW_cGlOwb2Tn7XLzTKBtIkRvvkqpTIwwSbwjVGHMUebBzWFGvKi_Cbt6-IrEEExAgxy4t-IXxHK_g9IcZWVx0SPYADQZH54oEKkTIuadiyVMv6Vv01ZcuSgqNJnj8fIngK9jteGdIiyOhgEmLrgL9ZO5D7xuzeJWw85MUZ67ZkTv253S0xgm6UHrmvoCmYmnHQ&sig=Cg0ArKJSzHkvCU1lWHdnEAE&urlfix=1&adurl=
Frame ID: 1E2B3D95829A80D16600B0BDDFAC17BB
Requests: 11 HTTP requests in this frame

Frame: https://pixel.adsafeprotected.com/jload?anId=7529&campId=300x250&pubId=53576252&chanId=194640332&placementId=104135852&pubCreative=138268452685&pubOrder=169870292&cb=851639884&adsafe_par&impId=9896d772-4fc7-11ea-898a-0661a761d26a
Frame ID: D56D278677D278614E2351EEC5B03461
Requests: 2 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssc78uMg4C0w3UcvYLS65J59idzmeQDgRmYqHqw0SqExX1BtKkZlw2lCZOqHsHOro5cbZIxgtW0ZCseZi2-SKKkZhitftP5ESwJE63YpKK1ieVEZp5BVS11eHFXhOWqsyW7LBwPz319BFWdXE2qATO8WfY45aclOsQhvcEOmsRV0yuOgZsjI6sbzY_hzsSM3wfMYlT4mcE99wZzi5_naQJUxBqJV-_c-IxRh0AtD4lIqHpxDkw_ZD2J6AYhTMs9wKJWFkUrOw&sig=Cg0ArKJSzFqac7eE6uLgEAE&urlfix=1&adurl=
Frame ID: 28AC665B7F1FEAF09DD72D9F2A5E5F5A
Requests: 10 HTTP requests in this frame

Frame: https://pixel.adsafeprotected.com/jload?anId=7529&campId=300x250&pubId=53576252&chanId=194640332&placementId=104135852&pubCreative=138266415492&pubOrder=169870292&cb=533039939&adsafe_par&impId=9896d773-4fc7-11ea-898a-0661a761d26a
Frame ID: 308EFFD76AF4880131472A01D075A54F
Requests: 2 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvzPZfBqkxStY57T1U-7Cjq3qca4cFc2KBptWlxwZyESbW5J8BOPkgDIGUueNd6GOSk9_tVTOd-F1DXK7DfKDFV3tIFrpIdgPjIw34S8loHPCi-n-_V54_1P6SGA4iL-fElbipgfh65dvhpjvWWnyggnvEe-48kprF_umRm8Eft-lKR321N4GhueEdsQNjZLig2Mp8cAOA0P2GDuFMqdjjaluhySEk0pTHsf5PNFyxwOOERhXoU6immAWoOK89_COaRfYesLw&sig=Cg0ArKJSzJ5Zedit0fgxEAE&urlfix=1&adurl=
Frame ID: 9BCB4D666B05FF2BFE6B898E8FD47C16
Requests: 13 HTTP requests in this frame

Frame: https://pixel.adsafeprotected.com/jload?anId=7529&campId=728x90&pubId=53576252&chanId=194640332&placementId=104135732&pubCreative=138267103837&pubOrder=169870292&cb=1647979942&adsafe_par&impId=9896d774-4fc7-11ea-898a-0661a761d26a
Frame ID: 2A522E99F206CF5A520BEF5A6CDF8FDD
Requests: 2 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsse9hBkc_seiC6AQD1DBnarJmzjv-2rP2Lc6k8g2vaE4uzIyI8F__sz-pRK61wp_Qu5uXlgbVsWWt2kIi4DW07cDlFjwpra6bbXLIlgsDJpXjLKfw1eFNfOBIgsP9eaTsGPec1Xmx1_epHHAbrorWUvL-D2w9qc1sS71Vy2cah59kbEqji6OtmTKOiA2_OJQbKAR6qKk1KTpluXn8OKxd5_bajzLZPS6yrCughxgezVHq6m9q2ZzMcxCGOudxNSr0vqPBumMA&sig=Cg0ArKJSzLUxczBUBlifEAE&urlfix=1&adurl=
Frame ID: 958F69B0C30814041D8BDDC2647BB3FA
Requests: 13 HTTP requests in this frame

Frame: data://truncated
Frame ID: DFD965168F24E27FCEA158C04E062346
Requests: 3 HTTP requests in this frame

Frame: data://truncated
Frame ID: 0D86E4DF526BF4147474EBAD5E37B582
Requests: 3 HTTP requests in this frame

Frame: https://a.teads.tv/page/92134/tag
Frame ID: EFC4227F384BE24F8EAF64A0B1426D45
Requests: 2 HTTP requests in this frame

Frame: data://truncated
Frame ID: DF2BBE7338818F4868926CA5A8FFB0D5
Requests: 3 HTTP requests in this frame

Frame: data://truncated
Frame ID: CFA0FFA2F48312C0233FE21A44A2C3A4
Requests: 3 HTTP requests in this frame

Frame: data://truncated
Frame ID: D2D04BBDDFD4C5527779BDEFB4AA3F03
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20200212/r20190131/zrt_lookup.html
Frame ID: 42BFE1FC25D5B7F3F405417A399F54FD
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/206/runner.html
Frame ID: 9194E225E9C3D1A7A8AE04FCD003A109
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8086391854971296&output=html&h=90&slotname=4432410839&adk=2035992950&adf=3173046726&w=728&lmt=1581752928&psa=0&npa=1&guci=1.2.0.0.2.1.0.0&format=728x90&url=https%3A%2F%2Fwww.onmsft.com%2F&flash=0&wgl=1&adsid=NT&dt=1581752928371&bpp=14&bdt=81&fdt=102&idt=102&shv=r20200212&cbv=r20190131&ptt=9&saldr=aa&correlator=90005155336&frm=21&ife=4&pv=2&ga_vid=334363451.1581752926&ga_sid=1581752928&ga_hid=879336500&ga_fc=0&iag=3&icsg=682&nhd=1&dssz=13&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=308&ady=10&biw=1585&bih=1200&isw=970&ish=250&ifk=247163955&scr_x=0&scr_y=0&eid=21065305%2C44714170%2C410075106&oid=3&pvsid=1600426327191439&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C970%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=20&bc=31&ifi=1&uci=1.shr2m7y02ako&fsb=1&xpc=ZSHK5YQgGB&p=https%3A//www.onmsft.com&dtd=114
Frame ID: 42BE8C6F005B277BB2A7767601861F8E
Requests: 1 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.4.114.js
Frame ID: 23220543B12A5A337BA4D9CFC45B8ABB
Requests: 1 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.4.114.js
Frame ID: 1ECB11BB2C6A8128CA8AFCEEEB41A275
Requests: 1 HTTP requests in this frame

Frame: https://sync.teads.tv/wigo-no-slot
Frame ID: B01EE4A90917625DC82B5A37E7E665DA
Requests: 1 HTTP requests in this frame

Frame: https://sync.teads.tv/wigo-no-slot
Frame ID: 94B389D7ED13E155FD883285D7191314
Requests: 1 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.4.114.js
Frame ID: 0866C1463DA74082A5A84515B07FD303
Requests: 1 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.4.114.js
Frame ID: 5CAEFB2CCFFCC6386576D6EA562AFC96
Requests: 1 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.4.114.js
Frame ID: 4D1BEE1F1C4BF90D533F593BA30680A0
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012001281851410/amp4ads-v0.js
Frame ID: BD010677526986C131F80F5E7D8869D4
Requests: 15 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012001281851410/amp4ads-v0.js
Frame ID: E391D4730933BE8CD47A613BB927F426
Requests: 15 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012001281851410/amp4ads-v0.js
Frame ID: A0A3A05382FF0D703E05CD5E158BECE7
Requests: 14 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012001281851410/amp4ads-v0.js
Frame ID: B961DB30553A90F2C31C5021A1D1F538
Requests: 14 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/206/runner.html
Frame ID: F139507655ADB84C48467625F1BA7870
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/206/runner.html
Frame ID: 095B1FAE3CC0A5C90C500FE54B46403D
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/206/runner.html
Frame ID: C495F99BCCE4041F85FE56074B726C2C
Requests: 1 HTTP requests in this frame

Frame: https://my.getadmiral.com/sticky-bubble?propertyID=A-582E614B6A735F3E706A00D7-2?bgColor=rgba(25%2C114%2C120%2C1)&iconColor=rgba(255%2C255%2C255%2C1)&horizontalAlign=left
Frame ID: F8B6A6CADF544AA2519C3D9B4C0A64F9
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://winbeta.org/ HTTP 301
https://www.onmsft.com/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i
meta generator /^WordPress ?([\d.]+)?/i
headers link /rel="https:\/\/api\.w\.org\/"/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i
meta generator /^WordPress ?([\d.]+)?/i
headers link /rel="https:\/\/api\.w\.org\/"/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i
meta generator /^WordPress ?([\d.]+)?/i
headers link /rel="https:\/\/api\.w\.org\/"/i

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
script /(?:\/([\d.]+))?(?:\/js)?\/bootstrap(?:\.min)?\.js/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googlesyndication\.com\//i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

comScore (Analytics) Expand

Overall confidence: 100%
Detected patterns

html /<iframe[^>]* (?:id="comscore"|scr=[^>]+comscore)|\.scorecardresearch\.com\/beacon\.js|COMSCORE\.beacon/i
script /\.scorecardresearch\.com\/beacon\.js|COMSCORE\.beacon/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

319
Requests

100 %
HTTPS

30 %
IPv6

41
Domains

70
Subdomains

53
IPs

8
Countries

3918 kB
Transfer

9865 kB
Size

1
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://twitter.com/onmsft
Title:

Search URL Search Domain Scan URL

URL: https://www.facebook.com/winbetadotorg?_rdr=p
Title:

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/onmsft/
Title:

Search URL Search Domain Scan URL

URL: https://facebook.com/
Title: Facebook 18,000Fans

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/WinBetaTV
Title: Youtube 66800Subscriber

Search URL Search Domain Scan URL

URL: https://azure.microsoft.com/
Title: Azure

Search URL Search Domain Scan URL

URL: https://products.office.com/
Title: Office 365

Search URL Search Domain Scan URL

URL: https://wordpress.org/
Title: WordPress

Search URL Search Domain Scan URL

URL: http://michael.gillett.online/
Title: Social Media icons by Michael Gillett

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://winbeta.org/ HTTP 301
https://www.onmsft.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 68

https://cdn.static.zdbb.net/js/z0WVjCBSEeGLoxIxOQVEwQ.min.js HTTP 303
https://cdn.static.zdbb.net/eu/js/z0WVjCBSEeGLoxIxOQVEwQ.min.js

Request Chain 69

https://secure-us.imrworldwide.com/v60.js HTTP 301
https://cdn-gl.imrworldwide.com/v60.js

Request Chain 73

https://r.skimresources.com/api/ HTTP 307
https://r.skimresources.com/api/?xguid=01E13X4G14XX85JQYRA1CBMKAR&persistence=1&checksum=27515e946f0c6965c1c285c83138ffbe1d0f0f656d98dafe89128971fdf3657e

Request Chain 77

https://www.google-analytics.com/r/collect?v=1&_v=j81&a=282085691&t=pageview&_s=1&dl=https%3A%2F%2Fwww.onmsft.com%2F&ul=en-us&de=UTF-8&dt=OnMSFT.com&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAUAB~&jid=941064825&gjid=953944096&cid=334363451.1581752926&tid=UA-71939551-1&_gid=519279139.1581752926&_r=1&gtm=2ou250&z=409848354 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-71939551-1&cid=334363451.1581752926&jid=941064825&_gid=519279139.1581752926&gjid=953944096&_v=j81&z=409848354

Request Chain 85

https://sb.scorecardresearch.com/b?c1=8&c2=6036316&c3=1&ns__t=1581752926272&ns_c=UTF-8&cv=3.5&c8=OnMSFT.com&c7=https%3A%2F%2Fwww.onmsft.com%2F&c9= HTTP 302
https://sb.scorecardresearch.com/b2?c1=8&c2=6036316&c3=1&ns__t=1581752926272&ns_c=UTF-8&cv=3.5&c8=OnMSFT.com&c7=https%3A%2F%2Fwww.onmsft.com%2F&c9=&cs_ak_ss=1

Request Chain 102

https://x.skimresources.com/?provider=exelate HTTP 302
https://loadeu.exelator.com/load/?p=787&g=001&j=0& HTTP 302
https://loadeu.exelator.com/load/?p=787&g=001&j=0&&xl8blockcheck=1 HTTP 302
https://load77.exelator.com/pixel.gif

Request Chain 109

https://sync.crwdcntrl.net/map/c=7505/tp=SKIM/?https%3A%2F%2Fx.skimresources.com%2F%3Fprovider%3Dlotame%26skim_mapping%3Dtrue%26provider_id%3D%24%7Bprofile_id%7D HTTP 302
https://sync.crwdcntrl.net/map/ct=y/c=7505/tp=SKIM/?https%3A%2F%2Fx.skimresources.com%2F%3Fprovider%3Dlotame%26skim_mapping%3Dtrue%26provider_id%3D%24%7Bprofile_id%7D HTTP 302
https://x.skimresources.com/?provider=lotame&skim_mapping=true&provider_id=379b41e691ec0f5e7745d82f864f39e0 HTTP 302
https://p.skimresources.com/?provider_id=379b41e691ec0f5e7745d82f864f39e0&skim_mapping=true

Request Chain 111

https://secure-us.imrworldwide.com/cgi-bin/m?rnd=1581752927181&ci=ziffdavis&js=1&cg=0&ts=v60.js&vn=6.0.58&cc=1&cd=24&ck=y&je=n&lg=en-US&si=https%3A%2F%2Fwww.onmsft.com%2F&sr=1600x1200&tz=1 HTTP 302
https://secure-us.imrworldwide.com/cgi-bin/m?rnd=1581752927181&ci=ziffdavis&js=1&cg=0&ts=v60.js&vn=6.0.58&cc=1&cd=24&ck=y&je=n&lg=en-US&si=https%3A%2F%2Fwww.onmsft.com%2F&sr=1600x1200&tz=1&ja=1

Request Chain 280

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 282

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 284

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 286

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 323

https://eu-u.openx.net/w/1.0/pd?plm=6&ph=dc423def-06ad-4fb4-a386-363c0a8315a3&gdpr=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEG5rqfXUut3MW7Qy_NEifs4&google_cver=1

319 HTTP transactions
17 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.onmsft.com/
Redirect Chain

http://winbeta.org/
https://www.onmsft.com/

48 KB
9 KB

892ms
844ms

Document
text/html

104.24.121.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.24.121.101 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3b4efa0a28b62f74b161afcd01640b422a039a8406aae24e845be89fdd505638

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.onmsft.com
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36

Response headers

status: 200
date: Sat, 15 Feb 2020 07:48:44 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=d0f3ee49e0cf915d6e0900064f587a5071581752924; expires=Mon, 16-Mar-20 07:48:44 GMT; path=/; domain=.onmsft.com; HttpOnly; SameSite=Lax
link: <https://www.onmsft.com/wp-json/>; rel="https://api.w.org/"
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 5655ae600abf9c5d-AMS
content-encoding: br

Redirect headers

Date: Sat, 15 Feb 2020 07:48:44 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 15 Feb 2020 08:48:44 GMT
Location: https://www.onmsft.com/
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 5655ae5f88979814-FRA

GET
H2 200 style.min.css
www.onmsft.com/wp-includes/css/dist/block-library/ 40 KB
6 KB 763ms
758ms Stylesheet
text/css 104.24.121.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.onmsft.com/wp-includes/css/dist/block-library/style.min.css?ver=5.3.2

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.24.121.101 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d9662b4b9ba6c2c3691ce0acd4572e027366eb97d6070550a13429262bb0037f

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: style

Response headers

date: Sat, 15 Feb 2020 07:48:45 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Fri, 15 Nov 2019 20:40:10 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"5dcf0d2a-a1fb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: max-age=315360000
cf-ray: 5655ae656f6b9c5d-AMS
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 font-awesome.min.css
www.onmsft.com/wp-content/plugins/accesspress-social-counter/css/ 30 KB
7 KB 763ms
759ms Stylesheet
text/css 104.24.121.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.onmsft.com/wp-content/plugins/accesspress-social-counter/css/font-awesome.min.css?ver=1.8.7

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.24.121.101 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: style

Response headers

date: Sat, 15 Feb 2020 07:48:45 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Tue, 31 Dec 2019 14:24:17 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"5e0b5a11-7918"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: max-age=315360000
cf-ray: 5655ae656f6c9c5d-AMS
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 frontend.css
www.onmsft.com/wp-content/plugins/accesspress-social-counter/css/ 14 KB
2 KB 766ms
760ms Stylesheet
text/css 104.24.121.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.onmsft.com/wp-content/plugins/accesspress-social-counter/css/frontend.css?ver=1.8.7

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.24.121.101 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8020b1406e0fc2c33e80f9dfafef11fac20bbd3555e794b9279ec2795f8561fc

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: style

Response headers

date: Sat, 15 Feb 2020 07:48:45 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Tue, 31 Dec 2019 14:24:17 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"5e0b5a11-39ca"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: max-age=315360000
cf-ray: 5655ae656f6d9c5d-AMS
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 wpp.css
www.onmsft.com/wp-content/plugins/wordpress-popular-posts/assets/css/ 2 KB
599 B 615ms
610ms Stylesheet
text/css 104.24.121.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.onmsft.com/wp-content/plugins/wordpress-popular-posts/assets/css/wpp.css?ver=5.0.2

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.24.121.101 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f26d98c3973c7df12d78bbb4164589b59dc42d4797b58471b358364c1005b2d3

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: style

Response headers

date: Sat, 15 Feb 2020 07:48:45 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Wed, 22 Jan 2020 16:22:44 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"5e2876d4-631"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: max-age=315360000
cf-ray: 5655ae656f6e9c5d-AMS
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 css
fonts.googleapis.com/ 5 KB
765 B 20ms
14ms Stylesheet
text/css 2a00:1450:4001:809::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Montserrat%7COswald%3A400%2C700&ver=5.3.2

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

53f975cd28f241bbbc91f55f7fcbd659c46cbf2e56df55b8af615251709612ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: style

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 15 Feb 2020 07:48:45 GMT
server: ESF
date: Sat, 15 Feb 2020 07:48:45 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 15 Feb 2020 07:48:45 GMT

GET
H2 200 tablepress-combined.min.css
www.onmsft.com/wp-content/ 6 KB
3 KB 618ms
613ms Stylesheet
text/css 104.24.121.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.onmsft.com/wp-content/tablepress-combined.min.css?ver=14

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.24.121.101 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b99fac3ce2e2ed0e1e88a9bb8a910eaaa0b1d458a1e810a147b91020c40e9dd4

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: style

Response headers

date: Sat, 15 Feb 2020 07:48:45 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Wed, 27 Nov 2019 17:06:54 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"5ddead2e-1978"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: max-age=315360000
cf-ray: 5655ae657f719c5d-AMS
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jetpack.css
www.onmsft.com/wp-content/plugins/jetpack/css/ 70 KB
12 KB 816ms
811ms Stylesheet
text/css 104.24.121.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.onmsft.com/wp-content/plugins/jetpack/css/jetpack.css?ver=8.2

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.24.121.101 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

072cfdc3b5c6541f3d3c06ebd4c138ab38b6e7983704b73dcb46710ac3ccb05b

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: style

Response headers

date: Sat, 15 Feb 2020 07:48:45 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Fri, 14 Feb 2020 15:31:39 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"5e46bd5b-117db"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: max-age=315360000
cf-ray: 5655ae657f729c5d-AMS
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 bootstrap.min.css
www.onmsft.com/wp-content/themes/darkness-nov-2019/css/ 117 KB
18 KB 44ms
39ms Stylesheet
text/css 104.24.121.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.onmsft.com/wp-content/themes/darkness-nov-2019/css/bootstrap.min.css

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.24.121.101 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9291fdc44bccd9b470eddfb7e2326370687526185eeea097a02541d08b60ef53

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: style

Response headers

date: Sat, 15 Feb 2020 07:48:45 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 687578
status: 200
x-xss-protection: 1; mode=block
last-modified: Mon, 12 Aug 2019 01:47:46 GMT
server: cloudflare
etag: W/"5d50c542-1d4f7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=315360000
cf-ray: 5655ae657f739c5d-AMS
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 style.css
www.onmsft.com/wp-content/themes/darkness-nov-2019/ 12 KB
4 KB 615ms
610ms Stylesheet
text/css 104.24.121.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.onmsft.com/wp-content/themes/darkness-nov-2019/style.css?ver=2019D.02

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.24.121.101 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

082eea712dfa8bc364d8f05d86b35e7266a93fd1b19c6b7d953b8dede8135223

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: style

Response headers

date: Sat, 15 Feb 2020 07:48:45 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Thu, 12 Dec 2019 19:04:45 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"5df28f4d-2f90"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: max-age=315360000
cf-ray: 5655ae657f769c5d-AMS
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 twitter-medium.png
www.onmsft.com/wp-content/themes/darkness-nov-2019/img/sm-icons/ 53 KB
54 KB 46ms
42ms Image
image/png 104.24.121.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.onmsft.com/wp-content/themes/darkness-nov-2019/img/sm-icons/twitter-medium.png

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.24.121.101 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5e9d5d7f0c649b8afca5ec420809ba9a6067a5dddd25be954f27c2ae034a1121

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Sat, 15 Feb 2020 07:48:45 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 1738817
status: 200
content-length: 54700
x-xss-protection: 1; mode=block
last-modified: Mon, 12 Aug 2019 01:47:56 GMT
server: cloudflare
etag: "5d50c54c-d5ac"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 5655ae657f779c5d-AMS
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 facebook-medium.png
www.onmsft.com/wp-content/themes/darkness-nov-2019/img/sm-icons/ 54 KB
54 KB 23ms
19ms Image
image/png 104.24.121.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.onmsft.com/wp-content/themes/darkness-nov-2019/img/sm-icons/facebook-medium.png

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.24.121.101 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

07fa03f1e5fef6c5ee89c033aa08a86d1e791714aa6437142823c8e5adea8a93

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Sat, 15 Feb 2020 07:48:45 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 1738817
status: 200
content-length: 55239
x-xss-protection: 1; mode=block
last-modified: Mon, 12 Aug 2019 01:47:54 GMT
server: cloudflare
etag: "5d50c54a-d7c7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 5655ae657f799c5d-AMS
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 logo.png
www.onmsft.com/wp-content/themes/darkness-nov-2019/img/ 10 KB
10 KB 56ms
47ms Image
image/png 104.24.121.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.onmsft.com/wp-content/themes/darkness-nov-2019/img/logo.png

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.24.121.101 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5abf0c3555cff7b63e38f6e7b8e7f56896937c0c2cc97cfaee7997c443e3e254

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Sat, 15 Feb 2020 07:48:45 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 1622440
status: 200
content-length: 10402
x-xss-protection: 1; mode=block
last-modified: Mon, 12 Aug 2019 01:47:50 GMT
server: cloudflare
etag: "5d50c546-28a2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 5655ae658f859c5d-AMS
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 pinterest-medium.png
www.onmsft.com/wp-content/themes/darkness-nov-2019/img/sm-icons/ 56 KB
56 KB 44ms
35ms Image
image/png 104.24.121.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.onmsft.com/wp-content/themes/darkness-nov-2019/img/sm-icons/pinterest-medium.png

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.24.121.101 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dbd0425550d0738c39c0f6ffe17880245425dccd356d77a5e0e30f9845fc90ca

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Sat, 15 Feb 2020 07:48:45 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 1622440
status: 200
content-length: 56968
x-xss-protection: 1; mode=block
last-modified: Mon, 12 Aug 2019 01:47:55 GMT
server: cloudflare
etag: "5d50c54b-de88"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 5655ae658f879c5d-AMS
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 rss-medium.png
www.onmsft.com/wp-content/themes/darkness-nov-2019/img/sm-icons/ 53 KB
53 KB 53ms
45ms Image
image/png 104.24.121.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.onmsft.com/wp-content/themes/darkness-nov-2019/img/sm-icons/rss-medium.png

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.24.121.101 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccc8413bc09ee8ffe0688a01b0059677c9cc298e6098aa01b7afdcc7f6d31bcc

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Sat, 15 Feb 2020 07:48:45 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 1738817
status: 200
content-length: 54109
x-xss-protection: 1; mode=block
last-modified: Mon, 12 Aug 2019 01:47:55 GMT
server: cloudflare
etag: "5d50c54b-d35d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 5655ae658f889c5d-AMS
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 SoD2.png
i1.wp.com/www.onmsft.com/wp-content/uploads/2020/02/ 2 KB
2 KB 51ms
13ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/www.onmsft.com/wp-content/uploads/2020/02/SoD2.png?resize=160%2C120&ssl=1

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

7f11e0d38986e9c5cd0327411cd05ba41092770edaf9ec0e002edf2616c93e30

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

x-nc: HIT ams 2
date: Sat, 15 Feb 2020 07:48:45 GMT
x-content-type-options: nosniff
x-bytes-saved: 24129
last-modified: Fri, 14 Feb 2020 19:52:33 GMT
server: nginx
etag: "58fce476fb20832a"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.onmsft.com/wp-content/uploads/2020/02/SoD2.png>; rel="canonical"
content-length: 1780
expires: Mon, 14 Feb 2022 07:52:33 GMT

GET
H2 200 WJ8_9238.jpg
i0.wp.com/www.onmsft.com/wp-content/uploads/2018/11/ 4 KB
4 KB 52ms
14ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/www.onmsft.com/wp-content/uploads/2018/11/WJ8_9238.jpg?resize=160%2C120&ssl=1

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

79453367032ac398d705754f3f4f0889191e4c83f9d02cab0aca259a419e6a49

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

x-nc: HIT ams 7
date: Sat, 15 Feb 2020 07:48:45 GMT
x-content-type-options: nosniff
last-modified: Wed, 05 Feb 2020 10:50:29 GMT
server: nginx
etag: "39679550e9536364"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.onmsft.com/wp-content/uploads/2018/11/WJ8_9238.jpg>; rel="canonical"
content-length: 4332
expires: Fri, 04 Feb 2022 22:50:29 GMT

GET
H2 200 Screen-Shot-2020-02-14-at-12.31.56-PM.png
i0.wp.com/www.onmsft.com/wp-content/uploads/2020/02/ 2 KB
2 KB 52ms
14ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/www.onmsft.com/wp-content/uploads/2020/02/Screen-Shot-2020-02-14-at-12.31.56-PM.png?resize=160%2C120&ssl=1

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

dbb00009a5588f9f8827c8e100e7575d1b19559c8443a90dcfcf0b344b9393de

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

x-nc: HIT ams 4
date: Sat, 15 Feb 2020 07:48:45 GMT
x-content-type-options: nosniff
x-bytes-saved: 16630
last-modified: Fri, 14 Feb 2020 18:11:26 GMT
server: nginx
etag: "b5bdd91ad6ad24bf"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.onmsft.com/wp-content/uploads/2020/02/Screen-Shot-2020-02-14-at-12.31.56-PM.png>; rel="canonical"
content-length: 1744
expires: Mon, 14 Feb 2022 06:11:26 GMT

GET
H2 200 Surface-Book-15-modes.jpg
i1.wp.com/www.onmsft.com/wp-content/uploads/2017/10/ 3 KB
3 KB 52ms
15ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/www.onmsft.com/wp-content/uploads/2017/10/Surface-Book-15-modes.jpg?resize=160%2C120&ssl=1

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

a5e569637ad3056f8c5936f61dc7927f3ab05a2c181ca7c8e0c502c5b0589aab

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

x-nc: HIT ams 6
date: Sat, 15 Feb 2020 07:48:45 GMT
x-content-type-options: nosniff
last-modified: Fri, 14 Feb 2020 16:50:56 GMT
server: nginx
etag: "bd15430bd7cbd32d"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.onmsft.com/wp-content/uploads/2017/10/Surface-Book-15-modes.jpg>; rel="canonical"
content-length: 2828
expires: Mon, 14 Feb 2022 04:50:56 GMT

GET
H2 200 ac691dd8-1403-4fa4-a111-eb2982597f8b.jpg
i2.wp.com/www.onmsft.com/wp-content/uploads/2019/06/ 1 KB
2 KB 51ms
13ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/www.onmsft.com/wp-content/uploads/2019/06/ac691dd8-1403-4fa4-a111-eb2982597f8b.jpg?resize=160%2C120&ssl=1

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

60d514b105a0f7863ef80f71c9226dbffd12d19bc691435c608ee23df452ccd0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

x-nc: HIT ams 8
date: Sat, 15 Feb 2020 07:48:45 GMT
x-content-type-options: nosniff
x-bytes-saved: 336
last-modified: Fri, 14 Feb 2020 16:08:00 GMT
server: nginx
etag: "f696b2def1756e6a"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.onmsft.com/wp-content/uploads/2019/06/ac691dd8-1403-4fa4-a111-eb2982597f8b.jpg>; rel="canonical"
content-length: 1430
expires: Mon, 14 Feb 2022 04:08:00 GMT

GET
H2 200 Windows-Terminal-Microsoft-Promo.png
i0.wp.com/www.onmsft.com/wp-content/uploads/2019/06/ 2 KB
2 KB 53ms
15ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/www.onmsft.com/wp-content/uploads/2019/06/Windows-Terminal-Microsoft-Promo.png?resize=160%2C120&ssl=1

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

525c4a17a176d9c4cca0ba2d0505895266a06f248de4f799d869641b7724e31a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

x-nc: HIT ams 5
date: Sat, 15 Feb 2020 07:48:45 GMT
x-content-type-options: nosniff
x-bytes-saved: 18156
last-modified: Fri, 14 Feb 2020 15:39:55 GMT
server: nginx
etag: "d4c069eb950f819e"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.onmsft.com/wp-content/uploads/2019/06/Windows-Terminal-Microsoft-Promo.png>; rel="canonical"
content-length: 1988
expires: Mon, 14 Feb 2022 03:39:55 GMT

GET
H2 200 1578377713-4749-card.jpg
i1.wp.com/www.onmsft.com/wp-content/uploads/2020/02/ 1 KB
1 KB 51ms
15ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/www.onmsft.com/wp-content/uploads/2020/02/1578377713-4749-card.jpg?resize=160%2C120&ssl=1

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

461c7c98bfd60c00a3ff29a5d96e379560fe8fb1cc78ce5f1beefa809cb729fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

x-nc: HIT ams 6
date: Sat, 15 Feb 2020 07:48:45 GMT
x-content-type-options: nosniff
x-bytes-saved: 2051
last-modified: Tue, 04 Feb 2020 15:46:50 GMT
server: nginx
etag: "96747e9c79ee2ec5"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.onmsft.com/wp-content/uploads/2020/02/1578377713-4749-card.jpg>; rel="canonical"
content-length: 1110
expires: Fri, 04 Feb 2022 03:46:50 GMT

GET
H2 200 microsoft-2.jpg
i0.wp.com/www.onmsft.com/wp-content/uploads/2019/01/ 4 KB
4 KB 52ms
16ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/www.onmsft.com/wp-content/uploads/2019/01/microsoft-2.jpg?resize=160%2C120&ssl=1

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

d9dae682cf0c42148ce44bd748f28b2c0e5c4b0d96370f8548149db96c95d6fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

x-nc: HIT ams 2
date: Sat, 15 Feb 2020 07:48:45 GMT
x-content-type-options: nosniff
x-bytes-saved: 2812
last-modified: Mon, 10 Feb 2020 14:55:12 GMT
server: nginx
etag: "c6e2d87954ece4d7"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.onmsft.com/wp-content/uploads/2019/01/microsoft-2.jpg>; rel="canonical"
content-length: 4068
expires: Thu, 10 Feb 2022 02:55:12 GMT

GET
H2 200 bing.jpg
i0.wp.com/www.onmsft.com/wp-content/uploads/2016/01/ 3 KB
3 KB 61ms
24ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/www.onmsft.com/wp-content/uploads/2016/01/bing.jpg?resize=160%2C120&ssl=1

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

2eafa3cd7f8f747c53303bac3611e17c8dd7dd3a797f1761f3c8b294637c3b03

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

x-nc: HIT ams 7
date: Sat, 15 Feb 2020 07:48:45 GMT
x-content-type-options: nosniff
last-modified: Fri, 14 Feb 2020 15:14:00 GMT
server: nginx
etag: "f7a4b4521ea1f822"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.onmsft.com/wp-content/uploads/2016/01/bing.jpg>; rel="canonical"
content-length: 2704
expires: Mon, 14 Feb 2022 03:14:00 GMT

GET
H2 200 apps.6112.68546154403749555.3f166bda-e4c4-4b51-829c-ff4f7d715475.bb86bdc2-7087-47f2-9aa2-53351d175fe0.jpeg
i2.wp.com/www.onmsft.com/wp-content/uploads/2019/11/ 5 KB
6 KB 51ms
15ms Image
image/jpeg 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/www.onmsft.com/wp-content/uploads/2019/11/apps.6112.68546154403749555.3f166bda-e4c4-4b51-829c-ff4f7d715475.bb86bdc2-7087-47f2-9aa2-53351d175fe0.jpeg?resize=160%2C120&ssl=1

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

97563a1fa1542197cd5e5af7baf72085fee1a4d137f2a50208c1d09404d4044d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

x-nc: HIT ams 7
date: Sat, 15 Feb 2020 07:48:45 GMT
x-content-type-options: nosniff
x-bytes-saved: 293
last-modified: Fri, 14 Feb 2020 14:53:25 GMT
server: nginx
etag: "4265156afd3596f2"
vary: Accept
content-type: image/jpeg
status: 200
cache-control: public, max-age=63115200
link: <https://www.onmsft.com/wp-content/uploads/2019/11/apps.6112.68546154403749555.3f166bda-e4c4-4b51-829c-ff4f7d715475.bb86bdc2-7087-47f2-9aa2-53351d175fe0.jpeg>; rel="canonical"
content-length: 5422
expires: Mon, 14 Feb 2022 02:53:25 GMT

GET
H2 200 IMG_2475-e1519668915317.jpg
i1.wp.com/www.onmsft.com/wp-content/uploads/2016/10/ 2 KB
2 KB 16ms
13ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/www.onmsft.com/wp-content/uploads/2016/10/IMG_2475-e1519668915317.jpg?resize=160%2C120&ssl=1

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

1c3fa7cd138ffe3bd63561627dd15a8bf174f7edb5c328a82cb4beb1c4549aa0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

x-nc: HIT ams 1
date: Sat, 15 Feb 2020 07:48:45 GMT
x-content-type-options: nosniff
x-bytes-saved: 543
last-modified: Fri, 14 Feb 2020 13:53:25 GMT
server: nginx
etag: "ce50d5e6f5611f2f"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.onmsft.com/wp-content/uploads/2016/10/IMG_2475-e1519668915317.jpg>; rel="canonical"
content-length: 1860
expires: Mon, 14 Feb 2022 01:53:25 GMT

GET
H2 200 division-newyork.jpg
i2.wp.com/www.onmsft.com/wp-content/uploads/2020/02/ 5 KB
5 KB 16ms
14ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/www.onmsft.com/wp-content/uploads/2020/02/division-newyork.jpg?resize=160%2C120&ssl=1

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

46650bbc5399158ecaa94f56d7a7b8e83f966da2a27a16f748e75057526afe06

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

x-nc: HIT ams 1
date: Sat, 15 Feb 2020 07:48:45 GMT
x-content-type-options: nosniff
x-bytes-saved: 3343
last-modified: Fri, 14 Feb 2020 08:20:34 GMT
server: nginx
etag: "f3bd6a2c82b62461"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.onmsft.com/wp-content/uploads/2020/02/division-newyork.jpg>; rel="canonical"
content-length: 5318
expires: Sun, 13 Feb 2022 20:20:34 GMT

GET
H2 200 newsguard.jpg
i1.wp.com/www.onmsft.com/wp-content/uploads/2020/02/ 4 KB
4 KB 21ms
18ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/www.onmsft.com/wp-content/uploads/2020/02/newsguard.jpg?resize=160%2C120&ssl=1

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

144d459868bbde53c39f0255dd0c3b4556888d0c7b79f0d588d13ebab98e12d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

x-nc: HIT ams 4
date: Sat, 15 Feb 2020 07:48:45 GMT
x-content-type-options: nosniff
x-bytes-saved: 2900
last-modified: Fri, 14 Feb 2020 07:59:46 GMT
server: nginx
etag: "d019ad3a1ac7f203"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.onmsft.com/wp-content/uploads/2020/02/newsguard.jpg>; rel="canonical"
content-length: 3632
expires: Sun, 13 Feb 2022 19:59:46 GMT

GET
H2 200 Screenshot-1931.png
i2.wp.com/www.onmsft.com/wp-content/uploads/2019/11/ 3 KB
3 KB 19ms
17ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/www.onmsft.com/wp-content/uploads/2019/11/Screenshot-1931.png?resize=160%2C120&ssl=1

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

27c28940ec81d18ee66c4e0c0150d8ac4cdda803d14642056b1fd707ca447b59

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

x-nc: HIT ams 5
date: Sat, 15 Feb 2020 07:48:45 GMT
x-content-type-options: nosniff
x-bytes-saved: 29562
last-modified: Thu, 13 Feb 2020 23:16:26 GMT
server: nginx
etag: "333560559588b473"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.onmsft.com/wp-content/uploads/2019/11/Screenshot-1931.png>; rel="canonical"
content-length: 3234
expires: Sun, 13 Feb 2022 11:16:26 GMT

GET
H2 200 amazon.jpg
i1.wp.com/www.onmsft.com/wp-content/uploads/2020/02/ 3 KB
4 KB 20ms
18ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/www.onmsft.com/wp-content/uploads/2020/02/amazon.jpg?resize=160%2C120&ssl=1

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

86100414fd2597011498a2c4b8b09c460518a68af0133b9748573b73d248b899

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

x-nc: HIT ams 3
date: Sat, 15 Feb 2020 07:48:45 GMT
x-content-type-options: nosniff
x-bytes-saved: 616
last-modified: Thu, 13 Feb 2020 21:27:38 GMT
server: nginx
etag: "7aaa1921a785bb48"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.onmsft.com/wp-content/uploads/2020/02/amazon.jpg>; rel="canonical"
content-length: 3412
expires: Sun, 13 Feb 2022 09:27:38 GMT

GET
H2 200 EQjBHpdX0AEm51q.jpeg
i1.wp.com/www.onmsft.com/wp-content/uploads/2020/02/ 4 KB
4 KB 20ms
17ms Image
image/jpeg 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/www.onmsft.com/wp-content/uploads/2020/02/EQjBHpdX0AEm51q.jpeg?resize=160%2C120&ssl=1

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

4527942a78cc3dc79870ac0805c8de8569ccc51ca0f68cc37b0a99309c94b827

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

x-nc: HIT ams 7
date: Sat, 15 Feb 2020 07:48:45 GMT
x-content-type-options: nosniff
x-bytes-saved: 240
last-modified: Thu, 13 Feb 2020 18:36:09 GMT
server: nginx
etag: "9af4dd395164a0aa"
vary: Accept
content-type: image/jpeg
status: 200
cache-control: public, max-age=63115200
link: <https://www.onmsft.com/wp-content/uploads/2020/02/EQjBHpdX0AEm51q.jpeg>; rel="canonical"
content-length: 3756
expires: Sun, 13 Feb 2022 06:36:09 GMT

GET
H2 200 Windows-7-Wallpaper.jpg
i1.wp.com/www.onmsft.com/wp-content/uploads/2020/01/ 11 KB
11 KB 25ms
23ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/www.onmsft.com/wp-content/uploads/2020/01/Windows-7-Wallpaper.jpg?fit=768%2C480&ssl=1

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

cacaacc4debe265d8e9591760e37fd0471ffa4ef057d709ec69117f816960236

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

x-nc: HIT ams 3
date: Sat, 15 Feb 2020 07:48:45 GMT
x-content-type-options: nosniff
x-bytes-saved: 12364
last-modified: Thu, 06 Feb 2020 21:50:39 GMT
server: nginx
etag: "09a272d3c62cec57"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.onmsft.com/wp-content/uploads/2020/01/Windows-7-Wallpaper.jpg>; rel="canonical"
content-length: 10958
expires: Sun, 06 Feb 2022 09:50:39 GMT

GET
H2 200 EQjBHpdX0AEm51q.jpeg
i1.wp.com/www.onmsft.com/wp-content/uploads/2020/02/ 31 KB
31 KB 30ms
27ms Image
image/jpeg 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/www.onmsft.com/wp-content/uploads/2020/02/EQjBHpdX0AEm51q.jpeg?fit=768%2C503&ssl=1

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

0032b2261196d6c16c5819d5e9b06901de3402f4fa728633cf9684000d5d390c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

x-nc: HIT ams 7
date: Sat, 15 Feb 2020 07:48:45 GMT
x-content-type-options: nosniff
x-bytes-saved: 4301
last-modified: Thu, 13 Feb 2020 18:35:42 GMT
server: nginx
etag: "8d050348d66c8ed1"
vary: Accept
content-type: image/jpeg
status: 200
cache-control: public, max-age=63115200
link: <https://www.onmsft.com/wp-content/uploads/2020/02/EQjBHpdX0AEm51q.jpeg>; rel="canonical"
content-length: 31619
expires: Sun, 13 Feb 2022 06:35:42 GMT

GET
H2 200 Screenshot-1931.png
i2.wp.com/www.onmsft.com/wp-content/uploads/2019/11/ 17 KB
17 KB 19ms
17ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/www.onmsft.com/wp-content/uploads/2019/11/Screenshot-1931.png?fit=768%2C432&ssl=1

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

943b73081fc28d6b92df8455af8206befc089a4396f2a80f64819cef85b728f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

x-nc: HIT ams 5
date: Sat, 15 Feb 2020 07:48:45 GMT
x-content-type-options: nosniff
x-bytes-saved: 349817
last-modified: Fri, 14 Feb 2020 04:17:34 GMT
server: nginx
etag: "db88c05038133384"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.onmsft.com/wp-content/uploads/2019/11/Screenshot-1931.png>; rel="canonical"
content-length: 17614
expires: Sun, 13 Feb 2022 16:17:34 GMT

GET
H2 200 newsguard.jpg
i1.wp.com/www.onmsft.com/wp-content/uploads/2020/02/ 30 KB
31 KB 30ms
27ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/www.onmsft.com/wp-content/uploads/2020/02/newsguard.jpg?fit=768%2C576&ssl=1

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

85be41884a1b3e2e5504ccb60f49197cfec2c8e5ac128ead59f9c5a83c6ea029

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

x-nc: HIT ams 4
date: Sat, 15 Feb 2020 07:48:45 GMT
x-content-type-options: nosniff
x-bytes-saved: 37147
last-modified: Fri, 14 Feb 2020 22:23:13 GMT
server: nginx
etag: "d5ce7a4bc8176513"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.onmsft.com/wp-content/uploads/2020/02/newsguard.jpg>; rel="canonical"
content-length: 31120
expires: Mon, 14 Feb 2022 10:23:13 GMT

GET
H2 200 All-Teams-welcome.jpg
i0.wp.com/www.onmsft.com/wp-content/uploads/2017/07/ 12 KB
12 KB 23ms
21ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/www.onmsft.com/wp-content/uploads/2017/07/All-Teams-welcome.jpg?fit=640%2C360&ssl=1

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

f14447f13ddd62a39446f363f0ccec5f708fab6235eb179391550942bc201a8c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

x-nc: HIT ams 5
date: Sat, 15 Feb 2020 07:48:45 GMT
x-content-type-options: nosniff
x-bytes-saved: 3437
last-modified: Wed, 12 Feb 2020 15:30:48 GMT
server: nginx
etag: "07aa7b800f541287"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.onmsft.com/wp-content/uploads/2017/07/All-Teams-welcome.jpg>; rel="canonical"
content-length: 12242
expires: Sat, 12 Feb 2022 03:30:48 GMT

GET
H2 200 20200205_145718000_iOS.png
i0.wp.com/www.onmsft.com/wp-content/uploads/2020/02/ 14 KB
14 KB 27ms
25ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/www.onmsft.com/wp-content/uploads/2020/02/20200205_145718000_iOS.png?fit=768%2C576&ssl=1

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

1a79eab12465f1816363b5750fedadf5b9f73a82efe9c1b8453949ccf9bad14b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

x-nc: HIT ams 8
date: Sat, 15 Feb 2020 07:48:45 GMT
x-content-type-options: nosniff
x-bytes-saved: 82741
last-modified: Wed, 05 Feb 2020 15:51:14 GMT
server: nginx
etag: "afe4e14733312ee9"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.onmsft.com/wp-content/uploads/2020/02/20200205_145718000_iOS.png>; rel="canonical"
content-length: 13986
expires: Sat, 05 Feb 2022 03:51:14 GMT

GET
H2 200 ms-search.jpg
i0.wp.com/www.onmsft.com/wp-content/uploads/2020/02/ 32 KB
32 KB 27ms
25ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/www.onmsft.com/wp-content/uploads/2020/02/ms-search.jpg?fit=768%2C432&ssl=1

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

76d32d2ba26da3253479ee4edc243bcf0c1bf2146bb2285a0364fc0db688196c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

x-nc: HIT ams 6
date: Sat, 15 Feb 2020 07:48:45 GMT
x-content-type-options: nosniff
x-bytes-saved: 25233
last-modified: Tue, 04 Feb 2020 15:26:15 GMT
server: nginx
etag: "c7d55b49b30be1f2"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.onmsft.com/wp-content/uploads/2020/02/ms-search.jpg>; rel="canonical"
content-length: 32956
expires: Fri, 04 Feb 2022 03:26:15 GMT

GET
H2 200 Surface-Laptop-lineup.jpg
i1.wp.com/www.onmsft.com/wp-content/uploads/2017/05/ 23 KB
24 KB 30ms
27ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/www.onmsft.com/wp-content/uploads/2017/05/Surface-Laptop-lineup.jpg?fit=640%2C360&ssl=1

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

b61bfab96c6e9c63f93559ec35dbb52b4ad4bd6f707120cca2300151dec6fc78

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

x-nc: HIT ams 5
date: Sat, 15 Feb 2020 07:48:45 GMT
x-content-type-options: nosniff
x-bytes-saved: 4791
last-modified: Thu, 13 Feb 2020 14:52:33 GMT
server: nginx
etag: "c8787634dd66b7e3"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.onmsft.com/wp-content/uploads/2017/05/Surface-Laptop-lineup.jpg>; rel="canonical"
content-length: 24012
expires: Sun, 13 Feb 2022 02:52:33 GMT

GET
H2 200 IMG_2772-e1520530007976.jpg
i1.wp.com/www.onmsft.com/wp-content/uploads/2017/02/ 9 KB
9 KB 30ms
27ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/www.onmsft.com/wp-content/uploads/2017/02/IMG_2772-e1520530007976.jpg?fit=768%2C512&ssl=1

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

9f1c4f7db1787b6370e793e81cac9a54a7347e731aed4cbe6234bdd1884c5f45

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

x-nc: HIT ams 8
date: Sat, 15 Feb 2020 07:48:45 GMT
x-content-type-options: nosniff
x-bytes-saved: 5877
last-modified: Tue, 11 Feb 2020 19:38:02 GMT
server: nginx
etag: "778c128408b7787d"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.onmsft.com/wp-content/uploads/2017/02/IMG_2772-e1520530007976.jpg>; rel="canonical"
content-length: 9408
expires: Fri, 11 Feb 2022 07:38:02 GMT

GET
H2 200 windowssearch.jpg
i1.wp.com/www.onmsft.com/wp-content/uploads/2020/02/ 65 KB
65 KB 44ms
42ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/www.onmsft.com/wp-content/uploads/2020/02/windowssearch.jpg?fit=768%2C512&ssl=1

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

b8ea1692753e57de38c06c36f7691dd419885ab558f5e695c3f9c6b1fa25b4a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

x-nc: HIT ams 5
date: Sat, 15 Feb 2020 07:48:45 GMT
x-content-type-options: nosniff
x-bytes-saved: 23874
last-modified: Mon, 10 Feb 2020 16:41:10 GMT
server: nginx
etag: "5b26ce3e2fa889f5"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.onmsft.com/wp-content/uploads/2020/02/windowssearch.jpg>; rel="canonical"
content-length: 66808
expires: Thu, 10 Feb 2022 04:41:10 GMT

GET
H2 200 officeicondesign.jpg
i1.wp.com/www.onmsft.com/wp-content/uploads/2018/12/ 21 KB
21 KB 44ms
42ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/www.onmsft.com/wp-content/uploads/2018/12/officeicondesign.jpg?fit=768%2C432&ssl=1

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

8695a50079c03e50a952d42cd2c716d60e9a556649fd70bc0e80255515168f6c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

x-nc: HIT ams 5
date: Sat, 15 Feb 2020 07:48:45 GMT
x-content-type-options: nosniff
x-bytes-saved: 30452
last-modified: Mon, 10 Feb 2020 15:05:33 GMT
server: nginx
etag: "7c5adf7387b06bfc"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <https://www.onmsft.com/wp-content/uploads/2018/12/officeicondesign.jpg>; rel="canonical"
content-length: 21526
expires: Thu, 10 Feb 2022 03:05:33 GMT

GET
H2 200 logo_transparent.png
www.onmsft.com/wp-content/themes/darkness-nov-2019/img/ 18 KB
18 KB 48ms
43ms Image
image/png 104.24.121.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.onmsft.com/wp-content/themes/darkness-nov-2019/img/logo_transparent.png

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.24.121.101 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

28ae559502a1a0ec542557b315daf48cee77071f5cba0975c7336d42cb97fd54

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Sat, 15 Feb 2020 07:48:45 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 3278260
status: 200
content-length: 18362
x-xss-protection: 1; mode=block
last-modified: Mon, 12 Aug 2019 01:47:49 GMT
server: cloudflare
etag: "5d50c545-47ba"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 5655ae658f8b9c5d-AMS
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 rocket-loader.min.js Show response
ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/ 12 KB
4 KB 7ms
7ms Script
application/javascript 2606:4700::6811:4004
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:4004 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b08cdbc2d30e656a86b20f8342428d5863f70f4b30135b4f4061f754ce932f5e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 15 Feb 2020 07:48:45 GMT
content-encoding: gzip
last-modified: Mon, 10 Feb 2020 15:56:43 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"5e417d3b-3016"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=172800, public
strict-transport-security: max-age=15780000; includeSubDomains
cf-ray: 5655ae65c87cc2ae-FRA
alt-svc: h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
expires: Mon, 17 Feb 2020 07:48:45 GMT

GET
H2 200 e-202007.js Show response
stats.wp.com/ 9 KB
3 KB 42ms
13ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202007.js
Requested by: Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 15 Feb 2020 07:48:45 GMT
content-encoding: gzip
server: nginx
etag: W/"5c6340e3-350a"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=31536000
expires: Thu, 04 Feb 2021 06:02:21 GMT

GET
H2 200 wp-embed.min.js Show response
www.onmsft.com/wp-includes/js/ 1 KB
780 B 654ms
652ms Script
application/javascript 104.24.121.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.onmsft.com/wp-includes/js/wp-embed.min.js?ver=5.3.2

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.24.121.101 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0284cbccebf1682452d62d06efa3665c874d642d4e03f5f5f9bb0f555da9251b

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 15 Feb 2020 07:48:45 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Fri, 15 Nov 2019 20:40:10 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"5dcf0d2a-577"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=315360000
cf-ray: 5655ae65efe89c5d-AMS
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.fitvids.js Show response
www.onmsft.com/wp-content/plugins/fitvids-for-wordpress/ 4 KB
1 KB 609ms
607ms Script
application/javascript 104.24.121.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.onmsft.com/wp-content/plugins/fitvids-for-wordpress/jquery.fitvids.js?ver=1.1

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.24.121.101 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4eeeaa4e345fef8be54d0a26426b4fb41a4fa9110bf30cba2254472189aca82c

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 15 Feb 2020 07:48:45 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Tue, 21 May 2019 15:16:46 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"5ce4165e-edb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=315360000
cf-ray: 5655ae65efea9c5d-AMS
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 comment_count.js Show response
www.onmsft.com/wp-content/plugins/disqus-comment-system/public/js/ 889 B
472 B 658ms
657ms Script
application/javascript 104.24.121.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.onmsft.com/wp-content/plugins/disqus-comment-system/public/js/comment_count.js?ver=3.0.17

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.24.121.101 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cea0a05c5af6e21a409875328ed2e3dba79131b7c41f8ea07d0e0e02c7b7b59e

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 15 Feb 2020 07:48:45 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Fri, 08 Mar 2019 14:07:09 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"5c82770d-379"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=315360000
cf-ray: 5655ae65efed9c5d-AMS
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 photon.min.js Show response
www.onmsft.com/wp-content/plugins/jetpack/_inc/build/photon/ 755 B
610 B 611ms
610ms Script
application/javascript 104.24.121.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.onmsft.com/wp-content/plugins/jetpack/_inc/build/photon/photon.min.js?ver=20191001

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.24.121.101 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc844732bd61279e509bda7247ed7fca55e5fced96db9c79eed48ca084e5ce0a

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 15 Feb 2020 07:48:45 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Fri, 14 Feb 2020 15:31:39 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"5e46bd5b-2f3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=315360000
cf-ray: 5655ae65efee9c5d-AMS
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 88572X1541654.skimlinks.js Show response
s.skimresources.com/js/ 55 KB
21 KB 51ms
16ms Script
application/octet-stream 151.139.128.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://s.skimresources.com/js/88572X1541654.skimlinks.js
Requested by: Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d71092f950cf8f993bb315703d13dceb9aaa9ca823b91c33a8822da2131d9b4c

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 15 Feb 2020 07:48:45 GMT
content-encoding: gzip
last-modified: Thu, 06 Feb 2020 12:05:02 GMT
server: AmazonS3
x-amz-request-id: 611D70678A6A210B
etag: "0a55f71df62dbcf81d0ffdfad41fe445"
x-hw: 1581752925.cds082.am5.hn,1581752925.cds002.am5.c
content-type: application/octet-stream
status: 200
cache-control: max-age=3600
accept-ranges: bytes
content-length: 21132
x-amz-id-2: OBUeqrBBPW/iYJgCJhaNLmT1hZ8ZIrtSwmLDt98GTSUdzGHOBARZVrNOzs4UvRs1fTXxhkY6UkU=

GET
H2 200 onmsft.com.js Show response
cdn.nsstatic.com/ns/ 406 KB
124 KB 148ms
46ms Script
application/javascript 23.38.55.104
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.nsstatic.com/ns/onmsft.com.js
Requested by: Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.38.55.104 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-38-55-104.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 92dc51942aef996c9bacd4222704c31b79fa19844c11c63edc8c9308d6fdd1a0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

x-amz-version-id: KAfdDS22j9AOFSl7vYwJB.Af63RhxJYj
content-encoding: gzip
last-modified: Mon, 10 Feb 2020 10:55:44 GMT
x-amz-request-id: B930DB0F8F6543F4
date: Sat, 15 Feb 2020 07:48:45 GMT
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=425
x-amz-replication-status: COMPLETED
accept-ranges: bytes
x-amz-id-2: 90LjvHpJCULQmSlHfVoauKDRamKTEp4mx3h06NOJ2Bo+lSpUJbnbN8+soIRORxxy3SdYmrjQsMQ=
expires: Sat, 15 Feb 2020 07:55:50 GMT

GET
H2 200 tyche.js Show response
cdn.intergi.com/hera/ 63 KB
24 KB 185ms
142ms Script
application/json 151.139.128.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.intergi.com/hera/tyche.js
Requested by: Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: /
Resource Hash: 312fc84744851dec2d470d1c64db3080640764b4f02305791d7d63daf361da7b

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

status: 200
date: Sat, 15 Feb 2020 07:48:45 GMT
content-encoding: gzip
cache-control: max-age=2889.725, public, must-revalidate
x-hw: 1581752925.cds109.am5.hn,1581752925.cds109.am5.sl
content-type: text/, application/javascript, application/x-javascript, application/json

GET
H2 200 dmedianet.js Show response
contextual.media.net/ 364 KB
118 KB 71ms
41ms Script
text/javascript 92.122.253.103
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/dmedianet.js?cid=8CUL4U2I5

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.122.253.103 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-122-253-103.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

1b404deff9d7a05dfafbf65adfce1f6f268d6058264b3816bbc3fb8d26929a65

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

x-mnt-h: 8-18
content-encoding: gzip
server: Apache
date: Sat, 15 Feb 2020 07:48:45 GMT
x-mnt-w: 8-9
vary: Accept-Encoding
p3p: CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
status: 200
cache-control: max-age=2400
strict-transport-security: max-age=604800
content-type: text/javascript; charset=utf-8
expires: Sat, 15 Feb 2020 08:28:45 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 74 KB
28 KB 17ms
15ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-71939551-1

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9d7dfe0ced0a874aa3a7f3565829abcaabd610a557960469866f0691b57113fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 15 Feb 2020 07:48:45 GMT
content-encoding: br
status: 200
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 28496
x-xss-protection: 0
last-modified: Sat, 15 Feb 2020 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: http://www.googletagmanager.com
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 15 Feb 2020 07:48:45 GMT

GET
H2 200 lazysizes.min.js Show response
www.onmsft.com/wp-content/themes/darkness-nov-2019/js/ 6 KB
3 KB 21ms
20ms Script
application/javascript 104.24.121.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.onmsft.com/wp-content/themes/darkness-nov-2019/js/lazysizes.min.js

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.24.121.101 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

14815d3ad86f0839b16208a0d832d3695822c6d9bb9fc242b946cecad46799a6

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 15 Feb 2020 07:48:45 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 687575
status: 200
x-xss-protection: 1; mode=block
last-modified: Mon, 12 Aug 2019 01:47:57 GMT
server: cloudflare
etag: W/"5d50c54d-1934"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 5655ae65efef9c5d-AMS
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 bootstrap.min.js Show response
www.onmsft.com/wp-content/themes/darkness-nov-2019/js/ 36 KB
9 KB 24ms
22ms Script
application/javascript 104.24.121.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.onmsft.com/wp-content/themes/darkness-nov-2019/js/bootstrap.min.js

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.24.121.101 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ed60479e079b9e6d5280c6fdd11636fd55a11ebf935bd8dc09c6c66eb77bb3da

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 15 Feb 2020 07:48:45 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 872039
status: 200
x-xss-protection: 1; mode=block
last-modified: Mon, 12 Aug 2019 01:47:56 GMT
server: cloudflare
etag: W/"5d50c54c-91d2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 5655ae65eff09c5d-AMS
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 wpp-5.0.0.min.js Show response
www.onmsft.com/wp-content/plugins/wordpress-popular-posts/assets/js/ 1 KB
730 B 611ms
610ms Script
application/javascript 104.24.121.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.onmsft.com/wp-content/plugins/wordpress-popular-posts/assets/js/wpp-5.0.0.min.js?ver=5.0.2

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.24.121.101 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

191e2a2deb0b16b4e6c833685b15ab930c8eaeec228391f6b26bc1fcda208c7b

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 15 Feb 2020 07:48:45 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Wed, 22 Jan 2020 16:22:44 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"5e2876d4-5bf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=315360000
cf-ray: 5655ae65eff19c5d-AMS
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.4.1/ 86 KB
30 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:81d::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js?ver=3.4.1

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 04 Feb 2020 05:35:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 958411
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 30774
x-xss-protection: 0
last-modified: Mon, 13 May 2019 14:37:17 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 03 Feb 2021 05:35:14 GMT

GET
H2 200 glyphicons-halflings-regular.woff2
www.onmsft.com/wp-content/themes/darkness-nov-2019/fonts/ 18 KB
18 KB 20ms
20ms Font
application/octet-stream 104.24.121.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.onmsft.com/wp-content/themes/darkness-nov-2019/fonts/glyphicons-halflings-regular.woff2

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.24.121.101 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.onmsft.com/wp-content/themes/darkness-nov-2019/css/bootstrap.min.css
Origin: https://www.onmsft.com
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36

Response headers

date: Sat, 15 Feb 2020 07:48:45 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 3246
status: 200
content-length: 18028
x-xss-protection: 1; mode=block
last-modified: Mon, 12 Aug 2019 01:47:46 GMT
server: cloudflare
etag: "5d50c542-466c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
content-type: application/octet-stream
cache-control: max-age=10800
accept-ranges: bytes
cf-ray: 5655ae65fff39c5d-AMS

GET
H2 200 JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v14/ 19 KB
19 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:815::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v14/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8767f01caa430c5bd4e3b008a8e9dfe022156a4e91a23c394fdcb05c267f1b94

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/css?family=Montserrat%7COswald%3A400%2C700&ver=5.3.2
Origin: https://www.onmsft.com
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36

Response headers

date: Tue, 04 Feb 2020 08:47:06 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2019 03:46:19 GMT
server: sffe
age: 946900
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 19172
x-xss-protection: 0
expires: Wed, 03 Feb 2021 08:47:06 GMT

GET
H2 200 fontawesome-webfont.woff2
www.onmsft.com/wp-content/plugins/accesspress-social-counter/fonts/ 75 KB
76 KB 813ms
813ms Font
application/octet-stream 104.24.121.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.onmsft.com/wp-content/plugins/accesspress-social-counter/fonts/fontawesome-webfont.woff2?v=4.7.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.24.121.101 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.onmsft.com/wp-content/plugins/accesspress-social-counter/css/font-awesome.min.css?ver=1.8.7
Origin: https://www.onmsft.com
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36

Response headers

date: Sat, 15 Feb 2020 07:48:46 GMT
cf-cache-status: DYNAMIC
last-modified: Tue, 31 Dec 2019 14:24:17 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "5e0b5a11-12d68"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/octet-stream
status: 200
accept-ranges: bytes
cf-ray: 5655ae6b9d659c5d-AMS
content-length: 77160
x-xss-protection: 1; mode=block

GET
H2 200 MyriadPro-Regular.otf
www.onmsft.com/wp-content/plugins/accesspress-social-counter/fonts/ 99 KB
100 KB 45ms
44ms Font
application/octet-stream 104.24.121.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.onmsft.com/wp-content/plugins/accesspress-social-counter/fonts/MyriadPro-Regular.otf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.24.121.101 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

96e377e6f4211849a7b2f37bec9522580aeac53b64175db2c3dfa50553ac5218

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.onmsft.com/wp-content/plugins/accesspress-social-counter/css/frontend.css?ver=1.8.7
Origin: https://www.onmsft.com
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36

Response headers

date: Sat, 15 Feb 2020 07:48:46 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 6916
status: 200
content-length: 101732
x-xss-protection: 1; mode=block
last-modified: Tue, 31 Dec 2019 14:24:17 GMT
server: cloudflare
etag: "5e0b5a11-18d64"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
content-type: application/octet-stream
cache-control: max-age=10800
accept-ranges: bytes
cf-ray: 5655ae6b9d669c5d-AMS

GET
H2 200 icomoon.ttf
www.onmsft.com/wp-content/themes/darkness-nov-2019/fonts/ 3 KB
3 KB 655ms
655ms Font
application/octet-stream 104.24.121.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.onmsft.com/wp-content/themes/darkness-nov-2019/fonts/icomoon.ttf?7r6yez

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.24.121.101 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a1033dc43930887f32e9dccec31d834c60c6ffb9ff15e30a829931148328e8d0

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.onmsft.com/wp-content/themes/darkness-nov-2019/style.css?ver=2019D.02
Origin: https://www.onmsft.com
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36

Response headers

date: Sat, 15 Feb 2020 07:48:46 GMT
cf-cache-status: DYNAMIC
last-modified: Mon, 12 Aug 2019 01:47:46 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "5d50c542-a64"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/octet-stream
status: 200
accept-ranges: bytes
cf-ray: 5655ae6b9d679c5d-AMS
content-length: 2660
x-xss-protection: 1; mode=block

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 59 KB
22 KB 15ms
14ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WKG65QB

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7776e84194e5149d180cbd67aa4ac94711a2e0864eded9194fd797913c9a3d6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 15 Feb 2020 07:48:46 GMT
content-encoding: br
status: 200
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 22195
x-xss-protection: 0
last-modified: Sat, 15 Feb 2020 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: http://www.googletagmanager.com
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 15 Feb 2020 07:48:46 GMT

GET
H2 200 jux-E_ybSvS8hdhfETraPx7wTBGt-IxGIeCM0XCD7HAEEzip7tj3WtAoLl4mMCIRPZ4 Show response
chickensstation.com/v2/0/ 151 KB
49 KB 125ms
47ms Script
text/javascript 35.186.219.42
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://chickensstation.com/v2/0/jux-E_ybSvS8hdhfETraPx7wTBGt-IxGIeCM0XCD7HAEEzip7tj3WtAoLl4mMCIRPZ4

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.186.219.42 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

42.219.186.35.bc.googleusercontent.com

Software

Resource Hash

4d1616e73263449af104757523feebb1c37fa16dd53ddeb048c0bd4c361d8bf4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

strict-transport-security: max-age=15724800; preload
content-encoding: gzip
x-datacenter: gce-europe-west1
etag: 31523dc8cda4a8eaf27afc409650ce807cc2d98f57d5ff1190c57dd4c06aa9ee
vary: Accept-Encoding
x-hostname: paris
content-type: text/javascript; charset=utf-8
status: 200
cache-control: private, must-revalidate, max-age=21600
date: Sat, 15 Feb 2020 07:48:46 GMT
timing-allow-origin: *

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 44 KB
18 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-71939551-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 06 Feb 2020 00:21:02 GMT
server: Golfe2
age: 4514
date: Sat, 15 Feb 2020 06:33:32 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 18174
expires: Sat, 15 Feb 2020 08:33:32 GMT

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 82ms
28ms XHR
application/javascript 13.225.86.250
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: cdn.nsstatic.com
URL: https://cdn.nsstatic.com/ns/onmsft.com.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.225.86.250 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-86-250.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Referer: https://www.onmsft.com/
Origin: https://www.onmsft.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36

Response headers

date: Fri, 14 Feb 2020 09:05:50 GMT
content-encoding: gzip
vary: Origin
age: 81777
x-cache: Hit from cloudfront
status: 200
access-control-allow-origin: *
last-modified: Wed, 08 Jan 2020 04:09:03 GMT
server: AmazonS3
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 a10d58b5ce965502cc34c5b27682fe23.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: uUkki6SYcudLXxHWhstKm-c-qlOqVfqoxtnpr3dJvLlquf2__qFe-A==

GET
H2 200 geocc.js Show response
g.pcmag.com/ 184 B
265 B 38ms
25ms Script
application/javascript 23.38.55.104
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://g.pcmag.com/geocc.js
Requested by: Host: cdn.nsstatic.com
URL: https://cdn.nsstatic.com/ns/onmsft.com.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.38.55.104 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-38-55-104.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 13e524226cb57622366c08ba4ba0e590e012c76f994cd1167cb2d646cfb537a8

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

status: 200
date: Sat, 15 Feb 2020 07:48:46 GMT
content-length: 184
content-type: application/javascript

GET
H/1.1 200
OK beacon.js Show response
sb.scorecardresearch.com/ 1 KB
1 KB 78ms
34ms Script
application/x-javascript 23.43.115.95
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/beacon.js
Requested by: Host: cdn.nsstatic.com
URL: https://cdn.nsstatic.com/ns/onmsft.com.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.43.115.95 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-43-115-95.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Sat, 15 Feb 2020 07:48:46 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: private, no-transform, max-age=86400
Connection: keep-alive
Content-Length: 884
Expires: Sun, 16 Feb 2020 07:48:46 GMT

GET
H2

200

z0WVjCBSEeGLoxIxOQVEwQ.min.js Show response
cdn.static.zdbb.net/eu/js/
Redirect Chain

https://cdn.static.zdbb.net/js/z0WVjCBSEeGLoxIxOQVEwQ.min.js
https://cdn.static.zdbb.net/eu/js/z0WVjCBSEeGLoxIxOQVEwQ.min.js

74 KB
22 KB

29ms
29ms

Script
application/javascript

2.19.45.224
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.static.zdbb.net/eu/js/z0WVjCBSEeGLoxIxOQVEwQ.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.19.45.224 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-19-45-224.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: ae2969d7b4aaf4c61aa5b436454f9b011c9061468666d8a4b6cf19bbdba04c4a

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36

Response headers

x-amz-version-id: gFsBufcmUZ6C_BwbUqC33W.rw.meNQdE
content-encoding: gzip
last-modified: Thu, 13 Feb 2020 19:44:48 GMT
x-amz-request-id: E1EC1D4BBA2AC3BD
date: Sat, 15 Feb 2020 07:48:46 GMT
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
content-length: 21880
x-amz-id-2: 50Y88iJ4JQOTPt3k/LHPghNe+1LM3I0a/9dlsuf5Ws051i6WHTP4DLoaBUA6zJTOrgvQTgoQ6tc=
expires: Sat, 15 Feb 2020 08:48:46 GMT

Redirect headers

status: 303
date: Sat, 15 Feb 2020 07:48:46 GMT
cache-control: max-age=3600
core-eu: Yes
content-length: 0
location: https://cdn.static.zdbb.net/eu/js/z0WVjCBSEeGLoxIxOQVEwQ.min.js
expires: Sat, 15 Feb 2020 08:48:46 GMT

GET
H2

200

v60.js Show response
cdn-gl.imrworldwide.com/
Redirect Chain

https://secure-us.imrworldwide.com/v60.js
https://cdn-gl.imrworldwide.com/v60.js

21 KB
7 KB

22ms
6ms

Script
text/javascript

2600:9000:20eb:d800:2:42d9:3100:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-gl.imrworldwide.com/v60.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:20eb:d800:2:42d9:3100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8b9ff14a2ba603e1a32fddd3da2ffd8b50e201a9874ea3fafb50d537117153eb

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36

Response headers

x-amz-version-id: V6f0f8aPs4uc7kiNd9V1rxWOPadm6KHc
content-encoding: gzip
last-modified: Wed, 27 Mar 2019 02:17:52 GMT
server: AmazonS3
age: 21459
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
status: 200
cache-control: max-age=86400
date: Sat, 15 Feb 2020 02:02:35 GMT
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: TMy1GzgHgjgDdb-Hz51CimgqPASxgx4P4kbDLeQae8KoFUEwhWprpw==
via: 1.1 34f50889bc574f1edeb41dd758962a5b.cloudfront.net (CloudFront)

Redirect headers

status: 301
date: Sat, 15 Feb 2020 07:48:46 GMT
server: awselb/2.0
content-length: 150
location: https://cdn-gl.imrworldwide.com:443/v60.js
content-type: text/html

GET
H2 200 nsgpt.jsonp Show response
ns.zdbb.net/ 262 B
477 B 161ms
128ms Script
application/javascript 23.38.55.104
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ns.zdbb.net/nsgpt.jsonp?u=https%3A%2F%2Fwww.onmsft.com%2F
Requested by: Host: cdn.nsstatic.com
URL: https://cdn.nsstatic.com/ns/onmsft.com.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.38.55.104 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-38-55-104.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: eb2a4ec5c75f67f75f585bf56bc36bce465bae7a90295e2293236df58ae14314

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 15 Feb 2020 07:48:46 GMT
content-encoding: gzip
access-control-allow-origin: https://www.onmsft.com
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/javascript
status: 200
cache-control: max-age=60
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Cache-Control
content-length: 217
expires: Sat, 15 Feb 2020 07:49:46 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 43 KB
15 KB 98ms
58ms Script
text/javascript 172.217.18.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cdn.nsstatic.com
URL: https://cdn.nsstatic.com/ns/onmsft.com.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s29-in-f2.1e100.net

Software

sffe /

Resource Hash

bf53173446c9fa273d54ecd91eaf5c1878f17ecfc12ad7aae793e90d9a2478b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 15 Feb 2020 07:48:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "428 / 292 of 1000 / last-modified: 1581701670"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 14536
x-xss-protection: 0
expires: Sat, 15 Feb 2020 07:48:46 GMT

GET
H2 200 /
gurgle.zdbb.net/ 43 B
238 B 199ms
117ms Image
image/gif 2.19.45.224
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gurgle.zdbb.net/?domain=netshelter.net
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.19.45.224 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-19-45-224.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Sat, 15 Feb 2020 07:48:46 GMT
access-control-allow-origin: https://www.onmsft.com
access-control-allow-methods: GET, OPTIONS
content-type: image/gif
status: 200
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Cache-Control
content-length: 43

POST
H2

307

/ Show response
r.skimresources.com/api/
Redirect Chain

https://r.skimresources.com/api/
https://r.skimresources.com/api/?xguid=01E13X4G14XX85JQYRA1CBMKAR&persistence=1&checksum=27515e946f0c6965c1c285c83138ffbe1d0f0f656d98dafe89128971fdf3657e

0
-1 B

70ms
28ms

XHR
text/html

35.190.59.101
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r.skimresources.com/api/?xguid=01E13X4G14XX85JQYRA1CBMKAR&persistence=1&checksum=27515e946f0c6965c1c285c83138ffbe1d0f0f656d98dafe89128971fdf3657e

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.190.59.101 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

101.59.190.35.bc.googleusercontent.com

Software

openresty/1.11.2.5 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36

Response headers

date: Sat, 15 Feb 2020 07:48:46 GMT
via: 1.1 google
server: openresty/1.11.2.5
access-control-allow-origin: https://www.onmsft.com
location: https://r.skimresources.com/api/?xguid=01E13X4G14XX85JQYRA1CBMKAR&persistence=1&checksum=27515e946f0c6965c1c285c83138ffbe1d0f0f656d98dafe89128971fdf3657e
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
status: 307
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
content-type: text/html
alt-svc: clear
content-length: 193

Redirect headers

date: Sat, 15 Feb 2020 07:48:46 GMT
via: 1.1 google
server: openresty/1.11.2.5
status: 307
location: https://r.skimresources.com/api/?xguid=01E13X4G14XX85JQYRA1CBMKAR&persistence=1&checksum=27515e946f0c6965c1c285c83138ffbe1d0f0f656d98dafe89128971fdf3657e
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: https://www.onmsft.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
content-type: text/html
alt-svc: clear
content-length: 193

GET
H2 206 robots.txt
t.skimresources.com/api/v2/ Frame 20E8 0
105 B 75ms
33ms Image
text/plain 35.201.67.47
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.skimresources.com/api/v2/robots.txt?__skimjs_preflight__please_ignore__=true&rnd=0.7286556660893344
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.201.67.47 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 47.67.201.35.bc.googleusercontent.com
Software: Python/3.7 aiohttp/3.5.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

status: 206
date: Sat, 15 Feb 2020 07:48:46 GMT
via: 1.1 google
server: Python/3.7 aiohttp/3.5.4
alt-svc: clear
content-length: 0
content-type: text/plain charset=UTF-8

GET
H2 200 px.gif
p.skimresources.com/ 43 B
512 B 18ms
16ms Image
image/gif 151.139.128.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.skimresources.com/px.gif?ch=1&rn=5.884329815971866
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: UploadServer /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Sat, 15 Feb 2020 07:48:46 GMT
status: 200
x-guploader-uploadid: AEnB2UqrK3Y8qvrKlIPMDVjg2No6aY7KOXVbJodwg6xszkHI3zRk5uGJWRu18zB6ACUUYb4RiX4izOYXOT9za22Pxg7ClvIKoKg97bOZUSG6k7p78JD-iGk
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 4
x-goog-stored-content-encoding: identity
content-length: 43
x-hw: 1581752926.cds082.am5.hn,1581752926.cds132.am5.c
last-modified: Tue, 23 Oct 2018 13:19:28 GMT
server: UploadServer
etag: "f837aa60b6fe83458f790db60d529fc9"
x-goog-hash: crc32c=xra6Ow==, md5=+DeqYLb+g0WPeQ22DVKfyQ==
x-goog-generation: 1540300768038458
cache-control: public, max-age=7200
x-goog-stored-content-length: 43
accept-ranges: bytes
content-type: image/gif

GET
H2 200 px.gif
p.skimresources.com/ 43 B
107 B 17ms
16ms Image
image/gif 151.139.128.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.skimresources.com/px.gif?ch=2&rn=5.884329815971866
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: UploadServer /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Sat, 15 Feb 2020 07:48:46 GMT
status: 200
x-guploader-uploadid: AEnB2UqrK3Y8qvrKlIPMDVjg2No6aY7KOXVbJodwg6xszkHI3zRk5uGJWRu18zB6ACUUYb4RiX4izOYXOT9za22Pxg7ClvIKoKg97bOZUSG6k7p78JD-iGk
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 4
x-goog-stored-content-encoding: identity
content-length: 43
x-hw: 1581752926.cds082.am5.hn,1581752926.cds132.am5.c
last-modified: Tue, 23 Oct 2018 13:19:28 GMT
server: UploadServer
etag: "f837aa60b6fe83458f790db60d529fc9"
x-goog-hash: crc32c=xra6Ow==, md5=+DeqYLb+g0WPeQ22DVKfyQ==
x-goog-generation: 1540300768038458
cache-control: public, max-age=7200
x-goog-stored-content-length: 43
accept-ranges: bytes
content-type: image/gif

GET
H2

200

collect
stats.g.doubleclick.net/r/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j81&a=282085691&t=pageview&_s=1&dl=https%3A%2F%2Fwww.onmsft.com%2F&ul=en-us&de=UTF-8&dt=OnMSFT.com&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBA...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-71939551-1&cid=334363451.1581752926&jid=941064825&_gid=519279139.1581752926&gjid=953944096&_v=j81&z=409848354

35 B
102 B

15ms
14ms

Image
image/gif

2a00:1450:400c:c00::9b
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-71939551-1&cid=334363451.1581752926&jid=941064825&_gid=519279139.1581752926&gjid=953944096&_v=j81&z=409848354

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
access-control-allow-origin: *
date: Sat, 15 Feb 2020 07:48:46 GMT
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 15 Feb 2020 07:48:46 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
access-control-allow-origin: *
location: https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-71939551-1&cid=334363451.1581752926&jid=941064825&_gid=519279139.1581752926&gjid=953944096&_v=j81&z=409848354
content-type: text/html; charset=UTF-8
status: 302
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 415
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/r/ 35 B
111 B 14ms
14ms Image
image/gif 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/r/collect?v=1&_v=j81&a=282085691&t=pageview&_s=1&dl=https%3A%2F%2Fwww.onmsft.com%2F&ul=en-us&de=UTF-8&dt=OnMSFT.com&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEDAAUAB~&jid=1593391804&gjid=1814849299&cid=334363451.1581752926&tid=UA-46557023-13&_gid=519279139.1581752926&_r=1&z=599200995

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Sat, 15 Feb 2020 07:48:46 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
access-control-allow-origin: *
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK count.js Show response
winbeta.disqus.com/ 1 KB
1 KB 63ms
20ms Script
application/javascript 151.101.12.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://winbeta.disqus.com/count.js

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/wp-content/plugins/disqus-comment-system/public/js/comment_count.js?ver=3.0.17

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.12.134 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Sat, 15 Feb 2020 07:48:46 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 2456160
Connection: keep-alive
Content-Length: 871
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 15 Jan 2020 23:52:27 GMT
Server: nginx
ETag: "5e1fa5bb-367"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=300; includeSubdomains
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=300
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect

GET
H2 200 g.gif
pixel.wp.com/ 50 B
115 B 15ms
13ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&j=1%3A8.2&blog=144796107&post=0&tz=-8&srv=www.onmsft.com&host=www.onmsft.com&ref=&fcp=2024&rand=0.1640863789563778
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

status: 200
date: Sat, 15 Feb 2020 07:48:46 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 715 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36

Response headers

Content-Type: image/png

POST
H2 200 / Show response
r.skimresources.com/api/ 195 B
525 B 30ms
29ms XHR
application/json 35.190.59.101
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r.skimresources.com/api/?xguid=01E13X4G14XX85JQYRA1CBMKAR&persistence=1&checksum=27515e946f0c6965c1c285c83138ffbe1d0f0f656d98dafe89128971fdf3657e

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.190.59.101 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

101.59.190.35.bc.googleusercontent.com

Software

openresty/1.11.2.5 /

Resource Hash

8cb768574afb1d11ac212990e4d5420d64557c64278638d3812ede1beea21339

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.onmsft.com/
Origin: https://www.onmsft.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Sat, 15 Feb 2020 07:48:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: openresty/1.11.2.5
status: 200
vary: Accept-Encoding
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: https://www.onmsft.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
content-type: application/json
alt-svc: clear
via: 1.1 google

GET
H2 200 portal.html
admiral.mgr.consensu.org/ Frame 3432 0
0 71ms
30ms Document
text/html 35.190.76.239
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://admiral.mgr.consensu.org/portal.html

Requested by

Host: chickensstation.com
URL: https://chickensstation.com/v2/0/jux-E_ybSvS8hdhfETraPx7wTBGt-IxGIeCM0XCD7HAEEzip7tj3WtAoLl4mMCIRPZ4

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.190.76.239 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

239.76.190.35.bc.googleusercontent.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: admiral.mgr.consensu.org
:scheme: https
:path: /portal.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.onmsft.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.onmsft.com/

Response headers

status: 200
server: nginx
date: Sat, 15 Feb 2020 07:48:46 GMT
content-type: text/html
last-modified: Thu, 12 Dec 2019 23:14:52 GMT
vary: Accept-Encoding
x-hostname: quest
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-security-policy: upgrade-insecure-requests;
strict-transport-security: max-age=15552000; preload
content-encoding: gzip
via: 1.1 google
alt-svc: clear

GET
H/1.1

204
No Content

b2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/b?c1=8&c2=6036316&c3=1&ns__t=1581752926272&ns_c=UTF-8&cv=3.5&c8=OnMSFT.com&c7=https%3A%2F%2Fwww.onmsft.com%2F&c9=
https://sb.scorecardresearch.com/b2?c1=8&c2=6036316&c3=1&ns__t=1581752926272&ns_c=UTF-8&cv=3.5&c8=OnMSFT.com&c7=https%3A%2F%2Fwww.onmsft.com%2F&c9=&cs_ak_ss=1

0
528 B

30ms
30ms

Image
text/plain

23.43.115.95
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b2?c1=8&c2=6036316&c3=1&ns__t=1581752926272&ns_c=UTF-8&cv=3.5&c8=OnMSFT.com&c7=https%3A%2F%2Fwww.onmsft.com%2F&c9=&cs_ak_ss=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.43.115.95 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-43-115-95.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 Feb 2020 07:48:46 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Mon, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://sb.scorecardresearch.com/b2?c1=8&c2=6036316&c3=1&ns__t=1581752926272&ns_c=UTF-8&cv=3.5&c8=OnMSFT.com&c7=https%3A%2F%2Fwww.onmsft.com%2F&c9=&cs_ak_ss=1
Pragma: no-cache
Date: Sat, 15 Feb 2020 07:48:46 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 integrator.js Show response
adservice.google.nl/adsid/ 109 B
778 B 54ms
16ms Script
application/javascript 2a00:1450:4001:815::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.nl/adsid/integrator.js?domain=www.onmsft.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 15 Feb 2020 07:48:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript; charset=UTF-8
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 104
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 109 B
778 B 26ms
14ms Script
application/javascript 2a00:1450:4001:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.onmsft.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 15 Feb 2020 07:48:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript; charset=UTF-8
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 104
x-xss-protection: 0

GET
H2 200 pubads_impl_2020013001.js Show response
securepubads.g.doubleclick.net/gpt/ 167 KB
61 KB 66ms
65ms Script
text/javascript 172.217.18.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020013001.js?21065540

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s29-in-f2.1e100.net

Software

sffe /

Resource Hash

06349254c3a3832ea81973863ce5873ab441c1b8006ee1cb553425d152fabf88

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 15 Feb 2020 07:48:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 30 Jan 2020 14:09:03 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 62230
x-xss-protection: 0
expires: Sat, 15 Feb 2020 07:48:46 GMT

GET
H2 200 iab Show response
api.skimlinks.mgr.consensu.org/ 772 B
636 B 87ms
31ms XHR
application/json 35.190.40.172
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.skimlinks.mgr.consensu.org/iab?nocache=1581752926297

Requested by

Host: s.skimresources.com
URL: https://s.skimresources.com/js/88572X1541654.skimlinks.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.190.40.172 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

172.40.190.35.bc.googleusercontent.com

Software

nginx/1.14.0 /

Resource Hash

4898c2b9f8c2f931ef6a819d36e0019867931d9519af933ab4bd5edce724b2a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.onmsft.com/
Origin: https://www.onmsft.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36

Response headers

date: Sat, 15 Feb 2020 07:48:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: nginx/1.14.0
access-control-allow-headers: *
status: 200
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: https://www.onmsft.com
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
via: 1.1 google

GET
H/1.1 200
OK count-data.js Show response
winbeta.disqus.com/ 817 B
1 KB 21ms
20ms Script
application/javascript 151.101.12.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://winbeta.disqus.com/count-data.js?2=https%3A%2F%2Fwww.onmsft.com%2Fnews%2Famazon-granted-injunction-to-halt-microsofts-progress-on-jedi-contract&2=https%3A%2F%2Fwww.onmsft.com%2Fnews%2Fas-sony-waits-for-microsoft-to-announce-xbox-series-x-pricing-cost-of-playstation-5-rises-due-to-scarce-components&2=https%3A%2F%2Fwww.onmsft.com%2Fnews%2Fbing-is-working-on-ways-to-clarify-your-search-query-by-asking-follow-up-questions&2=https%3A%2F%2Fwww.onmsft.com%2Fnews%2Ffirst-pc-build-of-halo-combat-evolved-is-now-available-for-select-halo-insiders&2=https%3A%2F%2Fwww.onmsft.com%2Fnews%2Fgrab-a-surface-pro-7-or-surface-laptop-3-for-cheap-with-ebays-limited-time-sale&2=https%3A%2F%2Fwww.onmsft.com%2Fnews%2Fmicrosoft-accelerate-business-india-ites&2=https%3A%2F%2Fwww.onmsft.com%2Fnews%2Fmicrosoft-edge-canary-is-getting-the-long-awaited-extension-syncing-feature&2=https%3A%2F%2Fwww.onmsft.com%2Fnews%2Fmicrosoft-edges-newsguard-extension-now-requires-a-paid-membership-to-use&2=https%3A%2F%2Fwww.onmsft.com%2Fnews%2Fmicrosoft-for-startups-expands-technology-benefits-as-companies-in-the-program-to-close-on-1b-this-year&2=https%3A%2F%2Fwww.onmsft.com%2Fnews%2Fmicrosoft-unveils-last-windows-terminal-preview-before-v1-release

Requested by

Host: winbeta.disqus.com
URL: https://winbeta.disqus.com/count.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.12.134 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

c8d9e5beb3e5133bdf4a6c1992966277fafc8e3f5f8194e03f8d481a7f27a67f

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Sat, 15 Feb 2020 07:48:46 GMT
X-Content-Type-Options: nosniff
Server: nginx
Age: 2124
X-Frame-Options: SAMEORIGIN
Connection: keep-alive
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Cache-Control: public, max-age=600
Strict-Transport-Security: max-age=300; includeSubdomains
Content-Type: application/javascript; charset=UTF-8
Vary: Accept-Encoding
Content-Length: 817
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK count-data.js Show response
winbeta.disqus.com/ 509 B
1 KB 47ms
26ms Script
application/javascript 151.101.12.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://winbeta.disqus.com/count-data.js?2=https%3A%2F%2Fwww.onmsft.com%2Fnews%2Fnew-juggernaut-edition-dlc-announced-for-state-of-decay-2-coming-march-2020&2=https%3A%2F%2Fwww.onmsft.com%2Fnews%2Fsatya-nadella-india-microsoft-future-decoded-summit&2=https%3A%2F%2Fwww.onmsft.com%2Fnews%2Fsurface-book-3-and-surface-go-details-leaked-along-with-news-of-springtime-hardware-event&2=https%3A%2F%2Fwww.onmsft.com%2Fnews%2Fthat-didnt-take-long-video-shows-windows-10x-running-on-a-macbook&2=https%3A%2F%2Fwww.onmsft.com%2Fnews%2Fthe-division-2-warlords-of-new-york-edition-is-now-live-on-microsofts-xbox-one-consoles&2=https%3A%2F%2Fwww.onmsft.com%2Fnews%2Fxbox-elite-series-2-controller-becomes-fifth-best-selling-gaming-accessory-in-the-us

Requested by

Host: winbeta.disqus.com
URL: https://winbeta.disqus.com/count.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.12.134 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

5d21a740e749919a1c104e5fe818d32ce85732f40852b6993f62abb98afc1848

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Sat, 15 Feb 2020 07:48:46 GMT
X-Content-Type-Options: nosniff
Server: nginx
Age: 2126
X-Frame-Options: SAMEORIGIN
Connection: keep-alive
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Cache-Control: public, max-age=600
Strict-Transport-Security: max-age=300; includeSubdomains
Content-Type: application/javascript; charset=UTF-8
Vary: Accept-Encoding
Content-Length: 509
X-XSS-Protection: 1; mode=block

GET
H2 200 info Show response
gurgle.zdbb.net/ 160 B
359 B 116ms
115ms XHR
application/json 2.19.45.224
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://gurgle.zdbb.net/info?url=https%3A%2F%2Fwww.onmsft.com%2F
Requested by: Host: cdn.static.zdbb.net
URL: https://cdn.static.zdbb.net/eu/js/z0WVjCBSEeGLoxIxOQVEwQ.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.19.45.224 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-19-45-224.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: ec5da7a4cfd1a85ad2cc40c25e23476db9ed4ba55db414af0f4bf8a6fce5070e

Request headers

Referer: https://www.onmsft.com/
Origin: https://www.onmsft.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36

Response headers

date: Sat, 15 Feb 2020 07:48:46 GMT
status: 200
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: https://www.onmsft.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Cache-Control
content-length: 160

GET
H2 200 check Show response
jogger.zdbb.net/ 5 B
231 B 324ms
102ms XHR
text/plain 54.172.13.155
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://jogger.zdbb.net/check?href=https%3A%2F%2Fwww.onmsft.com%2F
Requested by: Host: cdn.static.zdbb.net
URL: https://cdn.static.zdbb.net/eu/js/z0WVjCBSEeGLoxIxOQVEwQ.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.172.13.155 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-172-13-155.compute-1.amazonaws.com
Software: /
Resource Hash: 4e523a5ae5b4636c75901b79fafbd3912e41dc7987414e688b09d4b436ff22b3

Request headers

Referer: https://www.onmsft.com/
Origin: https://www.onmsft.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36

Response headers

date: Sat, 15 Feb 2020 07:48:46 GMT
status: 200
access-control-allow-methods: GET, OPTIONS
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=138439
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Cache-Control
content-length: 5

GET
H2 200 zd-core-olt.min.js Show response
cdn.static.zdbb.net/js/ 844 B
1 KB 35ms
35ms Script
application/javascript 2.19.45.224
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.static.zdbb.net/js/zd-core-olt.min.js?v=5
Requested by: Host: cdn.static.zdbb.net
URL: https://cdn.static.zdbb.net/eu/js/z0WVjCBSEeGLoxIxOQVEwQ.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.19.45.224 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-19-45-224.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 1331ce07d67579b7a85c3f1deb9479460b198356c6d1aee8de72daa1d5e377b2

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

x-amz-version-id: K1Xk99OkCO4PjJF.kp_Bw5.xKL5Ip.MY
last-modified: Thu, 13 Feb 2020 19:44:48 GMT
x-amz-request-id: F827DB615D11C797
date: Sat, 15 Feb 2020 07:48:46 GMT
content-type: application/javascript
status: 200
cache-control: max-age=604800
accept-ranges: bytes
content-length: 844
x-amz-id-2: 9XChfprPaABymUPIKaWAmu9PQubZVxs3w3pQkGFEB0kw1qzhJ+RQ+By5cfKHuoEdbfHSER8hI/I=
expires: Sat, 22 Feb 2020 07:48:46 GMT

GET
H/1.1 200
OK bk-coretag.js Show response
tags.bkrtx.com/js/ 27 KB
10 KB 104ms
53ms Script
text/javascript 95.100.78.156
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.bkrtx.com/js/bk-coretag.js
Requested by: Host: cdn.static.zdbb.net
URL: https://cdn.static.zdbb.net/eu/js/z0WVjCBSEeGLoxIxOQVEwQ.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.100.78.156 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-100-78-156.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 5cc280e965102224e1c7c0bd1df536c524c3a6fc9762205f4d7f7b345382c724

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Sat, 15 Feb 2020 07:48:46 GMT
Content-Encoding: gzip
Last-Modified: Wed, 21 Aug 2019 15:56:57 GMT
Server: Apache
ETag: "31600f9-6afc-590a29f6f4dd4"
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 9603
Expires: Sat, 22 Feb 2020 07:48:46 GMT

GET
H2 200 krux-coretag.js Show response
cdn.static.zdbb.net/js/ 335 B
627 B 33ms
33ms Script
application/javascript 2.19.45.224
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.static.zdbb.net/js/krux-coretag.js
Requested by: Host: cdn.static.zdbb.net
URL: https://cdn.static.zdbb.net/eu/js/z0WVjCBSEeGLoxIxOQVEwQ.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.19.45.224 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-19-45-224.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 4f30bdeed794aeb92d85e55d901c0bdb634df32432010792e3b569ea73cae443

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

x-amz-version-id: iiW91FKaZ6ezcCRmu2nRY0ZQeQ6aMlgW
last-modified: Thu, 13 Feb 2020 19:44:47 GMT
x-amz-request-id: 6B19B92707DC77C0
date: Sat, 15 Feb 2020 07:48:46 GMT
content-type: application/javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
content-length: 335
x-amz-id-2: vEgJtOeoAjcCmbZR8tzMklF5K9TLgS+dU/YHNl6+oW09zS5Z2ZWlMQVPXPRqekgkvXGR5FoyrO0=
expires: Sat, 15 Feb 2020 08:48:46 GMT

GET
H2 200 z0WVjCBSEeGLoxIxOQVEwQ
zdbb.net/l/ 43 B
108 B 110ms
31ms Image
image/gif 52.208.18.218
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://zdbb.net/l/z0WVjCBSEeGLoxIxOQVEwQ?additionalInformation=&cms_page_id=&local_uid=&referrer=&zd_pageview_id=8b25f48a-0f46-44bf-9a64-67a0b19e1f4b&zd_location=https%3A%2F%2Fwww.onmsft.com%2F&evidon_consent=undefined&third_party_consent=&fu=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.208.18.218 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-208-18-218.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

status: 200
date: Sat, 15 Feb 2020 07:48:46 GMT
content-length: 43
content-type: image/gif

GET
H2 404 pubvendors.json Show response
www.onmsft.com/.well-known/ 23 KB
5 KB 824ms
823ms Fetch
text/html 104.24.121.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.onmsft.com/.well-known/pubvendors.json
Requested by: Host: chickensstation.com
URL: https://chickensstation.com/v2/0/jux-E_ybSvS8hdhfETraPx7wTBGt-IxGIeCM0XCD7HAEEzip7tj3WtAoLl4mMCIRPZ4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.121.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d0935d282db097db7801c5fd758d920167138538105e9c599763dc449ce06f8e

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: empty

Response headers

date: Sat, 15 Feb 2020 07:48:47 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: text/html; charset=UTF-8
status: 404
cache-control: no-cache, must-revalidate, max-age=0
cf-ray: 5655ae6dbf349c5d-AMS
link: <https://www.onmsft.com/wp-json/>; rel="https://api.w.org/"
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 vendorlist.json Show response
vendorlist.consensu.org/ 93 KB
17 KB 23ms
8ms Fetch
application/json 2600:9000:2156:7400:1:af78:4c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vendorlist.consensu.org/vendorlist.json
Requested by: Host: chickensstation.com
URL: https://chickensstation.com/v2/0/jux-E_ybSvS8hdhfETraPx7wTBGt-IxGIeCM0XCD7HAEEzip7tj3WtAoLl4mMCIRPZ4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2156:7400:1:af78:4c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d3b8f02aafe9fa6ddd5ed1e5adb03185180abdddccadf3c00b56315361b93600

Request headers

Referer: https://www.onmsft.com/
Origin: https://www.onmsft.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36

Response headers

date: Thu, 13 Feb 2020 16:30:47 GMT
content-encoding: gzip
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
age: 141480
x-cache: Hit from cloudfront
status: 200
access-control-allow-origin: *
last-modified: Thu, 13 Feb 2020 16:00:23 GMT
server: AmazonS3
access-control-max-age: 604800
access-control-allow-methods: GET
x-amz-version-id: Afk1vjFHp_J7cdjW77gZ6Y9MGZx9a2zs
via: 1.1 a09186728c1bcdf0a561aedd92656804.cloudfront.net (CloudFront)
cache-control: max-age=604800
x-amz-cf-pop: FRA50-C1
content-type: application/json; charset=utf-8
x-amz-cf-id: _aJ3QPB412RCCAa469PwayYDpl9TCD9xmJqfbi6gfkWolr_o6myMUQ==

GET
H/1.1 200
OK spgdj7g8u.js Show response
cdn.krxd.net/controltag/ 2 B
626 B 63ms
20ms Script
text/javascript 151.101.112.175
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.krxd.net/controltag/spgdj7g8u.js
Requested by: Host: cdn.static.zdbb.net
URL: https://cdn.static.zdbb.net/js/krux-coretag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.175 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

X-CDN-Backend: 4FrRTvEr9h480D4BywjehZ--F_config_service_ash_prod
Date: Sat, 15 Feb 2020 07:48:46 GMT
Via: 1.1 varnish, 1.1 varnish
Age: 799
X-Cache: MISS, HIT, HIT
X-App-Cache: MISS
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 22
X-Served-By: config-service-a001-ash-prod.krxd.net, cache-iad2144-IAD, cache-hhn4058-HHN
X-Response-Time: 0
X-Do-Esi: esi
X-Timer: S1581752926.412807,VS0,VE0
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: public, max-age=1200
Accept-Ranges: bytes
X-Age: 0
X-Cache-Hits: 0, 1, 50

GET
H2 200 Atnpf Show response
ad.doubleclick.net/ddm/adj/Bkjngq/ 11 B
625 B 68ms
28ms Script
text/javascript 172.217.18.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adj/Bkjngq/Atnpf

Requested by

Host: chickensstation.com
URL: https://chickensstation.com/v2/0/jux-E_ybSvS8hdhfETraPx7wTBGt-IxGIeCM0XCD7HAEEzip7tj3WtAoLl4mMCIRPZ4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f102.1e100.net

Software

cafe /

Resource Hash

f1e945400c04241ef089d71de3b0cf7e202431ac4685ada318714fe07ee9dcb0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

pragma: no-cache
date: Sat, 15 Feb 2020 07:48:46 GMT
content-encoding: br
x-content-type-options: nosniff
content-type: text/javascript; charset=UTF-8
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 14
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel.gif
load77.exelator.com/ Frame 20E8
Redirect Chain

https://x.skimresources.com/?provider=exelate
https://loadeu.exelator.com/load/?p=787&g=001&j=0&
https://loadeu.exelator.com/load/?p=787&g=001&j=0&&xl8blockcheck=1
https://load77.exelator.com/pixel.gif

43 B
273 B

61ms
20ms

Image
image/gif

195.181.175.52
CDN77

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://load77.exelator.com/pixel.gif
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.181.175.52 Frankfurt am Main, Germany, ASN60068 (CDN77, GB),
Reverse DNS: unn-195-181-175-52.datapacket.com
Software: CDN77-Turbo /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36

Response headers

date: Sat, 15 Feb 2020 07:48:46 GMT
last-modified: Wed, 25 Oct 2017 17:03:56 GMT
server: CDN77-Turbo
access-control-allow-origin: *
x-edge-location: frankfurtDE
etag: "59f0c3fc-2b"
x-cache: HIT
content-type: image/gif
status: 200
x-edge-ip: 195.181.175.50
x-age: 1024003
accept-ranges: bytes
content-length: 43

Redirect headers

date: Sat, 15 Feb 2020 07:48:46 GMT
server: nginx/1.14.0
x-powered-by: Undertow/1
location: https://load77.exelator.com/pixel.gif
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
status: 302
cache-control: no-cache
access-control-allow-credentials: true
content-type: image/gif
content-length: 0

GET
H2 200 pub Show response
pixel.adsafeprotected.com/services/ 894 B
1 KB 118ms
53ms XHR
application/json 54.246.208.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/services/pub?anId=7529&slot=%7Bid:nsgpt-billboard-1,ss:%5B728.90,997.123,970.250,970.180,970.90%5D,p:/4585/ns.onmsft/homepage,t:display%7D&slot=%7Bid:nsgpt-rectangle-1,s:300.250,p:/4585/ns.onmsft/homepage,t:display%7D&slot=%7Bid:nsgpt-rectangle-2,s:300.250,p:/4585/ns.onmsft/homepage,t:display%7D&slot=%7Bid:nsgpt-rectangle-3,s:300.250,p:/4585/ns.onmsft/homepage,t:display%7D&slot=%7Bid:nsgpt-footer-1,ss:%5B970.90,728.90,997.123%5D,p:/4585/ns.onmsft/homepage,t:display%7D&slot=%7Bid:nsgpt-oop-footer,s:1.1,p:/4585/ns.onmsft/homepage,t:display%7D&slot=%7Bid:nsgpt-oop-stitials,s:1.1,p:/4585/ns.onmsft/homepage,t:display%7D&slot=%7Bid:nsgpt-oop-inpage,s:1.1,p:/4585/ns.onmsft/homepage,t:display%7D&slot=%7Bid:nsgpt-oop-skin,s:1.1,p:/4585/ns.onmsft/homepage,t:display%7D&slot=%7Bid:nsgpt-oop-inline,s:1.1,p:/4585/ns.onmsft/homepage,t:display%7D&slot=%7Bid:nsgpt-oop-masthead,s:1.1,p:/4585/ns.onmsft/homepage,t:display%7D&wr=1600.1200&sr=1600.1200&sessionId=1b246eab-8c19-f026-3d7e-86d29be5a6c5&url=https%253A%252F%252Fwww.onmsft.com%252F
Requested by: Host: cdn.nsstatic.com
URL: https://cdn.nsstatic.com/ns/onmsft.com.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.246.208.255 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-246-208-255.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 40d15910a4e322fdf4dd074ef29b75e945725469cd67fa9fccdbe0c17798aa77

Request headers

Referer: https://www.onmsft.com/
Origin: https://www.onmsft.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36

Response headers

date: Sat, 15 Feb 2020 07:48:46 GMT
x-server-name: app22.ie.303net.net
status: 200
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.onmsft.com
access-control-expose-headers: X-Server-Name
access-control-allow-credentials: true
timing-allow-origin: *
server: nginx

GET
H/1.1 200
OK 30629
stags.bluekai.com/site/ Frame 0986 0
0 220ms
175ms Document
text/html 23.45.237.36
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://stags.bluekai.com/site/30629?ret=html&phint=site%3Donmsft.com&phint=referer%3Dhttps%3A%2F%2Fwww.onmsft.com%2F&phint=bbseg%3D1100530&phint=bbseg%3D7290&phint=bbseg%3D900082&phint=bbseg%3D900033&phint=bbseg%3D900136&phint=bbseg%3D900113&phint=bbseg%3D6895&phint=bbseg%3D1100015&phint=bbseg%3D6840&phint=bbseg%3D6867&phint=__bk_t%3DOnMSFT.com&phint=__bk_k%3D&phint=__bk_l%3Dhttps%3A%2F%2Fwww.onmsft.com%2F&phint=__bk_v%3D3.1.3&limit=10&r=90704123
Requested by: Host: tags.bkrtx.com
URL: https://tags.bkrtx.com/js/bk-coretag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.45.237.36 , United States, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-45-237-36.deploy.static.akamaitechnologies.com
Software: /
Resource Hash

Request headers

Host: stags.bluekai.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: iframe
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://www.onmsft.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.onmsft.com/

Response headers

Content-Type: text/html
Content-Length: 71
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
BK-Server: f030
Date: Sat, 15 Feb 2020 07:48:46 GMT
Connection: keep-alive
X-N: S

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-23/html/ Frame B3CB 0
0 19ms
6ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-23/html/container.html

Requested by

Host: chickensstation.com
URL: https://chickensstation.com/v2/0/jux-E_ybSvS8hdhfETraPx7wTBGt-IxGIeCM0XCD7HAEEzip7tj3WtAoLl4mMCIRPZ4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-23/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.onmsft.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.onmsft.com/

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
timing-allow-origin: *
content-length: 1479
date: Wed, 29 Jan 2020 18:03:31 GMT
expires: Thu, 28 Jan 2021 18:03:31 GMT
last-modified: Tue, 10 Apr 2018 14:51:09 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1431915
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 23 B
369 B 125ms
73ms XHR
text/javascript 13.225.86.250
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/e/dtb/bid?src=3916&u=https%3A%2F%2Fwww.onmsft.com%2F&pid=MeMQ9wHK44YUg&cb=0&ws=1600x1200&v=7.47.00&t=800&slots=%5B%7B%22sd%22%3A%220%22%2C%22s%22%3A%5B%22728x90%22%2C%22997x123%22%2C%22970x250%22%2C%22970x180%22%2C%22970x90%22%5D%2C%22sn%22%3A%22billboard%22%7D%2C%7B%22sd%22%3A%221%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22rectangle%22%7D%2C%7B%22sd%22%3A%222%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22rectangle%22%7D%2C%7B%22sd%22%3A%223%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22rectangle%22%7D%2C%7B%22sd%22%3A%224%22%2C%22s%22%3A%5B%22970x90%22%2C%22728x90%22%2C%22997x123%22%5D%2C%22sn%22%3A%22footer%22%7D%5D&cfgv=0&gdprl=%7B%22status%22%3A%22cmp-timeout%22%7D
Requested by: Host: cdn.nsstatic.com
URL: https://cdn.nsstatic.com/ns/onmsft.com.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.225.86.250 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-86-250.fra2.r.cloudfront.net
Software: Server /
Resource Hash: 745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Request headers

Referer: https://www.onmsft.com/
Origin: https://www.onmsft.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36

Response headers

date: Sat, 15 Feb 2020 07:48:46 GMT
via: 1.1 217b7bc19321a4945b685521fa4f11ac.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA2-C2
status: 200
vary: User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.onmsft.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: i09_wL778skcYVMJKrvn_77pa-E5Jvucn4uUKzo85THNQEEXORUevg==

POST
H2 200 page Show response
t.skimresources.com/api/v2/ 22 B
342 B 32ms
32ms XHR
application/javascript 35.201.67.47
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://t.skimresources.com/api/v2/page

Requested by

Host: s.skimresources.com
URL: https://s.skimresources.com/js/88572X1541654.skimlinks.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.201.67.47 , Ascension Island, ASN15169 (GOOGLE, US),

Reverse DNS

47.67.201.35.bc.googleusercontent.com

Software

Python/3.7 aiohttp/3.5.4 /

Resource Hash

fcc83a5b6aef86420c1ad553167106df96bd0ff4192ffe52b1647599948edbcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.onmsft.com/
Origin: https://www.onmsft.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Content-type: text/plain

Response headers

pragma: no-cache
date: Sat, 15 Feb 2020 07:48:46 GMT
via: 1.1 google
x-content-type-options: nosniff
server: Python/3.7 aiohttp/3.5.4
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token
status: 200
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/plain; charset=utf-8, application/javascript
access-control-allow-origin: https://www.onmsft.com
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 22

POST
H2 200 link Show response
t.skimresources.com/api/v2/ 22 B
91 B 106ms
106ms XHR
application/javascript 35.201.67.47
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://t.skimresources.com/api/v2/link

Requested by

Host: s.skimresources.com
URL: https://s.skimresources.com/js/88572X1541654.skimlinks.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.201.67.47 , Ascension Island, ASN15169 (GOOGLE, US),

Reverse DNS

47.67.201.35.bc.googleusercontent.com

Software

Python/3.7 aiohttp/3.5.4 /

Resource Hash

fcc83a5b6aef86420c1ad553167106df96bd0ff4192ffe52b1647599948edbcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.onmsft.com/
Origin: https://www.onmsft.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Content-type: text/plain

Response headers

pragma: no-cache
date: Sat, 15 Feb 2020 07:48:46 GMT
via: 1.1 google
x-content-type-options: nosniff
server: Python/3.7 aiohttp/3.5.4
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token
status: 200
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/plain; charset=utf-8, application/javascript
access-control-allow-origin: https://www.onmsft.com
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 22

GET
H2

200

/
p.skimresources.com/ Frame 20E8
Redirect Chain

https://sync.crwdcntrl.net/map/c=7505/tp=SKIM/?https%3A%2F%2Fx.skimresources.com%2F%3Fprovider%3Dlotame%26skim_mapping%3Dtrue%26provider_id%3D%24%7Bprofile_id%7D
https://sync.crwdcntrl.net/map/ct=y/c=7505/tp=SKIM/?https%3A%2F%2Fx.skimresources.com%2F%3Fprovider%3Dlotame%26skim_mapping%3Dtrue%26provider_id%3D%24%7Bprofile_id%7D
https://x.skimresources.com/?provider=lotame&skim_mapping=true&provider_id=379b41e691ec0f5e7745d82f864f39e0
https://p.skimresources.com/?provider_id=379b41e691ec0f5e7745d82f864f39e0&skim_mapping=true

43 B
240 B

17ms
16ms

Image
image/gif

151.139.128.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.skimresources.com/?provider_id=379b41e691ec0f5e7745d82f864f39e0&skim_mapping=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: UploadServer /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36

Response headers

date: Sat, 15 Feb 2020 07:48:46 GMT
status: 200
x-guploader-uploadid: AEnB2Uo1XVW30Nh8w5Gtnr_cnRS9G2sabfeYqZA8bbT7HEZM5rjyZ32YKahAMiCuEtnEGAMTlTRDyFvCsT6mGA19BmEERA6WgLn_XYDmYOCWRN6SoWmIb0g
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 4
x-goog-stored-content-encoding: identity
content-length: 43
x-hw: 1581752926.cds082.am5.hn,1581752926.cds148.am5.c
last-modified: Tue, 23 Oct 2018 13:19:28 GMT
server: UploadServer
etag: "f837aa60b6fe83458f790db60d529fc9"
x-goog-hash: crc32c=xra6Ow==, md5=+DeqYLb+g0WPeQ22DVKfyQ==
x-goog-generation: 1540300768038458
cache-control: public, max-age=7200
x-goog-stored-content-length: 43
accept-ranges: bytes
content-type: image/gif

Redirect headers

Location: https://p.skimresources.com?provider_id=379b41e691ec0f5e7745d82f864f39e0&skim_mapping=true
Date: Sat, 15 Feb 2020 07:48:46 GMT
Server: TornadoServer/2.4.1
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 0
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

GET
H2 200 ziffdavis.json Show response
cdn-gl.imrworldwide.com/ci/ 262 B
817 B 81ms
7ms XHR
application/json 2600:9000:20eb:d800:2:42d9:3100:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-gl.imrworldwide.com/ci/ziffdavis.json
Requested by: Host: cdn-gl.imrworldwide.com
URL: https://cdn-gl.imrworldwide.com/v60.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:20eb:d800:2:42d9:3100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8f75ee8a760c4319b767725c06ad12a0f5291c38fe35e93cbe59c18f02fdc248

Request headers

Referer: https://www.onmsft.com/
Origin: https://www.onmsft.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36

Response headers

date: Sat, 15 Feb 2020 06:59:11 GMT
via: 1.1 2bbba694ff55d664208103e9c25dce14.cloudfront.net (CloudFront)
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
age: 2977
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
status: 200
content-length: 262
last-modified: Sat, 15 Feb 2020 06:02:05 GMT
server: AmazonS3
etag: "1755ccfbfde3144d5444ccdbef529c66"
access-control-max-age: 3000
access-control-allow-methods: GET
x-amz-version-id: BknQmAn2rRwC39Az_Ttj8VM4w5MeTvIw
access-control-allow-origin: *
cache-control: max-age=86400,s-maxage=86400
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
content-type: application/json
x-amz-cf-id: Cvv6QGcLuQFkNy9Xed-3eXX0HdbwfuJfFKmmYqHce0JyIC2_KOaSgQ==

GET
H2

200

m
secure-us.imrworldwide.com/cgi-bin/
Redirect Chain

https://secure-us.imrworldwide.com/cgi-bin/m?rnd=1581752927181&ci=ziffdavis&js=1&cg=0&ts=v60.js&vn=6.0.58&cc=1&cd=24&ck=y&je=n&lg=en-US&si=https%3A%2F%2Fwww.onmsft.com%2F&sr=1600x1200&tz=1
https://secure-us.imrworldwide.com/cgi-bin/m?rnd=1581752927181&ci=ziffdavis&js=1&cg=0&ts=v60.js&vn=6.0.58&cc=1&cd=24&ck=y&je=n&lg=en-US&si=https%3A%2F%2Fwww.onmsft.com%2F&sr=1600x1200&tz=1&ja=1

44 B
332 B

34ms
32ms

Image
image/gif

54.72.110.169
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-us.imrworldwide.com/cgi-bin/m?rnd=1581752927181&ci=ziffdavis&js=1&cg=0&ts=v60.js&vn=6.0.58&cc=1&cd=24&ck=y&je=n&lg=en-US&si=https%3A%2F%2Fwww.onmsft.com%2F&sr=1600x1200&tz=1&ja=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.72.110.169 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-72-110-169.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Feb 2020 07:48:47 GMT
server: nginx
access-control-allow-origin: *
access-control-allow-methods: POST, OPTIONS
p3p: P3P policyref="http://www.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
status: 200
cache-control: no-cache
content-type: image/gif
content-length: 44
expires: Thu, 01 Dec 1994 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 15 Feb 2020 07:48:47 GMT
server: nginx
access-control-allow-origin: *
location: https://secure-us.imrworldwide.com/cgi-bin/m?rnd=1581752927181&ci=ziffdavis&js=1&cg=0&ts=v60.js&vn=6.0.58&cc=1&cd=24&ck=y&je=n&lg=en-US&si=https%3A%2F%2Fwww.onmsft.com%2F&sr=1600x1200&tz=1&ja=1
access-control-allow-methods: POST, OPTIONS
p3p: P3P policyref="http://www.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
status: 302
cache-control: no-cache
content-length: 0
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2 200 config250.js Show response
cdn-gl.imrworldwide.com/conf/ 11 KB
4 KB 9ms
8ms Script
application/javascript 2600:9000:20eb:d800:2:42d9:3100:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-gl.imrworldwide.com/conf/config250.js
Requested by: Host: cdn-gl.imrworldwide.com
URL: https://cdn-gl.imrworldwide.com/v60.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:20eb:d800:2:42d9:3100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b4ee14f08bc7418d1a701d97c2b74a1463547caa28a57203d6cbd80bd481b334

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 15 Feb 2020 07:25:01 GMT
content-encoding: gzip
last-modified: Sat, 15 Feb 2020 07:20:22 GMT
server: AmazonS3
age: 1427
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: ccLN53DzxjOXgd16mgyck3HWhjKfNNc3
status: 200
cache-control: max-age=86400,s-maxage=86400
x-amz-cf-pop: FRA2-C1
content-type: application/javascript
x-amz-cf-id: aJgllEJD14GLa3wou9717WwA6lz2-2YT--a47t2mlqQNZNqfq_F_Bw==
via: 1.1 34f50889bc574f1edeb41dd758962a5b.cloudfront.net (CloudFront)

GET
H2 200 nlsSDK600.bundle.min.js Show response
cdn-gl.imrworldwide.com/novms/js/2/ 164 KB
47 KB 9ms
8ms Script
application/javascript 2600:9000:20eb:d800:2:42d9:3100:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-gl.imrworldwide.com/novms/js/2/nlsSDK600.bundle.min.js
Requested by: Host: cdn-gl.imrworldwide.com
URL: https://cdn-gl.imrworldwide.com/conf/config250.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:20eb:d800:2:42d9:3100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 89d281be2d8967fc0d0384fc39c6822c9a86e5241dd5402eeb8041aaa05980da

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

x-amz-version-id: PUtACx6Fr_ackL6Pw1Sr8dvxDnKL2NrR
content-encoding: gzip
last-modified: Mon, 09 Dec 2019 14:40:16 GMT
server: AmazonS3
age: 3688
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
cache-control: max-age=86400
date: Sat, 15 Feb 2020 07:05:42 GMT
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: 2vHJiv8EJAYjWv56ZSylrW4sli7fmkD_VcbNnl_I2VF9FGSnDqfKig==
via: 1.1 34f50889bc574f1edeb41dd758962a5b.cloudfront.net (CloudFront)

GET
H2 200 ls.html
cdn-gl.imrworldwide.com/novms/html/ Frame 1751 0
0 7ms
6ms Document
text/html 2600:9000:20eb:d800:2:42d9:3100:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-gl.imrworldwide.com/novms/html/ls.html
Requested by: Host: cdn-gl.imrworldwide.com
URL: https://cdn-gl.imrworldwide.com/novms/js/2/nlsSDK600.bundle.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:20eb:d800:2:42d9:3100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

:method: GET
:authority: cdn-gl.imrworldwide.com
:scheme: https
:path: /novms/html/ls.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.onmsft.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: SSCVER=v1; IMRID=98fc76f0-4fc7-11ea-ad64-af20faa8817a
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.onmsft.com/

Response headers

status: 200
content-type: text/html
last-modified: Mon, 09 Dec 2019 14:40:15 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: GRfTKSoq5msSTd6GAk8PLPdIzTF1l0gQ
server: AmazonS3
content-encoding: gzip
date: Sat, 15 Feb 2020 07:01:50 GMT
cache-control: max-age=86400
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 34f50889bc574f1edeb41dd758962a5b.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: Vm8UjvoXjT4LuDd_RomF-vLIE0cJ4KT27V880pFpLDZqZF9CEnFUlw==
age: 3293

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 21 B
712 B 69ms
22ms XHR
application/json 37.252.173.38
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.nsstatic.com
URL: https://cdn.nsstatic.com/ns/onmsft.com.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.38 , Ascension Island, ASN29990 (ASN-APPNEX, US),

Reverse DNS

537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

aaaabde3f68c325033b37bb3ebff887e3b589b7137e717e96648a52221881429

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
Origin: https://www.onmsft.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sat, 15 Feb 2020 07:48:49 GMT
X-Proxy-Origin: 85.159.237.65; 85.159.237.65; 537.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.228:80
AN-X-Request-Uuid: 53f53139-5ddb-411c-b1a5-111ae3e649cc
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.onmsft.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 21
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
115 B 45ms
14ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.nsstatic.com
URL: https://cdn.nsstatic.com/ns/onmsft.com.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.onmsft.com/
Origin: https://www.onmsft.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Sat, 15 Feb 2020 07:48:47 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: https://www.onmsft.com

GET
H/1.1 200
OK cygnus Show response
as-sec.casalemedia.com/ 25 B
988 B 140ms
97ms XHR
application/json 2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://as-sec.casalemedia.com/cygnus?s=230303&v=7.2&r=%7B%22id%22%3A%22139e3883f6ffd85%22%2C%22imp%22%3A%5B%7B%22id%22%3A%22142c2e74f7c8599%22%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22230303%22%2C%22sid%22%3A%22728x90%22%7D%7D%2C%7B%22id%22%3A%2215a0a320256b1c4%22%2C%22banner%22%3A%7B%22w%22%3A997%2C%22h%22%3A123%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22230303%22%2C%22sid%22%3A%22997x123%22%7D%7D%2C%7B%22id%22%3A%221625e1fb52d9d3d%22%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22230303%22%2C%22sid%22%3A%22970x250%22%7D%7D%2C%7B%22id%22%3A%2217ca0a769e91de8%22%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A180%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22230303%22%2C%22sid%22%3A%22970x180%22%7D%7D%2C%7B%22id%22%3A%2218b28df0bacc156%22%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22230303%22%2C%22sid%22%3A%22970x90%22%7D%7D%2C%7B%22id%22%3A%2219cabef36472925%22%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22230303%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22id%22%3A%2220ca3e1f641a412%22%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22230303%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22id%22%3A%222142c69a848cede%22%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22230303%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22id%22%3A%22225daee7aaac4c4%22%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22230303%22%2C%22sid%22%3A%22970x90%22%7D%7D%2C%7B%22id%22%3A%2223e54b5df4465ef%22%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22230303%22%2C%22sid%22%3A%22728x90%22%7D%7D%2C%7B%22id%22%3A%22246b9241a6ef4f6%22%2C%22banner%22%3A%7B%22w%22%3A997%2C%22h%22%3A123%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22230303%22%2C%22sid%22%3A%22997x123%22%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.onmsft.com%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%7D&ac=j&sd=1&
Requested by: Host: cdn.nsstatic.com
URL: https://cdn.nsstatic.com/ns/onmsft.com.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 8a2643f2d79eee5c7058cb82db22a36178f752d15b1eb8273e9c9ab2e810561a

Request headers

Referer: https://www.onmsft.com/
Origin: https://www.onmsft.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sat, 15 Feb 2020 07:48:47 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Access-Control-Allow-Origin: https://www.onmsft.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 45
Expires: Sat, 15 Feb 2020 07:48:47 GMT

GET
H2 200 arj Show response
ziffdavis-d.openx.net/w/1.0/ 172 B
567 B 100ms
37ms XHR
application/json 34.95.120.147
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ziffdavis-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwww.onmsft.com%2F&jr=&ch=UTF-8&res=1600x1200x24&ifr=false&tz=-60&tws=1600x1200&be=1&bc=hb_pb_2.1.9&dddid=37c7a0fc-5497-492a-a8ee-1b6a6d7b80c8%2Cf26fc541-6b74-4bc4-9f9c-0db8ffb735f6%2C32516f83-4a59-461c-b521-113e56102fe4%2C647892b8-030c-4e7a-9912-b4c27ed4a6a7%2C15f35e73-da52-4122-a7dc-4a985fded8db&nocache=1581752927468&x_gdpr_f=1&aus=728x90%2C997x123%2C970x250%2C970x180%2C970x90%7C300x250%7C300x250%7C300x250%7C970x90%2C728x90%2C997x123&divIds=nsgpt-billboard-1%2Cnsgpt-rectangle-1%2Cnsgpt-rectangle-2%2Cnsgpt-rectangle-3%2Cnsgpt-footer-1&auid=540322690%2C540322690%2C540322690%2C540322690%2C540322690&
Requested by: Host: cdn.nsstatic.com
URL: https://cdn.nsstatic.com/ns/onmsft.com.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 147.120.95.34.bc.googleusercontent.com
Software: OXGW/16.174.5 /
Resource Hash: 746acea8e7c75dbbff14b5aba22af0bbf4a54183875fab50454bb1a1bf65094c

Request headers

Referer: https://www.onmsft.com/
Origin: https://www.onmsft.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 15 Feb 2020 07:48:47 GMT
content-encoding: gzip
server: OXGW/16.174.5
status: 200
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://www.onmsft.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 162
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 766 B
6 KB 242ms
166ms XHR
application/json 69.173.144.143
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=11576&site_id=142066&zone_id=660966&size_id=2%3B15%3B15%3B15%3B2&alt_size_ids=55%2C57%3B%3B%3B%3B55&rf=https%3A%2F%2Fwww.onmsft.com%2F&tg_i.site=onmsft.com&tg_i.pos=atf%3Batf%3Bbtf%3Bbtf%3Bbtf&tg_i.adunit=homepage&tk_flint=pbjs_lite_v2.39.0&x_source.tid=37c7a0fc-5497-492a-a8ee-1b6a6d7b80c8%3Bf26fc541-6b74-4bc4-9f9c-0db8ffb735f6%3B32516f83-4a59-461c-b521-113e56102fe4%3B647892b8-030c-4e7a-9912-b4c27ed4a6a7%3B15f35e73-da52-4122-a7dc-4a985fded8db&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=5&rand=0.1813076537671905
Requested by: Host: cdn.nsstatic.com
URL: https://cdn.nsstatic.com/ns/onmsft.com.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.143 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: 6665f2f0414d1cd4ae554f9df8dcf5fce35aaeaf91bc7f0470df9924ae80cd71

Request headers

Referer: https://www.onmsft.com/
Origin: https://www.onmsft.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sat, 15 Feb 2020 07:48:47 GMT
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.onmsft.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=5, max=209
Content-Length: 766
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 show_companion_ad.js Show response
pagead2.googlesyndication.com/pagead/ 190 KB
69 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:818::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_companion_ad.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020013001.js?21065540

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f5a07a19877babf94bb2675cc88343034fdb5a1b3f672eb0f136b61e4ff3924d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 15 Feb 2020 07:29:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1161
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 70860
x-xss-protection: 0
server: cafe
etag: 12290426001053391183
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Sat, 15 Feb 2020 08:29:26 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 36 KB
9 KB 498ms
498ms XHR
text/plain 172.217.18.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1821304800037412&correlator=4479554935669899&output=ldjh&impl=fifs&adsid=NT&eid=21065540%2C21062452%2C21065443%2C21065305&vrg=2020013001&npa=1&guci=1.2.0.0.2.1.0.0&sc=1&sfv=1-0-37&ecs=20200215&iu_parts=4585%2Cns.onmsft%2Chomepage&enc_prev_ius=%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2&prev_iu_szs=728x90%7C997x123%7C970x250%7C970x180%7C970x90%2C300x250%2C300x250%2C300x250%2C970x90%7C728x90%7C997x123%2C1x1%2C1x1%2C1x1%2C1x1%2C1x1%2C1x1&ists=63&prev_scp=ad_group%3Dad_opt%26rfr%3Dfalse%26OOF%3Dfalse%26ppos%3Datf%26pos%3Datf%26amznbid%3D2%26amznp%3D2%26id%3D9896d770-4fc7-11ea-898a-0661a761d26a%7Cad_group%3Dad_opt%26rfr%3Dfalse%26OOF%3Dfalse%26ppos%3Datf%26pos%3Datf%26amznbid%3D2%26amznp%3D2%26id%3D9896d771-4fc7-11ea-898a-0661a761d26a%7Cad_group%3Dad_opt%26rfr%3Dfalse%26OOF%3Dfalse%26ppos%3Dbtf%26pos%3Dbtf%26amznbid%3D2%26amznp%3D2%26id%3D9896d772-4fc7-11ea-898a-0661a761d26a%7Cad_group%3Dad_opt%26rfr%3Dfalse%26OOF%3Dfalse%26ppos%3Dbtf%26pos%3Dbtf%26amznbid%3D2%26amznp%3D2%26id%3D9896d773-4fc7-11ea-898a-0661a761d26a%7Cad_group%3Dad_ex4%26rfr%3Dfalse%26OOF%3Dfalse%26ppos%3Dbtf%26pos%3Dbtf%26amznbid%3D2%26amznp%3D2%26id%3D9896d774-4fc7-11ea-898a-0661a761d26a%7Cad_group%3Dad_opt%26OOP_type%3Dfooter%26rfr%3Dfalse%26OOF%3Dfalse%26id%3D9896d775-4fc7-11ea-898a-0661a761d26a%7Cad_group%3Dad_opt%26OOP_type%3Dstitials%26rfr%3Dfalse%26OOF%3Dfalse%26id%3D9896d776-4fc7-11ea-898a-0661a761d26a%7Cad_group%3Dad_opt%26OOP_type%3Dinpage%26rfr%3Dfalse%26OOF%3Dfalse%26id%3D9896d777-4fc7-11ea-898a-0661a761d26a%7Cad_group%3Dad_opt%26OOP_type%3Dskin%26rfr%3Dfalse%26OOF%3Dfalse%26id%3D9896d778-4fc7-11ea-898a-0661a761d26a%7Cad_group%3Dad_opt%26OOP_type%3Dinline%26rfr%3Dfalse%26OOF%3Dfalse%26id%3D9896d779-4fc7-11ea-898a-0661a761d26a%7Cad_group%3Dad_opt%26OOP_type%3Dmasthead%26rfr%3Dfalse%26OOF%3Dfalse%26id%3D9896d77a-4fc7-11ea-898a-0661a761d26a&eri=4&cust_params=url%3D%252F%26ref%3D%26gdpr%3D0%26zcp%3D89b18e7bbfe960f95cefb%26cpid%3D92d7c10d76caaa612d973043dc655c69%26mop%3Dy%26amznslots%3D%26zdid%3D92d7c10d76caaa612d973043dc655c69%26zc%3Dfcfd00d7-d1c8-4d93-915b-fd8049d83bf7%26p%3D1100530%252C7290%252C900082%252C900033%252C900136%252C900113%252C6895%252C1100015%252C6840%252C6867%26zdbb%3D%26s%3D%26p2%3D1100530%252C7290%252C900082%252C900033%252C900136%252C900113%252C6895%252C1100015%252C6840%252C6867%26fr%3Dfalse%26adt%3DveryLow%26alc%3DveryLow%26dlm%3DveryLow%26drg%3DveryLow%26hat%3DveryLow%26off%3DveryLow%26vio%3DveryLow%26ias-kw%3D&cookie_enabled=1&bc=31&abxe=1&lmt=1581752927&dt=1581752927732&dlt=1581752925006&idt=1400&frm=20&biw=1585&bih=1200&oid=3&adxs=429%2C1031%2C698%2C698%2C308%2C0%2C0%2C0%2C0%2C0%2C0&adys=10%2C699%2C1305%2C1921%2C2850%2C1199%2C1199%2C1199%2C1199%2C1199%2C1199&adks=1816371679%2C3833968141%2C3833968142%2C3833968143%2C3381034896%2C400425361%2C1491668989%2C2350896866%2C2454877891%2C2350319275%2C1850014271&ucis=1%7C2%7C3%7C4%7C5%7C6%7C7%7C8%7C9%7Ca%7Cb&ifi=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.onmsft.com%2F&dssz=48&icsg=17317484314560&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=980x90%7C300x-1%7C300x-1%7C300x-1%7C1080x90%7C1585x3235%7C1585x3235%7C1585x3235%7C1585x3235%7C1585x3235%7C1585x3235&msz=980x90%7C300x-1%7C300x-1%7C300x-1%7C1080x90%7C1x1%7C1x1%7C1x1%7C1x1%7C1x1%7C1x1&ga_vid=334363451.1581752926&ga_sid=1581752928&ga_hid=282085691&fws=0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0&ohw=0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020013001.js?21065540

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s29-in-f2.1e100.net

Software

cafe /

Resource Hash

40f1794e8936ecfb23957a50f50c1875bc0e9d88453887b7943e7cc78007ce58

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
Origin: https://www.onmsft.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36

Response headers

date: Sat, 15 Feb 2020 07:48:48 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2,-2,-2,-2,-2,-2,-2,-2,-2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 8553
x-xss-protection: 0
google-lineitem-id: 174132692,104135972,104135852,104135852,104135732,4910077359,4910077359,4748685738,4910077359,4910077359,4910077359
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 56493660332,138266785517,138268452685,138266415492,138267103837,138256970537,138256970492,138268337176,138256924674,138256924656,138256924680
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.onmsft.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubads_impl_rendering_2020013001.js Show response
securepubads.g.doubleclick.net/gpt/ 66 KB
24 KB 54ms
54ms Script
text/javascript 172.217.18.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020013001.js?21065540

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020013001.js?21065540

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s29-in-f2.1e100.net

Software

sffe /

Resource Hash

ebe54c2b4cdb3fc0bd7bd45b2ce574428f0e970bdd1e9395f50916bce1628cc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 15 Feb 2020 07:48:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 30 Jan 2020 14:09:03 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 24903
x-xss-protection: 0
expires: Sat, 15 Feb 2020 07:48:47 GMT

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ 0
0 6ms
6ms Other
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020013001.js?21065540
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: empty

Response headers

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
58 B 15ms
14ms Image
image/gif 2a00:1450:4001:818::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_sz&pvsid=1821304800037412&r=728x90%7C997x123%7C970x250%7C970x180%7C970x90&w=970&h=250

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Sat, 15 Feb 2020 07:48:48 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 204
cache-control: no-cache, must-revalidate
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 jload Show response
pixel.adsafeprotected.com/ Frame D359 45 KB
13 KB 116ms
53ms Script
application/javascript 54.246.208.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/jload?anId=7529&campId=970x250&pubId=53576252&chanId=194640332&placementId=174132692&pubCreative=56493660332&pubOrder=169870292&cb=1553637558&adsafe_par&impId=9896d770-4fc7-11ea-898a-0661a761d26a
Requested by: Host: www.onmsft.com
URL: https://www.onmsft.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.246.208.255 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-246-208-255.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 18ba591a363b3cd37d19d6884c1ae250b84d106706d403738eb0dab6c9a97a66

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

pragma: no-cache
date: Sat, 15 Feb 2020 07:48:48 GMT
content-encoding: gzip
x-server-name: app29.ie.303net.net
access-control-allow-origin: pixel.adsafeprotected.com
content-type: application/javascript;charset=utf-8
status: 200
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 0E5C 0
0 35ms
34ms Fetch
image/gif 172.217.18.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuGWsyN81tu8Sz_Jx9kUPZvcg6EQCA9rdD112b79ejkTwYfFm2o5BEI1A3s58a1nrE_5GO68FFv61qtXa1EVLRqLAHkivJeZGhB8bhwJYr0sU95yqoSw6LM2ICy78pjj7koSxE0jDn6kWreAogmI42jwpO4-M9A_5nKLoF089E9x9LgosX1PA-tZaMBKX2UvTyBtwY6Bqzr6gPDnpMBQhLxoGPCZp6xYRaHJ_Koz1ET3X29rp7zTbQAomQmtxF63l870Qofbw&sig=Cg0ArKJSzNu9Ud_PuNVrEAE&urlfix=1&adurl=

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s29-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: empty

Response headers

timing-allow-origin: *
date: Sat, 15 Feb 2020 07:48:48 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 0E5C 107 KB
38 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:818::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020013001.js?21065540

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

49acf7723a3f4b4d346dda4daa26f1ab3141abd4d35a6206050dcd695d37e4f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 15 Feb 2020 07:48:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 38680
x-xss-protection: 0
server: cafe
etag: 1127200816610504835
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sat, 15 Feb 2020 07:48:48 GMT

GET
H2 200 osd_listener.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0E5C 72 KB
27 KB 103ms
91ms Script
text/javascript 2a00:1450:4001:815::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020013001.js?21065540

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2bbe4d4e1a168926c878be73ce8e09b71e70f3823575de43e0623a4e2dfb609d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 15 Feb 2020 07:48:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1581337310261798"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 27600
x-xss-protection: 0
expires: Sat, 15 Feb 2020 07:48:48 GMT

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 74 KB
27 KB 55ms
45ms Script
text/javascript 2a00:1450:4001:815::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020013001.js?21065540

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

98338d687e5f0016e85ba80b4de3c9c887e4dd4eb9ea5ac225ef1de42d149eb3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 15 Feb 2020 07:48:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1581337310261798"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 27884
x-xss-protection: 0
expires: Sat, 15 Feb 2020 07:48:48 GMT

GET
H2 200 jload Show response
pixel.adsafeprotected.com/ Frame 1EA8 45 KB
13 KB 120ms
67ms Script
application/javascript 54.246.208.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/jload?anId=7529&campId=300x250&pubId=53576252&chanId=194640332&placementId=104135972&pubCreative=138266785517&pubOrder=169870292&cb=735513030&adsafe_par&impId=9896d771-4fc7-11ea-898a-0661a761d26a
Requested by: Host: www.onmsft.com
URL: https://www.onmsft.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.246.208.255 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-246-208-255.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 7f6bcbd77f48eb8224b03f633a5a29c5588a00b642e86e603e41601eb7da2ef6

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

pragma: no-cache
date: Sat, 15 Feb 2020 07:48:48 GMT
content-encoding: gzip
x-server-name: app30.ie.303net.net
access-control-allow-origin: pixel.adsafeprotected.com
content-type: application/javascript;charset=utf-8
status: 200
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 1E2B 0
0 32ms
31ms Fetch
image/gif 172.217.18.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvu9ygOP0FC8arGKAM8TG0uwJsjvMkF5mOcIcbkco2dH-35Q319HJok8P10dCtBSj0cELJnEW_cGlOwb2Tn7XLzTKBtIkRvvkqpTIwwSbwjVGHMUebBzWFGvKi_Cbt6-IrEEExAgxy4t-IXxHK_g9IcZWVx0SPYADQZH54oEKkTIuadiyVMv6Vv01ZcuSgqNJnj8fIngK9jteGdIiyOhgEmLrgL9ZO5D7xuzeJWw85MUZ67ZkTv253S0xgm6UHrmvoCmYmnHQ&sig=Cg0ArKJSzHkvCU1lWHdnEAE&urlfix=1&adurl=

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s29-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: empty

Response headers

timing-allow-origin: *
date: Sat, 15 Feb 2020 07:48:48 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame 1E2B 43 KB
15 KB 45ms
41ms Script
text/javascript 2a00:1450:4001:815::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020013001.js?21065540

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

da5938edc872a3bb592689c64b4e09e5dad48fe5f280fc714636a0c405bcc0a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 15 Feb 2020 07:48:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "428 / 709 of 1000 / last-modified: 1581701607"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 14535
x-xss-protection: 0
expires: Sat, 15 Feb 2020 07:48:48 GMT

GET
H2 200 osd_listener.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1E2B 72 KB
27 KB 45ms
42ms Script
text/javascript 2a00:1450:4001:815::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020013001.js?21065540

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2bbe4d4e1a168926c878be73ce8e09b71e70f3823575de43e0623a4e2dfb609d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 15 Feb 2020 07:48:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1581337310261798"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 27600
x-xss-protection: 0
expires: Sat, 15 Feb 2020 07:48:48 GMT

GET
H2 200 jload Show response
pixel.adsafeprotected.com/ Frame D56D 45 KB
13 KB 95ms
48ms Script
application/javascript 54.246.208.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/jload?anId=7529&campId=300x250&pubId=53576252&chanId=194640332&placementId=104135852&pubCreative=138268452685&pubOrder=169870292&cb=851639884&adsafe_par&impId=9896d772-4fc7-11ea-898a-0661a761d26a
Requested by: Host: www.onmsft.com
URL: https://www.onmsft.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.246.208.255 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-246-208-255.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 785442dd167ab359cc780916157e2c0409373af3b883188a5b6d3d9bf9fa59ad

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

pragma: no-cache
date: Sat, 15 Feb 2020 07:48:48 GMT
content-encoding: gzip
x-server-name: app28.ie.303net.net
access-control-allow-origin: pixel.adsafeprotected.com
content-type: application/javascript;charset=utf-8
status: 200
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 28AC 0
0 31ms
31ms Fetch
image/gif 172.217.18.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssc78uMg4C0w3UcvYLS65J59idzmeQDgRmYqHqw0SqExX1BtKkZlw2lCZOqHsHOro5cbZIxgtW0ZCseZi2-SKKkZhitftP5ESwJE63YpKK1ieVEZp5BVS11eHFXhOWqsyW7LBwPz319BFWdXE2qATO8WfY45aclOsQhvcEOmsRV0yuOgZsjI6sbzY_hzsSM3wfMYlT4mcE99wZzi5_naQJUxBqJV-_c-IxRh0AtD4lIqHpxDkw_ZD2J6AYhTMs9wKJWFkUrOw&sig=Cg0ArKJSzFqac7eE6uLgEAE&urlfix=1&adurl=

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s29-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: empty

Response headers

timing-allow-origin: *
date: Sat, 15 Feb 2020 07:48:48 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame 28AC 43 KB
14 KB 47ms
47ms Script
text/javascript 2a00:1450:4001:815::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020013001.js?21065540

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0630637c1d2b309e9e1eec0755b10affe7d265890cbc467bf733c554cab8bb75

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 15 Feb 2020 07:48:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "428 / 226 of 1000 / last-modified: 1581701670"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 14535
x-xss-protection: 0
expires: Sat, 15 Feb 2020 07:48:48 GMT

GET
H2 200 osd_listener.js Show response
www.googletagservices.com/activeview/js/current/ Frame 28AC 72 KB
27 KB 44ms
44ms Script
text/javascript 2a00:1450:4001:815::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020013001.js?21065540

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2bbe4d4e1a168926c878be73ce8e09b71e70f3823575de43e0623a4e2dfb609d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 15 Feb 2020 07:48:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1581337310261798"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 27600
x-xss-protection: 0
expires: Sat, 15 Feb 2020 07:48:48 GMT

GET
H2 200 jload Show response
pixel.adsafeprotected.com/ Frame 308E 45 KB
13 KB 112ms
70ms Script
application/javascript 54.246.208.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/jload?anId=7529&campId=300x250&pubId=53576252&chanId=194640332&placementId=104135852&pubCreative=138266415492&pubOrder=169870292&cb=533039939&adsafe_par&impId=9896d773-4fc7-11ea-898a-0661a761d26a
Requested by: Host: www.onmsft.com
URL: https://www.onmsft.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.246.208.255 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-246-208-255.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 81903af7e2edd3f13a367a985ae6ab67b9877067877a51159eae13e923e88a47

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

pragma: no-cache
date: Sat, 15 Feb 2020 07:48:48 GMT
content-encoding: gzip
x-server-name: app17.ie.303net.net
access-control-allow-origin: pixel.adsafeprotected.com
content-type: application/javascript;charset=utf-8
status: 200
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 9BCB 0
0 32ms
31ms Fetch
image/gif 172.217.18.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvzPZfBqkxStY57T1U-7Cjq3qca4cFc2KBptWlxwZyESbW5J8BOPkgDIGUueNd6GOSk9_tVTOd-F1DXK7DfKDFV3tIFrpIdgPjIw34S8loHPCi-n-_V54_1P6SGA4iL-fElbipgfh65dvhpjvWWnyggnvEe-48kprF_umRm8Eft-lKR321N4GhueEdsQNjZLig2Mp8cAOA0P2GDuFMqdjjaluhySEk0pTHsf5PNFyxwOOERhXoU6immAWoOK89_COaRfYesLw&sig=Cg0ArKJSzJ5Zedit0fgxEAE&urlfix=1&adurl=

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s29-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: empty

Response headers

timing-allow-origin: *
date: Sat, 15 Feb 2020 07:48:48 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame 9BCB 43 KB
14 KB 46ms
46ms Script
text/javascript 2a00:1450:4001:815::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020013001.js?21065540

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

da5938edc872a3bb592689c64b4e09e5dad48fe5f280fc714636a0c405bcc0a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 15 Feb 2020 07:48:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "428 / 793 of 1000 / last-modified: 1581701607"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 14535
x-xss-protection: 0
expires: Sat, 15 Feb 2020 07:48:48 GMT

GET
H2 200 osd_listener.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9BCB 72 KB
27 KB 44ms
44ms Script
text/javascript 2a00:1450:4001:815::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020013001.js?21065540

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2bbe4d4e1a168926c878be73ce8e09b71e70f3823575de43e0623a4e2dfb609d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 15 Feb 2020 07:48:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1581337310261798"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 27600
x-xss-protection: 0
expires: Sat, 15 Feb 2020 07:48:48 GMT

GET
H2 200 jload Show response
pixel.adsafeprotected.com/ Frame 2A52 45 KB
13 KB 110ms
73ms Script
application/javascript 54.246.208.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/jload?anId=7529&campId=728x90&pubId=53576252&chanId=194640332&placementId=104135732&pubCreative=138267103837&pubOrder=169870292&cb=1647979942&adsafe_par&impId=9896d774-4fc7-11ea-898a-0661a761d26a
Requested by: Host: www.onmsft.com
URL: https://www.onmsft.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.246.208.255 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-246-208-255.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: fbdbe5dfc8ffea7e21ed96c9e1433eaff04447a874b80c92ec9a6e917a8f3cb4

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

pragma: no-cache
date: Sat, 15 Feb 2020 07:48:48 GMT
content-encoding: gzip
x-server-name: app37.ie.303net.net
access-control-allow-origin: pixel.adsafeprotected.com
content-type: application/javascript;charset=utf-8
status: 200
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 958F 0
0 32ms
32ms Fetch
image/gif 172.217.18.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsse9hBkc_seiC6AQD1DBnarJmzjv-2rP2Lc6k8g2vaE4uzIyI8F__sz-pRK61wp_Qu5uXlgbVsWWt2kIi4DW07cDlFjwpra6bbXLIlgsDJpXjLKfw1eFNfOBIgsP9eaTsGPec1Xmx1_epHHAbrorWUvL-D2w9qc1sS71Vy2cah59kbEqji6OtmTKOiA2_OJQbKAR6qKk1KTpluXn8OKxd5_bajzLZPS6yrCughxgezVHq6m9q2ZzMcxCGOudxNSr0vqPBumMA&sig=Cg0ArKJSzLUxczBUBlifEAE&urlfix=1&adurl=

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s29-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: empty

Response headers

timing-allow-origin: *
date: Sat, 15 Feb 2020 07:48:48 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame 958F 43 KB
14 KB 43ms
43ms Script
text/javascript 2a00:1450:4001:815::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020013001.js?21065540

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dfb93c188942fe1a2887a3b9a6c36b56fc77711f57953976b8cdcbb61bac7a3c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 15 Feb 2020 07:48:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "428 / 123 of 1000 / last-modified: 1581701670"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 14529
x-xss-protection: 0
expires: Sat, 15 Feb 2020 07:48:48 GMT

GET
H2 200 osd_listener.js Show response
www.googletagservices.com/activeview/js/current/ Frame 958F 72 KB
27 KB 43ms
42ms Script
text/javascript 2a00:1450:4001:815::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020013001.js?21065540

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2bbe4d4e1a168926c878be73ce8e09b71e70f3823575de43e0623a4e2dfb609d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 15 Feb 2020 07:48:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1581337310261798"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 27600
x-xss-protection: 0
expires: Sat, 15 Feb 2020 07:48:48 GMT

GET
DATA 200
OK truncated
/ Frame DFD9 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 47416bb10a73f01327feb474399d64569338ad413123895bfcd8252ab3f00f98

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 0D86 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6ea1e6ad306eaa4369aed3176e7fe0dd6d77a6206e01649544c05fbfc639ed5b

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 tag Show response
a.teads.tv/page/92134/ Frame EFC4 1 KB
856 B 82ms
37ms Script
application/javascript 2.18.232.7
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://a.teads.tv/page/92134/tag
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020013001.js?21065540
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.232.7 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-232-7.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: ad47f1dca2f43f35d36dd8d41446dbdb4fe83be15f538264d08b78557d5cfdd2

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 15 Feb 2020 07:48:48 GMT
content-encoding: gzip
access-control-allow-origin: *
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
cache-control: private, must-revalidate, max-age=3600
access-control-allow-credentials: true
content-length: 574
expires: Sat, 15 Feb 2020 08:48:48 GMT

GET
DATA 200
OK truncated
/ Frame EFC4 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5e219e4345628a244cf3eaa95f23c35ca7bfa98968044223557edea2f4bdd6d3

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame DF2B 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 97c0b90a274af448df489559485c02fd74245cd6496e2467e3c47e791f92b6f3

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame CFA0 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c87962d9f4dbcd9c69f6084ee6e789946cb20c37013c6060839e52aba32dcf2b

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame D2D0 208 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b7a839f561f59e4cf6d6f2c7ef36e16ac7ae13f10c93d391bff118a3a3940c64

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
49 B 16ms
15ms Image
image/gif 2a00:1450:4001:818::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_sz&pvsid=1821304800037412&r=970x90%7C728x90%7C997x123&w=728&h=90

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Sat, 15 Feb 2020 07:48:48 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 204
cache-control: no-cache, must-revalidate
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
49 B 16ms
14ms Image
image/gif 2a00:1450:4001:818::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_sz&pvsid=1821304800037412&r=1x1&w=1&h=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Sat, 15 Feb 2020 07:48:48 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 204
cache-control: no-cache, must-revalidate
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 imgad
tpc.googlesyndication.com/pagead/ Frame DFD9 826 B
1 KB 8ms
6ms Image
image/gif 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/imgad?id=CICAgKC70MzDaRABGAEyCOIsQc-mesrW

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ba2ad3ab1a3bc76b2d09ae1becfd7e6bd9d868eecc6af4d2fed12915d1d77315

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

timing-allow-origin: *
date: Tue, 11 Feb 2020 07:38:30 GMT
x-content-type-options: nosniff
server: cafe
age: 346218
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=604800
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 826
x-xss-protection: 0
expires: Tue, 18 Feb 2020 07:38:30 GMT

GET
H2 200 view%3Fxai%3DAKAOjsuaXtDS2Se-kQYEb7b0r1IsJS_x8YQU9Om2VTWdwoeGpEOMnufyxUkmv4DKDCTA7Y2g7QpSk7CD1aOmy6jy6vcuJCfs_ulemYE--U2DMNLgRZn9sMZ0uaIy1caWexUu8icLNSAIG0HWd4k_aBeM9rVc7FMIntX6qvYDrQLB6T4vQwXfie1s...
securepubads.g.doubleclick.net/pcs/ Frame DFD9 0
48 B 35ms
32ms Image
image/gif 172.217.18.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view%3Fxai%3DAKAOjsuaXtDS2Se-kQYEb7b0r1IsJS_x8YQU9Om2VTWdwoeGpEOMnufyxUkmv4DKDCTA7Y2g7QpSk7CD1aOmy6jy6vcuJCfs_ulemYE--U2DMNLgRZn9sMZ0uaIy1caWexUu8icLNSAIG0HWd4k_aBeM9rVc7FMIntX6qvYDrQLB6T4vQwXfie1sDacm4Jty7aYmKM56Z01rjE5RKaTXaDPKHmAmnaED34ZwiiVLL9DyEOGByIqmFBP2nUttKuqsnQzFZlmBJ3cHaM0%26sig%3DCg0ArKJSzMwkHaPspuf6EAE%26urlfix%3D1%26adurl%3D

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s29-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Sat, 15 Feb 2020 07:48:48 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: private
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 imgad
tpc.googlesyndication.com/pagead/ Frame 0D86 826 B
884 B 8ms
6ms Image
image/gif 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/imgad?id=CICAgKC70MzDaRABGAEyCOIsQc-mesrW

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ba2ad3ab1a3bc76b2d09ae1becfd7e6bd9d868eecc6af4d2fed12915d1d77315

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

timing-allow-origin: *
date: Tue, 11 Feb 2020 07:38:30 GMT
x-content-type-options: nosniff
server: cafe
age: 346218
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=604800
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 826
x-xss-protection: 0
expires: Tue, 18 Feb 2020 07:38:30 GMT

GET
H2 200 view%3Fxai%3DAKAOjsvLdvx2cKE2h-Db3FZbOpP2VAt8hwYxfzv3_r3EvYr6i6dHFjAaKerHYSkCsaPlkTmUdIKJXBaw2o9SFFJ0dUsg9a93LM0eXauVsBpSa9HJneeXjWJb4aFfvgsJB015wB8QjE11kbO8Mh78g6i4my3lUsMTQEepSeG40NklBWjI8WnxZjia...
securepubads.g.doubleclick.net/pcs/ Frame 0D86 0
57 B 34ms
31ms Image
image/gif 172.217.18.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view%3Fxai%3DAKAOjsvLdvx2cKE2h-Db3FZbOpP2VAt8hwYxfzv3_r3EvYr6i6dHFjAaKerHYSkCsaPlkTmUdIKJXBaw2o9SFFJ0dUsg9a93LM0eXauVsBpSa9HJneeXjWJb4aFfvgsJB015wB8QjE11kbO8Mh78g6i4my3lUsMTQEepSeG40NklBWjI8WnxZjiaHxtwKo4sU2UfczCufQSRzsE1oH7-eOfAeRtb7DdYkhOdA21X7etEnHohRmwNAbD9JGYZpBIQuCBDZ4kl5OV_dWQ%26sig%3DCg0ArKJSzGUvkNvSuurvEAE%26urlfix%3D1%26adurl%3D

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s29-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Sat, 15 Feb 2020 07:48:48 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: private
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 imgad
tpc.googlesyndication.com/pagead/ Frame DF2B 826 B
884 B 8ms
6ms Image
image/gif 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/imgad?id=CICAgKC70MzDaRABGAEyCOIsQc-mesrW

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ba2ad3ab1a3bc76b2d09ae1becfd7e6bd9d868eecc6af4d2fed12915d1d77315

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

timing-allow-origin: *
date: Tue, 11 Feb 2020 07:38:30 GMT
x-content-type-options: nosniff
server: cafe
age: 346218
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=604800
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 826
x-xss-protection: 0
expires: Tue, 18 Feb 2020 07:38:30 GMT

GET
H2 200 view%3Fxai%3DAKAOjstmx-iHI-2kZ-QoxOeiXtk6PfmxHi0wFLVQYYc1jKjqWZjlZG9n__mTERpN13UrBMrldJ2Rl1BBNDy91l9nbtcEa1TVx1R3gcPNuzj7USPVAdC0mzvlVrp451Korkx_u2zj_y7EWdxNP8dlYyh_yjDSgHZR4bX-fa6HoMp_Blw9zznfd5Nn...
securepubads.g.doubleclick.net/pcs/ Frame DF2B 0
57 B 33ms
31ms Image
image/gif 172.217.18.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view%3Fxai%3DAKAOjstmx-iHI-2kZ-QoxOeiXtk6PfmxHi0wFLVQYYc1jKjqWZjlZG9n__mTERpN13UrBMrldJ2Rl1BBNDy91l9nbtcEa1TVx1R3gcPNuzj7USPVAdC0mzvlVrp451Korkx_u2zj_y7EWdxNP8dlYyh_yjDSgHZR4bX-fa6HoMp_Blw9zznfd5Nn1JAwj-wQtEPweyenoDPFlh74vICzk9-fkFBRazkH4sMBBmmimQC2wkksJenT17fcXuMY03MoBgbelgMn8_07Ds0%26sig%3DCg0ArKJSzDE6ACpdmsMtEAE%26urlfix%3D1%26adurl%3D

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s29-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Sat, 15 Feb 2020 07:48:48 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: private
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 imgad
tpc.googlesyndication.com/pagead/ Frame CFA0 826 B
884 B 8ms
6ms Image
image/gif 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/imgad?id=CICAgKC70MzDaRABGAEyCOIsQc-mesrW

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ba2ad3ab1a3bc76b2d09ae1becfd7e6bd9d868eecc6af4d2fed12915d1d77315

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

timing-allow-origin: *
date: Tue, 11 Feb 2020 07:38:30 GMT
x-content-type-options: nosniff
server: cafe
age: 346218
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=604800
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 826
x-xss-protection: 0
expires: Tue, 18 Feb 2020 07:38:30 GMT

GET
H2 200 view%3Fxai%3DAKAOjsseV1M24b4sX-g_sy0w14I65zXuO_Nx8oK753XxPTZDhDDDBMNh2hIjpcwHUTj7J20pF4sux9_WomFDnsi-uxqZcsD1ienmurAkCvfoRwDkEyt3BOzj2LbwAivXiQbjGPwEFiAN4qypiHotE6WZEhwCLcwbWZC_IQbDjTbKPJUSuNiXbJbr...
securepubads.g.doubleclick.net/pcs/ Frame CFA0 0
57 B 33ms
32ms Image
image/gif 172.217.18.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view%3Fxai%3DAKAOjsseV1M24b4sX-g_sy0w14I65zXuO_Nx8oK753XxPTZDhDDDBMNh2hIjpcwHUTj7J20pF4sux9_WomFDnsi-uxqZcsD1ienmurAkCvfoRwDkEyt3BOzj2LbwAivXiQbjGPwEFiAN4qypiHotE6WZEhwCLcwbWZC_IQbDjTbKPJUSuNiXbJbrq6BpFfD993rFFeCnLaV0DhsgauZ4en3xfvgchIw19yLSLPM7MFiczdW-XE7WEna8pyGIhWEY-in0S_B7R8ltnrI%26sig%3DCg0ArKJSzEYDne4abeRnEAE%26urlfix%3D1%26adurl%3D

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s29-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Sat, 15 Feb 2020 07:48:48 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: private
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 imgad
tpc.googlesyndication.com/pagead/ Frame D2D0 826 B
884 B 8ms
6ms Image
image/gif 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/imgad?id=CICAgKC70MzDaRABGAEyCOIsQc-mesrW

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ba2ad3ab1a3bc76b2d09ae1becfd7e6bd9d868eecc6af4d2fed12915d1d77315

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

timing-allow-origin: *
date: Tue, 11 Feb 2020 07:38:30 GMT
x-content-type-options: nosniff
server: cafe
age: 346218
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=604800
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 826
x-xss-protection: 0
expires: Tue, 18 Feb 2020 07:38:30 GMT

GET
H2 200 view%3Fxai%3DAKAOjssnVYbSauYS6EY-_ZpSHssS_JytjqTYad9aA0IPUiTEvccnHxDCgXZi5sjPIRo6Em4srNHwv0N95nAhSYfM1NaItEnnePAPssqIzy_XsPNL1zSzQL0xjU8bNtJQlQeg5aK9Q4nRd-D_TRqocEnMwIYDHXczpzZzm8aNR3a6A5oUaP32JO_8...
securepubads.g.doubleclick.net/pcs/ Frame D2D0 0
48 B 34ms
32ms Image
image/gif 172.217.18.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view%3Fxai%3DAKAOjssnVYbSauYS6EY-_ZpSHssS_JytjqTYad9aA0IPUiTEvccnHxDCgXZi5sjPIRo6Em4srNHwv0N95nAhSYfM1NaItEnnePAPssqIzy_XsPNL1zSzQL0xjU8bNtJQlQeg5aK9Q4nRd-D_TRqocEnMwIYDHXczpzZzm8aNR3a6A5oUaP32JO_8JOX2NHGA8MXmf7g5YqUFjaMjR9Il5w7EcV4S_4q5fXkKrXKQTSW4RbsTJ076QQmESCkRV52lyrLWZIVqb-RBzqg%26sig%3DCg0ArKJSzHrfB7GeFNY3EAE%26urlfix%3D1%26adurl%3D

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s29-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Sat, 15 Feb 2020 07:48:48 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: private
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 7 KB
6 KB 33ms
18ms XHR
application/json 2a00:1450:4001:815::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2020013001&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020013001.js?21065540

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ea943fbbd905f8d3b496fae7a75b93cf4caccac766be352188af814e17c3903d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
Origin: https://www.onmsft.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Feb 2020 07:48:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 5223
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame 0E5C 109 B
171 B 15ms
15ms Script
application/javascript 2a00:1450:4001:815::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.onmsft.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 15 Feb 2020 07:48:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript; charset=UTF-8
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 104
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 0E5C 109 B
171 B 15ms
14ms Script
application/javascript 2a00:1450:4001:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.onmsft.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 15 Feb 2020 07:48:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript; charset=UTF-8
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 104
x-xss-protection: 0

GET
H2 200 show_ads_impl.js Show response
pagead2.googlesyndication.com/pagead/js/r20200212/r20190131/ Frame 0E5C 252 KB
91 KB 28ms
28ms Script
text/javascript 2a00:1450:4001:818::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20200212/r20190131/show_ads_impl.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

92d0df15e0c6e41bdc0f900c97dc133e1f6a7f262a54eaab91066c3f373969ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 15 Feb 2020 07:48:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 93265
x-xss-protection: 0
server: cafe
etag: 5096638704714503579
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Sat, 15 Feb 2020 07:48:48 GMT

GET
H2 200 zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20200212/r20190131/ Frame 42BF 0
0 5ms
5ms Document
text/html 2a00:1450:4001:818::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20200212/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20200212/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.onmsft.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmuVlQbQqQc4gSJIQxVQ_OADGaHd-SvBRrZAg2-CDP8ePz5APzCE5pZBZs9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.onmsft.com/

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
vary: Accept-Encoding
date: Thu, 13 Feb 2020 01:14:45 GMT
expires: Thu, 27 Feb 2020 01:14:45 GMT
content-type: text/html; charset=UTF-8
etag: 17772678075199185246
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4496
x-xss-protection: 0
cache-control: public, max-age=1209600
age: 196443
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H2 200 pubads_impl_2020013001.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 1E2B 167 KB
61 KB 56ms
55ms Script
text/javascript 172.217.18.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020013001.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s29-in-f2.1e100.net

Software

sffe /

Resource Hash

06349254c3a3832ea81973863ce5873ab441c1b8006ee1cb553425d152fabf88

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 15 Feb 2020 07:48:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 30 Jan 2020 14:09:03 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 62230
x-xss-protection: 0
expires: Sat, 15 Feb 2020 07:48:48 GMT

GET
H2 200 integrator.sync.js Show response
adservice.google.de/adsid/ Frame 1E2B 113 B
178 B 15ms
15ms Script
application/javascript 2a00:1450:4001:815::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.sync.js?domain=www.onmsft.com

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ea03bfd7fdda1eac185ebc3e8e74b33065b04c8e0adc48cbbd4136748dbd2742

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 15 Feb 2020 07:48:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript; charset=UTF-8
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 108
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 21 KB
8 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020013001.js?21065540

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9d6757384f86ea93a46cf05a185da797dd19a39053a0cc6e64759598f2bc05c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 15 Feb 2020 07:48:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1580338855439378"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 8104
x-xss-protection: 0
expires: Sat, 15 Feb 2020 07:48:48 GMT

GET
H2 200 pubads_impl_2020013001.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 28AC 167 KB
61 KB 55ms
55ms Script
text/javascript 172.217.18.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020013001.js?21065540

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s29-in-f2.1e100.net

Software

sffe /

Resource Hash

06349254c3a3832ea81973863ce5873ab441c1b8006ee1cb553425d152fabf88

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 15 Feb 2020 07:48:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 30 Jan 2020 14:09:03 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 62230
x-xss-protection: 0
expires: Sat, 15 Feb 2020 07:48:48 GMT

GET
H2 200 integrator.sync.js Show response
adservice.google.de/adsid/ Frame 28AC 113 B
175 B 15ms
15ms Script
application/javascript 2a00:1450:4001:815::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.sync.js?domain=www.onmsft.com

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ea03bfd7fdda1eac185ebc3e8e74b33065b04c8e0adc48cbbd4136748dbd2742

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 15 Feb 2020 07:48:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript; charset=UTF-8
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 108
x-xss-protection: 0

GET
H2 200 pubads_impl_2020013001.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 9BCB 167 KB
61 KB 56ms
56ms Script
text/javascript 172.217.18.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020013001.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s29-in-f2.1e100.net

Software

sffe /

Resource Hash

06349254c3a3832ea81973863ce5873ab441c1b8006ee1cb553425d152fabf88

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 15 Feb 2020 07:48:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 30 Jan 2020 14:09:03 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 62230
x-xss-protection: 0
expires: Sat, 15 Feb 2020 07:48:48 GMT

GET
H2 200 integrator.sync.js Show response
adservice.google.de/adsid/ Frame 9BCB 113 B
175 B 14ms
14ms Script
application/javascript 2a00:1450:4001:815::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.sync.js?domain=www.onmsft.com

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ea03bfd7fdda1eac185ebc3e8e74b33065b04c8e0adc48cbbd4136748dbd2742

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 15 Feb 2020 07:48:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript; charset=UTF-8
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 108
x-xss-protection: 0

GET
H2 200 pubads_impl_2020021101.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 958F 167 KB
61 KB 63ms
63ms Script
text/javascript 172.217.18.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020021101.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s29-in-f2.1e100.net

Software

sffe /

Resource Hash

52cb3d448ecca364f956f7936bd685d2d1828686f3639ef2b58cc43da91286d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 15 Feb 2020 07:48:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 11 Feb 2020 14:21:18 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 62262
x-xss-protection: 0
expires: Sat, 15 Feb 2020 07:48:48 GMT

GET
H2 200 integrator.sync.js Show response
adservice.google.de/adsid/ Frame 958F 113 B
175 B 15ms
15ms Script
application/javascript 2a00:1450:4001:815::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.sync.js?domain=www.onmsft.com

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ea03bfd7fdda1eac185ebc3e8e74b33065b04c8e0adc48cbbd4136748dbd2742

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 15 Feb 2020 07:48:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript; charset=UTF-8
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 108
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 0E5C 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c2288ed39d4671f12ea6eb4fcd421f3d204b31c374826ea869a42853e226878b

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 main.19.8.50.js Show response
static.adsafeprotected.com/ Frame D56D 167 KB
54 KB 25ms
6ms Script
application/javascript 2600:9000:2156:ac00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.19.8.50.js
Requested by: Host: pixel.adsafeprotected.com
URL: https://pixel.adsafeprotected.com/jload?anId=7529&campId=300x250&pubId=53576252&chanId=194640332&placementId=104135852&pubCreative=138268452685&pubOrder=169870292&cb=851639884&adsafe_par&impId=9896d772-4fc7-11ea-898a-0661a761d26a
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2156:ac00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: adba301b37122df09d391303f25e8f8b71199d775355a3d854839279ca872be2

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Fri, 14 Feb 2020 22:05:04 GMT
content-encoding: gzip
age: 35025
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
status: 200
x-amz-replication-status: COMPLETED
last-modified: Fri, 14 Feb 2020 22:00:20 GMT
server: AmazonS3
vary: Accept-Encoding
x-amz-version-id: Ao2pR2rFmxi_tXlH.ml_FRwSXKPocomL
via: 1.1 ee6ddabcc69c6aa1c28ad24a4a8f86b2.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: FRA50-C1
content-type: application/javascript
x-amz-cf-id: MZIgRqmUjmOfCpHp8zzmuay-C4LFOlCikxZIiC7C77Udk1oAyUVxwA==

GET
H2 200 teads-format.min.js Show response
a.teads.tv/media/format/v3/ 723 KB
190 KB 23ms
23ms Script
text/javascript 2.18.232.7
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://a.teads.tv/media/format/v3/teads-format.min.js
Requested by: Host: a.teads.tv
URL: https://a.teads.tv/page/92134/tag
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.232.7 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-232-7.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 9dde00583784e2fdc1844f508484e07903850efb006e94122b0be49b30789bb1

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 15 Feb 2020 07:48:48 GMT
content-encoding: gzip
last-modified: Thu, 13 Feb 2020 16:07:53 GMT
x-amz-request-id: 070F4225DA04D2C2
etag: "74f4a58acac5f7cbf60016af64ae4250"
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
status: 200
cache-control: private, must-revalidate, max-age=600
x-bucket: 6
accept-ranges: bytes
content-length: 193585
x-amz-id-2: UBiIIeXChd/CvDvnek9XqslbFzqAgkLkRbLuncwCRDpD5txRhMIPBXTk9pYhum2E7LlLb5wORZI=
expires: Sat, 15 Feb 2020 07:58:48 GMT

GET
H2 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/206/ Frame 9194 0
0 6ms
6ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/206/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/206/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.onmsft.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.onmsft.com/

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
content-length: 4624
date: Sat, 15 Feb 2020 02:59:50 GMT
expires: Sun, 14 Feb 2021 02:59:50 GMT
last-modified: Tue, 19 Nov 2019 17:13:16 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 17338
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H2 200 ads
googleads.g.doubleclick.net/pagead/ Frame 42BE 0
0 246ms
246ms Document
text/html 2a00:1450:4001:818::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8086391854971296&output=html&h=90&slotname=4432410839&adk=2035992950&adf=3173046726&w=728&lmt=1581752928&psa=0&npa=1&guci=1.2.0.0.2.1.0.0&format=728x90&url=https%3A%2F%2Fwww.onmsft.com%2F&flash=0&wgl=1&adsid=NT&dt=1581752928371&bpp=14&bdt=81&fdt=102&idt=102&shv=r20200212&cbv=r20190131&ptt=9&saldr=aa&correlator=90005155336&frm=21&ife=4&pv=2&ga_vid=334363451.1581752926&ga_sid=1581752928&ga_hid=879336500&ga_fc=0&iag=3&icsg=682&nhd=1&dssz=13&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=308&ady=10&biw=1585&bih=1200&isw=970&ish=250&ifk=247163955&scr_x=0&scr_y=0&eid=21065305%2C44714170%2C410075106&oid=3&pvsid=1600426327191439&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C970%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=20&bc=31&ifi=1&uci=1.shr2m7y02ako&fsb=1&xpc=ZSHK5YQgGB&p=https%3A//www.onmsft.com&dtd=114

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200212/r20190131/show_ads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-8086391854971296&output=html&h=90&slotname=4432410839&adk=2035992950&adf=3173046726&w=728&lmt=1581752928&psa=0&npa=1&guci=1.2.0.0.2.1.0.0&format=728x90&url=https%3A%2F%2Fwww.onmsft.com%2F&flash=0&wgl=1&adsid=NT&dt=1581752928371&bpp=14&bdt=81&fdt=102&idt=102&shv=r20200212&cbv=r20190131&ptt=9&saldr=aa&correlator=90005155336&frm=21&ife=4&pv=2&ga_vid=334363451.1581752926&ga_sid=1581752928&ga_hid=879336500&ga_fc=0&iag=3&icsg=682&nhd=1&dssz=13&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=308&ady=10&biw=1585&bih=1200&isw=970&ish=250&ifk=247163955&scr_x=0&scr_y=0&eid=21065305%2C44714170%2C410075106&oid=3&pvsid=1600426327191439&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C970%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=20&bc=31&ifi=1&uci=1.shr2m7y02ako&fsb=1&xpc=ZSHK5YQgGB&p=https%3A//www.onmsft.com&dtd=114
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.onmsft.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmuVlQbQqQc4gSJIQxVQ_OADGaHd-SvBRrZAg2-CDP8ePz5APzCE5pZBZs9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.onmsft.com/

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sat, 15 Feb 2020 07:48:48 GMT
server: cafe
content-length: 25255
x-xss-protection: 0
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0E5C 74 KB
27 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:815::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200212/r20190131/show_ads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

98338d687e5f0016e85ba80b4de3c9c887e4dd4eb9ea5ac225ef1de42d149eb3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 15 Feb 2020 07:48:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1581337310261798"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 27884
x-xss-protection: 0
expires: Sat, 15 Feb 2020 07:48:48 GMT

GET
H2 200 main.19.8.50.js Show response
static.adsafeprotected.com/ Frame D359 167 KB
54 KB 6ms
6ms Script
application/javascript 2600:9000:2156:ac00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.19.8.50.js
Requested by: Host: pixel.adsafeprotected.com
URL: https://pixel.adsafeprotected.com/jload?anId=7529&campId=970x250&pubId=53576252&chanId=194640332&placementId=174132692&pubCreative=56493660332&pubOrder=169870292&cb=1553637558&adsafe_par&impId=9896d770-4fc7-11ea-898a-0661a761d26a
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2156:ac00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: adba301b37122df09d391303f25e8f8b71199d775355a3d854839279ca872be2

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Fri, 14 Feb 2020 22:05:04 GMT
content-encoding: gzip
age: 35025
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
status: 200
x-amz-replication-status: COMPLETED
last-modified: Fri, 14 Feb 2020 22:00:20 GMT
server: AmazonS3
vary: Accept-Encoding
x-amz-version-id: Ao2pR2rFmxi_tXlH.ml_FRwSXKPocomL
via: 1.1 ee6ddabcc69c6aa1c28ad24a4a8f86b2.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: FRA50-C1
content-type: application/javascript
x-amz-cf-id: 0HuyiF-P4ByyID_9HYX_eYkF8H4gXU6dz5P9r7-zVlk0Zj2edPZ41A==

GET
H2 200 main.19.8.50.js Show response
static.adsafeprotected.com/ Frame 1EA8 167 KB
54 KB 8ms
8ms Script
application/javascript 2600:9000:2156:ac00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.19.8.50.js
Requested by: Host: pixel.adsafeprotected.com
URL: https://pixel.adsafeprotected.com/jload?anId=7529&campId=300x250&pubId=53576252&chanId=194640332&placementId=104135972&pubCreative=138266785517&pubOrder=169870292&cb=735513030&adsafe_par&impId=9896d771-4fc7-11ea-898a-0661a761d26a
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2156:ac00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: adba301b37122df09d391303f25e8f8b71199d775355a3d854839279ca872be2

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Fri, 14 Feb 2020 22:05:04 GMT
content-encoding: gzip
age: 35025
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
status: 200
x-amz-replication-status: COMPLETED
last-modified: Fri, 14 Feb 2020 22:00:20 GMT
server: AmazonS3
vary: Accept-Encoding
x-amz-version-id: Ao2pR2rFmxi_tXlH.ml_FRwSXKPocomL
via: 1.1 ee6ddabcc69c6aa1c28ad24a4a8f86b2.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: FRA50-C1
content-type: application/javascript
x-amz-cf-id: IX742p9IaFp9xPVc1qz4xd4DQpQLY3O9syN9oLLjS3RDvRDIeYYPuA==

GET
H2 200 main.19.8.50.js Show response
static.adsafeprotected.com/ Frame 308E 167 KB
54 KB 10ms
10ms Script
application/javascript 2600:9000:2156:ac00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.19.8.50.js
Requested by: Host: pixel.adsafeprotected.com
URL: https://pixel.adsafeprotected.com/jload?anId=7529&campId=300x250&pubId=53576252&chanId=194640332&placementId=104135852&pubCreative=138266415492&pubOrder=169870292&cb=533039939&adsafe_par&impId=9896d773-4fc7-11ea-898a-0661a761d26a
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2156:ac00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: adba301b37122df09d391303f25e8f8b71199d775355a3d854839279ca872be2

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Fri, 14 Feb 2020 22:05:04 GMT
content-encoding: gzip
age: 35025
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
status: 200
x-amz-replication-status: COMPLETED
last-modified: Fri, 14 Feb 2020 22:00:20 GMT
server: AmazonS3
vary: Accept-Encoding
x-amz-version-id: Ao2pR2rFmxi_tXlH.ml_FRwSXKPocomL
via: 1.1 ee6ddabcc69c6aa1c28ad24a4a8f86b2.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: FRA50-C1
content-type: application/javascript
x-amz-cf-id: xLS79LHXnJaWnjbrfvGcAIScaPWz7G7zZqwul7L8Jm1zBD48WgHQag==

GET
H2 200 main.19.8.50.js Show response
static.adsafeprotected.com/ Frame 2A52 167 KB
54 KB 8ms
8ms Script
application/javascript 2600:9000:2156:ac00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.19.8.50.js
Requested by: Host: pixel.adsafeprotected.com
URL: https://pixel.adsafeprotected.com/jload?anId=7529&campId=728x90&pubId=53576252&chanId=194640332&placementId=104135732&pubCreative=138267103837&pubOrder=169870292&cb=1647979942&adsafe_par&impId=9896d774-4fc7-11ea-898a-0661a761d26a
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2156:ac00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: adba301b37122df09d391303f25e8f8b71199d775355a3d854839279ca872be2

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Fri, 14 Feb 2020 22:05:04 GMT
content-encoding: gzip
age: 35025
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
status: 200
x-amz-replication-status: COMPLETED
last-modified: Fri, 14 Feb 2020 22:00:20 GMT
server: AmazonS3
vary: Accept-Encoding
x-amz-version-id: Ao2pR2rFmxi_tXlH.ml_FRwSXKPocomL
via: 1.1 ee6ddabcc69c6aa1c28ad24a4a8f86b2.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: FRA50-C1
content-type: application/javascript
x-amz-cf-id: zJ1itNxZaRpwxQ6C_zbT5gh8P7ObYwI5dq54lknJ_iixaFh86uuGWA==

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 1E2B 39 KB
10 KB 355ms
355ms XHR
text/plain 172.217.18.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1102090168489337&correlator=3087894475624920&output=ldjh&impl=fif&eid=21065400%2C21062452%2C21065380%2C21065390&vrg=2020013001&npa=1&guci=1.2.0.0.2.1.0.0&sc=1&sfv=1-0-37&ecs=20200215&iu=%2F8095840%2F.2_7550.4_onmsft.com_tier1&sz=300x250&eri=2&cookie=ID%3D71370a71f4b2783e%3AT%3D1581752927%3AS%3DALNI_MbGUs8Ag8ew4GlKM2kfaLfuvwzJlQ&cdm=www.onmsft.com&bc=31&abxe=1&lmt=1581752928&dt=1581752928546&dlt=1581752928303&idt=221&ea=0&frm=23&biw=1585&bih=1200&isw=300&ish=250&oid=3&adx=1031&ady=859&adk=358651622&uci=6airmnclo33b&ifi=1&ifk=1441198204&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&iag=3&url=https%3A%2F%2Fwww.onmsft.com%2F&top=https%3A%2F%2Fwww.onmsft.com%2F&dssz=7&icsg=10&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&ga_vid=334363451.1581752926&ga_sid=1581752929&ga_hid=1641181699&fws=256&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020013001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s29-in-f2.1e100.net

Software

cafe /

Resource Hash

175e48363c0039f76872876da5cb8ceeedb591b268c938926843650a6f32fdf1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
Origin: https://www.onmsft.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36

Response headers

date: Sat, 15 Feb 2020 07:48:48 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 10028
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.onmsft.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubads_impl_rendering_2020013001.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 1E2B 66 KB
24 KB 53ms
53ms Script
text/javascript 172.217.18.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020013001.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020013001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s29-in-f2.1e100.net

Software

sffe /

Resource Hash

ebe54c2b4cdb3fc0bd7bd45b2ce574428f0e970bdd1e9395f50916bce1628cc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 15 Feb 2020 07:48:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 30 Jan 2020 14:09:03 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 24903
x-xss-protection: 0
expires: Sat, 15 Feb 2020 07:48:48 GMT

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ Frame 1E2B 0
0 6ms
6ms Other
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020013001.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: empty

Response headers

GET
DATA 200
OK truncated
/ Frame 1E2B 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 46db8aa849efbb74eea827e43ed1ec0ec29b1764bb69a00468804e50360a24d3

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 28AC 39 KB
10 KB 294ms
294ms XHR
text/plain 172.217.18.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4055240812738377&correlator=3533762393819316&output=ldjh&impl=fif&eid=21065540%2C21065304&vrg=2020013001&npa=1&guci=1.2.0.0.2.1.0.0&sc=1&sfv=1-0-37&ecs=20200215&iu=%2F8095840%2F.2_7550.4_onmsft.com_tier1&sz=300x250&eri=2&cookie=ID%3D71370a71f4b2783e%3AT%3D1581752927%3AS%3DALNI_MbGUs8Ag8ew4GlKM2kfaLfuvwzJlQ&cdm=www.onmsft.com&bc=31&abxe=1&lmt=1581752928&dt=1581752928565&dlt=1581752928310&idt=250&ea=0&frm=23&biw=1585&bih=1200&isw=300&ish=250&oid=3&adx=698&ady=1465&adk=358651622&uci=iact0scyur3&ifi=1&ifk=3111486697&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&iag=3&url=https%3A%2F%2Fwww.onmsft.com%2F&top=https%3A%2F%2Fwww.onmsft.com%2F&dssz=7&icsg=10&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&ga_vid=334363451.1581752926&ga_sid=1581752929&ga_hid=720354629&fws=256&ohw=0&btvi=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020013001.js?21065540

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s29-in-f2.1e100.net

Software

cafe /

Resource Hash

72f0529b469bf6d09356fd7ea2fb765b3ca92983dc222e9612690da4d3df71b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
Origin: https://www.onmsft.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36

Response headers

date: Sat, 15 Feb 2020 07:48:48 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 10072
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.onmsft.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubads_impl_rendering_2020013001.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 28AC 66 KB
24 KB 56ms
56ms Script
text/javascript 172.217.18.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020013001.js?21065540

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020013001.js?21065540

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s29-in-f2.1e100.net

Software

sffe /

Resource Hash

ebe54c2b4cdb3fc0bd7bd45b2ce574428f0e970bdd1e9395f50916bce1628cc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 15 Feb 2020 07:48:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 30 Jan 2020 14:09:03 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 24903
x-xss-protection: 0
expires: Sat, 15 Feb 2020 07:48:48 GMT

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ Frame 28AC 0
0 6ms
6ms Other
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020013001.js?21065540
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: empty

Response headers

GET
DATA 200
OK truncated
/ Frame 28AC 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 80fca33137f9069475eab1a18a57de336d6fd32c3ca4622caf170f8b6bdd09fb

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 9BCB 39 KB
10 KB 292ms
292ms XHR
text/plain 172.217.18.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=458819588129666&correlator=2436269372611063&output=ldjh&impl=fif&eid=21063635%2C21065369%2C21065304%2C21065305&vrg=2020013001&npa=1&guci=1.2.0.0.2.1.0.0&sc=1&sfv=1-0-37&ecs=20200215&iu=%2F8095840%2F.2_7550.4_onmsft.com_tier1&sz=300x250&eri=2&cookie=ID%3D71370a71f4b2783e%3AT%3D1581752927%3AS%3DALNI_MbGUs8Ag8ew4GlKM2kfaLfuvwzJlQ&cdm=www.onmsft.com&bc=31&abxe=1&lmt=1581752928&dt=1581752928584&dlt=1581752928315&idt=260&ea=0&frm=23&biw=1585&bih=1200&isw=300&ish=250&oid=3&adx=698&ady=2081&adk=358651622&uci=6bhxzrh36mq1&ifi=1&ifk=2560431537&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&iag=3&url=https%3A%2F%2Fwww.onmsft.com%2F&top=https%3A%2F%2Fwww.onmsft.com%2F&dssz=7&icsg=10&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&ga_vid=334363451.1581752926&ga_sid=1581752929&ga_hid=1469145527&fws=256&ohw=0&btvi=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020013001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s29-in-f2.1e100.net

Software

cafe /

Resource Hash

a67112ea9a57e9d11c94cd473e2deb3cce1d83650859047d6552901ad199d7ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
Origin: https://www.onmsft.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36

Response headers

date: Sat, 15 Feb 2020 07:48:48 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 10024
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.onmsft.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubads_impl_rendering_2020013001.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 9BCB 66 KB
24 KB 53ms
53ms Script
text/javascript 172.217.18.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020013001.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020013001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s29-in-f2.1e100.net

Software

sffe /

Resource Hash

ebe54c2b4cdb3fc0bd7bd45b2ce574428f0e970bdd1e9395f50916bce1628cc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 15 Feb 2020 07:48:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 30 Jan 2020 14:09:03 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 24903
x-xss-protection: 0
expires: Sat, 15 Feb 2020 07:48:48 GMT

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ Frame 9BCB 0
0 6ms
6ms Other
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020013001.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: empty

Response headers

GET
DATA 200
OK truncated
/ Frame 9BCB 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9351b88726e78688b1699b41b23dbfc51f4d167ec8b373828698e5619a063993

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 958F 38 KB
10 KB 277ms
277ms XHR
text/plain 172.217.18.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4140613113853579&correlator=3070754447958124&output=ldjh&impl=fif&eid=21065541%2C21065305&vrg=2020021101&npa=1&guci=1.2.0.0.2.1.0.0&sc=1&sfv=1-0-37&ecs=20200215&iu=%2F8095840%2F.2_7619.3_onmsft.com_tier1&sz=728x90&eri=2&cookie=ID%3D71370a71f4b2783e%3AT%3D1581752927%3AS%3DALNI_MbGUs8Ag8ew4GlKM2kfaLfuvwzJlQ&cdm=www.onmsft.com&bc=31&abxe=1&lmt=1581752928&dt=1581752928616&dlt=1581752928320&idt=287&ea=0&frm=23&biw=1585&bih=1200&isw=728&ish=90&oid=3&adx=429&ady=3010&adk=1060057622&uci=8rcjeyd3nrfl&ifi=1&ifk=2637151928&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&iag=3&url=https%3A%2F%2Fwww.onmsft.com%2F&top=https%3A%2F%2Fwww.onmsft.com%2F&dssz=7&icsg=10&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&ga_vid=334363451.1581752926&ga_sid=1581752929&ga_hid=1085869893&fws=256&ohw=0&btvi=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020021101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s29-in-f2.1e100.net

Software

cafe /

Resource Hash

c128f43e25ed58a31f6e5bb917241ac71cab4902848e3bf8caa9da7731dbd242

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
Origin: https://www.onmsft.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36

Response headers

date: Sat, 15 Feb 2020 07:48:48 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 9829
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.onmsft.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubads_impl_rendering_2020021101.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 958F 66 KB
24 KB 54ms
53ms Script
text/javascript 172.217.18.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020021101.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020021101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s29-in-f2.1e100.net

Software

sffe /

Resource Hash

2833cc2a0284a7f438e5d735cf1bbaa97f98f4303ef534e38a492f5b0b1a38f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 15 Feb 2020 07:48:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 11 Feb 2020 14:21:18 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 24889
x-xss-protection: 0
expires: Sat, 15 Feb 2020 07:48:48 GMT

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ Frame 958F 0
0 6ms
6ms Other
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020021101.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: empty

Response headers

GET
DATA 200
OK truncated
/ Frame 958F 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dd2553025d0df007bd1d02be207c5a75e9c781e2901677c2b95bbca471c7305c

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 sca.17.4.114.js Show response
static.adsafeprotected.com/ Frame 2322 81 KB
22 KB 6ms
6ms Script
application/javascript 2600:9000:2156:ac00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.4.114.js
Requested by: Host: www.onmsft.com
URL: https://www.onmsft.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2156:ac00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ad9ae0374e0334d2511e951a2381a164fa87ce86594fc027d25a8624774c3c96

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Mon, 13 Jan 2020 23:54:57 GMT
content-encoding: gzip
age: 2793232
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
status: 200
x-amz-replication-status: COMPLETED
last-modified: Mon, 13 Jan 2020 23:54:54 GMT
server: AmazonS3
vary: Accept-Encoding
x-amz-version-id: gSPddsS9N0PGtUp2YQy7vCAfLQOR874Z
via: 1.1 ee6ddabcc69c6aa1c28ad24a4a8f86b2.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: FRA50-C1
content-type: application/javascript
x-amz-cf-id: xffhZvviYs2GCGXNEhwHy3x7kCEp34SHGX5pDOOMbkezwq_tdJ6OPA==

GET
H2 200 mon
pixel.adsafeprotected.com/ 43 B
216 B 33ms
32ms Image
image/gif 54.246.208.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.adsafeprotected.com/mon?anId=7529&campId=970x250&pubId=53576252&chanId=194640332&placementId=174132692&pubCreative=56493660332&pubOrder=169870292&cb=1553637558&adsafe_par&impId=9896d770-4fc7-11ea-898a-0661a761d26a&adsafe_url=https%3A%2F%2Fwww.onmsft.com%2F&adsafe_type=abdfq&adsafe_jsinfo=,id:4127ccda-2376-b9d3-11f3-42f07f8f3d81,c:4hgMtP,sl:inView,em:true,fr:true,mn:app29ie,pt:1-5-15,wc:0.0.1600.1200,ac:308.10.970.250,am:i,cc:308.10.970.250,piv:100,obst:0,th:0,reas:,br:u,abv:na,an:n,oam:0,scm:publ1.grpm1,fm:rQym5G9+11|12|13|14|15|16|17*.7529|171|1721|173|181|191|1a1|1b1|1c|1d|1e|1f|1g|1h|1i|1j,idMap:17*,pl:,rend:1,renddet:DIV.qs.sn,rmeas:1,es:0,sc:1,ha:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,tt:jload,thd:1,et:145,oid:99b03788-4fc7-11ea-9023-029678ec52b8,v:19.8.50,sp:1,wr:1600.1200,sr:1600.1200,ov:0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.246.208.255 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-246-208-255.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Sat, 15 Feb 2020 07:48:48 GMT
x-server-name: app18.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
status: 200
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 422ms
133ms Image
image/gif 104.244.37.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=7529&asId=4127ccda-2376-b9d3-11f3-42f07f8f3d81&tv={c:4hgMtS,pingTime:-8,time:147,type:l,es:0,sc:1,ha:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:147,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:144,wc:0.0.1600.1200,ac:308.10.970.250,am:i,cc:308.10.970.250,piv:100,obst:0,th:0,reas:,bkn:{piv:[15~100],as:[15~970.250]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:0,fm:rQym5G9+11|12|13|14|15|16|17*.7529|171|1721|173|181|191|1a1|1b1|1c|1d|1e|1f|1g|1h|1i|1j,idMap:17*,rend:1,renddet:DIV.qs.sn,rmeas:1}&br=u
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: daldt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Pragma: no-cache
Date: Sat, 15 Feb 2020 07:48:49 GMT
X-Server-Name: dt03dal.dal.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H2 200 sca.17.4.114.js Show response
static.adsafeprotected.com/ Frame 1ECB 81 KB
22 KB 6ms
6ms Script
application/javascript 2600:9000:2156:ac00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.4.114.js
Requested by: Host: www.onmsft.com
URL: https://www.onmsft.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2156:ac00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ad9ae0374e0334d2511e951a2381a164fa87ce86594fc027d25a8624774c3c96

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Mon, 13 Jan 2020 23:54:57 GMT
content-encoding: gzip
age: 2793232
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
status: 200
x-amz-replication-status: COMPLETED
last-modified: Mon, 13 Jan 2020 23:54:54 GMT
server: AmazonS3
vary: Accept-Encoding
x-amz-version-id: gSPddsS9N0PGtUp2YQy7vCAfLQOR874Z
via: 1.1 ee6ddabcc69c6aa1c28ad24a4a8f86b2.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: FRA50-C1
content-type: application/javascript
x-amz-cf-id: DgDkRMUanE9GAd8qF0_cQNimMf-GeUhqNw7UX5v0gEO6Uq6QLgbeTw==

GET
H2 200 mon
pixel.adsafeprotected.com/ 43 B
215 B 33ms
33ms Image
image/gif 54.246.208.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.adsafeprotected.com/mon?anId=7529&campId=300x250&pubId=53576252&chanId=194640332&placementId=104135972&pubCreative=138266785517&pubOrder=169870292&cb=735513030&adsafe_par&impId=9896d771-4fc7-11ea-898a-0661a761d26a&adsafe_url=https%3A%2F%2Fwww.onmsft.com%2F&adsafe_type=abdfq&adsafe_jsinfo=,id:441c61c2-884a-dd27-e625-73b2fb4f5a21,c:4hgMug,sl:inView,em:true,fr:true,mn:app30ie,pt:1-5-15,wc:0.0.1600.1200,ac:1031.859.300.250,am:i,cc:1031.859.300.250,piv:100,obst:0,th:0,reas:,br:u,abv:na,an:n,oam:0,scm:publ1.grpm1,fm:rQym5Gb+11|12|13|14|15|16|171|1721|173|174|18*.7529|181|191|1a1|1b1|1c|1d|1e|1f|1g|1h|1i|1j,idMap:18*,pl:,rend:1,renddet:IMG.qs,rmeas:1,es:0,sc:1,ha:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,tt:jload,thd:1,et:169,oid:99b03725-4fc7-11ea-9ccf-0a62cd1421ac,v:19.8.50,sp:1,wr:1600.1200,sr:1600.1200,ov:0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.246.208.255 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-246-208-255.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Sat, 15 Feb 2020 07:48:48 GMT
x-server-name: app20.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
status: 200
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 wigo-no-slot
sync.teads.tv/ Frame B01E 0
0 128ms
60ms Document
text/html 23.45.108.93
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.teads.tv/wigo-no-slot
Requested by: Host: a.teads.tv
URL: https://a.teads.tv/media/format/v3/teads-format.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.45.108.93 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-45-108-93.deploy.static.akamaitechnologies.com
Software: akka-http/10.1.5 /
Resource Hash

Request headers

:method: GET
:authority: sync.teads.tv
:scheme: https
:path: /wigo-no-slot
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.onmsft.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: tt_viewer=65291457-c428-40d3-854c-e976abca9993
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.onmsft.com/

Response headers

status: 200
content-type: text/html; charset=UTF-8
server: akka-http/10.1.5
content-length: 325
expires: Sat, 15 Feb 2020 07:48:48 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sat, 15 Feb 2020 07:48:48 GMT

GET
H2 200 wigo-no-slot
sync.teads.tv/ Frame 94B3 0
0 121ms
61ms Document
text/html 23.45.108.93
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.teads.tv/wigo-no-slot
Requested by: Host: a.teads.tv
URL: https://a.teads.tv/media/format/v3/teads-format.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.45.108.93 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-45-108-93.deploy.static.akamaitechnologies.com
Software: akka-http/10.1.5 /
Resource Hash

Request headers

:method: GET
:authority: sync.teads.tv
:scheme: https
:path: /wigo-no-slot
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.onmsft.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: tt_viewer=65291457-c428-40d3-854c-e976abca9993
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.onmsft.com/

Response headers

status: 200
content-type: text/html; charset=UTF-8
server: akka-http/10.1.5
content-length: 325
expires: Sat, 15 Feb 2020 07:48:48 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sat, 15 Feb 2020 07:48:48 GMT

GET
H/1.1 200
OK p
sb.scorecardresearch.com/ 43 B
589 B 21ms
20ms Image
image/gif 23.43.115.95
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/p?c1=2&c2=17198971&ns_ap_sv=2.1511.10&ns_type=hidden&ns_st_it=a&ns_st_sv=4.0.0&ns_st_ad=1&ns_st_sq=1&ns_st_id=1581752928722&ns_st_ec=1&ns_st_cn=1&ns_st_ev=play&ns_st_ct=va00&ns_st_cl=0&ns_st_pt=0&c3=*null&c4=*null&c6=*null&ns_ts=81330968&cs_ucfr=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.43.115.95 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-43-115-95.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Pragma: no-cache
Date: Sat, 15 Feb 2020 07:48:48 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H2 200 track
t.teads.tv/ 23 B
157 B 112ms
64ms Image
image/gif 92.122.254.4
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.teads.tv/track?action=placementCall&ts=1581752928720&pageId=92134&pid=99837&env=js-web&pfid=[pfid]&f=1&fv=227
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 92.122.254.4 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a92-122-254-4.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

status: 200
pragma: no-cache
date: Sat, 15 Feb 2020 07:48:48 GMT
cache-control: max-age=0, no-cache, no-store
content-type: image/gif
content-length: 23
expires: Sat, 15 Feb 2020 07:48:48 GMT

GET
H2 200 track
t.teads.tv/ 23 B
157 B 83ms
35ms Image
image/gif 92.122.254.4
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.teads.tv/track?action=noSlot-selector&ts=1581752928720&pageId=92134&pid=99837&env=js-web&pfid=[pfid]&f=1&slot=native&fv=227
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 92.122.254.4 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a92-122-254-4.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

status: 200
pragma: no-cache
date: Sat, 15 Feb 2020 07:48:48 GMT
cache-control: max-age=0, no-cache, no-store
content-type: image/gif
content-length: 23
expires: Sat, 15 Feb 2020 07:48:48 GMT

GET
H/1.1 200
OK p
sb.scorecardresearch.com/ 43 B
589 B 43ms
21ms Image
image/gif 23.43.115.95
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/p?c1=2&c2=17198971&ns_ap_sv=2.1511.10&ns_type=hidden&ns_st_it=a&ns_st_sv=4.0.0&ns_st_ad=1&ns_st_sq=1&ns_st_id=1581752928735&ns_st_ec=1&ns_st_cn=1&ns_st_ev=play&ns_st_ct=va00&ns_st_cl=0&ns_st_pt=0&c3=*null&c4=*null&c6=*null&ns_ts=31493712&cs_ucfr=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.43.115.95 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-43-115-95.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Pragma: no-cache
Date: Sat, 15 Feb 2020 07:48:48 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H2 200 track
t.teads.tv/ 23 B
157 B 110ms
62ms Image
image/gif 92.122.254.4
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.teads.tv/track?action=placementCall&ts=1581752928733&pageId=92134&pid=109962&env=js-web&pfid=[pfid]&f=1&fv=227
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 92.122.254.4 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a92-122-254-4.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

status: 200
pragma: no-cache
date: Sat, 15 Feb 2020 07:48:48 GMT
cache-control: max-age=0, no-cache, no-store
content-type: image/gif
content-length: 23
expires: Sat, 15 Feb 2020 07:48:48 GMT

GET
H2 200 track
t.teads.tv/ 23 B
157 B 113ms
65ms Image
image/gif 92.122.254.4
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.teads.tv/track?action=noSlot-selector&ts=1581752928733&pageId=92134&pid=109962&env=js-web&pfid=[pfid]&f=1&slot=native&fv=227
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 92.122.254.4 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a92-122-254-4.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

status: 200
pragma: no-cache
date: Sat, 15 Feb 2020 07:48:48 GMT
cache-control: max-age=0, no-cache, no-store
content-type: image/gif
content-length: 23
expires: Sat, 15 Feb 2020 07:48:48 GMT

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 410ms
137ms Image
image/gif 104.244.37.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=7529&asId=4127ccda-2376-b9d3-11f3-42f07f8f3d81&tv={c:4hgMvN,pingTime:0,time:266,type:pf,clog:[{piv:100,vs:i,r:,w:970,h:250,t:144}],es:0,sc:1,ha:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:266,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:144,wc:0.0.1600.1200,ac:308.10.970.250,am:i,cc:308.10.970.250,piv:100,obst:0,th:0,reas:,bkn:{piv:[134~100],as:[134~970.250]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:0,fm:rQym5G9+11|12|13|14|15|16|17*.7529|171|1721|173|181|191|1a1|1b1|1c|1d|1e|1f|1g|1h|1i|1j,idMap:17*,rend:1,renddet:DIV.qs.sn,rmeas:1}&br=u
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: daldt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Pragma: no-cache
Date: Sat, 15 Feb 2020 07:48:49 GMT
X-Server-Name: dt37dal.dal.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H2 200 sca.17.4.114.js Show response
static.adsafeprotected.com/ Frame 0866 81 KB
22 KB 6ms
6ms Script
application/javascript 2600:9000:2156:ac00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.4.114.js
Requested by: Host: www.onmsft.com
URL: https://www.onmsft.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2156:ac00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ad9ae0374e0334d2511e951a2381a164fa87ce86594fc027d25a8624774c3c96

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Mon, 13 Jan 2020 23:54:57 GMT
content-encoding: gzip
age: 2793232
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
status: 200
x-amz-replication-status: COMPLETED
last-modified: Mon, 13 Jan 2020 23:54:54 GMT
server: AmazonS3
vary: Accept-Encoding
x-amz-version-id: gSPddsS9N0PGtUp2YQy7vCAfLQOR874Z
via: 1.1 ee6ddabcc69c6aa1c28ad24a4a8f86b2.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: FRA50-C1
content-type: application/javascript
x-amz-cf-id: pz0hjF0PyCRw87dseo_wcZUTSOSLddWw9rUzh4iuiDEtZd8JRKvzBQ==

GET
H2 200 mon
pixel.adsafeprotected.com/ 43 B
216 B 58ms
57ms Image
image/gif 54.246.208.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.adsafeprotected.com/mon?anId=7529&campId=300x250&pubId=53576252&chanId=194640332&placementId=104135852&pubCreative=138268452685&pubOrder=169870292&cb=851639884&adsafe_par&impId=9896d772-4fc7-11ea-898a-0661a761d26a&adsafe_url=https%3A%2F%2Fwww.onmsft.com%2F&adsafe_type=abdfq&adsafe_jsinfo=,id:88e36a07-22d9-e6c6-29fb-f036c37fe1c3,c:4hgMw9,sl:outOfView,em:true,fr:true,mn:app28ie,pt:1-5-15,wc:0.0.1600.1200,ac:698.1465.300.250,am:i,cc:698.1465.300.250,piv:0,obst:0,th:0,reas:l,br:u,abv:na,an:n,oam:0,scm:publ1.grpm1,fm:rQym5Fq+11|12|13|14|15|16|171|1721|173|174|175|181|182|19*.7529|191|1a1|1b1|1c|1d|1e|1f|1g|1h|1i|1j|1k|1l,idMap:19*,pl:,rend:1,renddet:IMG.qs,rmeas:1,es:0,sc:1,ha:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,tt:jload,thd:1,et:333,oid:99b036c8-4fc7-11ea-a7d6-0655dc500db4,v:19.8.50,sp:1,wr:1600.1200,sr:1600.1200,ov:0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.246.208.255 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-246-208-255.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Sat, 15 Feb 2020 07:48:48 GMT
x-server-name: app09.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
status: 200
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 398ms
133ms Image
image/gif 104.244.37.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=7529&asId=441c61c2-884a-dd27-e625-73b2fb4f5a21&tv={c:4hgMwh,pingTime:0,time:295,type:pf,clog:[{piv:100,vs:i,r:,w:300,h:250,t:169}],es:0,sc:1,ha:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:295,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:169,wc:0.0.1600.1200,ac:1031.859.300.250,am:i,cc:1031.859.300.250,piv:100,obst:0,th:0,reas:,bkn:{piv:[139~100],as:[139~300.250]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:0,fm:rQym5G9+11|12|13|14|15|16|17.7529|171|1721|173|174|18*.7529|181|191|1a1|1b1|1c|1d|1e|1f|1g|1h|1i|1j,idMap:18*,rend:1,renddet:IMG.qs,rmeas:1}&br=u
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: daldt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Pragma: no-cache
Date: Sat, 15 Feb 2020 07:48:49 GMT
X-Server-Name: dt55dal.dal.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
57 B 14ms
14ms Image
image/gif 2a00:1450:4001:818::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=206&t=2&li=gpt_2020013001&jk=1821304800037412&bg=!u7iluKBYD0Dp3x9CV7kCAAAANFIAAAAImQFa0e2z0ScwKcMEtfEz-DJdNIBKhHOmn_Wi8hpXAq6I9IlwZBVTf_UzY5Fag5L35Er1ebxLUmg0VV-dQQroatU4Y0He10yPJ5YK5utRsJ6V1tYPCOoHEktXuSYgL2fGMlr2oi8DxUAuwiaQoBPUEt1iqrF40O2HCnXBT_e7YjhB2uw8xbH0mbdDrUhsfJVh-0yNZ27iBLJdCt-P65zPpfzaHjyNvLVJ8ibSI1mUShPsg5kN-lX9e1J_SapIgQsoOFG9ckqXE0AXbrppcEhOm56IPuC9ZLKunm0Fztldu3Tw3Ccjh53ZPyeZz57v14NWCNzjmhc_QIn2FCVH-I0GDB8IG1jFnmOEMRKMnOn8_OWpiEgXixPZmpfjs91KzQhdDgte5vdlRXZmwRlXkn1KAJb62lFYC-afdGrIf6DcZr8NVMrSmADC4dY0zx_QS2j4i326EQHpxIw1xnnouQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Sat, 15 Feb 2020 07:48:48 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 204
cache-control: no-cache, must-revalidate
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sca.17.4.114.js Show response
static.adsafeprotected.com/ Frame 5CAE 81 KB
22 KB 6ms
6ms Script
application/javascript 2600:9000:2156:ac00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.4.114.js
Requested by: Host: www.onmsft.com
URL: https://www.onmsft.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2156:ac00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ad9ae0374e0334d2511e951a2381a164fa87ce86594fc027d25a8624774c3c96

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Mon, 13 Jan 2020 23:54:57 GMT
content-encoding: gzip
age: 2793232
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
status: 200
x-amz-replication-status: COMPLETED
last-modified: Mon, 13 Jan 2020 23:54:54 GMT
server: AmazonS3
vary: Accept-Encoding
x-amz-version-id: gSPddsS9N0PGtUp2YQy7vCAfLQOR874Z
via: 1.1 ee6ddabcc69c6aa1c28ad24a4a8f86b2.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: FRA50-C1
content-type: application/javascript
x-amz-cf-id: BdlvVvZIHwVxQrLWlI5zDZcF8YBH5nY20IQHzEduZvpo0Qq8HkZThA==

GET
H2 200 mon
pixel.adsafeprotected.com/ 43 B
215 B 38ms
38ms Image
image/gif 54.246.208.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.adsafeprotected.com/mon?anId=7529&campId=300x250&pubId=53576252&chanId=194640332&placementId=104135852&pubCreative=138266415492&pubOrder=169870292&cb=533039939&adsafe_par&impId=9896d773-4fc7-11ea-898a-0661a761d26a&adsafe_url=https%3A%2F%2Fwww.onmsft.com%2F&adsafe_type=abdfq&adsafe_jsinfo=,id:5e1a0c7b-766b-4fa8-4cf7-74f650a3b083,c:4hgMxY,sl:outOfView,em:true,fr:true,mn:app17ie,pt:1-5-15,wc:0.0.1600.1200,ac:698.2081.300.250,am:i,cc:698.2081.300.250,piv:0,obst:0,th:0,reas:l,br:u,abv:na,an:n,oam:0,scm:publ1.grpm1,fm:rQym5Gd+11|12|13|14|15|16|171|1721|173|174|175|181|182|191|192|1a*.7529|1a1|1b1|1c|1d|1e|1f|1g|1h|1i|1j|1k,idMap:1a*,pl:,rend:1,renddet:IMG.qs,rmeas:1,es:0,sc:1,ha:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,tt:jload,thd:1,et:397,oid:99b03720-4fc7-11ea-8f4c-0289e6fd96ae,v:19.8.50,sp:1,wr:1600.1200,sr:1600.1200,ov:0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.246.208.255 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-246-208-255.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Sat, 15 Feb 2020 07:48:48 GMT
x-server-name: app22.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
status: 200
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 sca.17.4.114.js Show response
static.adsafeprotected.com/ Frame 4D1B 81 KB
22 KB 6ms
6ms Script
application/javascript 2600:9000:2156:ac00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.4.114.js
Requested by: Host: www.onmsft.com
URL: https://www.onmsft.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2156:ac00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ad9ae0374e0334d2511e951a2381a164fa87ce86594fc027d25a8624774c3c96

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Mon, 13 Jan 2020 23:54:57 GMT
content-encoding: gzip
age: 2793232
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
status: 200
x-amz-replication-status: COMPLETED
last-modified: Mon, 13 Jan 2020 23:54:54 GMT
server: AmazonS3
vary: Accept-Encoding
x-amz-version-id: gSPddsS9N0PGtUp2YQy7vCAfLQOR874Z
via: 1.1 ee6ddabcc69c6aa1c28ad24a4a8f86b2.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: FRA50-C1
content-type: application/javascript
x-amz-cf-id: x6GxqponjlM5zeFBDyoXrBEKN5mne2oHZeAzdiG0lLHPWibZIALbdg==

GET
H2 200 mon
pixel.adsafeprotected.com/ 43 B
216 B 33ms
33ms Image
image/gif 54.246.208.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.adsafeprotected.com/mon?anId=7529&campId=728x90&pubId=53576252&chanId=194640332&placementId=104135732&pubCreative=138267103837&pubOrder=169870292&cb=1647979942&adsafe_par&impId=9896d774-4fc7-11ea-898a-0661a761d26a&adsafe_url=https%3A%2F%2Fwww.onmsft.com%2F&adsafe_type=abdfq&adsafe_jsinfo=,id:d7e38cdb-9694-ae38-9a82-f6f78a1f1e94,c:4hgMyU,sl:outOfView,em:true,fr:true,mn:app37ie,pt:1-5-15,wc:0.0.1600.1200,ac:429.3010.728.90,am:i,cc:429.3010.728.90,piv:0,obst:0,th:0,reas:l,br:u,abv:na,an:n,oam:0,scm:publ1.grpm1,fm:rQym5Gk+11|12|13|14|15|16|171|1721|173|174|175|181|182|191|192|1a1|1a2|1b*.7529|1b1|1c|1d|1e|1f|1g|1h|1i|1j|1k,idMap:1b*,pl:,rend:1,renddet:IMG.qs,rmeas:1,es:0,sc:1,ha:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,tt:jload,thd:1,et:449,oid:99b0ac0f-4fc7-11ea-830b-06efacf31f3e,v:19.8.50,sp:1,wr:1600.1200,sr:1600.1200,ov:0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.246.208.255 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-246-208-255.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Sat, 15 Feb 2020 07:48:48 GMT
x-server-name: app30.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
status: 200
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 237ms
133ms Image
image/gif 104.244.37.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=7529&asId=4127ccda-2376-b9d3-11f3-42f07f8f3d81&tv={c:4hgMz9,pingTime:-2,time:474,type:a,im:{sf:0,pom:1,prf:{beA:211,beZ:212,mfA:340,cmA:340,inA:340,inZ:344,prA:344,prZ:349,si:355,poA:358,poZ:366,cmZ:366,mfZ:366,loA:477,loZ:478,ltA:684,ltZ:684,mdA:212,mdZ:221}},sca:{dfp:{df:4,sz:970.250,dom:body}},env:{gca:1},clog:[{piv:100,vs:i,r:,w:970,h:250,t:144}],es:0,sc:1,ha:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:474,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:144,wc:0.0.1600.1200,ac:308.10.970.250,am:i,cc:308.10.970.250,piv:100,obst:0,th:0,reas:,bkn:{piv:[343~100],as:[343~970.250]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:0,fm:rQym5Fq+11|12|13|14|15|16|17*.7529|171|1721|173|18.7529|181|19.7529|191|1a1|1b1|1c|1d|1e|1f|1g|1h|1i|1j,idMap:17*,rend:1,renddet:DIV.qs.sn,rmeas:1,slid:[google_ads_iframe_/4585/ns.onmsft/homepage_0,google_ads_iframe_/4585/ns.onmsft/homepage_0__container__,nsgpt-billboard-1,zd-leaderboard],sinceFw:326,readyFired:true}&br=u
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: daldt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Pragma: no-cache
Date: Sat, 15 Feb 2020 07:48:49 GMT
X-Server-Name: dt03dal.dal.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 333ms
137ms Image
image/gif 104.244.37.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=7529&asId=441c61c2-884a-dd27-e625-73b2fb4f5a21&tv={c:4hgMzf,pingTime:-2,time:478,type:a,im:{sf:0,pom:1,prf:{beA:202,beZ:203,mfA:357,cmA:357,inA:357,inZ:359,prA:359,prZ:362,si:371,poA:371,poZ:374,cmZ:374,mfZ:374,loA:497,loZ:498,ltA:679,ltZ:679,mdA:203,mdZ:214}},sca:{dfp:{df:4,sz:300.250,dom:body}},env:{gca:1},clog:[{piv:100,vs:i,r:,w:300,h:250,t:169}],es:0,sc:1,ha:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:478,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:169,wc:0.0.1600.1200,ac:1031.859.300.250,am:i,cc:1031.859.300.250,piv:100,obst:0,th:0,reas:,bkn:{piv:[322~100],as:[322~300.250]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:0,fm:rQym5Fq+11|12|13|14|15|16|17.7529|171|1721|173|174|18*.7529|181|19.7529|191|1a1|1b1|1c|1d|1e|1f|1g|1h|1i|1j,idMap:18*,rend:1,renddet:IMG.qs,rmeas:1,slid:[google_ads_iframe_/4585/ns.onmsft/homepage_1,google_ads_iframe_/4585/ns.onmsft/homepage_1__container__,nsgpt-rectangle-1],sinceFw:307,readyFired:true}&br=u
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: daldt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Pragma: no-cache
Date: Sat, 15 Feb 2020 07:48:49 GMT
X-Server-Name: dt37dal.dal.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 0E5C 7 KB
5 KB 17ms
16ms XHR
application/json 2a00:1450:4001:815::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20200212&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200212/r20190131/show_ads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c11895eaaccd5e77d1e952c4a2902f90fd3d6daa610a5722bc4282abc6dfffec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
Origin: https://www.onmsft.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Feb 2020 07:48:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 5163
x-xss-protection: 0

GET
H2 200 amp4ads-host-v0.js Show response
cdn.ampproject.org/rtv/012001281851410/ Frame 1E2B 20 KB
8 KB 24ms
6ms Script
text/javascript 2a00:1450:4001:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012001281851410/amp4ads-host-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020013001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

94c64f16129178950ae198a21630de846ac0cef148890d92ca07ea212bc39834

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 15608
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 7146
x-xss-protection: 0
server: sffe
date: Sat, 15 Feb 2020 03:28:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "07f1c9366dde68a2"
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 14 Feb 2021 03:28:41 GMT

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012001281851410/ Frame BD01 201 KB
55 KB 24ms
6ms Script
text/javascript 2a00:1450:4001:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012001281851410/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020013001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

083e70abc61231f062f9e884cbcfebf44d3b037acf0e5e7ee13cc13f2af4b877

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 37395
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 55761
x-xss-protection: 0
server: sffe
date: Fri, 14 Feb 2020 21:25:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "42fd90c4a26735e9"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 13 Feb 2021 21:25:34 GMT

GET
H2 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/012001281851410/v0/ Frame BD01 15 KB
6 KB 33ms
16ms Script
text/javascript 2a00:1450:4001:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012001281851410/v0/amp-ad-exit-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020013001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9d6368c6eab420dd270dd53602b62f1c2a61b0ee2bda36d38771b750ae1e1c90

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 65463
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 5593
x-xss-protection: 0
server: sffe
date: Fri, 14 Feb 2020 13:37:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "aa7eb294edd014c3"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 13 Feb 2021 13:37:46 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/012001281851410/v0/ Frame BD01 91 KB
27 KB 34ms
17ms Script
text/javascript 2a00:1450:4001:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012001281851410/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020013001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7817d24fae48a7de4fbe7af59036b89f5878161d346948494dc40fb408ff83bd

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 37395
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 27995
x-xss-protection: 0
server: sffe
date: Fri, 14 Feb 2020 21:25:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "36e3f5a5b317a234"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 13 Feb 2021 21:25:34 GMT

GET
H2 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/012001281851410/v0/ Frame BD01 3 KB
1 KB 32ms
15ms Script
text/javascript 2a00:1450:4001:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012001281851410/v0/amp-fit-text-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020013001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33f5e031d6755d3d5e90bef966097c568dacd3e83905f4f474ccc76b9b335293

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 65515
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1402
x-xss-protection: 0
server: sffe
date: Fri, 14 Feb 2020 13:36:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1fa9dc6a9a4f200a"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 13 Feb 2021 13:36:54 GMT

GET
H2 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/012001281851410/v0/ Frame BD01 46 KB
15 KB 33ms
15ms Script
text/javascript 2a00:1450:4001:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012001281851410/v0/amp-form-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020013001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fefd977a8ac715eb04b55cc9eb25d11ae09e6e5b4a95791ba0a2ae51b7903387

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 65514
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 14831
x-xss-protection: 0
server: sffe
date: Fri, 14 Feb 2020 13:36:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "111f1ad9a076d4e5"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 13 Feb 2021 13:36:55 GMT

GET
DATA 200
OK truncated
/ Frame BD01 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8c6705ac0dd6ad034c2f223b36b87240e053e9260601d274ac2fb042b0495db5

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 7328998462059808378
tpc.googlesyndication.com/simgad/ Frame BD01 37 KB
37 KB 7ms
6ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/7328998462059808378?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qllSTF-5neJQV9N6CTd3lxfoPzY4Q

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18a2feaa66f04d1802f8a988599ef43e1ae85401aa02ec15f5f28f06b34bd133

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Mon, 03 Feb 2020 11:21:11 GMT
x-content-type-options: nosniff
last-modified: Fri, 01 Feb 2019 13:44:43 GMT
server: sffe
age: 1024058
content-type: image/png
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 37983
x-xss-protection: 0
expires: Tue, 02 Feb 2021 11:21:11 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame BD01 2 KB
3 KB 6ms
6ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 14 Feb 2020 23:33:44 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 29705
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 2502
x-xss-protection: 0
expires: Sat, 15 Feb 2020 23:33:44 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame BD01 295 B
426 B 6ms
6ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 14 Feb 2020 21:53:21 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 35728
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Sat, 15 Feb 2020 21:53:21 GMT

GET
H2 200 adview
securepubads.g.doubleclick.net/pagead/ Frame BD01 0
0 33ms
32ms Image
text/html 172.217.18.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CEkwjYKJHXoqgJP_J7_UPtrqGyAyBp8WaWIvs1sDSCMSEhZ4LEAEgiIC_FGCRhICA-BegAdim1oQDyAECqQK4mNzOwSuyPuACAKgDAcgDCKoE0wFP0HOqkTimLGjaRITANt6WF7_7HZVUkSoIPSFSODKkaIQl4hMQH54jPuQKnyZ1bKeBHa3gdLGtHSRlPMsqmObu9fZ3m-YwcHYHY5CgaqSo4L-C8rYy_qange8SFVmZujCRdseHXgQAvgtqkfako-M5B0dTA1bcateZv0Hn4pjqDmBlj75RYnzpcUw6I6IbeHASbnbdUOwtkvskkUeBAORliwpinWO909sWOuFlQEP_HozzGP2aHLiH9Le87ujaX25oStf8VHY02AmWkFf8_4BU0qd_wATL7tGM9QHgBAGSBQQIBBgBkgUECAUYBKAGAoAHx67rkgGoB47OG6gH1ckbqAeT2BuoB7oGqAfy2RuoB6a-G6gH7NUb2AcB8gcEEJCSDNIICQiA4YBwEAEYHfIIG2FkeC1zdWJzeW4tMzk4NTg2NTYxMjc2MDY5N4AKA8gLAdgTDQ&sigh=XYSSY_Mw8O0&tpd=AGWhJmuvtOQwKSd5US-zizd_EgWP5LVleKW2fAdo4FeEW3jLzA
Requested by: Host: www.onmsft.com
URL: https://www.onmsft.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.18.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra15s29-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

GET
H2 200 amp4ads-host-v0.js Show response
cdn.ampproject.org/rtv/012001281851410/ Frame 28AC 20 KB
7 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012001281851410/amp4ads-host-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020013001.js?21065540

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

94c64f16129178950ae198a21630de846ac0cef148890d92ca07ea212bc39834

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 15608
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 7146
x-xss-protection: 0
server: sffe
date: Sat, 15 Feb 2020 03:28:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "07f1c9366dde68a2"
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 14 Feb 2021 03:28:41 GMT

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012001281851410/ Frame E391 201 KB
55 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012001281851410/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020013001.js?21065540

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

083e70abc61231f062f9e884cbcfebf44d3b037acf0e5e7ee13cc13f2af4b877

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 37395
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 55761
x-xss-protection: 0
server: sffe
date: Fri, 14 Feb 2020 21:25:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "42fd90c4a26735e9"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 13 Feb 2021 21:25:34 GMT

GET
H2 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/012001281851410/v0/ Frame E391 15 KB
6 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012001281851410/v0/amp-ad-exit-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020013001.js?21065540

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9d6368c6eab420dd270dd53602b62f1c2a61b0ee2bda36d38771b750ae1e1c90

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 65463
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 5593
x-xss-protection: 0
server: sffe
date: Fri, 14 Feb 2020 13:37:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "aa7eb294edd014c3"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 13 Feb 2021 13:37:46 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/012001281851410/v0/ Frame E391 91 KB
27 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012001281851410/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020013001.js?21065540

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7817d24fae48a7de4fbe7af59036b89f5878161d346948494dc40fb408ff83bd

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 37395
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 27995
x-xss-protection: 0
server: sffe
date: Fri, 14 Feb 2020 21:25:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "36e3f5a5b317a234"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 13 Feb 2021 21:25:34 GMT

GET
H2 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/012001281851410/v0/ Frame E391 3 KB
1 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012001281851410/v0/amp-fit-text-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020013001.js?21065540

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33f5e031d6755d3d5e90bef966097c568dacd3e83905f4f474ccc76b9b335293

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 65515
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1402
x-xss-protection: 0
server: sffe
date: Fri, 14 Feb 2020 13:36:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1fa9dc6a9a4f200a"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 13 Feb 2021 13:36:54 GMT

GET
H2 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/012001281851410/v0/ Frame E391 46 KB
15 KB 17ms
16ms Script
text/javascript 2a00:1450:4001:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012001281851410/v0/amp-form-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020013001.js?21065540

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fefd977a8ac715eb04b55cc9eb25d11ae09e6e5b4a95791ba0a2ae51b7903387

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 65514
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 14831
x-xss-protection: 0
server: sffe
date: Fri, 14 Feb 2020 13:36:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "111f1ad9a076d4e5"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 13 Feb 2021 13:36:55 GMT

GET
H2 200 7328998462059808378
tpc.googlesyndication.com/simgad/ Frame E391 37 KB
37 KB 7ms
6ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/7328998462059808378?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qllSTF-5neJQV9N6CTd3lxfoPzY4Q

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020013001.js?21065540

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18a2feaa66f04d1802f8a988599ef43e1ae85401aa02ec15f5f28f06b34bd133

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Mon, 03 Feb 2020 11:21:11 GMT
x-content-type-options: nosniff
last-modified: Fri, 01 Feb 2019 13:44:43 GMT
server: sffe
age: 1024058
content-type: image/png
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 37983
x-xss-protection: 0
expires: Tue, 02 Feb 2021 11:21:11 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame E391 2 KB
3 KB 11ms
10ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020013001.js?21065540

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 14 Feb 2020 23:33:44 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 29705
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 2502
x-xss-protection: 0
expires: Sat, 15 Feb 2020 23:33:44 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame E391 295 B
357 B 10ms
9ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020013001.js?21065540

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 14 Feb 2020 21:53:21 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 35728
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Sat, 15 Feb 2020 21:53:21 GMT

GET
DATA 200
OK truncated
/ Frame E391 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 79309eb48fb6365d92373c76fcae618eb0aaa1a6cfe957776131e17a7a6c1f9d

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 204 l
www.google.com/ads/measurement/ Frame E391 0
0 14ms
13ms Image
text/html 2a00:1450:4001:814::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTziDXySejS37QZbNl0m4FLXEp0D5k71afhVjTTeTvFCV28EORoXDn44DDF_s88rct3iXoD
Requested by: Host: www.onmsft.com
URL: https://www.onmsft.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:814::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

GET
H2 200 adview
securepubads.g.doubleclick.net/pagead/ Frame E391 0
0 32ms
32ms Image
text/html 172.217.18.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CPT2qYKJHXomTJY_2-gaXhJrYBoGnxZpYi-zWwNIIxISFngsQASCIgL8UYJGEgID4F6AB2KbWhAPIAQKpAriY3M7BK7I-4AIAqAMByAMIqgTTAU_Q__dHhg8xjATGILfkTL15RBZQdT0jKm5heRiNx8WKHWiRSBZ4kxL1K8T14DOHT6E1V_Wnif2BFjv1cnGowUSdm5hB1c_3AQnxkSDLARHDARfnjMSUHalLOzaNK0Nq9hLiArxJDpjWNCm-tAb4TgCGMQ57xlXXNXdbYAFJHg2QgWzC_XZyEjH4pyaJBgYxdfy_VdvNYfqA7MznN3wO56Z_ybZ7bVqhw4P8-l-QSPY3lWQDFUSeaqvFr0z8Jrt9qaHsfzvCkvG3WUPpAuiJ5EuLbjjABMvu0Yz1AeAEAZIFBAgEGAGSBQQIBRgEoAYCgAfHruuSAagHjs4bqAfVyRuoB5PYG6gHugaoB_LZG6gHpr4bqAfs1RvYBwHyBwQQm6YJ0ggJCIDhgHAQARgd8ggbYWR4LXN1YnN5bi0zOTg1ODY1NjEyNzYwNjk3gAoDyAsB2BMN&sigh=uFyvXGkzHwo&tpd=AGWhJmsqe6sLJakM8TGDzsbuB-J9xJELzN_Rd_rjiDefKTnfMw
Requested by: Host: www.onmsft.com
URL: https://www.onmsft.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.18.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra15s29-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

GET
H2 200 amp4ads-host-v0.js Show response
cdn.ampproject.org/rtv/012001281851410/ Frame 9BCB 20 KB
7 KB 11ms
7ms Script
text/javascript 2a00:1450:4001:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012001281851410/amp4ads-host-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020013001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

94c64f16129178950ae198a21630de846ac0cef148890d92ca07ea212bc39834

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 15608
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 7146
x-xss-protection: 0
server: sffe
date: Sat, 15 Feb 2020 03:28:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "07f1c9366dde68a2"
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 14 Feb 2021 03:28:41 GMT

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012001281851410/ Frame A0A3 201 KB
55 KB 10ms
7ms Script
text/javascript 2a00:1450:4001:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012001281851410/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020013001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

083e70abc61231f062f9e884cbcfebf44d3b037acf0e5e7ee13cc13f2af4b877

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 37395
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 55761
x-xss-protection: 0
server: sffe
date: Fri, 14 Feb 2020 21:25:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "42fd90c4a26735e9"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 13 Feb 2021 21:25:34 GMT

GET
H2 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/012001281851410/v0/ Frame A0A3 15 KB
6 KB 9ms
6ms Script
text/javascript 2a00:1450:4001:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012001281851410/v0/amp-ad-exit-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020013001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9d6368c6eab420dd270dd53602b62f1c2a61b0ee2bda36d38771b750ae1e1c90

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 65463
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 5593
x-xss-protection: 0
server: sffe
date: Fri, 14 Feb 2020 13:37:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "aa7eb294edd014c3"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 13 Feb 2021 13:37:46 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/012001281851410/v0/ Frame A0A3 91 KB
27 KB 12ms
9ms Script
text/javascript 2a00:1450:4001:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012001281851410/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020013001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7817d24fae48a7de4fbe7af59036b89f5878161d346948494dc40fb408ff83bd

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 37395
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 27995
x-xss-protection: 0
server: sffe
date: Fri, 14 Feb 2020 21:25:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "36e3f5a5b317a234"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 13 Feb 2021 21:25:34 GMT

GET
H2 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/012001281851410/v0/ Frame A0A3 3 KB
1 KB 12ms
9ms Script
text/javascript 2a00:1450:4001:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012001281851410/v0/amp-fit-text-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020013001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33f5e031d6755d3d5e90bef966097c568dacd3e83905f4f474ccc76b9b335293

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 65515
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1402
x-xss-protection: 0
server: sffe
date: Fri, 14 Feb 2020 13:36:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1fa9dc6a9a4f200a"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 13 Feb 2021 13:36:54 GMT

GET
H2 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/012001281851410/v0/ Frame A0A3 46 KB
15 KB 11ms
8ms Script
text/javascript 2a00:1450:4001:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012001281851410/v0/amp-form-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020013001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fefd977a8ac715eb04b55cc9eb25d11ae09e6e5b4a95791ba0a2ae51b7903387

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 65514
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 14831
x-xss-protection: 0
server: sffe
date: Fri, 14 Feb 2020 13:36:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "111f1ad9a076d4e5"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 13 Feb 2021 13:36:55 GMT

GET
H2 200 7328998462059808378
tpc.googlesyndication.com/simgad/ Frame A0A3 37 KB
37 KB 9ms
6ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/7328998462059808378?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qllSTF-5neJQV9N6CTd3lxfoPzY4Q

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020013001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18a2feaa66f04d1802f8a988599ef43e1ae85401aa02ec15f5f28f06b34bd133

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Mon, 03 Feb 2020 11:21:11 GMT
x-content-type-options: nosniff
last-modified: Fri, 01 Feb 2019 13:44:43 GMT
server: sffe
age: 1024058
content-type: image/png
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 37983
x-xss-protection: 0
expires: Tue, 02 Feb 2021 11:21:11 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame A0A3 2 KB
3 KB 8ms
5ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020013001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 14 Feb 2020 23:33:44 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 29705
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 2502
x-xss-protection: 0
expires: Sat, 15 Feb 2020 23:33:44 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame A0A3 295 B
357 B 8ms
5ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020013001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 14 Feb 2020 21:53:21 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 35728
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Sat, 15 Feb 2020 21:53:21 GMT

GET
DATA 200
OK truncated
/ Frame A0A3 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9b0cf3cb92b008ae84eeabab1e235ede240c9d5ed4ca0992e27374b7b7b6e2de

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 adview
securepubads.g.doubleclick.net/pagead/ Frame A0A3 0
0 32ms
31ms Image
text/html 172.217.18.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CV1CsYKJHXoe1JuaK7_UPwayCyAeBp8WaWIvs1sDSCMSEhZ4LEAEgiIC_FGCRhICA-BegAdim1oQDyAECqQK4mNzOwSuyPuACAKgDAcgDCKoE0wFP0HWgHXLiij5Tqs5QK1trsrHWWRdeABa_Q4H3dC6M6omtLuKGpf6HDXp1_pPOz2_1MEf6_ddT8qoG15i0NaT4_YhZEzxWIh1eRGRP8OZUr-JQfhJoW0YFHBfV_vcqiU95oTDlah6C4R7oEIrEzfvPNOuZgFGbqLKuL7ouJuWnJHo5Fvi2bMSGanXirhwg9RFzH3QrQwaByi4jNHWlYJm6_lbmQJdgsjIo8yfBEcTvduqEvVqwSyBqMWdfLaPkdc_ZsbtmpTlKNFL79gbJI82ZVeD1wATL7tGM9QHgBAGSBQQIBBgBkgUECAUYBKAGAoAHx67rkgGoB47OG6gH1ckbqAeT2BuoB7oGqAfy2RuoB6a-G6gH7NUb2AcB8gcEENXGCNIICQiA4YBwEAEYHfIIG2FkeC1zdWJzeW4tMzk4NTg2NTYxMjc2MDY5N4AKA8gLAdgTDQ&sigh=DuTCTpFPCHo&tpd=AGWhJmtw7kM1BSZaNPvbJfeUIe86JQMAQtOlcSsLNP9BzC52rQ
Requested by: Host: www.onmsft.com
URL: https://www.onmsft.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.18.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra15s29-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

GET
H2 200 amp4ads-host-v0.js Show response
cdn.ampproject.org/rtv/012001281851410/ Frame 958F 20 KB
7 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012001281851410/amp4ads-host-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020021101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

94c64f16129178950ae198a21630de846ac0cef148890d92ca07ea212bc39834

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 15608
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 7146
x-xss-protection: 0
server: sffe
date: Sat, 15 Feb 2020 03:28:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "07f1c9366dde68a2"
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 14 Feb 2021 03:28:41 GMT

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012001281851410/ Frame B961 201 KB
55 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012001281851410/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020021101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

083e70abc61231f062f9e884cbcfebf44d3b037acf0e5e7ee13cc13f2af4b877

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 37395
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 55761
x-xss-protection: 0
server: sffe
date: Fri, 14 Feb 2020 21:25:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "42fd90c4a26735e9"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 13 Feb 2021 21:25:34 GMT

GET
H2 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/012001281851410/v0/ Frame B961 15 KB
6 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012001281851410/v0/amp-ad-exit-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020021101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9d6368c6eab420dd270dd53602b62f1c2a61b0ee2bda36d38771b750ae1e1c90

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 65463
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 5593
x-xss-protection: 0
server: sffe
date: Fri, 14 Feb 2020 13:37:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "aa7eb294edd014c3"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 13 Feb 2021 13:37:46 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/012001281851410/v0/ Frame B961 91 KB
27 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012001281851410/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020021101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7817d24fae48a7de4fbe7af59036b89f5878161d346948494dc40fb408ff83bd

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 37395
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 27995
x-xss-protection: 0
server: sffe
date: Fri, 14 Feb 2020 21:25:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "36e3f5a5b317a234"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 13 Feb 2021 21:25:34 GMT

GET
H2 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/012001281851410/v0/ Frame B961 3 KB
1 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012001281851410/v0/amp-fit-text-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020021101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33f5e031d6755d3d5e90bef966097c568dacd3e83905f4f474ccc76b9b335293

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 65515
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1402
x-xss-protection: 0
server: sffe
date: Fri, 14 Feb 2020 13:36:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1fa9dc6a9a4f200a"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 13 Feb 2021 13:36:54 GMT

GET
H2 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/012001281851410/v0/ Frame B961 46 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012001281851410/v0/amp-form-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020021101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fefd977a8ac715eb04b55cc9eb25d11ae09e6e5b4a95791ba0a2ae51b7903387

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 65514
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 14831
x-xss-protection: 0
server: sffe
date: Fri, 14 Feb 2020 13:36:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "111f1ad9a076d4e5"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 13 Feb 2021 13:36:55 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame B961 2 KB
3 KB 6ms
6ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020021101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 14 Feb 2020 23:33:44 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 29705
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 2502
x-xss-protection: 0
expires: Sat, 15 Feb 2020 23:33:44 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame B961 295 B
357 B 6ms
6ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020021101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 14 Feb 2020 21:53:21 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 35728
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Sat, 15 Feb 2020 21:53:21 GMT

GET
DATA 200
OK truncated
/ Frame B961 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3b1a5e042bf9047407af7c13f8981539dc187c0cffef5d2c08d5a4319d4456c1

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 15331740554913862692
tpc.googlesyndication.com/daca_images/simgad/ Frame B961 39 KB
39 KB 6ms
6ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/15331740554913862692

Requested by

Host: www.onmsft.com
URL: https://www.onmsft.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b1ee3166bb0f5b85ccc0abbc9044f6d1e9cd961b445b4491d5f8115cab364529

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Thu, 13 Feb 2020 23:14:42 GMT
x-content-type-options: nosniff
age: 117247
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 39504
x-xss-protection: 0
last-modified: Thu, 16 Jan 2020 16:22:56 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 12 Feb 2021 23:14:42 GMT

GET
H2 200 adview
securepubads.g.doubleclick.net/pagead/ Frame B961 0
0 31ms
31ms Image
text/html 172.217.18.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CsPLmYKJHXsHiKIzj7gPs5bbAAZTJg8tb5_fXl5sLko-e4KUZEAEgiIC_FGCRhICA-BegAYDEou8CyAECqQK4mNzOwSuyPuACAKgDAcgDCKoEzQFP0DzmQpcvbeNvei7RJ82UI0pOFlqtwi0SRGp81tAV5wrZeUEaLyHLDEKkDJNT_giuQfnU_e4gckV-OIK4l1h8-l84RdFez6VsncSNlW31mpbtKiM-5_xT3UCNShgPNv3G5Y0bhwBuiHuV54gmXPqme42WuwOTfKuh1-EtEIoET6uoSlAaY72tDBN5Pc7UroKuVZFmtGWgEnqlJ-S3fe6_-2kJY0sDleK9qbx93-qDj9gu23OJd71NbBUpkPd_1Rx318Ht5ip4k2KXWX5WwAT1u6Pk3ALgBAGSBQQIBBgBkgUECAUYBKAGAoAH6LvdkAGoB47OG6gH1ckbqAeT2BuoB7oGqAfy2RuoB6a-G6gH7NUb2AcB8gcEEOWFBdIICQiA4YBwEAEYHfIIG2FkeC1zdWJzeW4tMzk4NTg2NTYxMjc2MDY5N4AKA8gLAdgTAg&sigh=b3Qp6jEI62E&tpd=AGWhJmt0KjDrvDxLFMtLNgaH5oEM9jWznEBRiZrpqT0jdXODCA
Requested by: Host: www.onmsft.com
URL: https://www.onmsft.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.18.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra15s29-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 272ms
133ms Image
image/gif 104.244.37.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=7529&asId=88e36a07-22d9-e6c6-29fb-f036c37fe1c3&tv={c:4hgMAs,pingTime:-2,time:600,type:a,im:{sf:0,pom:1,prf:{beA:148,beZ:149,mfA:462,cmA:462,inA:462,inZ:463,prA:463,prZ:467,si:481,poA:482,poZ:485,cmZ:485,mfZ:485,loA:669,loZ:670,ltA:748,ltZ:748,mdA:149,mdZ:182}},sca:{dfp:{df:4,sz:300.250,dom:body}},env:{gca:1},clog:[{piv:0,vs:o,r:l,w:300,h:250,t:333}],es:0,sc:1,ha:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:0,o:600,n:0,pp:0,pm:0},slEvents:[{sl:o,t:333,wc:0.0.1600.1200,ac:698.1465.300.250,am:i,cc:698.1465.300.250,piv:0,obst:0,th:0,reas:l,bkn:{piv:[286~0],as:[286~300.250]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:0,fm:rQym5Fq+11|12|13|14|15|16|171|1721|173|174|175|18.7529|181|182|19*.7529|191|1a.7529|1a1|1b.7529|1b1|1c|1d|1e|1f|1g|1h|1i|1j|1k|1l,idMap:19*,rend:1,renddet:IMG.qs,rmeas:1,slid:[google_ads_iframe_/4585/ns.onmsft/homepage_2,google_ads_iframe_/4585/ns.onmsft/homepage_2__container__,nsgpt-rectangle-2],sinceFw:266,readyFired:true}&br=u
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: daldt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Pragma: no-cache
Date: Sat, 15 Feb 2020 07:48:49 GMT
X-Server-Name: dt55dal.dal.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 267ms
133ms Image
image/gif 104.244.37.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=7529&asId=5e1a0c7b-766b-4fa8-4cf7-74f650a3b083&tv={c:4hgMAG,pingTime:-2,time:565,type:a,im:{sf:0,pom:1,prf:{beA:192,beZ:193,mfA:497,cmA:498,inA:498,inZ:499,prA:499,prZ:551,si:589,poA:589,poZ:594,cmZ:594,mfZ:594,loA:692,loZ:693,ltA:757,ltZ:757,mdA:193,mdZ:205}},sca:{dfp:{df:4,sz:300.250,dom:body}},env:{gca:1},clog:[{piv:0,vs:o,r:l,w:300,h:250,t:396}],es:0,sc:1,ha:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:0,o:565,n:0,pp:0,pm:0},slEvents:[{sl:o,t:396,wc:0.0.1600.1200,ac:698.2081.300.250,am:i,cc:698.2081.300.250,piv:0,obst:0,th:0,reas:l,bkn:{piv:[259~0],as:[259~300.250]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:0,fm:rQym5Fq+11|12|13|14|15|16|171|1721|173|174|175|181|182|19.7529|191|192|1a*.7529|1a1|1b.7529|1b1|1c|1d|1e|1f|1g|1h|1i|1j|1k,idMap:1a*,rend:1,renddet:IMG.qs,rmeas:1,slid:[google_ads_iframe_/4585/ns.onmsft/homepage_3,google_ads_iframe_/4585/ns.onmsft/homepage_3__container__,nsgpt-rectangle-3],sinceFw:168,readyFired:true}&br=u
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: daldt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Pragma: no-cache
Date: Sat, 15 Feb 2020 07:48:49 GMT
X-Server-Name: dt03dal.dal.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 0E5C 21 KB
8 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200212/r20190131/show_ads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9d6757384f86ea93a46cf05a185da797dd19a39053a0cc6e64759598f2bc05c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 15 Feb 2020 07:48:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1580338855439378"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 8104
x-xss-protection: 0
expires: Sat, 15 Feb 2020 07:48:49 GMT

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 198ms
133ms Image
image/gif 104.244.37.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=7529&asId=d7e38cdb-9694-ae38-9a82-f6f78a1f1e94&tv={c:4hgMAM,pingTime:-2,time:564,type:a,im:{sf:0,pom:1,prf:{beA:194,beZ:195,mfA:590,cmA:590,inA:590,inZ:591,prA:591,prZ:628,si:643,poA:643,poZ:647,cmZ:647,mfZ:647,loA:699,loZ:699,ltA:758,ltZ:758,mdA:195,mdZ:205}},sca:{dfp:{df:4,sz:728.90,dom:body}},env:{gca:1},clog:[{piv:0,vs:o,r:l,w:728,h:90,t:448}],es:0,sc:1,ha:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:0,o:564,n:0,pp:0,pm:0},slEvents:[{sl:o,t:448,wc:0.0.1600.1200,ac:429.3010.728.90,am:i,cc:429.3010.728.90,piv:0,obst:0,th:0,reas:l,bkn:{piv:[169~0],as:[169~728.90]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:0,fm:rQym5Fq+11|12|13|14|15|16|171|1721|173|174|175|181|182|19.7529|191|192|1a.7529|1a1|1a2|1b*.7529|1b1|1c|1d|1e|1f|1g|1h|1i|1j|1k,idMap:1b*,rend:1,renddet:IMG.qs,rmeas:1,slid:[google_ads_iframe_/4585/ns.onmsft/homepage_4,google_ads_iframe_/4585/ns.onmsft/homepage_4__container__,nsgpt-footer-1],sinceFw:115,readyFired:true}&br=u
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: daldt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Pragma: no-cache
Date: Sat, 15 Feb 2020 07:48:49 GMT
X-Server-Name: dt70dal.dal.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H2 200 amp4ads-host-v0.js Show response
cdn.ampproject.org/rtv/012001281851410/ 20 KB
7 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:821::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012001281851410/amp4ads-host-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020013001.js?21065540

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

94c64f16129178950ae198a21630de846ac0cef148890d92ca07ea212bc39834

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 15608
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 7146
x-xss-protection: 0
server: sffe
date: Sat, 15 Feb 2020 03:28:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "07f1c9366dde68a2"
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 14 Feb 2021 03:28:41 GMT

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame BD01
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

14ms
14ms

Image
text/html

2a00:1450:4001:818::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:818::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36

Response headers

Redirect headers

date: Sat, 15 Feb 2020 07:48:49 GMT
x-content-type-options: nosniff
server: safe
location: https://googleads.g.doubleclick.net/pagead/drt/si
content-type: text/html; charset=UTF-8
status: 302
cache-control: private
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 246
x-xss-protection: 0

GET
H2 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/206/ Frame F139 0
0 6ms
6ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/206/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/206/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.onmsft.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.onmsft.com/

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
content-length: 4624
date: Sat, 15 Feb 2020 02:59:50 GMT
expires: Sun, 14 Feb 2021 02:59:50 GMT
last-modified: Tue, 19 Nov 2019 17:13:16 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 17339
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame E391
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

14ms
14ms

Image
text/html

2a00:1450:4001:818::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:818::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36

Response headers

Redirect headers

date: Sat, 15 Feb 2020 07:48:49 GMT
x-content-type-options: nosniff
server: safe
location: https://googleads.g.doubleclick.net/pagead/drt/si
content-type: text/html; charset=UTF-8
status: 302
cache-control: private
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 246
x-xss-protection: 0

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 9BCB 7 KB
5 KB 17ms
17ms XHR
application/json 2a00:1450:4001:815::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2020013001&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020013001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

39ea9f850650a68c9c31c4a28afd2b2ee15f1332271b223a2a7f9a9ff4410e1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
Origin: https://www.onmsft.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Feb 2020 07:48:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 5243
x-xss-protection: 0

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame A0A3
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

14ms
14ms

Image
text/html

2a00:1450:4001:818::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:818::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36

Response headers

Redirect headers

date: Sat, 15 Feb 2020 07:48:49 GMT
x-content-type-options: nosniff
server: safe
location: https://googleads.g.doubleclick.net/pagead/drt/si
content-type: text/html; charset=UTF-8
status: 302
cache-control: private
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 246
x-xss-protection: 0

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 958F 7 KB
5 KB 17ms
17ms XHR
application/json 2a00:1450:4001:815::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2020021101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020021101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7f9c7e3625237a0b440a0ef04fac1d5ba02b84fe8d8eb5eaa6deefc61bf13bbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
Origin: https://www.onmsft.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Feb 2020 07:48:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 5242
x-xss-protection: 0

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame B961
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

16ms
15ms

Image
text/html

2a00:1450:4001:818::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:818::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36

Response headers

Redirect headers

date: Sat, 15 Feb 2020 07:48:49 GMT
x-content-type-options: nosniff
server: safe
location: https://googleads.g.doubleclick.net/pagead/drt/si
content-type: text/html; charset=UTF-8
status: 302
cache-control: private
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 246
x-xss-protection: 0

GET
H2 200 7328998462059808378
tpc.googlesyndication.com/simgad/ Frame BD01 37 KB
37 KB 6ms
6ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/7328998462059808378?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qllSTF-5neJQV9N6CTd3lxfoPzY4Q

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012001281851410/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18a2feaa66f04d1802f8a988599ef43e1ae85401aa02ec15f5f28f06b34bd133

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Mon, 03 Feb 2020 11:21:11 GMT
x-content-type-options: nosniff
last-modified: Fri, 01 Feb 2019 13:44:43 GMT
server: sffe
age: 1024058
content-type: image/png
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 37983
x-xss-protection: 0
expires: Tue, 02 Feb 2021 11:21:11 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame BD01 2 KB
3 KB 8ms
8ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012001281851410/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 14 Feb 2020 23:33:44 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 29705
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 2502
x-xss-protection: 0
expires: Sat, 15 Feb 2020 23:33:44 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame BD01 295 B
360 B 8ms
7ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012001281851410/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 14 Feb 2020 21:53:21 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 35728
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Sat, 15 Feb 2020 21:53:21 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 9BCB 21 KB
8 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020013001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9d6757384f86ea93a46cf05a185da797dd19a39053a0cc6e64759598f2bc05c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 15 Feb 2020 07:48:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1580338855439378"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 8104
x-xss-protection: 0
expires: Sat, 15 Feb 2020 07:48:49 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 958F 21 KB
8 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020021101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9d6757384f86ea93a46cf05a185da797dd19a39053a0cc6e64759598f2bc05c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 15 Feb 2020 07:48:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1580338855439378"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 8104
x-xss-protection: 0
expires: Sat, 15 Feb 2020 07:48:49 GMT

GET
H2 200 7328998462059808378
tpc.googlesyndication.com/simgad/ Frame E391 37 KB
37 KB 6ms
5ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/7328998462059808378?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qllSTF-5neJQV9N6CTd3lxfoPzY4Q

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012001281851410/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18a2feaa66f04d1802f8a988599ef43e1ae85401aa02ec15f5f28f06b34bd133

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Mon, 03 Feb 2020 11:21:11 GMT
x-content-type-options: nosniff
last-modified: Fri, 01 Feb 2019 13:44:43 GMT
server: sffe
age: 1024058
content-type: image/png
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 37983
x-xss-protection: 0
expires: Tue, 02 Feb 2021 11:21:11 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame E391 2 KB
3 KB 10ms
10ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012001281851410/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 14 Feb 2020 23:33:44 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 29705
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 2502
x-xss-protection: 0
expires: Sat, 15 Feb 2020 23:33:44 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame E391 295 B
360 B 10ms
10ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012001281851410/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 14 Feb 2020 21:53:21 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 35728
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Sat, 15 Feb 2020 21:53:21 GMT

GET
H2 200 7328998462059808378
tpc.googlesyndication.com/simgad/ Frame A0A3 37 KB
37 KB 8ms
8ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/7328998462059808378?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qllSTF-5neJQV9N6CTd3lxfoPzY4Q

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012001281851410/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18a2feaa66f04d1802f8a988599ef43e1ae85401aa02ec15f5f28f06b34bd133

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Mon, 03 Feb 2020 11:21:11 GMT
x-content-type-options: nosniff
last-modified: Fri, 01 Feb 2019 13:44:43 GMT
server: sffe
age: 1024058
content-type: image/png
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 37983
x-xss-protection: 0
expires: Tue, 02 Feb 2021 11:21:11 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame A0A3 2 KB
3 KB 10ms
9ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012001281851410/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 14 Feb 2020 23:33:44 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 29705
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 2502
x-xss-protection: 0
expires: Sat, 15 Feb 2020 23:33:44 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame A0A3 295 B
360 B 10ms
9ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012001281851410/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 14 Feb 2020 21:53:21 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 35728
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Sat, 15 Feb 2020 21:53:21 GMT

GET
H2 200 15331740554913862692
tpc.googlesyndication.com/daca_images/simgad/ Frame B961 39 KB
39 KB 10ms
9ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/15331740554913862692

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012001281851410/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b1ee3166bb0f5b85ccc0abbc9044f6d1e9cd961b445b4491d5f8115cab364529

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Thu, 13 Feb 2020 23:14:42 GMT
x-content-type-options: nosniff
age: 117247
x-dns-prefetch-control: off
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 39504
x-xss-protection: 0
last-modified: Thu, 16 Jan 2020 16:22:56 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 12 Feb 2021 23:14:42 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame B961 2 KB
3 KB 9ms
9ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012001281851410/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 14 Feb 2020 23:33:44 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 29705
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 2502
x-xss-protection: 0
expires: Sat, 15 Feb 2020 23:33:44 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame B961 295 B
360 B 12ms
11ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012001281851410/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 14 Feb 2020 21:53:21 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 35728
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Sat, 15 Feb 2020 21:53:21 GMT

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 133ms
133ms Image
image/gif 104.244.37.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=7529&asId=4127ccda-2376-b9d3-11f3-42f07f8f3d81&tv={c:4hgMF3,pingTime:-10,time:840,type:s,mvn:ZnNjPTEyLHNkPTMsbm89Nyxhc3A9MQ--,fsc:17.4.114v220002022000220000022002222000022220202020222220222220002222022002222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000002220002220000022200222202220022200200222022202220022202220020222222000220000222202222202222000002002002222222222220022202200022002220222202,sd:MTcuNC4xMTR2MTIwMHx8MTYwMHx8MXx8MXx8MjR8fDEyMDB8fDB8fDB8fDF8fGxhbmRzY2FwZS1wcmltYXJ5fHwyNHx8NC8zfHw0LzN8fDB8fDE2MDA-,no:MTcuNC4xMTR2TW96aWxsYXx8TmV0c2NhcGV8fG58fDE2fHxufHwwfHxufHxMaW51eCB4ODZfNjR8fEdlY2tvfHwyMDAzMDEwN3x8LTYwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvODAuMC4zOTg3Ljg3IFNhZmFyaS81MzcuMzZ8fDF8fDF8fEdvb2dsZSBJbmMufHxu,asp:1581752929344||39abd22dc21ec3e7b5e7eae92e3f7f67||d065cfce6faf939329d1e9fed273f193||15bf7a6764ac8572a046fdb138004f43||2313c662cd0ca69e3bf6ad2ad7ce795a||219c28ca064950852a882585f3772693||7bc9b4b9be935db7b38a5ad869da6c0b||4072896dbcefe99ae3774cdb9573f237||1576000828,env:{ar:self.0}}
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: daldt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Pragma: no-cache
Date: Sat, 15 Feb 2020 07:48:49 GMT
X-Server-Name: dt55dal.dal.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H2 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/206/ Frame 095B 0
0 6ms
5ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/206/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/206/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.onmsft.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.onmsft.com/

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
content-length: 4624
date: Sat, 15 Feb 2020 02:59:50 GMT
expires: Sun, 14 Feb 2021 02:59:50 GMT
last-modified: Tue, 19 Nov 2019 17:13:16 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 17339
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H2 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/206/ Frame C495 0
0 6ms
5ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/206/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/206/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.onmsft.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.onmsft.com/

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
content-length: 4624
date: Sat, 15 Feb 2020 02:59:50 GMT
expires: Sun, 14 Feb 2021 02:59:50 GMT
last-modified: Tue, 19 Nov 2019 17:13:16 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 17339
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0E5C 0
67 B 14ms
14ms Image
image/gif 2a00:1450:4001:818::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=206&t=2&li=gda_r20200212&jk=1600426327191439&bg=!p6SlpLxYw4GRk6Pk-9sCAAAAMVIAAAAImQFgb0gNSJG0C-Rj4glzzBefTtemnbt1PtoiHz1yF90zcFATlEJCFkLD9eWinq5TPNMhjY02DtwFMLYQQPxOmMwGQBMJAayWH7mkUEoP-_YzDN0FlySXdgcyQ7UfFA1XM6dqFFbEm2CYaTn08K_AVyVwkj9RU6FlnUtAowEt7vryrMZ2VOwDtR5SKRoZPV3MZIrjYuHnnu2Wn2b6EoYhJ0sBd3OXK6a0p3t8UnDgDeKaq8Rud2LQTVT5lpvFLqe5xuNxZhcM1IixxP_a4xrm6ge76NDdCvH1zlI4FOkHtORF6Vq03yB6KHCZYzIL0tN4AFZwm4Izfir16hPiGMusARp7zCuJDShsYiPkVWYNEuhlOjKP94SzX8LzFjgZ_j6rdp1CO4Mq1w3uN0aE-cjY-XEDIdKfDMcBffKiz1GA6Rn-pmMPDWz5gO47_TY-vxTEEXz68ttEZ-gptrSBRig6p66W5g

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Sat, 15 Feb 2020 07:48:49 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 204
cache-control: no-cache, must-revalidate
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 134ms
133ms Image
image/gif 104.244.37.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=7529&asId=441c61c2-884a-dd27-e625-73b2fb4f5a21&tv={c:4hgMFt,time:864,type:e,env:{ar:4127ccda-2376-b9d3-11f3-42f07f8f3d81.1},es:0,sc:1,ha:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:864,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:169,wc:0.0.1600.1200,ac:1031.859.300.250,am:i,cc:1031.859.300.250,piv:100,obst:0,th:0,reas:,bkn:{piv:[708~100],as:[708~300.250]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:374,fm:rQym5Fq+11|12|13|14|15|16|17.7529|171|1721|173|174|18*.7529|181|19.7529|191|1a.7529|1a1|1b.7529|1b1|1c|1d|1e|1f|1g|1h|1i|1j,idMap:18*,rend:1,renddet:IMG.qs,rmeas:1}&br=u
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: daldt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Pragma: no-cache
Date: Sat, 15 Feb 2020 07:48:49 GMT
X-Server-Name: dt03dal.dal.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 137ms
137ms Image
image/gif 104.244.37.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=7529&asId=88e36a07-22d9-e6c6-29fb-f036c37fe1c3&tv={c:4hgMFv,time:913,type:e,env:{ar:4127ccda-2376-b9d3-11f3-42f07f8f3d81.2},es:0,sc:1,ha:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:0,o:913,n:0,pp:0,pm:0},slEvents:[{sl:o,t:333,wc:0.0.1600.1200,ac:698.1465.300.250,am:i,cc:698.1465.300.250,piv:0,obst:0,th:0,reas:l,bkn:{piv:[599~0],as:[599~300.250]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:299,fm:rQym5Fq+11|12|13|14|15|16|171|1721|173|174|175|18.7529|181|182|19*.7529|191|1a.7529|1a1|1b.7529|1b1|1c|1d|1e|1f|1g|1h|1i|1j|1k|1l,idMap:19*,rend:1,renddet:IMG.qs,rmeas:1}&br=u
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: daldt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Pragma: no-cache
Date: Sat, 15 Feb 2020 07:48:49 GMT
X-Server-Name: dt37dal.dal.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 137ms
137ms Image
image/gif 104.244.37.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=7529&asId=5e1a0c7b-766b-4fa8-4cf7-74f650a3b083&tv={c:4hgMFx,time:866,type:e,env:{ar:4127ccda-2376-b9d3-11f3-42f07f8f3d81.3},es:0,sc:1,ha:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:0,o:866,n:0,pp:0,pm:0},slEvents:[{sl:o,t:396,wc:0.0.1600.1200,ac:698.2081.300.250,am:i,cc:698.2081.300.250,piv:0,obst:0,th:0,reas:l,bkn:{piv:[561~0],as:[561~300.250]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:286,fm:rQym5Fq+11|12|13|14|15|16|171|1721|173|174|175|181|182|19.7529|191|192|1a*.7529|1a1|1b.7529|1b1|1c|1d|1e|1f|1g|1h|1i|1j|1k,idMap:1a*,rend:1,renddet:IMG.qs,rmeas:1}&br=u
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: daldt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Pragma: no-cache
Date: Sat, 15 Feb 2020 07:48:49 GMT
X-Server-Name: dt55dal.dal.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 138ms
138ms Image
image/gif 104.244.37.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=7529&asId=d7e38cdb-9694-ae38-9a82-f6f78a1f1e94&tv={c:4hgMFy,time:860,type:e,env:{ar:4127ccda-2376-b9d3-11f3-42f07f8f3d81.4},es:0,sc:1,ha:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:0,o:860,n:0,pp:0,pm:0},slEvents:[{sl:o,t:448,wc:0.0.1600.1200,ac:429.3010.728.90,am:i,cc:429.3010.728.90,piv:0,obst:0,th:0,reas:l,bkn:{piv:[464~0],as:[464~728.90]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:0,fm:rQym5Fq+11|12|13|14|15|16|171|1721|173|174|175|181|182|19.7529|191|192|1a.7529|1a1|1a2|1b*.7529|1b1|1c|1d|1e|1f|1g|1h|1i|1j|1k,idMap:1b*,rend:1,renddet:IMG.qs,rmeas:1}&br=u
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: daldt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Pragma: no-cache
Date: Sat, 15 Feb 2020 07:48:49 GMT
X-Server-Name: dt07dal.dal.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9BCB 0
67 B 14ms
13ms Image
image/gif 2a00:1450:4001:818::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=206&t=2&li=gpt_2020013001&jk=458819588129666&bg=!HxylHARYieysTQK4NGECAAAAQFIAAAAUmQFgNMHtNMee1gFvEjIOHeZ4SKukxgLiH60RxiqrWo5aeBIAUZq3xKW337sNfKWdb2jdr0VRLKzKL_5CJCqsDETmZ8JsbQV-S4szKpzakmyF8HVUnuccTHO1eJNPC7Xbv_nTRuHtrvmKU-Nc7t92wUaNQ-TYDcw2aYgWjzUrqq5961u57LAoyYJxsBlvBkbSF8ZwA1etZeyiHfpCxyflKStrcMzt_kvYUFRu9Wkm6Zw6SLGirH4Olc5B_x2_gQjQrK2JIq_wsJg6DLQ8RMMKQ8eHlfwFzwOVVowX7GygZqIYPA96ejJJX5zflmMiRUsU9MGdCuVxr5cjFFRWGaftlAAcWPqo895KovM5V4PUeDzPQlOdS3p6nSSJ16BRRxmD2T3BfzwdVA3sHn-B3yu996o8YshVdGccklyqvNrGxN4SCl48HILL8zS5uaIgte8__y8kBcF91ltdwoOQaWAsyR4GIA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Sat, 15 Feb 2020 07:48:49 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 204
cache-control: no-cache, must-revalidate
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 958F 0
67 B 14ms
14ms Image
image/gif 2a00:1450:4001:818::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=206&t=2&li=gpt_2020021101&jk=4140613113853579&bg=!oKOlo7tYhv8Kf6uaVp4CAAAAPFIAAAAOmQFgvHdZFFTYrkVSInNOzeWHsZ5T_NsKk07N0gOEOXEU7-PLowse3j20DiSJe4uZzfAJP1qk6k0cCnZeIaft2kdyPEzMDKzKSjrlVV1bjvwp20WKAxgoPUe8x7JC-Ah1oPz0cWuJL_BFnQ4tMiAqyBJzOeBNSkWN7SmBbJAXInJUlwbOHxC6hTvpzUR3BSZV2EMU9fyBwPgA9A0pjaHettcZx9GupbojBXj2cHgoza13EzVcRj_6ezRpIgTwS2-XYloVyZwgaAPatNUTzrwZ89IEud70lZJR-A0dOK3jPrce9donhKAECipYQ3pIBOUwBkFlKT8cua1n-Rv-U1DeVgC88lWM0gVpYZnvJNPvlbFPukYERd_QkAItgtw6fluIqXWaByssQsUyJZ2dD99yPeGksog4VP24ILBGoMX87keudvTmSys7m3cFCUvZDEklV7k_Nc0GbudVSxo7kuKN1zfSzg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Sat, 15 Feb 2020 07:48:49 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 204
cache-control: no-cache, must-revalidate
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 138ms
138ms Image
image/gif 104.244.37.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=7529&asId=4127ccda-2376-b9d3-11f3-42f07f8f3d81&tv={c:4hgMM2,pingTime:1,time:1273,type:p,clog:[{piv:100,vs:i,r:,w:970,h:250,t:144}],es:0,sc:1,ha:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:1273,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:144,wc:0.0.1600.1200,ac:308.10.970.250,am:i,cc:308.10.970.250,piv:100,obst:0,th:0,reas:,bkn:{piv:[1141~100],as:[1141~970.250]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:134,fm:rQym5Fq+11|12|13|14|15|16|17*.7529|171|1721|173|18.7529|181|19.7529|191|1a.7529|1a1|1b.7529|1b1|1c|1d|1e|1f|1g|1h|1i|1j,idMap:17*,rend:1,renddet:DIV.qs.sn,rmeas:1}&br=u
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: daldt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Pragma: no-cache
Date: Sat, 15 Feb 2020 07:48:49 GMT
X-Server-Name: dt07dal.dal.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 139ms
138ms Image
image/gif 104.244.37.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=7529&asId=4127ccda-2376-b9d3-11f3-42f07f8f3d81&tv={c:4hgMM4,pingTime:1,time:1275,type:pf,clog:[{piv:100,vs:i,r:,w:970,h:250,t:144}],es:0,sc:1,ha:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:1275,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:144,wc:0.0.1600.1200,ac:308.10.970.250,am:i,cc:308.10.970.250,piv:100,obst:0,th:0,reas:,bkn:{piv:[1143~100],as:[1143~970.250]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:134,fm:rQym5Fq+11|12|13|14|15|16|17*.7529|171|1721|173|18.7529|181|19.7529|191|1a.7529|1a1|1b.7529|1b1|1c|1d|1e|1f|1g|1h|1i|1j,idMap:17*,rend:1,renddet:DIV.qs.sn,rmeas:1}&br=u
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: daldt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Pragma: no-cache
Date: Sat, 15 Feb 2020 07:48:49 GMT
X-Server-Name: dt55dal.dal.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 137ms
137ms Image
image/gif 104.244.37.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=7529&asId=4127ccda-2376-b9d3-11f3-42f07f8f3d81&tv={c:4hgMM4,pingTime:1,time:1275,type:c,clog:[{piv:100,vs:i,r:,w:970,h:250,t:144}],es:0,sc:1,ha:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:1275,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:144,wc:0.0.1600.1200,ac:308.10.970.250,am:i,cc:308.10.970.250,piv:100,obst:0,th:0,reas:,bkn:{piv:[1144~100],as:[1144~970.250]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:134,fm:rQym5Fq+11|12|13|14|15|16|17*.7529|171|1721|173|18.7529|181|19.7529|191|1a.7529|1a1|1b.7529|1b1|1c|1d|1e|1f|1g|1h|1i|1j,idMap:17*,rend:1,renddet:DIV.qs.sn,rmeas:1,metricId:publ1,cmr:t}&br=u
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: daldt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Pragma: no-cache
Date: Sat, 15 Feb 2020 07:48:49 GMT
X-Server-Name: dt37dal.dal.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 135ms
134ms Image
image/gif 104.244.37.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=7529&asId=4127ccda-2376-b9d3-11f3-42f07f8f3d81&tv={c:4hgMM5,pingTime:1,time:1276,type:c,clog:[{piv:100,vs:i,r:,w:970,h:250,t:144}],es:0,sc:1,ha:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:1276,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:144,wc:0.0.1600.1200,ac:308.10.970.250,am:i,cc:308.10.970.250,piv:100,obst:0,th:0,reas:,bkn:{piv:[1144~100],as:[1144~970.250]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:134,fm:rQym5Fq+11|12|13|14|15|16|17*.7529|171|1721|173|18.7529|181|19.7529|191|1a.7529|1a1|1b.7529|1b1|1c|1d|1e|1f|1g|1h|1i|1j,idMap:17*,rend:1,renddet:DIV.qs.sn,rmeas:1,metricId:grpm1,cmr:t}&br=u
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: daldt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Pragma: no-cache
Date: Sat, 15 Feb 2020 07:48:49 GMT
X-Server-Name: dt03dal.dal.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 139ms
137ms Image
image/gif 104.244.37.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=7529&asId=441c61c2-884a-dd27-e625-73b2fb4f5a21&tv={c:4hgMMs,pingTime:1,time:1297,type:p,clog:[{piv:100,vs:i,r:,w:300,h:250,t:169}],es:0,sc:1,ha:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:1297,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:169,wc:0.0.1600.1200,ac:1031.859.300.250,am:i,cc:1031.859.300.250,piv:100,obst:0,th:0,reas:,bkn:{piv:[1142~100],as:[1142~300.250]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:138,fm:rQym5Fq+11|12|13|14|15|16|17.7529|171|1721|173|174|18*.7529|181|19.7529|191|1a.7529|1a1|1b.7529|1b1|1c|1d|1e|1f|1g|1h|1i|1j,idMap:18*,rend:1,renddet:IMG.qs,rmeas:1}&br=u
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: daldt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Pragma: no-cache
Date: Sat, 15 Feb 2020 07:48:49 GMT
X-Server-Name: dt55dal.dal.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 137ms
135ms Image
image/gif 104.244.37.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=7529&asId=441c61c2-884a-dd27-e625-73b2fb4f5a21&tv={c:4hgMMu,pingTime:1,time:1299,type:pf,clog:[{piv:100,vs:i,r:,w:300,h:250,t:169}],es:0,sc:1,ha:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:1300,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:169,wc:0.0.1600.1200,ac:1031.859.300.250,am:i,cc:1031.859.300.250,piv:100,obst:0,th:0,reas:,bkn:{piv:[1144~100],as:[1144~300.250]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:138,fm:rQym5Fq+11|12|13|14|15|16|17.7529|171|1721|173|174|18*.7529|181|19.7529|191|1a.7529|1a1|1b.7529|1b1|1c|1d|1e|1f|1g|1h|1i|1j,idMap:18*,rend:1,renddet:IMG.qs,rmeas:1}&br=u
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: daldt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Pragma: no-cache
Date: Sat, 15 Feb 2020 07:48:49 GMT
X-Server-Name: dt70dal.dal.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 133ms
132ms Image
image/gif 104.244.37.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=7529&asId=441c61c2-884a-dd27-e625-73b2fb4f5a21&tv={c:4hgMMx,pingTime:1,time:1302,type:c,clog:[{piv:100,vs:i,r:,w:300,h:250,t:169}],es:0,sc:1,ha:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:1302,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:169,wc:0.0.1600.1200,ac:1031.859.300.250,am:i,cc:1031.859.300.250,piv:100,obst:0,th:0,reas:,bkn:{piv:[1146~100],as:[1146~300.250]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:138,fm:rQym5Fq+11|12|13|14|15|16|17.7529|171|1721|173|174|18*.7529|181|19.7529|191|1a.7529|1a1|1b.7529|1b1|1c|1d|1e|1f|1g|1h|1i|1j,idMap:18*,rend:1,renddet:IMG.qs,rmeas:1,metricId:publ1,cmr:t}&br=u
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: daldt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Pragma: no-cache
Date: Sat, 15 Feb 2020 07:48:49 GMT
X-Server-Name: dt03dal.dal.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 137ms
137ms Image
image/gif 104.244.37.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=7529&asId=441c61c2-884a-dd27-e625-73b2fb4f5a21&tv={c:4hgMMz,pingTime:1,time:1304,type:c,clog:[{piv:100,vs:i,r:,w:300,h:250,t:169}],es:0,sc:1,ha:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:1304,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:169,wc:0.0.1600.1200,ac:1031.859.300.250,am:i,cc:1031.859.300.250,piv:100,obst:0,th:0,reas:,bkn:{piv:[1148~100],as:[1148~300.250]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:138,fm:rQym5Fq+11|12|13|14|15|16|17.7529|171|1721|173|174|18*.7529|181|19.7529|191|1a.7529|1a1|1b.7529|1b1|1c|1d|1e|1f|1g|1h|1i|1j,idMap:18*,rend:1,renddet:IMG.qs,rmeas:1,metricId:grpm1,cmr:t}&br=u
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: daldt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Pragma: no-cache
Date: Sat, 15 Feb 2020 07:48:49 GMT
X-Server-Name: dt55dal.dal.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H2 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 0E5C 42 B
121 B 15ms
14ms Image
image/gif 2a00:1450:4001:818::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuGUSKCLXxyxk2tI4e_RT2mLWDLHt4MkdmEPsnbNySgLKWX5Sv_5dMTp7qllZnYyi81PXx68-Mvwf1KoV1GHts4et2RZFxYicmZ9IINte8&sig=Cg0ArKJSzAd3DMYxYOdWEAE&adk=1816371679&tt=-1&bs=1585%2C1200&mtos=1064,1064,1064,1064,1064&tos=1064,0,0,0,0&p=10,308,100,1036&mcvt=1064&rs=0&ht=0&tfs=363&tls=1427&mc=1&lte=0&bas=0&bac=0&met=ie&avms=nio&exg=1&md=2&btr=0&lm=2&rst=1581752928300&dlt&rpt=162&isd=0&msd=0&ext&xdi=0&ps=1585%2C3406&ss=1600%2C1200&pt=-1&bin=4&deb=1-0-0-11-4-10-10-0-0-0&tvt=1425&is=970%2C250&iframe_loc=https%3A%2F%2Fwww.onmsft.com%2F&r=v&id=osdim&vs=4&uc=11&upc=1&tgt=DIV&cl=1&cec=1&wf=0&cac=1&cd=0x0&itpl=19&v=20200210

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Sat, 15 Feb 2020 07:48:49 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, must-revalidate
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 1E2B 42 B
121 B 15ms
14ms Image
image/gif 2a00:1450:4001:818::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvC6gpUK1cN3cbuojm6K-tDqDZIGtfl7BU1O3RoRNvCiKlDVohj2sZBeS4oDP9S7Kz8tD7ITFbJ0ohQPbcekDXgPWfFkEcpINGF4MUUV2o&sig=Cg0ArKJSzAzKl8vPSKc5EAE&adk=3833968141&tt=-1&bs=1585%2C1200&mtos=1092,1092,1092,1092,1092&tos=1092,0,0,0,0&p=859,1031,1109,1331&mcvt=1092&rs=0&ht=0&tfs=245&tls=1337&mc=1&lte=0&bas=0&bac=0&met=mue&avms=nio&exg=1&md=2&btr=0&lm=2&rst=1581752928308&dlt&rpt=286&isd=0&msd=0&ext&xdi=0&ps=1585%2C3406&ss=1600%2C1200&pt=-1&bin=4&deb=1-0-0-11-2-10-10-0-0-0&tvt=1336&is=300%2C250&iframe_loc=https%3A%2F%2Fwww.onmsft.com%2F&r=v&id=osdim&vs=4&uc=11&upc=1&tgt=DIV&cl=1&cec=1&wf=0&cac=1&cd=0x0&itpl=19&v=20200210

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Sat, 15 Feb 2020 07:48:49 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, must-revalidate
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gn
secure-us.imrworldwide.com/cgi-bin/ 44 B
332 B 34ms
33ms Image
image/gif 54.72.110.169
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-us.imrworldwide.com/cgi-bin/gn?prd=dcr&ci=au-408075&ch=au-408075_b99_0&sessionId=FaAifKweRZrrERMsdBI3XBR3IXNFT1581752927&asn=0&prv=1&c6=vc,b99&ca=NA&c13=asid,NA&c32=segA,NA&c33=segB,NA&c34=segC,NA&c15=apn,v60Bsdk&sup=0&segment2=&segment1=&forward=1&ad=0&cr=V&c9=devid,&enc=true&c1=nuid,999&at=view&rt=text&c16=sdkv,bj.6.0.0&c27=cln,0&crs=&lat=&lon=&c29=plid,15817529273507811&c30=bldv,6.0.0.474&st=dcr&c7=osgrp,&c8=devgrp,&c10=plt,&c40=adbid,&c14=osver,NA&c26=dmap,1&dd=&hrd=&wkd=&c35=adrsid,&c36=cref1,&c37=cref2,&c11=agg,1&c12=apv,&c51=adl,0&c52=noad,0&devtypid=&pc=NA&si=https%3A%2F%2Fwww.onmsft.com%2F&c73=phtype,&c74=dvcnm,&uoo=&c62=sendTime,1581752930&rnd=509958
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.72.110.169 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-72-110-169.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Sat, 15 Feb 2020 07:48:50 GMT
server: nginx
access-control-allow-origin: *
access-control-allow-methods: POST, OPTIONS
p3p: P3P policyref="http://www.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
status: 200
cache-control: no-cache
content-type: image/gif
content-length: 44
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2 200 activeview
pagead2.googlesyndication.com/pcs/ Frame BD01 42 B
121 B 21ms
20ms Image
image/gif 2a00:1450:4001:818::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvWHLAwt3OGz6-AtkvHZ0V793U94qw3pcKrni0__WXiTRGXf_Y2SipOmPPhrDQK5J3fPl7E1QtkB_BcTqAbFIQ1whjuiQRVBljJwOBNfz879AXdV3TppXZkiTROtDNR8kk9yOFRg4XhHPh2ebAB84UA&sai=AMfl-YQp-lC07BI4KeVoFbGdgMwYZ94IBMYhIPRdplVJEvOf5ebY8vOuEsl2EYZa9pFQXlYCqgSJG2jGMyd8MEgHpoY1rH8O9UfJm7SDoqG9Pb3pKOfIps4B7w9Ohhw&sig=Cg0ArKJSzFZ5s9l5stbdEAE&cid=CAASPeRoT0knwGxQasmw31zbQaKRRfit2abCHlPqKeCDkSDDLmbxWgSo8aOuWobMb3fV3g0mD3VS3fF1w5zpvR8&id=ampim&o=1031,859&d=300,250&ss=1600,1200&bs=1600,1200&mcvt=1029&mtos=0,0,1029,1029,1029&tos=0,0,1029,0,0&tfs=171&tls=1200&g=100&h=100&tt=1200&r=v&adk=358651622&avms=ampa

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Sat, 15 Feb 2020 07:48:50 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, must-revalidate
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/
Redirect Chain

https://eu-u.openx.net/w/1.0/pd?plm=6&ph=dc423def-06ad-4fb4-a386-363c0a8315a3&gdpr=1
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEG5rqfXUut3MW7Qy_NEifs4&google_cver=1

43 B
117 B

36ms
35ms

Image
image/gif

34.95.120.147
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEG5rqfXUut3MW7Qy_NEifs4&google_cver=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 147.120.95.34.bc.googleusercontent.com
Software: OXGW/16.174.5 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Feb 2020 07:48:50 GMT
via: 1.1 google
server: OXGW/16.174.5
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
status: 200
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 15 Feb 2020 07:48:50 GMT
server: HTTP server (unknown)
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEG5rqfXUut3MW7Qy_NEifs4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 302
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 v2uno_ssA0zUP8Us7RgP7dmZv7DJWtQkvd8b0ZzYONi1NeL8qcz168gnWDuwgbxBWz498stY Show response
chickensstation.com/ 216 B
604 B 192ms
130ms Fetch
application/json 35.186.219.42
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://chickensstation.com/v2uno_ssA0zUP8Us7RgP7dmZv7DJWtQkvd8b0ZzYONi1NeL8qcz168gnWDuwgbxBWz498stY

Requested by

Host: chickensstation.com
URL: https://chickensstation.com/v2/0/jux-E_ybSvS8hdhfETraPx7wTBGt-IxGIeCM0XCD7HAEEzip7tj3WtAoLl4mMCIRPZ4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.186.219.42 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

42.219.186.35.bc.googleusercontent.com

Software

Resource Hash

96a6d812ddfe204e97a63817f805731bbb2268d2c3728dfac2d5e4b15e354bf6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: https://www.onmsft.com/
Origin: https://www.onmsft.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=15724800; preload
x-datacenter: gce-europe-west1
status: 200
date: Sat, 15 Feb 2020 07:48:51 GMT
vary: Accept-Encoding
access-control-allow-methods: POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.onmsft.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-hostname: paris
timing-allow-origin: *
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
content-length: 216
expires: Sat, 15 Feb 2020 07:48:50 GMT

POST
H2 200 v2vnz5K6QDBVG9q8cn53v3jmqP7McLb3f-Po-BCbkaN2yeH5pcfZYOJayVxg3YzNTDLMse8A Show response
chickensstation.com/ 45 KB
13 KB 163ms
163ms Fetch
application/json 35.186.219.42
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://chickensstation.com/v2vnz5K6QDBVG9q8cn53v3jmqP7McLb3f-Po-BCbkaN2yeH5pcfZYOJayVxg3YzNTDLMse8A

Requested by

Host: chickensstation.com
URL: https://chickensstation.com/v2/0/jux-E_ybSvS8hdhfETraPx7wTBGt-IxGIeCM0XCD7HAEEzip7tj3WtAoLl4mMCIRPZ4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.186.219.42 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

42.219.186.35.bc.googleusercontent.com

Software

Resource Hash

58589dae0916d5a7db2a9eb29858921849a5e05bc0b282d7ae8f58e18863c058

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: https://www.onmsft.com/
Origin: https://www.onmsft.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=15724800; preload
content-encoding: gzip
x-datacenter: gce-europe-west1
status: 200
date: Sat, 15 Feb 2020 07:48:52 GMT
vary: Accept-Encoding
access-control-allow-methods: POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.onmsft.com
access-control-allow-credentials: true
x-hostname: paris
timing-allow-origin: *
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie

GET
H2 200 v2phaHAef158Gl2l6_hYuQkq1fs83Vrl-FDZsdyMhBF2OwBixgbQVyGjvTST1lmddv6h8Jmts2A Show response
dapperfloor.com/ 90 KB
29 KB 153ms
54ms Script
text/javascript 35.201.98.64
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://dapperfloor.com/v2phaHAef158Gl2l6_hYuQkq1fs83Vrl-FDZsdyMhBF2OwBixgbQVyGjvTST1lmddv6h8Jmts2A

Requested by

Host: chickensstation.com
URL: https://chickensstation.com/v2/0/jux-E_ybSvS8hdhfETraPx7wTBGt-IxGIeCM0XCD7HAEEzip7tj3WtAoLl4mMCIRPZ4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.201.98.64 , Ascension Island, ASN15169 (GOOGLE, US),

Reverse DNS

64.98.201.35.bc.googleusercontent.com

Software

Resource Hash

533a1d4c6e4a00b6116741fd9168218f4203123dd2ad935336912d0f893defc6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: https://www.onmsft.com/
Origin: https://www.onmsft.com
Sec-Fetch-Dest: script
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; preload
content-encoding: br
x-datacenter: gce-europe-west1
etag: 5c691a292965b97d783ca66029220ab5aa578c22163e29ea9279708f4e74dbcc
vary: Accept-Encoding
access-control-allow-methods: POST, OPTIONS
content-type: text/javascript; charset=utf-8
status: 200
cache-control: private, must-revalidate, max-age=21600
access-control-allow-credentials: true
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
x-hostname: paris
timing-allow-origin: *
access-control-allow-origin: https://www.onmsft.com
date: Sat, 15 Feb 2020 07:48:52 GMT

GET
H2 200 sticky-bubble
my.getadmiral.com/ Frame F8B6 0
0 105ms
33ms Document
text/html 34.95.92.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://my.getadmiral.com/sticky-bubble?propertyID=A-582E614B6A735F3E706A00D7-2?bgColor=rgba(25%2C114%2C120%2C1)&iconColor=rgba(255%2C255%2C255%2C1)&horizontalAlign=left

Requested by

Host: chickensstation.com
URL: https://chickensstation.com/v2/0/jux-E_ybSvS8hdhfETraPx7wTBGt-IxGIeCM0XCD7HAEEzip7tj3WtAoLl4mMCIRPZ4

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.95.92.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

134.92.95.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: my.getadmiral.com
:scheme: https
:path: /sticky-bubble?propertyID=A-582E614B6A735F3E706A00D7-2?bgColor=rgba(25%2C114%2C120%2C1)&iconColor=rgba(255%2C255%2C255%2C1)&horizontalAlign=left
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.onmsft.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.onmsft.com/

Response headers

status: 200
server: nginx
date: Sat, 15 Feb 2020 07:48:52 GMT
content-type: text/html
vary: Accept-Encoding
x-hostname: quest
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-security-policy: upgrade-insecure-requests;
strict-transport-security: max-age=15552000; preload
cache-control: max-age=300
expires: Sat, 15 Feb 2020 07:53:52 GMT
content-encoding: gzip
via: 1.1 google
alt-svc: clear

GET
H2 200 css
fonts.googleapis.com/ 756 B
486 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:809::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato:400,600

Requested by

Host: dapperfloor.com
URL: https://dapperfloor.com/v2phaHAef158Gl2l6_hYuQkq1fs83Vrl-FDZsdyMhBF2OwBixgbQVyGjvTST1lmddv6h8Jmts2A

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

72d54cf4303dd33627e9ea24df74a3195bb5db2bd73dcad547571c9ae87ae9f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: style

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 15 Feb 2020 07:48:52 GMT
server: ESF
date: Sat, 15 Feb 2020 07:48:52 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 15 Feb 2020 07:48:52 GMT

POST
H2 200 v2uno_ssA0zUP8Us7RgP7dmZv7DJWtQkvd8b0ZzYONi1NeL8qcz168gnWDuwgbxBWz498stY Show response
chickensstation.com/ 214 B
273 B 38ms
38ms Fetch
application/json 35.186.219.42
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://chickensstation.com/v2uno_ssA0zUP8Us7RgP7dmZv7DJWtQkvd8b0ZzYONi1NeL8qcz168gnWDuwgbxBWz498stY

Requested by

Host: chickensstation.com
URL: https://chickensstation.com/v2/0/jux-E_ybSvS8hdhfETraPx7wTBGt-IxGIeCM0XCD7HAEEzip7tj3WtAoLl4mMCIRPZ4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.186.219.42 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

42.219.186.35.bc.googleusercontent.com

Software

Resource Hash

1e345fcbaf05eb4ef5ff6fa12e902f1d5c5556f7923a5b50f288a5c9bd24bb33

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: https://www.onmsft.com/
Origin: https://www.onmsft.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=15724800; preload
x-datacenter: gce-europe-west1
status: 200
date: Sat, 15 Feb 2020 07:48:52 GMT
vary: Accept-Encoding
access-control-allow-methods: POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.onmsft.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-hostname: paris
timing-allow-origin: *
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
content-length: 214
expires: Sat, 15 Feb 2020 07:48:51 GMT

GET
H2 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v16/ 23 KB
23 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:815::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v16/S6uyw4BMUTPHjx4wXg.woff2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/css?family=Lato:400,600
Origin: https://www.onmsft.com
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36

Response headers

date: Tue, 04 Feb 2020 21:20:27 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2019 03:45:47 GMT
server: sffe
age: 901705
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 23484
x-xss-protection: 0
expires: Wed, 03 Feb 2021 21:20:27 GMT

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 140ms
140ms Image
image/gif 104.244.37.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=7529&asId=4127ccda-2376-b9d3-11f3-42f07f8f3d81&tv={c:4hgNOy,pingTime:5,time:5273,type:p,clog:[{piv:100,vs:i,r:,w:970,h:250,t:144}],es:0,sc:1,ha:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:5274,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:144,wc:0.0.1600.1200,ac:315.10.970.250,am:i,cc:315.10.970.250,piv:100,obst:0,th:0,reas:,bkn:{piv:[5142~100],as:[5142~970.250]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:143,fm:rQym5Fq+11|12|13|14|15|16|17*.7529|171|1721|173|18.7529|181|19.7529|191|1a.7529|1a1|1b.7529|1b1|1c|1d|1e|1f|1g|1h|1i|1j,idMap:17*,rend:1,renddet:DIV.qs.sn,rmeas:1}&br=u
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: daldt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Pragma: no-cache
Date: Sat, 15 Feb 2020 07:48:53 GMT
X-Server-Name: dt55dal.dal.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 137ms
136ms Image
image/gif 104.244.37.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=7529&asId=4127ccda-2376-b9d3-11f3-42f07f8f3d81&tv={c:4hgNOA,pingTime:5,time:5275,type:pf,clog:[{piv:100,vs:i,r:,w:970,h:250,t:144}],es:0,sc:1,ha:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:5275,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:144,wc:0.0.1600.1200,ac:315.10.970.250,am:i,cc:315.10.970.250,piv:100,obst:0,th:0,reas:,bkn:{piv:[5143~100],as:[5143~970.250]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:143,fm:rQym5Fq+11|12|13|14|15|16|17*.7529|171|1721|173|18.7529|181|19.7529|191|1a.7529|1a1|1b.7529|1b1|1c|1d|1e|1f|1g|1h|1i|1j,idMap:17*,rend:1,renddet:DIV.qs.sn,rmeas:1}&br=u
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: daldt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Pragma: no-cache
Date: Sat, 15 Feb 2020 07:48:53 GMT
X-Server-Name: dt03dal.dal.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 134ms
133ms Image
image/gif 104.244.37.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=7529&asId=441c61c2-884a-dd27-e625-73b2fb4f5a21&tv={c:4hgNOX,pingTime:5,time:5296,type:p,clog:[{piv:100,vs:i,r:,w:300,h:250,t:169}],es:0,sc:1,ha:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:5296,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:169,wc:0.0.1600.1200,ac:1039.859.300.250,am:i,cc:1039.859.300.250,piv:100,obst:0,th:0,reas:,bkn:{piv:[5140~100],as:[5140~300.250]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:249,fm:rQym5Fq+11|12|13|14|15|16|17.7529|171|1721|173|174|18*.7529|181|19.7529|191|1a.7529|1a1|1b.7529|1b1|1c|1d|1e|1f|1g|1h|1i|1j,idMap:18*,rend:1,renddet:IMG.qs,rmeas:1}&br=u
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: daldt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Pragma: no-cache
Date: Sat, 15 Feb 2020 07:48:53 GMT
X-Server-Name: dt55dal.dal.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ 43 B
308 B 134ms
133ms Image
image/gif 104.244.37.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=7529&asId=441c61c2-884a-dd27-e625-73b2fb4f5a21&tv={c:4hgNOY,pingTime:5,time:5297,type:pf,clog:[{piv:100,vs:i,r:,w:300,h:250,t:169}],es:0,sc:1,ha:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:{i:5297,o:0,n:0,pp:0,pm:0},slEvents:[{sl:i,t:169,wc:0.0.1600.1200,ac:1039.859.300.250,am:i,cc:1039.859.300.250,piv:100,obst:0,th:0,reas:,bkn:{piv:[5141~100],as:[5141~300.250]}}],slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:249,fm:rQym5Fq+11|12|13|14|15|16|17.7529|171|1721|173|174|18*.7529|181|19.7529|191|1a.7529|1a1|1b.7529|1b1|1c|1d|1e|1f|1g|1h|1i|1j,idMap:18*,rend:1,renddet:IMG.qs,rmeas:1}&br=u
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.37.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: daldt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.onmsft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Pragma: no-cache
Date: Sat, 15 Feb 2020 07:48:53 GMT
X-Server-Name: dt70dal.dal.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

Verdicts & Comments Add Verdict or Comment

184 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.onmsft.com/	1970-01-19 08:05:44	Name: __cfduid Value: d0f3ee49e0cf915d6e0900064f587a5071581752924

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://cdn.static.zdbb.net/js/zd-core-olt.min.js?v=5(Line 1) Message: ZD Core :: Outbound Link Tracking Initialized
console-api	info	URL: https://cdn.ampproject.org/rtv/012001281851410/amp4ads-v0.js(Line 409) Message: Powered by AMP ⚡ HTML – Version 2001281851410 https://www.onmsft.com/
console-api	info	URL: https://cdn.ampproject.org/rtv/012001281851410/amp4ads-v0.js(Line 409) Message: Powered by AMP ⚡ HTML – Version 2001281851410 https://www.onmsft.com/
console-api	info	URL: https://cdn.ampproject.org/rtv/012001281851410/amp4ads-v0.js(Line 409) Message: Powered by AMP ⚡ HTML – Version 2001281851410 https://www.onmsft.com/
console-api	info	URL: https://cdn.ampproject.org/rtv/012001281851410/amp4ads-v0.js(Line 409) Message: Powered by AMP ⚡ HTML – Version 2001281851410 https://www.onmsft.com/
console-api	debug	URL: https://static.adsafeprotected.com/sca.17.4.114.js(Line 32) Message: a: 0.001953125ms

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.teads.tv
ad.doubleclick.net
admiral.mgr.consensu.org
adservice.google.com
adservice.google.de
adservice.google.nl
ajax.cloudflare.com
ajax.googleapis.com
api.skimlinks.mgr.consensu.org
as-sec.casalemedia.com
c.amazon-adsystem.com
cdn-gl.imrworldwide.com
cdn.ampproject.org
cdn.intergi.com
cdn.krxd.net
cdn.nsstatic.com
cdn.static.zdbb.net
chickensstation.com
cm.g.doubleclick.net
contextual.media.net
dapperfloor.com
dt.adsafeprotected.com
eu-u.openx.net
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
g.pcmag.com
googleads.g.doubleclick.net
gurgle.zdbb.net
hbopenbid.pubmatic.com
i0.wp.com
i1.wp.com
i2.wp.com
ib.adnxs.com
jogger.zdbb.net
load77.exelator.com
loadeu.exelator.com
my.getadmiral.com
ns.zdbb.net
p.skimresources.com
pagead2.googlesyndication.com
pixel.adsafeprotected.com
pixel.wp.com
r.skimresources.com
s.skimresources.com
sb.scorecardresearch.com
secure-us.imrworldwide.com
securepubads.g.doubleclick.net
stags.bluekai.com
static.adsafeprotected.com
stats.g.doubleclick.net
stats.wp.com
sync.crwdcntrl.net
sync.teads.tv
t.skimresources.com
t.teads.tv
tags.bkrtx.com
tpc.googlesyndication.com
us-u.openx.net
vendorlist.consensu.org
winbeta.disqus.com
winbeta.org
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.onmsft.com
x.skimresources.com
zdbb.net
ziffdavis-d.openx.net
104.24.121.101
104.244.37.20
13.225.86.250
147.75.102.200
151.101.112.175
151.101.12.134
151.139.128.10
172.217.18.102
172.217.18.162
172.217.22.66
185.64.189.112
192.0.76.3
192.0.77.2
195.181.175.52
2.18.232.7
2.18.234.21
2.19.45.224
23.38.55.104
23.43.115.95
23.45.108.93
23.45.237.36
2600:9000:20eb:d800:2:42d9:3100:93a1
2600:9000:2156:7400:1:af78:4c0:93a1
2600:9000:2156:ac00:8:48e:53c0:93a1
2606:4700:3034::681c:1a14
2606:4700::6811:4004
2a00:1450:4001:806::2008
2a00:1450:4001:806::200e
2a00:1450:4001:808::2001
2a00:1450:4001:809::200a
2a00:1450:4001:814::2004
2a00:1450:4001:815::2002
2a00:1450:4001:815::2003
2a00:1450:4001:817::2002
2a00:1450:4001:818::2002
2a00:1450:4001:81d::200a
2a00:1450:4001:821::2001
2a00:1450:400c:c00::9b
34.95.120.147
34.95.92.134
35.186.219.42
35.190.40.172
35.190.59.101
35.190.76.239
35.201.67.47
35.201.98.64
37.252.173.38
52.208.18.218
52.49.126.143
54.172.13.155
54.246.208.255
54.72.110.169
63.33.115.128
69.173.144.143
92.122.253.103
92.122.254.4
95.100.78.156
0032b2261196d6c16c5819d5e9b06901de3402f4fa728633cf9684000d5d390c
0284cbccebf1682452d62d06efa3665c874d642d4e03f5f5f9bb0f555da9251b
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
0630637c1d2b309e9e1eec0755b10affe7d265890cbc467bf733c554cab8bb75
06349254c3a3832ea81973863ce5873ab441c1b8006ee1cb553425d152fabf88
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
072cfdc3b5c6541f3d3c06ebd4c138ab38b6e7983704b73dcb46710ac3ccb05b
07fa03f1e5fef6c5ee89c033aa08a86d1e791714aa6437142823c8e5adea8a93
082eea712dfa8bc364d8f05d86b35e7266a93fd1b19c6b7d953b8dede8135223
083e70abc61231f062f9e884cbcfebf44d3b037acf0e5e7ee13cc13f2af4b877
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2
1331ce07d67579b7a85c3f1deb9479460b198356c6d1aee8de72daa1d5e377b2
13e524226cb57622366c08ba4ba0e590e012c76f994cd1167cb2d646cfb537a8
144d459868bbde53c39f0255dd0c3b4556888d0c7b79f0d588d13ebab98e12d3
14815d3ad86f0839b16208a0d832d3695822c6d9bb9fc242b946cecad46799a6
175e48363c0039f76872876da5cb8ceeedb591b268c938926843650a6f32fdf1
18a2feaa66f04d1802f8a988599ef43e1ae85401aa02ec15f5f28f06b34bd133
18ba591a363b3cd37d19d6884c1ae250b84d106706d403738eb0dab6c9a97a66
191e2a2deb0b16b4e6c833685b15ab930c8eaeec228391f6b26bc1fcda208c7b
1a79eab12465f1816363b5750fedadf5b9f73a82efe9c1b8453949ccf9bad14b
1b404deff9d7a05dfafbf65adfce1f6f268d6058264b3816bbc3fb8d26929a65
1c3fa7cd138ffe3bd63561627dd15a8bf174f7edb5c328a82cb4beb1c4549aa0
1e345fcbaf05eb4ef5ff6fa12e902f1d5c5556f7923a5b50f288a5c9bd24bb33
24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db
27c28940ec81d18ee66c4e0c0150d8ac4cdda803d14642056b1fd707ca447b59
2833cc2a0284a7f438e5d735cf1bbaa97f98f4303ef534e38a492f5b0b1a38f4
28ae559502a1a0ec542557b315daf48cee77071f5cba0975c7336d42cb97fd54
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2bbe4d4e1a168926c878be73ce8e09b71e70f3823575de43e0623a4e2dfb609d
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2eafa3cd7f8f747c53303bac3611e17c8dd7dd3a797f1761f3c8b294637c3b03
312fc84744851dec2d470d1c64db3080640764b4f02305791d7d63daf361da7b
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
33f5e031d6755d3d5e90bef966097c568dacd3e83905f4f474ccc76b9b335293
3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
39ea9f850650a68c9c31c4a28afd2b2ee15f1332271b223a2a7f9a9ff4410e1f
3b1a5e042bf9047407af7c13f8981539dc187c0cffef5d2c08d5a4319d4456c1
3b4efa0a28b62f74b161afcd01640b422a039a8406aae24e845be89fdd505638
40d15910a4e322fdf4dd074ef29b75e945725469cd67fa9fccdbe0c17798aa77
40f1794e8936ecfb23957a50f50c1875bc0e9d88453887b7943e7cc78007ce58
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4527942a78cc3dc79870ac0805c8de8569ccc51ca0f68cc37b0a99309c94b827
461c7c98bfd60c00a3ff29a5d96e379560fe8fb1cc78ce5f1beefa809cb729fa
46650bbc5399158ecaa94f56d7a7b8e83f966da2a27a16f748e75057526afe06
46db8aa849efbb74eea827e43ed1ec0ec29b1764bb69a00468804e50360a24d3
47416bb10a73f01327feb474399d64569338ad413123895bfcd8252ab3f00f98
4898c2b9f8c2f931ef6a819d36e0019867931d9519af933ab4bd5edce724b2a8
49acf7723a3f4b4d346dda4daa26f1ab3141abd4d35a6206050dcd695d37e4f7
4d1616e73263449af104757523feebb1c37fa16dd53ddeb048c0bd4c361d8bf4
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e523a5ae5b4636c75901b79fafbd3912e41dc7987414e688b09d4b436ff22b3
4eeeaa4e345fef8be54d0a26426b4fb41a4fa9110bf30cba2254472189aca82c
4f30bdeed794aeb92d85e55d901c0bdb634df32432010792e3b569ea73cae443
525c4a17a176d9c4cca0ba2d0505895266a06f248de4f799d869641b7724e31a
52cb3d448ecca364f956f7936bd685d2d1828686f3639ef2b58cc43da91286d0
533a1d4c6e4a00b6116741fd9168218f4203123dd2ad935336912d0f893defc6
53f975cd28f241bbbc91f55f7fcbd659c46cbf2e56df55b8af615251709612ec
58589dae0916d5a7db2a9eb29858921849a5e05bc0b282d7ae8f58e18863c058
5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd
5abf0c3555cff7b63e38f6e7b8e7f56896937c0c2cc97cfaee7997c443e3e254
5cc280e965102224e1c7c0bd1df536c524c3a6fc9762205f4d7f7b345382c724
5d21a740e749919a1c104e5fe818d32ce85732f40852b6993f62abb98afc1848
5e219e4345628a244cf3eaa95f23c35ca7bfa98968044223557edea2f4bdd6d3
5e9d5d7f0c649b8afca5ec420809ba9a6067a5dddd25be954f27c2ae034a1121
5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3
60d514b105a0f7863ef80f71c9226dbffd12d19bc691435c608ee23df452ccd0
6665f2f0414d1cd4ae554f9df8dcf5fce35aaeaf91bc7f0470df9924ae80cd71
6ea1e6ad306eaa4369aed3176e7fe0dd6d77a6206e01649544c05fbfc639ed5b
72d54cf4303dd33627e9ea24df74a3195bb5db2bd73dcad547571c9ae87ae9f3
72f0529b469bf6d09356fd7ea2fb765b3ca92983dc222e9612690da4d3df71b4
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
746acea8e7c75dbbff14b5aba22af0bbf4a54183875fab50454bb1a1bf65094c
76d32d2ba26da3253479ee4edc243bcf0c1bf2146bb2285a0364fc0db688196c
7776e84194e5149d180cbd67aa4ac94711a2e0864eded9194fd797913c9a3d6a
7817d24fae48a7de4fbe7af59036b89f5878161d346948494dc40fb408ff83bd
785442dd167ab359cc780916157e2c0409373af3b883188a5b6d3d9bf9fa59ad
79309eb48fb6365d92373c76fcae618eb0aaa1a6cfe957776131e17a7a6c1f9d
79453367032ac398d705754f3f4f0889191e4c83f9d02cab0aca259a419e6a49
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7f11e0d38986e9c5cd0327411cd05ba41092770edaf9ec0e002edf2616c93e30
7f6bcbd77f48eb8224b03f633a5a29c5588a00b642e86e603e41601eb7da2ef6
7f9c7e3625237a0b440a0ef04fac1d5ba02b84fe8d8eb5eaa6deefc61bf13bbb
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
8020b1406e0fc2c33e80f9dfafef11fac20bbd3555e794b9279ec2795f8561fc
80fca33137f9069475eab1a18a57de336d6fd32c3ca4622caf170f8b6bdd09fb
81903af7e2edd3f13a367a985ae6ab67b9877067877a51159eae13e923e88a47
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
85be41884a1b3e2e5504ccb60f49197cfec2c8e5ac128ead59f9c5a83c6ea029
86100414fd2597011498a2c4b8b09c460518a68af0133b9748573b73d248b899
8695a50079c03e50a952d42cd2c716d60e9a556649fd70bc0e80255515168f6c
8767f01caa430c5bd4e3b008a8e9dfe022156a4e91a23c394fdcb05c267f1b94
89d281be2d8967fc0d0384fc39c6822c9a86e5241dd5402eeb8041aaa05980da
8a2643f2d79eee5c7058cb82db22a36178f752d15b1eb8273e9c9ab2e810561a
8b9ff14a2ba603e1a32fddd3da2ffd8b50e201a9874ea3fafb50d537117153eb
8c6705ac0dd6ad034c2f223b36b87240e053e9260601d274ac2fb042b0495db5
8cb768574afb1d11ac212990e4d5420d64557c64278638d3812ede1beea21339
8f75ee8a760c4319b767725c06ad12a0f5291c38fe35e93cbe59c18f02fdc248
9291fdc44bccd9b470eddfb7e2326370687526185eeea097a02541d08b60ef53
92d0df15e0c6e41bdc0f900c97dc133e1f6a7f262a54eaab91066c3f373969ba
92dc51942aef996c9bacd4222704c31b79fa19844c11c63edc8c9308d6fdd1a0
9351b88726e78688b1699b41b23dbfc51f4d167ec8b373828698e5619a063993
943b73081fc28d6b92df8455af8206befc089a4396f2a80f64819cef85b728f7
94c64f16129178950ae198a21630de846ac0cef148890d92ca07ea212bc39834
96a6d812ddfe204e97a63817f805731bbb2268d2c3728dfac2d5e4b15e354bf6
96e377e6f4211849a7b2f37bec9522580aeac53b64175db2c3dfa50553ac5218
97563a1fa1542197cd5e5af7baf72085fee1a4d137f2a50208c1d09404d4044d
97c0b90a274af448df489559485c02fd74245cd6496e2467e3c47e791f92b6f3
98338d687e5f0016e85ba80b4de3c9c887e4dd4eb9ea5ac225ef1de42d149eb3
9b0cf3cb92b008ae84eeabab1e235ede240c9d5ed4ca0992e27374b7b7b6e2de
9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627
9d6368c6eab420dd270dd53602b62f1c2a61b0ee2bda36d38771b750ae1e1c90
9d6757384f86ea93a46cf05a185da797dd19a39053a0cc6e64759598f2bc05c0
9d7dfe0ced0a874aa3a7f3565829abcaabd610a557960469866f0691b57113fc
9dde00583784e2fdc1844f508484e07903850efb006e94122b0be49b30789bb1
9f1c4f7db1787b6370e793e81cac9a54a7347e731aed4cbe6234bdd1884c5f45
a1033dc43930887f32e9dccec31d834c60c6ffb9ff15e30a829931148328e8d0
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79
a5e569637ad3056f8c5936f61dc7927f3ab05a2c181ca7c8e0c502c5b0589aab
a67112ea9a57e9d11c94cd473e2deb3cce1d83650859047d6552901ad199d7ef
aaaabde3f68c325033b37bb3ebff887e3b589b7137e717e96648a52221881429
ad47f1dca2f43f35d36dd8d41446dbdb4fe83be15f538264d08b78557d5cfdd2
ad9ae0374e0334d2511e951a2381a164fa87ce86594fc027d25a8624774c3c96
adba301b37122df09d391303f25e8f8b71199d775355a3d854839279ca872be2
ae2969d7b4aaf4c61aa5b436454f9b011c9061468666d8a4b6cf19bbdba04c4a
b08cdbc2d30e656a86b20f8342428d5863f70f4b30135b4f4061f754ce932f5e
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1ee3166bb0f5b85ccc0abbc9044f6d1e9cd961b445b4491d5f8115cab364529
b4ee14f08bc7418d1a701d97c2b74a1463547caa28a57203d6cbd80bd481b334
b61bfab96c6e9c63f93559ec35dbb52b4ad4bd6f707120cca2300151dec6fc78
b7a839f561f59e4cf6d6f2c7ef36e16ac7ae13f10c93d391bff118a3a3940c64
b8ea1692753e57de38c06c36f7691dd419885ab558f5e695c3f9c6b1fa25b4a1
b99fac3ce2e2ed0e1e88a9bb8a910eaaa0b1d458a1e810a147b91020c40e9dd4
ba2ad3ab1a3bc76b2d09ae1becfd7e6bd9d868eecc6af4d2fed12915d1d77315
bf53173446c9fa273d54ecd91eaf5c1878f17ecfc12ad7aae793e90d9a2478b6
c11895eaaccd5e77d1e952c4a2902f90fd3d6daa610a5722bc4282abc6dfffec
c128f43e25ed58a31f6e5bb917241ac71cab4902848e3bf8caa9da7731dbd242
c2288ed39d4671f12ea6eb4fcd421f3d204b31c374826ea869a42853e226878b
c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1
c87962d9f4dbcd9c69f6084ee6e789946cb20c37013c6060839e52aba32dcf2b
c8d9e5beb3e5133bdf4a6c1992966277fafc8e3f5f8194e03f8d481a7f27a67f
cacaacc4debe265d8e9591760e37fd0471ffa4ef057d709ec69117f816960236
ccc8413bc09ee8ffe0688a01b0059677c9cc298e6098aa01b7afdcc7f6d31bcc
cea0a05c5af6e21a409875328ed2e3dba79131b7c41f8ea07d0e0e02c7b7b59e
d0935d282db097db7801c5fd758d920167138538105e9c599763dc449ce06f8e
d3b8f02aafe9fa6ddd5ed1e5adb03185180abdddccadf3c00b56315361b93600
d71092f950cf8f993bb315703d13dceb9aaa9ca823b91c33a8822da2131d9b4c
d9662b4b9ba6c2c3691ce0acd4572e027366eb97d6070550a13429262bb0037f
d9dae682cf0c42148ce44bd748f28b2c0e5c4b0d96370f8548149db96c95d6fd
da5938edc872a3bb592689c64b4e09e5dad48fe5f280fc714636a0c405bcc0a4
dbb00009a5588f9f8827c8e100e7575d1b19559c8443a90dcfcf0b344b9393de
dbd0425550d0738c39c0f6ffe17880245425dccd356d77a5e0e30f9845fc90ca
dc844732bd61279e509bda7247ed7fca55e5fced96db9c79eed48ca084e5ce0a
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd2553025d0df007bd1d02be207c5a75e9c781e2901677c2b95bbca471c7305c
dfb93c188942fe1a2887a3b9a6c36b56fc77711f57953976b8cdcbb61bac7a3c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ea03bfd7fdda1eac185ebc3e8e74b33065b04c8e0adc48cbbd4136748dbd2742
ea943fbbd905f8d3b496fae7a75b93cf4caccac766be352188af814e17c3903d
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
eb2a4ec5c75f67f75f585bf56bc36bce465bae7a90295e2293236df58ae14314
ebe54c2b4cdb3fc0bd7bd45b2ce574428f0e970bdd1e9395f50916bce1628cc6
ec5da7a4cfd1a85ad2cc40c25e23476db9ed4ba55db414af0f4bf8a6fce5070e
ed60479e079b9e6d5280c6fdd11636fd55a11ebf935bd8dc09c6c66eb77bb3da
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f14447f13ddd62a39446f363f0ccec5f708fab6235eb179391550942bc201a8c
f1e945400c04241ef089d71de3b0cf7e202431ac4685ada318714fe07ee9dcb0
f26d98c3973c7df12d78bbb4164589b59dc42d4797b58471b358364c1005b2d3
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f5a07a19877babf94bb2675cc88343034fdb5a1b3f672eb0f136b61e4ff3924d
fbdbe5dfc8ffea7e21ed96c9e1433eaff04447a874b80c92ec9a6e917a8f3cb4
fcc83a5b6aef86420c1ad553167106df96bd0ff4192ffe52b1647599948edbcf
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c
fefd977a8ac715eb04b55cc9eb25d11ae09e6e5b4a95791ba0a2ae51b7903387

www.onmsft.com Open in urlscan Pro 104.24.121.101 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

319 Requests

100 %HTTPS

30 %IPv6

41 Domains

70 Subdomains

53 IPs

8 Countries

3918 kBTransfer

9865 kBSize

1 Cookies

9 Outgoing links

Page URL History

Redirected requests

319 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 17 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.onmsft.com Open in urlscan Pro
104.24.121.101 Public Scan

Screenshot
Live screenshot

Full Image

319
Requests

100 %
HTTPS

30 %
IPv6

41
Domains

70
Subdomains

53
IPs

8
Countries

3918 kB
Transfer

9865 kB
Size

1
Cookies

319 HTTP transactions
17 data transactions