urlscan.io logo urlscan.io
SecurityTrails logo

forms.office.com Open in urlscan Pro
13.107.6.194  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://newyear.phsd.se/
Effective URL: https://forms.office.com/Pages/ResponsePage.aspx?id=dpEu49C7T0uaH5rSA6XQyYXWzlX7mvdPoC1QL0ncSHVUNVVVVllFRERWWDgxV0EzQ0VaO...
Submission Tags: phishingrod
Submission: On January 07 via api from DE — Scanned from SE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 4 countries across 6 domains to perform 21 HTTP transactions. The main IP is 13.107.6.194, located in United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is forms.office.com. The Cisco Umbrella rank of the primary domain is 12943.
TLS certificate: Issued by Microsoft Azure TLS Issuing CA 02 on July 20th 2022. Valid for: a year.
This is the only time forms.office.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 91.201.60.108 44136 (ASODERLAND)
3 13.107.6.194 8068 (MICROSOFT...)
10 104.83.5.113 20940 (AKAMAI-ASN1)
1 2 20.234.93.27 8075 (MICROSOFT...)
1 1 204.79.197.200 8068 (MICROSOFT...)
1 13.107.219.44 8075 (MICROSOFT...)
4 20.42.65.89 8075 (MICROSOFT...)
1 51.116.246.104 ()
21 7
1    91.201.60.108 (Sweden)

ASN44136 (ASODERLAND, SE)
PTR: server11.serverdrift.com
newyear.phsd.se
3    13.107.6.194 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
forms.office.com
10    104.83.5.113 (Vienna, Austria)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-83-5-113.deploy.static.akamaitechnologies.com
cdn.forms.office.net
2    20.234.93.27 (Dublin, Ireland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
c.office.com
1    204.79.197.200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
PTR: a-0001.a-msedge.net
c.bing.com
1    13.107.219.44 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
js.monitor.azure.com
4    20.42.65.89 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
browser.events.data.microsoft.com
1    51.116.246.104 (None, )

ASN- ()
eu-mobile.events.data.microsoft.com
Apex Domain
Subdomains		 Transfer
10 office.net
cdn.forms.office.net — Cisco Umbrella Rank: 25666
308 KB
5 microsoft.com
browser.events.data.microsoft.com — Cisco Umbrella Rank: 826
eu-mobile.events.data.microsoft.com Failed
2 KB
5 office.com
forms.office.com — Cisco Umbrella Rank: 12943
c.office.com — Cisco Umbrella Rank: 58845
20 KB
1 azure.com
js.monitor.azure.com — Cisco Umbrella Rank: 3564
61 KB
1 bing.com
c.bing.com — Cisco Umbrella Rank: 444
664 B
1 phsd.se
newyear.phsd.se
306 B
21 6
Domain Requested by
10 cdn.forms.office.net forms.office.com
cdn.forms.office.net
4 browser.events.data.microsoft.com js.monitor.azure.com
3 forms.office.com forms.office.com
cdn.forms.office.net
2 c.office.com 1 redirects
1 eu-mobile.events.data.microsoft.com cdn.forms.office.net
1 js.monitor.azure.com cdn.forms.office.net
1 c.bing.com 1 redirects
1 newyear.phsd.se 1 redirects
21 8

This site contains links to these domains. Also see Links.

Domain
go.microsoft.com
Subject Issuer Validity Valid
forms.office.com
Microsoft Azure TLS Issuing CA 02		 2022-07-20 -
2023-07-15		 a year crt.sh
cdn.forms.office.net
Microsoft Azure TLS Issuing CA 06		 2022-09-28 -
2023-09-23		 a year crt.sh
js.monitor.azure.com
Microsoft Azure TLS Issuing CA 05		 2022-12-23 -
2023-12-18		 a year crt.sh
*.events.data.microsoft.com
Microsoft Azure TLS Issuing CA 06		 2022-12-07 -
2023-12-02		 a year crt.sh

This page contains 1 frames:

Primary Page: https://forms.office.com/Pages/ResponsePage.aspx?id=dpEu49C7T0uaH5rSA6XQyYXWzlX7mvdPoC1QL0ncSHVUNVVVVllFRERWWDgxV0EzQ0VaOURUTkdVNC4u
Frame ID: F7AC943F8F737AB6BC9713D9C69530C8
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Nyårsfirande!

Page URL History Show full URLs

  1. https://newyear.phsd.se/ HTTP 301
    https://forms.office.com/Pages/ResponsePage.aspx?id=dpEu49C7T0uaH5rSA6XQyYXWzlX7mvdPoC1QL0ncSHVUNVVVV... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.aspx?(?:$|\?)

Page Statistics

21
Requests

90 %
HTTPS

0 %
IPv6

6
Domains

8
Subdomains

7
IPs

4
Countries

394 kB
Transfer

1013 kB
Size

10
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://newyear.phsd.se/ HTTP 301
    https://forms.office.com/Pages/ResponsePage.aspx?id=dpEu49C7T0uaH5rSA6XQyYXWzlX7mvdPoC1QL0ncSHVUNVVVVllFRERWWDgxV0EzQ0VaOURUTkdVNC4u Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 11
  • https://c.office.com/c.gif HTTP 302
  • https://c.bing.com/c.gif?CtsSyncId=B73A52364B7946F6AB60305DC3AF0BB2&RedC=c.office.com&MXFR=1CA17E2762B864BC36336CB566B86FB7 HTTP 302
  • https://c.office.com/c.gif?CtsSyncId=B73A52364B7946F6AB60305DC3AF0BB2&MUID=1CA17E2762B864BC36336CB566B86FB7

21 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request ResponsePage.aspx
forms.office.com/Pages/
Redirect Chain
  • https://newyear.phsd.se/
  • https://forms.office.com/Pages/ResponsePage.aspx?id=dpEu49C7T0uaH5rSA6XQyYXWzlX7mvdPoC1QL0ncSHVUNVVVVllFRERWWDgxV0EzQ0VaOURUTkdVNC4u
55 KB
16 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://forms.office.com/Pages/ResponsePage.aspx?id=dpEu49C7T0uaH5rSA6XQyYXWzlX7mvdPoC1QL0ncSHVUNVVVVllFRERWWDgxV0EzQ0VaOURUTkdVNC4u
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.107.6.194 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
1c9a303f6258593bde3e3377abfdd414646f7904340690af78491510d5a53f92
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
se-SE,se;q=0.9

Response headers

cache-control
no-cache, no-store, must-revalidate
content-encoding
br
content-type
text/html; charset=utf-8
date
Sat, 07 Jan 2023 08:01:02 GMT
expires
0
link
<https://cdn.forms.office.net/forms>; rel=preconnect; crossorigin=anonymous
pragma
no-cache
strict-transport-security
max-age=2592000; includeSubDomains
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
x-correlationid
ab41d24d-badb-47dc-81a1-6b99a0f53b9f
x-msedge-ref
Ref A: 18EB3BB6F2C24F39A96B27C6838AAA44 Ref B: HEL01EDGE1717 Ref C: 2023-01-07T08:01:02Z
x-officecluster
weu-100.forms.office.com
x-officefe
FormsSingleBox_IN_8
x-officeversion
16.0.16103.42053
x-robots-tag
noindex, nofollow
x-routingcorrelationid
ab41d24d-badb-47dc-81a1-6b99a0f53b9f
x-routingofficecluster
weu-100.forms.office.com
x-routingofficefe
FormsSingleBox_IN_8
x-routingofficeversion
16.0.16103.42053
x-routingsessionid
fc492eda-0c15-4d3b-a447-56ce25dcb87d
x-usersessionid
fc492eda-0c15-4d3b-a447-56ce25dcb87d

Redirect headers

alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
707
content-type
text/html
date
Sat, 07 Jan 2023 08:01:02 GMT
location
https://forms.office.com/Pages/ResponsePage.aspx?id=dpEu49C7T0uaH5rSA6XQyYXWzlX7mvdPoC1QL0ncSHVUNVVVVllFRERWWDgxV0EzQ0VaOURUTkdVNC4u
server
LiteSpeed
ls-response.default.031fcb5bc.js
cdn.forms.office.net/forms/scripts/dists/ 		25 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.forms.office.net/forms/scripts/dists/ls-response.default.031fcb5bc.js
Requested by
Host: forms.office.com
URL: https://forms.office.com/Pages/ResponsePage.aspx?id=dpEu49C7T0uaH5rSA6XQyYXWzlX7mvdPoC1QL0ncSHVUNVVVVllFRERWWDgxV0EzQ0VaOURUTkdVNC4u
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.83.5.113 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-83-5-113.deploy.static.akamaitechnologies.com
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
308c23aef72374a6557537625ee7fef2e8182d20a3e2977988e50b20377f2efc

Request headers

Referer
https://forms.office.com/
Origin
https://forms.office.com
accept-language
se-SE,se;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Sat, 07 Jan 2023 08:01:03 GMT
content-encoding
br
content-md5
diF8aIH7h/3mFUQu1sGtfw==
content-length
7707
x-ms-lease-status
unlocked
last-modified
Wed, 04 Jan 2023 06:00:09 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8DAEE18EFB71CF6
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
23f94f21-801e-0053-5615-20b5f6000000
access-control-expose-headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
cache-control
max-age=31536000
x-ms-version
2009-09-19
timing-allow-origin
*
expires
Sun, 07 Jan 2024 08:01:03 GMT
light-response-page.min.a88ef42.css
cdn.forms.office.net/forms/css/dist/ 		144 KB
23 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.forms.office.net/forms/css/dist/light-response-page.min.a88ef42.css
Requested by
Host: forms.office.com
URL: https://forms.office.com/Pages/ResponsePage.aspx?id=dpEu49C7T0uaH5rSA6XQyYXWzlX7mvdPoC1QL0ncSHVUNVVVVllFRERWWDgxV0EzQ0VaOURUTkdVNC4u
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.83.5.113 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-83-5-113.deploy.static.akamaitechnologies.com
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
9a161be11a448de8e17de2e36668897c5217657a8dc4638b58dcf7c1f976ad24

Request headers

accept-language
se-SE,se;q=0.9
Referer
https://forms.office.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Sat, 07 Jan 2023 08:01:03 GMT
content-encoding
br
content-md5
H2x24InxEcbERH0BOyVdCQ==
content-length
23528
x-ms-lease-status
unlocked
last-modified
Tue, 03 Jan 2023 01:38:14 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8DAED2B2EB25FC7
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
0e28e06a-001e-0024-4233-1f30b7000000
access-control-expose-headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
cache-control
max-age=31536000
x-ms-version
2009-09-19
timing-allow-origin
*
expires
Sun, 07 Jan 2024 08:01:03 GMT
light-response-page.min.39c7861.js
cdn.forms.office.net/forms/scripts/dists/ 		304 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.forms.office.net/forms/scripts/dists/light-response-page.min.39c7861.js
Requested by
Host: forms.office.com
URL: https://forms.office.com/Pages/ResponsePage.aspx?id=dpEu49C7T0uaH5rSA6XQyYXWzlX7mvdPoC1QL0ncSHVUNVVVVllFRERWWDgxV0EzQ0VaOURUTkdVNC4u
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.83.5.113 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-83-5-113.deploy.static.akamaitechnologies.com
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
d54c9ba4cb0acc4056423b8a0be7ade9a0be476f6f8657b228afb645fb53fc24

Request headers

Referer
https://forms.office.com/
Origin
https://forms.office.com
accept-language
se-SE,se;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Sat, 07 Jan 2023 08:01:03 GMT
content-encoding
br
content-md5
yAcj6fpE1Kn4Vb7mrgl8IQ==
content-length
88066
x-ms-lease-status
unlocked
last-modified
Wed, 04 Jan 2023 06:00:04 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8DAEE18ECBF3383
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
9a0abbff-701e-004d-6207-206f1b000000
access-control-expose-headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
cache-control
max-age=31536000
x-ms-version
2009-09-19
timing-allow-origin
*
expires
Sun, 07 Jan 2024 08:01:03 GMT
runtimeFormsWithResponses('dpEu49C7T0uaH5rSA6XQyYXWzlX7mvdPoC1QL0ncSHVUNVVVVllFRERWWDgxV0EzQ0VaOURUTkdVNC4u')
forms.office.com/formapi/api/e32e9176-bbd0-4b4f-9a1f-9ad203a5d0c9/users/55ced685-9afb-4ff7-a02d-502f49dc4875/light/ 		7 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://forms.office.com/formapi/api/e32e9176-bbd0-4b4f-9a1f-9ad203a5d0c9/users/55ced685-9afb-4ff7-a02d-502f49dc4875/light/runtimeFormsWithResponses('dpEu49C7T0uaH5rSA6XQyYXWzlX7mvdPoC1QL0ncSHVUNVVVVllFRERWWDgxV0EzQ0VaOURUTkdVNC4u')?$expand=questions($expand=choices)
Requested by
Host: forms.office.com
URL: https://forms.office.com/Pages/ResponsePage.aspx?id=dpEu49C7T0uaH5rSA6XQyYXWzlX7mvdPoC1QL0ncSHVUNVVVVllFRERWWDgxV0EzQ0VaOURUTkdVNC4u
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.107.6.194 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
cc752c582840933e066de520a366959bc29620d3c97ff90bae07b56aec983d93
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

Referer
https://forms.office.com/Pages/ResponsePage.aspx?id=dpEu49C7T0uaH5rSA6XQyYXWzlX7mvdPoC1QL0ncSHVUNVVVVllFRERWWDgxV0EzQ0VaOURUTkdVNC4u
X-UserSessionId
fc492eda-0c15-4d3b-a447-56ce25dcb87d
accept-language
se-SE,se;q=0.9
__RequestVerificationToken
e8cz2mbWFfq7ohAZBe9Q5ylW7kFDrcPFdN1Jq-dVxyafwj5JfvPk_YCLoJpzc38CCSoswNhy1aMm7-vWVC8rELhivxUnAg7XGnWBDea9Alk1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type
application/json

Response headers

strict-transport-security
max-age=2592000; includeSubDomains
content-encoding
gzip
date
Sat, 07 Jan 2023 08:01:03 GMT
x-officeversion
16.0.16103.42053
x-officefe
FormsSingleBox_IN_0
x-cache
CONFIG_NOCACHE
x-routingofficefe
FormsSingleBox_IN_4, FormsSingleBox_IN_11
x-routingofficeversion
16.0.16029.42052, 16.0.16103.42053
x-correlationid
180f6af6-52ec-4334-b460-2d6285d11860
x-officecluster
weu-100.forms.office.com
x-usersessionid
fc492eda-0c15-4d3b-a447-56ce25dcb87d
x-msedge-ref
Ref A: 79DFEDF1AA07494391B76B373F7584D1 Ref B: HEL01EDGE1717 Ref C: 2023-01-07T08:01:02Z
vary
Accept-Encoding
content-type
application/json; charset=utf-8
x-routingcorrelationid
180f6af6-52ec-4334-b460-2d6285d11860
x-routingsessionid
fc492eda-0c15-4d3b-a447-56ce25dcb87d
x-robots-tag
noindex, nofollow
x-routingofficecluster
weu-101.forms.office.com, weu-100.forms.office.com
light-response-page.chunk.lrp_ext.ec2535d.js
cdn.forms.office.net/forms/scripts/dists/ 		0
59 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://cdn.forms.office.net/forms/scripts/dists/light-response-page.chunk.lrp_ext.ec2535d.js
Requested by
Host: cdn.forms.office.net
URL: https://cdn.forms.office.net/forms/scripts/dists/light-response-page.min.39c7861.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.83.5.113 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-83-5-113.deploy.static.akamaitechnologies.com
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
se-SE,se;q=0.9
Referer
https://forms.office.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Sat, 07 Jan 2023 08:01:03 GMT
content-encoding
br
content-md5
xlPnrDjh16Q8TsVYKOR2Eg==
content-length
59534
x-ms-lease-status
unlocked
last-modified
Wed, 04 Jan 2023 06:00:04 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8DAEE18ECBE494F
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
a60a17d5-d01e-0040-7307-208017000000
access-control-expose-headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
cache-control
max-age=31536000
x-ms-version
2009-09-19
timing-allow-origin
*
expires
Sun, 07 Jan 2024 08:01:03 GMT
light-response-page.chunk.lrp_cover.b5707fb.js
cdn.forms.office.net/forms/scripts/dists/ 		0
34 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://cdn.forms.office.net/forms/scripts/dists/light-response-page.chunk.lrp_cover.b5707fb.js
Requested by
Host: cdn.forms.office.net
URL: https://cdn.forms.office.net/forms/scripts/dists/light-response-page.min.39c7861.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.83.5.113 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-83-5-113.deploy.static.akamaitechnologies.com
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
se-SE,se;q=0.9
Referer
https://forms.office.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Sat, 07 Jan 2023 08:01:03 GMT
content-encoding
br
content-md5
6XeJYTuJHuM3+lL4Q6D1gQ==
content-length
34052
x-ms-lease-status
unlocked
last-modified
Wed, 04 Jan 2023 06:00:04 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8DAEE18ECBE975A
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
cb6b1f8e-401e-006c-0807-20022a000000
access-control-expose-headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
cache-control
max-age=31536000
x-ms-version
2009-09-19
timing-allow-origin
*
expires
Sun, 07 Jan 2024 08:01:03 GMT
light-response-page.chunk.lrp_post.boot.118fa8f.js
cdn.forms.office.net/forms/scripts/dists/ 		0
4 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://cdn.forms.office.net/forms/scripts/dists/light-response-page.chunk.lrp_post.boot.118fa8f.js
Requested by
Host: cdn.forms.office.net
URL: https://cdn.forms.office.net/forms/scripts/dists/light-response-page.min.39c7861.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.83.5.113 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-83-5-113.deploy.static.akamaitechnologies.com
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
se-SE,se;q=0.9
Referer
https://forms.office.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Sat, 07 Jan 2023 08:01:03 GMT
content-encoding
br
content-md5
FbVM5L+bO3qQne6g9GaCRA==
content-length
3706
x-ms-lease-status
unlocked
last-modified
Wed, 04 Jan 2023 06:00:04 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8DAEE18ECBC26CA
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
d81fd7c7-a01e-004f-7c07-206de1000000
access-control-expose-headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
cache-control
max-age=31536000
x-ms-version
2009-09-19
timing-allow-origin
*
expires
Sun, 07 Jan 2024 08:01:03 GMT
light-response-page.chunk.lrp_ext.ec2535d.js
cdn.forms.office.net/forms/scripts/dists/ 		192 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.forms.office.net/forms/scripts/dists/light-response-page.chunk.lrp_ext.ec2535d.js
Requested by
Host: cdn.forms.office.net
URL: https://cdn.forms.office.net/forms/scripts/dists/light-response-page.min.39c7861.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.83.5.113 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-83-5-113.deploy.static.akamaitechnologies.com
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
cfbfe3f06961c1cd48bc8b0b0ba1aaee294cd50c74b92f1e539654dc33231689

Request headers

accept-language
se-SE,se;q=0.9
Referer
https://forms.office.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Sat, 07 Jan 2023 08:01:04 GMT
content-encoding
br
content-md5
xlPnrDjh16Q8TsVYKOR2Eg==
content-length
59534
x-ms-lease-status
unlocked
last-modified
Wed, 04 Jan 2023 06:00:04 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8DAEE18ECBE494F
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
a60a17d5-d01e-0040-7307-208017000000
access-control-expose-headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
cache-control
max-age=31536000
x-ms-version
2009-09-19
timing-allow-origin
*
expires
Sun, 07 Jan 2024 08:01:04 GMT
light-response-page.chunk.lrp_post.boot.118fa8f.js
cdn.forms.office.net/forms/scripts/dists/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.forms.office.net/forms/scripts/dists/light-response-page.chunk.lrp_post.boot.118fa8f.js
Requested by
Host: cdn.forms.office.net
URL: https://cdn.forms.office.net/forms/scripts/dists/light-response-page.min.39c7861.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.83.5.113 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-83-5-113.deploy.static.akamaitechnologies.com
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
a26270d5497f3ef1c35eb4910722a5c5cd0cfcde66f5843f70088a854bb81149

Request headers

accept-language
se-SE,se;q=0.9
Referer
https://forms.office.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Sat, 07 Jan 2023 08:01:04 GMT
content-encoding
br
content-md5
FbVM5L+bO3qQne6g9GaCRA==
content-length
3706
x-ms-lease-status
unlocked
last-modified
Wed, 04 Jan 2023 06:00:04 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8DAEE18ECBC26CA
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
d81fd7c7-a01e-004f-7c07-206de1000000
access-control-expose-headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
cache-control
max-age=31536000
x-ms-version
2009-09-19
timing-allow-origin
*
expires
Sun, 07 Jan 2024 08:01:04 GMT
light-response-page.chunk.sw.d097b04.js
cdn.forms.office.net/forms/scripts/dists/ 		953 B
835 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.forms.office.net/forms/scripts/dists/light-response-page.chunk.sw.d097b04.js
Requested by
Host: cdn.forms.office.net
URL: https://cdn.forms.office.net/forms/scripts/dists/light-response-page.min.39c7861.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.83.5.113 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-83-5-113.deploy.static.akamaitechnologies.com
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
c0bc4f76140d38f7af2ec7f7404a74986432a90b064b3f5cdcb345a823fa8849

Request headers

accept-language
se-SE,se;q=0.9
Referer
https://forms.office.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Sat, 07 Jan 2023 08:01:04 GMT
content-encoding
br
content-md5
GvoLGffUcLQSN9mg/eBbkw==
content-length
412
x-ms-lease-status
unlocked
last-modified
Mon, 17 Oct 2022 14:09:14 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8DAB0492C4342BE
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
f9d2ec32-501e-0051-5e46-e2b70c000000
access-control-expose-headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
cache-control
max-age=31536000
x-ms-version
2009-09-19
timing-allow-origin
*
expires
Sun, 07 Jan 2024 08:01:04 GMT
light-response-page.chunk.1ds.4a73f96.js
cdn.forms.office.net/forms/scripts/dists/ 		92 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.forms.office.net/forms/scripts/dists/light-response-page.chunk.1ds.4a73f96.js
Requested by
Host: cdn.forms.office.net
URL: https://cdn.forms.office.net/forms/scripts/dists/light-response-page.min.39c7861.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.83.5.113 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-83-5-113.deploy.static.akamaitechnologies.com
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
a0cf31cc9ddf8348275247ba3436aea3219946138476e7921c21fbce79675ad8

Request headers

accept-language
se-SE,se;q=0.9
Referer
https://forms.office.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Sat, 07 Jan 2023 08:01:04 GMT
content-encoding
br
content-md5
GsKp5CfkVSci/cTjnUW9Qw==
content-length
30105
x-ms-lease-status
unlocked
last-modified
Fri, 28 Oct 2022 04:14:17 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8DAB89AE1D68FA7
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
0fb3a743-101e-0030-4d92-eaf3d3000000
access-control-expose-headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
cache-control
max-age=31536000
x-ms-version
2009-09-19
timing-allow-origin
*
expires
Sun, 07 Jan 2024 08:01:04 GMT
c.gif
c.office.com/
Redirect Chain
  • https://c.office.com/c.gif
  • https://c.bing.com/c.gif?CtsSyncId=B73A52364B7946F6AB60305DC3AF0BB2&RedC=c.office.com&MXFR=1CA17E2762B864BC36336CB566B86FB7
  • https://c.office.com/c.gif?CtsSyncId=B73A52364B7946F6AB60305DC3AF0BB2&MUID=1CA17E2762B864BC36336CB566B86FB7
42 B
281 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.office.com/c.gif?CtsSyncId=B73A52364B7946F6AB60305DC3AF0BB2&MUID=1CA17E2762B864BC36336CB566B86FB7
Protocol
H2
Server
20.234.93.27 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language
se-SE,se;q=0.9
Referer
https://forms.office.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 07 Jan 2023 08:01:04 GMT
last-modified
Thu, 05 Jan 2023 17:40:42 GMT
server
Microsoft-IIS/10.0
etag
"d59a6ed52c21d91:0"
x-powered-by
ASP.NET
content-type
image/gif
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
private, no-cache, proxy-revalidate, no-store
accept-ranges
bytes
content-length
42

Redirect headers

pragma
no-cache
date
Sat, 07 Jan 2023 08:01:04 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: CBA22A103D6F4DF4AC3787B3755A4C7C Ref B: STOEDGE1521 Ref C: 2023-01-07T08:01:04Z
x-powered-by
ASP.NET
x-cache
CONFIG_NOCACHE
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location
https://c.office.com/c.gif?CtsSyncId=B73A52364B7946F6AB60305DC3AF0BB2&MUID=1CA17E2762B864BC36336CB566B86FB7
cache-control
private, no-cache, proxy-revalidate, no-store
content-length
0
'se-se'
forms.office.com/formapi/api/e32e9176-bbd0-4b4f-9a1f-9ad203a5d0c9/users/55ced685-9afb-4ff7-a02d-502f49dc4875/forms('dpEu49C7T0uaH5rSA6XQyYXWzlX7mvdPoC1QL0ncSHVUNVVVVllFRERWWDgxV0EzQ0VaOURUTkdVNC4u'... 		2 B
226 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://forms.office.com/formapi/api/e32e9176-bbd0-4b4f-9a1f-9ad203a5d0c9/users/55ced685-9afb-4ff7-a02d-502f49dc4875/forms('dpEu49C7T0uaH5rSA6XQyYXWzlX7mvdPoC1QL0ncSHVUNVVVVllFRERWWDgxV0EzQ0VaOURUTkdVNC4u')/localeResource/'se-se'
Requested by
Host: cdn.forms.office.net
URL: https://cdn.forms.office.net/forms/scripts/dists/light-response-page.chunk.lrp_ext.ec2535d.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.107.6.194 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

odata-version
4.0
x-correlationid
eb6be75b-d1a8-4d9b-aa8b-0018aad772c0
x-usersessionid
fc492eda-0c15-4d3b-a447-56ce25dcb87d
x-ms-form-request-ring
business
accept-language
se-SE,se;q=0.9
authorization
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
content-type
application/json
odata-maxverion
4.0
accept
application/json
Referer
https://forms.office.com/Pages/ResponsePage.aspx?id=dpEu49C7T0uaH5rSA6XQyYXWzlX7mvdPoC1QL0ncSHVUNVVVVllFRERWWDgxV0EzQ0VaOURUTkdVNC4u
x-ms-form-request-source
ms-formweb
__requestverificationtoken
e8cz2mbWFfq7ohAZBe9Q5ylW7kFDrcPFdN1Jq-dVxyafwj5JfvPk_YCLoJpzc38CCSoswNhy1aMm7-vWVC8rELhivxUnAg7XGnWBDea9Alk1

Response headers

strict-transport-security
max-age=2592000; includeSubDomains
content-encoding
gzip
date
Sat, 07 Jan 2023 08:01:04 GMT
x-officeversion
16.0.16103.42053
x-officefe
FormsSingleBox_IN_0
x-cache
CONFIG_NOCACHE
x-routingofficefe
FormsSingleBox_IN_4, FormsSingleBox_IN_11
x-routingofficeversion
16.0.16029.42052, 16.0.16103.42053
x-correlationid
eb6be75b-d1a8-4d9b-aa8b-0018aad772c0
x-officecluster
weu-100.forms.office.com
x-usersessionid
fc492eda-0c15-4d3b-a447-56ce25dcb87d
x-msedge-ref
Ref A: 0F3A6369F565454785F9218D61565E31 Ref B: HEL01EDGE1717 Ref C: 2023-01-07T08:01:04Z
vary
Accept-Encoding
content-type
application/json; charset=utf-8
x-routingcorrelationid
eb6be75b-d1a8-4d9b-aa8b-0018aad772c0
x-routingsessionid
fc492eda-0c15-4d3b-a447-56ce25dcb87d
x-robots-tag
noindex, nofollow
x-routingofficecluster
weu-101.forms.office.com, weu-100.forms.office.com
truncated
/ 		4 KB
4 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3bae6a22d3a541378e9e28de2d914a9bca8d0caa7174643030821f6016c662da

Request headers

Referer
Origin
https://forms.office.com
accept-language
se-SE,se;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
font/woff2;charset=utf-8
ms.jsll-3.min.js
js.monitor.azure.com/scripts/c/ 		179 KB
61 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.monitor.azure.com/scripts/c/ms.jsll-3.min.js
Requested by
Host: cdn.forms.office.net
URL: https://cdn.forms.office.net/forms/scripts/dists/light-response-page.chunk.lrp_post.boot.118fa8f.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.107.219.44 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
cacd215430aa66f1391abd136f23ddb729b3fe44c6385a43b62d7a9e8479ea03

Request headers

accept-language
se-SE,se;q=0.9
Referer
https://forms.office.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Sat, 07 Jan 2023 08:01:04 GMT
content-encoding
br
x-azure-ref-originshield
0nSC5YwAAAAAqUjxPHqV+R5pwM+NrpcALQU1TMDRFREdFMTkxNQBmMWNhNzNkNC04ODgzLTRjYWYtYWJkYy1mZTJkNTY3YWZiOTY=
content-md5
yrkf9GZ1Xvz6HYOCdF/nTw==
x-cache
TCP_HIT
x-ms-meta-jssdkver
3.2.8
last-modified
Wed, 02 Nov 2022 19:31:15 GMT
x-ms-meta-jssdksrc
[cdn]/scripts/c/ms.jsll-3.2.8.min.js
etag
0x8DABD08CF2EB3C0
x-azure-ref
0wCa5YwAAAABuN0YO818lR4n2OSank0kfT1NMMjMxMDUwMjA0MDM3AGYxY2E3M2Q0LTg4ODMtNGNhZi1hYmRjLWZlMmQ1NjdhZmI5Ng==
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
x-ms-request-id
ab546b54-301e-007d-7467-22b590000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,x-ms-meta-jssdkver,x-ms-meta-jssdksrc,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=1800, immutable, no-transform
x-ms-version
2009-09-19
/
browser.events.data.microsoft.com/OneCollector/1.0/ 		153 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0
Requested by
Host: js.monitor.azure.com
URL: https://js.monitor.azure.com/scripts/c/ms.jsll-3.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.42.65.89 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
025842c5ed944e6bbe233305c390acfc61a91f2e004d54588a7f163134c5f2db
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

upload-time
1673078465681
accept-language
se-SE,se;q=0.9
client-version
1DS-Web-JS-3.2.8
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
time-delta-to-apply-millis
use-collector-delta
content-type
application/x-json-stream
cache-control
no-cache, no-store
Referer
https://forms.office.com/
apikey
a0d933fc7f95442badc743f4d77f4aab-f980f8ea-160a-4432-92a4-80c87df83f4b-7539
Client-Id
NO_AUTH

Response headers

Strict-Transport-Security
max-age=31536000
Date
Sat, 07 Jan 2023 08:01:06 GMT
Server
Microsoft-HTTPAPI/2.0
time-delta-millis
1082
Access-Control-Allow-Methods
POST
P3P
CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Content-Type
application/json
Access-Control-Allow-Origin
https://forms.office.com
Access-Control-Expose-Headers
time-delta-millis
Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
P3P,Set-Cookie,time-delta-millis
Content-Length
153
/
browser.events.data.microsoft.com/OneCollector/1.0/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.42.65.89 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Headers
apikey,cache-control,client-id,client-version,content-type,time-delta-to-apply-millis,upload-time
Access-Control-Request-Method
POST
Origin
https://forms.office.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
AuthMsaDeviceTicket,AuthXToken,Content-Encoding,Content-Type,Cache-Control,Client-Id,SDK-Name,sdk-version,apikey,x-apikey,client-version,upload-time,time-delta-to-apply-millis,client-time-epoch-millis,persistence-mode,reliability-mode,NoResponseBody
Access-Control-Allow-Origin
https://forms.office.com
Access-Control-Max-Age
3600
Cache-Control
public, 3600
Content-Length
0
Date
Sat, 07 Jan 2023 08:01:06 GMT
Server
Microsoft-HTTPAPI/2.0
Strict-Transport-Security
max-age=31536000
/
browser.events.data.microsoft.com/OneCollector/1.0/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.42.65.89 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Headers
apikey,cache-control,client-id,client-version,content-type,time-delta-to-apply-millis,upload-time
Access-Control-Request-Method
POST
Origin
https://forms.office.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
AuthMsaDeviceTicket,AuthXToken,Content-Encoding,Content-Type,Cache-Control,Client-Id,SDK-Name,sdk-version,apikey,x-apikey,client-version,upload-time,time-delta-to-apply-millis,client-time-epoch-millis,persistence-mode,reliability-mode,NoResponseBody
Access-Control-Allow-Origin
https://forms.office.com
Access-Control-Max-Age
3600
Cache-Control
public, 3600
Content-Length
0
Date
Sat, 07 Jan 2023 08:01:06 GMT
Server
Microsoft-HTTPAPI/2.0
Strict-Transport-Security
max-age=31536000
/
browser.events.data.microsoft.com/OneCollector/1.0/ 		153 B
592 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0
Requested by
Host: js.monitor.azure.com
URL: https://js.monitor.azure.com/scripts/c/ms.jsll-3.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.42.65.89 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
670c99759df85de068e41bb199d26f633c8103b1ab8b68c9d4c3b560517162f8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

upload-time
1673078466838
accept-language
se-SE,se;q=0.9
client-version
1DS-Web-JS-3.2.8
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
time-delta-to-apply-millis
1082
content-type
application/x-json-stream
cache-control
no-cache, no-store
Referer
https://forms.office.com/
apikey
a0d933fc7f95442badc743f4d77f4aab-f980f8ea-160a-4432-92a4-80c87df83f4b-7539
Client-Id
NO_AUTH

Response headers

Strict-Transport-Security
max-age=31536000
Date
Sat, 07 Jan 2023 08:01:06 GMT
Server
Microsoft-HTTPAPI/2.0
time-delta-millis
190
Access-Control-Allow-Methods
POST
Content-Type
application/json
Access-Control-Allow-Origin
https://forms.office.com
Access-Control-Expose-Headers
time-delta-millis
Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
time-delta-millis
Content-Length
153
/
eu-mobile.events.data.microsoft.com/OneCollector/1.0/ 		0
0
/
eu-mobile.events.data.microsoft.com/OneCollector/1.0/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://eu-mobile.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.116.246.104 -, , ASN (),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Headers
apikey,cache-control,client-id,client-version,content-type,time-delta-to-apply-millis,upload-time
Access-Control-Request-Method
POST
Origin
https://forms.office.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
AuthMsaDeviceTicket,AuthXToken,Content-Encoding,Content-Type,Cache-Control,Client-Id,SDK-Name,sdk-version,apikey,x-apikey,client-version,upload-time,time-delta-to-apply-millis,client-time-epoch-millis,persistence-mode,reliability-mode,NoResponseBody
Access-Control-Allow-Origin
https://forms.office.com
Access-Control-Max-Age
3600
Cache-Control
public, 3600
Content-Length
0
Date
Sat, 07 Jan 2023 08:01:07 GMT
Server
Microsoft-HTTPAPI/2.0
Strict-Transport-Security
max-age=31536000

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
eu-mobile.events.data.microsoft.com
URL
https://eu-mobile.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0

Verdicts & Comments Add Verdict or Comment

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange string| formsInitialVisibility object| NavKeyPoints function| reloadNoCdn object| OfficeFormServerInfo object| FormPrefetchCache object| FormsLsMap function| setPublicPath function| replaceChunkSrc object| webpackChunk function| formsModuleResolveErrorCallback object| formClientApi object| formsLsPromiseMap object| e function| t object| oneDS object| __dynProto$Gbl object| awa

10 Cookies

Domain/Path Name / Value
forms.office.com/ Name: __RequestVerificationToken
Value: 4jafnT3ApcU5YzmwK764hF5o1xMw6d2FlyebPeclEfXZBrSVvjz4jWXvR_gZZ8UH-cWbAun9P7SDpgIIVh_FyirFlZ64C0-4MhS1vZoYppw1
.office.com/ Name: MUID
Value: 1CA17E2762B864BC36336CB566B86FB7
forms.office.com/ Name: ai_session
Value: eBvFizezccscw1c05Ybpy/|1673078464677|1673078464677
.bing.com/ Name: MUID
Value: 1CA17E2762B864BC36336CB566B86FB7
.c.bing.com/ Name: SRM_B
Value: 1CA17E2762B864BC36336CB566B86FB7
.c.office.com/ Name: SM
Value: C
.c.office.com/ Name: ANONCHK
Value: 0
.microsoft.com/ Name: MC1
Value: GUID=e515f154026b4b548e8032e069bee9f8&HASH=e515&LV=202301&V=4&LU=1673078466763
.microsoft.com/ Name: MS0
Value: d2a459f9c0cc459ab3b8b1982fffe391
forms.office.com/ Name: MSFPC
Value: GUID=e515f154026b4b548e8032e069bee9f8&HASH=e515&LV=202301&V=4&LU=1673078466763

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

browser.events.data.microsoft.com
c.bing.com
c.office.com
cdn.forms.office.net
eu-mobile.events.data.microsoft.com
forms.office.com
js.monitor.azure.com
newyear.phsd.se
eu-mobile.events.data.microsoft.com
104.83.5.113
13.107.219.44
13.107.6.194
20.234.93.27
20.42.65.89
204.79.197.200
51.116.246.104
91.201.60.108
025842c5ed944e6bbe233305c390acfc61a91f2e004d54588a7f163134c5f2db
1c9a303f6258593bde3e3377abfdd414646f7904340690af78491510d5a53f92
308c23aef72374a6557537625ee7fef2e8182d20a3e2977988e50b20377f2efc
3bae6a22d3a541378e9e28de2d914a9bca8d0caa7174643030821f6016c662da
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
670c99759df85de068e41bb199d26f633c8103b1ab8b68c9d4c3b560517162f8
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9a161be11a448de8e17de2e36668897c5217657a8dc4638b58dcf7c1f976ad24
a0cf31cc9ddf8348275247ba3436aea3219946138476e7921c21fbce79675ad8
a26270d5497f3ef1c35eb4910722a5c5cd0cfcde66f5843f70088a854bb81149
c0bc4f76140d38f7af2ec7f7404a74986432a90b064b3f5cdcb345a823fa8849
cacd215430aa66f1391abd136f23ddb729b3fe44c6385a43b62d7a9e8479ea03
cc752c582840933e066de520a366959bc29620d3c97ff90bae07b56aec983d93
cfbfe3f06961c1cd48bc8b0b0ba1aaee294cd50c74b92f1e539654dc33231689
d54c9ba4cb0acc4056423b8a0be7ade9a0be476f6f8657b228afb645fb53fc24
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855