urlscan.io logo urlscan.io
SecurityTrails logo

forms.office.com Open in urlscan Pro
2620:1ec:a92::194  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://c5cwm04.na1.hubspotlinks.com/Ctc/T5+113/c5cwm04/VXkDWB5PxzXsN8jVH9mY9wrWW7bJF9w4-LXp0N8BHR5B5knJGV3Zsc37CgW3RW5kRzzN3ww052W13...
Effective URL: https://forms.office.com/Pages/ResponsePage.aspx?id=W8FT8jyv2EaRBTCyeq83uXIYnf4f3e5Di1TKHHIxHwxUMTFHN0NRTk1KNkFWMkJWU01BS...
Submission: On May 19 via api from ZA — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 4 countries across 6 domains to perform 30 HTTP transactions. The main IP is 2620:1ec:a92::194, located in United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is forms.office.com. The Cisco Umbrella rank of the primary domain is 5509.
TLS certificate: Issued by Microsoft Azure TLS Issuing CA 02 on March 23rd 2023. Valid for: a year.
This is the only time forms.office.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2 2606:4700::68... 13335 (CLOUDFLAR...)
3 2620:1ec:a92:... 8068 (MICROSOFT...)
17 2a02:26f0:300... 20940 (AKAMAI-ASN1)
1 2 68.219.88.97 8075 (MICROSOFT...)
1 1 2620:1ec:c11:... 8068 (MICROSOFT...)
1 52.109.88.76 8075 (MICROSOFT...)
1 2620:1ec:48:1... 8075 (MICROSOFT...)
6 13.89.178.26 8075 (MICROSOFT...)
30 7
2    2606:4700::6812:db1 (United States)

ASN13335 (CLOUDFLARENET, US)
c5cwm04.na1.hubspotlinks.com
3    2620:1ec:a92::194 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
forms.office.com
17    2a02:26f0:3000::170a:f920 (Glattbrugg, Switzerland)

ASN20940 (AKAMAI-ASN1, NL)
cdn.forms.office.net
2    68.219.88.97 (Dublin, Ireland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
c.office.com
1    2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
c.bing.com
1    52.109.88.76 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
lists.office.com
1    2620:1ec:48:1::45 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
js.monitor.azure.com
6    13.89.178.26 (Des Moines, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
browser.events.data.microsoft.com
Apex Domain
Subdomains		 Transfer
17 office.net
cdn.forms.office.net — Cisco Umbrella Rank: 8062
541 KB
6 microsoft.com
browser.events.data.microsoft.com — Cisco Umbrella Rank: 175
3 KB
6 office.com
forms.office.com — Cisco Umbrella Rank: 5509
c.office.com — Cisco Umbrella Rank: 21864
lists.office.com — Cisco Umbrella Rank: 13216
1 MB
2 hubspotlinks.com
c5cwm04.na1.hubspotlinks.com
4 KB
1 azure.com
js.monitor.azure.com — Cisco Umbrella Rank: 1585
61 KB
1 bing.com
c.bing.com — Cisco Umbrella Rank: 232
739 B
30 6
Domain Requested by
17 cdn.forms.office.net forms.office.com
cdn.forms.office.net
6 browser.events.data.microsoft.com js.monitor.azure.com
cdn.forms.office.net
3 forms.office.com c5cwm04.na1.hubspotlinks.com
forms.office.com
cdn.forms.office.net
2 c.office.com 1 redirects
2 c5cwm04.na1.hubspotlinks.com 1 redirects
1 js.monitor.azure.com cdn.forms.office.net
1 lists.office.com
1 c.bing.com 1 redirects
30 8

This site contains links to these domains. Also see Links.

Domain
go.microsoft.com
Subject Issuer Validity Valid
hubspotlinks.com
Cloudflare Inc ECC CA-3		 2023-04-17 -
2024-04-16		 a year crt.sh
forms.office.com
Microsoft Azure TLS Issuing CA 02		 2023-03-23 -
2024-03-17		 a year crt.sh
cdn.forms.office.net
Microsoft Azure TLS Issuing CA 06		 2022-09-28 -
2023-09-23		 a year crt.sh
lists.office.com
Microsoft Azure TLS Issuing CA 05		 2023-01-11 -
2024-01-06		 a year crt.sh
js.monitor.azure.com
Microsoft Azure TLS Issuing CA 01		 2023-03-23 -
2024-03-17		 a year crt.sh
*.events.data.microsoft.com
Microsoft Azure TLS Issuing CA 02		 2023-03-08 -
2024-03-02		 a year crt.sh

This page contains 1 frames:

Primary Page: https://forms.office.com/Pages/ResponsePage.aspx?id=W8FT8jyv2EaRBTCyeq83uXIYnf4f3e5Di1TKHHIxHwxUMTFHN0NRTk1KNkFWMkJWU01BSEFaQjBTNS4u&utm_medium=email&_hsmi=223439219&_hsenc=p2ANqtz-81sCWJm7j4PLY1XDXrHiKTE6Lz1wLdPIU9Ihi5RWl1enjSaqgzEDjlZfbKly8u8aN25EPv1pn9KFYESjhcmEp0vTK8imadhFxN7NFLz_9CktVV5H8&utm_content=223439219&utm_source=hs_automation
Frame ID: E9304843357461F42B9058F81EEA8BD6
Requests: 27 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

REQUIREMENT FORM

Page URL History Show full URLs

  1. https://c5cwm04.na1.hubspotlinks.com/Ctc/T5+113/c5cwm04/VXkDWB5PxzXsN8jVH9mY9wrWW7bJF9w4-LXp0N8BHR5B5knJGV3Zsc37C... Page URL
  2. https://c5cwm04.na1.hubspotlinks.com/events/public/v1/encoded/track/tc/T5+113/c5cwm04/VXkDWB5PxzXsN8jVH9mY9wrWW7b... HTTP 307
    https://forms.office.com/Pages/ResponsePage.aspx?id=W8FT8jyv2EaRBTCyeq83uXIYnf4f3e5Di1TKHHIxHwxUMTFHN... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.aspx?(?:$|\?)

Page Statistics

30
Requests

97 %
HTTPS

63 %
IPv6

6
Domains

8
Subdomains

7
IPs

4
Countries

2037 kB
Transfer

2594 kB
Size

14
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://c5cwm04.na1.hubspotlinks.com/Ctc/T5+113/c5cwm04/VXkDWB5PxzXsN8jVH9mY9wrWW7bJF9w4-LXp0N8BHR5B5knJGV3Zsc37CgW3RW5kRzzN3ww052W13JNy152N_JhW8W8wk84n9bYtW6NKyRn5rP6G2W11y3TB7_QR_kVt0HQZ2NQP-WW4ZT0j133xJ5jN3QkwRljJM1sVjSG0H7ndSkMW5PfQwS5rYMRZW1220bV3Dpj28W5-dW5C41Qcc1V5PJpx55179SW5Jrsnw7LH3nlW4C93yP78qPJZW288ksF74DrV7W3fVlG79c_sBPW6YcK-65L4V6mW5rKMfR4GQkG6W56CGPN3MQVR2W6FDC2_8N0mbgW1H0GSj260Zm6N3-j5V8TljGCW2tKSb39bkp37VF1xJY8qrQqxW83ZyT33Xw2Q_W5tgDry1dZ4TNW2g7m4b6FKdNxW54vkKZ1-D-3MW1d8XHl6gjG_rW11xTSF8GN_YWW35JBxs6-Rrn6VGqr-y8TGjQ4V9nCnq377rjwW2cSTwG5JqjqnW5_v3gQ3fnf2X37rK1 Page URL
  2. https://c5cwm04.na1.hubspotlinks.com/events/public/v1/encoded/track/tc/T5+113/c5cwm04/VXkDWB5PxzXsN8jVH9mY9wrWW7bJF9w4-LXp0N8BHR5B5knJGV3Zsc37CgW3RW5kRzzN3ww052W13JNy152N_JhW8W8wk84n9bYtW6NKyRn5rP6G2W11y3TB7_QR_kVt0HQZ2NQP-WW4ZT0j133xJ5jN3QkwRljJM1sVjSG0H7ndSkMW5PfQwS5rYMRZW1220bV3Dpj28W5-dW5C41Qcc1V5PJpx55179SW5Jrsnw7LH3nlW4C93yP78qPJZW288ksF74DrV7W3fVlG79c_sBPW6YcK-65L4V6mW5rKMfR4GQkG6W56CGPN3MQVR2W6FDC2_8N0mbgW1H0GSj260Zm6N3-j5V8TljGCW2tKSb39bkp37VF1xJY8qrQqxW83ZyT33Xw2Q_W5tgDry1dZ4TNW2g7m4b6FKdNxW54vkKZ1-D-3MW1d8XHl6gjG_rW11xTSF8GN_YWW35JBxs6-Rrn6VGqr-y8TGjQ4V9nCnq377rjwW2cSTwG5JqjqnW5_v3gQ3fnf2X37rK1?_ud=2dab7127-9ac5-41de-85f0-5726e2dc4231&_jss=1&_fl=8&_pl=3&_hc=4&_lg=en-US,en&_plt=Win32&_scr=1600,1200 HTTP 307
    https://forms.office.com/Pages/ResponsePage.aspx?id=W8FT8jyv2EaRBTCyeq83uXIYnf4f3e5Di1TKHHIxHwxUMTFHN0NRTk1KNkFWMkJWU01BSEFaQjBTNS4u&utm_medium=email&_hsmi=223439219&_hsenc=p2ANqtz-81sCWJm7j4PLY1XDXrHiKTE6Lz1wLdPIU9Ihi5RWl1enjSaqgzEDjlZfbKly8u8aN25EPv1pn9KFYESjhcmEp0vTK8imadhFxN7NFLz_9CktVV5H8&utm_content=223439219&utm_source=hs_automation Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 16
  • https://c.office.com/c.gif HTTP 302
  • https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=95245872710C4C26815661EE04912AE9&RedC=c.office.com&MXFR=029D26BBBA036E5911DC35ADBE0365C9 HTTP 302
  • https://c.office.com/c.gif?ctsa=mr&CtsSyncId=95245872710C4C26815661EE04912AE9&MUID=029D26BBBA036E5911DC35ADBE0365C9

30 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
VXkDWB5PxzXsN8jVH9mY9wrWW7bJF9w4-LXp0N8BHR5B5knJGV3Zsc37CgW3RW5kRzzN3ww052W13JNy152N_JhW8W8wk84n9bYtW6NKyRn5rP6G2W11y3TB7_QR_kVt0HQZ2NQP-WW4ZT0j133xJ5jN3QkwRljJM1sVjSG0H7ndSkMW5PfQwS5rYMRZW1220bV3D...
c5cwm04.na1.hubspotlinks.com/Ctc/T5+113/c5cwm04/ 		8 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://c5cwm04.na1.hubspotlinks.com/Ctc/T5+113/c5cwm04/VXkDWB5PxzXsN8jVH9mY9wrWW7bJF9w4-LXp0N8BHR5B5knJGV3Zsc37CgW3RW5kRzzN3ww052W13JNy152N_JhW8W8wk84n9bYtW6NKyRn5rP6G2W11y3TB7_QR_kVt0HQZ2NQP-WW4ZT0j133xJ5jN3QkwRljJM1sVjSG0H7ndSkMW5PfQwS5rYMRZW1220bV3Dpj28W5-dW5C41Qcc1V5PJpx55179SW5Jrsnw7LH3nlW4C93yP78qPJZW288ksF74DrV7W3fVlG79c_sBPW6YcK-65L4V6mW5rKMfR4GQkG6W56CGPN3MQVR2W6FDC2_8N0mbgW1H0GSj260Zm6N3-j5V8TljGCW2tKSb39bkp37VF1xJY8qrQqxW83ZyT33Xw2Q_W5tgDry1dZ4TNW2g7m4b6FKdNxW54vkKZ1-D-3MW1d8XHl6gjG_rW11xTSF8GN_YWW35JBxs6-Rrn6VGqr-y8TGjQ4V9nCnq377rjwW2cSTwG5JqjqnW5_v3gQ3fnf2X37rK1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:db1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
false
cf-cache-status
DYNAMIC
cf-ray
7c9c98b8df881c0b-FRA
content-encoding
br
content-type
text/html;charset=utf-8
date
Fri, 19 May 2023 13:13:19 GMT
referrer-policy
no-referrer
server
cloudflare
vary
origin
x-envoy-upstream-service-time
5
x-evy-trace-listener
listener_https
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-route-service-name
envoyset-translator
x-evy-trace-served-by-pod
iad02/event-tracking-td/envoy-proxy-5c4cb998cf-26rdm
x-evy-trace-virtual-host
all
x-hubspot-correlation-id
d17dd812-efeb-4963-b681-7149ea09346c
x-request-id
9e583ba0-3a0e-4b75-a664-d55e22d73f57
x-robots-tag
none
Primary Request ResponsePage.aspx
forms.office.com/Pages/
Redirect Chain
  • https://c5cwm04.na1.hubspotlinks.com/events/public/v1/encoded/track/tc/T5+113/c5cwm04/VXkDWB5PxzXsN8jVH9mY9wrWW7bJF9w4-LXp0N8BHR5B5knJGV3Zsc37CgW3RW5kRzzN3ww052W13JNy152N_JhW8W8wk84n9bYtW6NKyRn5rP6...
  • https://forms.office.com/Pages/ResponsePage.aspx?id=W8FT8jyv2EaRBTCyeq83uXIYnf4f3e5Di1TKHHIxHwxUMTFHN0NRTk1KNkFWMkJWU01BSEFaQjBTNS4u&utm_medium=email&_hsmi=223439219&_hsenc=p2ANqtz-81sCWJm7j4PLY1XD...
60 KB
19 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://forms.office.com/Pages/ResponsePage.aspx?id=W8FT8jyv2EaRBTCyeq83uXIYnf4f3e5Di1TKHHIxHwxUMTFHN0NRTk1KNkFWMkJWU01BSEFaQjBTNS4u&utm_medium=email&_hsmi=223439219&_hsenc=p2ANqtz-81sCWJm7j4PLY1XDXrHiKTE6Lz1wLdPIU9Ihi5RWl1enjSaqgzEDjlZfbKly8u8aN25EPv1pn9KFYESjhcmEp0vTK8imadhFxN7NFLz_9CktVV5H8&utm_content=223439219&utm_source=hs_automation
Requested by
Host: c5cwm04.na1.hubspotlinks.com
URL: https://c5cwm04.na1.hubspotlinks.com/Ctc/T5+113/c5cwm04/VXkDWB5PxzXsN8jVH9mY9wrWW7bJF9w4-LXp0N8BHR5B5knJGV3Zsc37CgW3RW5kRzzN3ww052W13JNy152N_JhW8W8wk84n9bYtW6NKyRn5rP6G2W11y3TB7_QR_kVt0HQZ2NQP-WW4ZT0j133xJ5jN3QkwRljJM1sVjSG0H7ndSkMW5PfQwS5rYMRZW1220bV3Dpj28W5-dW5C41Qcc1V5PJpx55179SW5Jrsnw7LH3nlW4C93yP78qPJZW288ksF74DrV7W3fVlG79c_sBPW6YcK-65L4V6mW5rKMfR4GQkG6W56CGPN3MQVR2W6FDC2_8N0mbgW1H0GSj260Zm6N3-j5V8TljGCW2tKSb39bkp37VF1xJY8qrQqxW83ZyT33Xw2Q_W5tgDry1dZ4TNW2g7m4b6FKdNxW54vkKZ1-D-3MW1d8XHl6gjG_rW11xTSF8GN_YWW35JBxs6-Rrn6VGqr-y8TGjQ4V9nCnq377rjwW2cSTwG5JqjqnW5_v3gQ3fnf2X37rK1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:a92::194 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
3fd46af25463c3bdbb459aa3222568205d2647121b7348d28ea99eea2ddc87b0
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

Referer
https://c5cwm04.na1.hubspotlinks.com/Ctc/T5+113/c5cwm04/VXkDWB5PxzXsN8jVH9mY9wrWW7bJF9w4-LXp0N8BHR5B5knJGV3Zsc37CgW3RW5kRzzN3ww052W13JNy152N_JhW8W8wk84n9bYtW6NKyRn5rP6G2W11y3TB7_QR_kVt0HQZ2NQP-WW4ZT0j133xJ5jN3QkwRljJM1sVjSG0H7ndSkMW5PfQwS5rYMRZW1220bV3Dpj28W5-dW5C41Qcc1V5PJpx55179SW5Jrsnw7LH3nlW4C93yP78qPJZW288ksF74DrV7W3fVlG79c_sBPW6YcK-65L4V6mW5rKMfR4GQkG6W56CGPN3MQVR2W6FDC2_8N0mbgW1H0GSj260Zm6N3-j5V8TljGCW2tKSb39bkp37VF1xJY8qrQqxW83ZyT33Xw2Q_W5tgDry1dZ4TNW2g7m4b6FKdNxW54vkKZ1-D-3MW1d8XHl6gjG_rW11xTSF8GN_YWW35JBxs6-Rrn6VGqr-y8TGjQ4V9nCnq377rjwW2cSTwG5JqjqnW5_v3gQ3fnf2X37rK1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, no-store, must-revalidate
content-encoding
br
content-type
text/html; charset=utf-8
date
Fri, 19 May 2023 13:13:21 GMT
expires
0
link
<https://cdn.forms.office.net/forms>; rel=preconnect; crossorigin=anonymous
pragma
no-cache
strict-transport-security
max-age=2592000; includeSubDomains
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
x-correlationid
e8102205-f0e3-48e6-b3fe-6b08d90b7b56
x-msedge-ref
Ref A: D56D65C1682F418BBB2F1F218B176CDB Ref B: AMS231032605027 Ref C: 2023-05-19T13:13:20Z
x-officecluster
weu-100.forms.office.com
x-officefe
FormsSingleBox_IN_2
x-officeversion
16.0.16515.42054
x-robots-tag
noindex, nofollow
x-routingcorrelationid
e8102205-f0e3-48e6-b3fe-6b08d90b7b56
x-routingofficecluster
weu-100.forms.office.com
x-routingofficefe
FormsSingleBox_IN_2
x-routingofficeversion
16.0.16515.42054
x-routingsessionid
28ca852a-d4c7-4805-b2fa-26d199e7a376
x-usersessionid
28ca852a-d4c7-4805-b2fa-26d199e7a376

Redirect headers

access-control-allow-credentials
false
cf-cache-status
DYNAMIC
cf-ray
7c9c98bb5b831c0b-FRA
date
Fri, 19 May 2023 13:13:20 GMT
link
<https://forms.office.com/Pages/ResponsePage.aspx?id=W8FT8jyv2EaRBTCyeq83uXIYnf4f3e5Di1TKHHIxHwxUMTFHN0NRTk1KNkFWMkJWU01BSEFaQjBTNS4u&utm_medium=email&_hsmi=223439219&_hsenc=p2ANqtz-81sCWJm7j4PLY1XDXrHiKTE6Lz1wLdPIU9Ihi5RWl1enjSaqgzEDjlZfbKly8u8aN25EPv1pn9KFYESjhcmEp0vTK8imadhFxN7NFLz_9CktVV5H8&utm_content=223439219&utm_source=hs_automation>; rel="canonical"
location
https://forms.office.com/Pages/ResponsePage.aspx?id=W8FT8jyv2EaRBTCyeq83uXIYnf4f3e5Di1TKHHIxHwxUMTFHN0NRTk1KNkFWMkJWU01BSEFaQjBTNS4u&utm_medium=email&_hsmi=223439219&_hsenc=p2ANqtz-81sCWJm7j4PLY1XDXrHiKTE6Lz1wLdPIU9Ihi5RWl1enjSaqgzEDjlZfbKly8u8aN25EPv1pn9KFYESjhcmEp0vTK8imadhFxN7NFLz_9CktVV5H8&utm_content=223439219&utm_source=hs_automation
referrer-policy
no-referrer
server
cloudflare
vary
origin
x-envoy-upstream-service-time
16
x-evy-trace-listener
listener_https
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-route-service-name
envoyset-translator
x-evy-trace-served-by-pod
iad02/event-tracking-td/envoy-proxy-5c4cb998cf-wj5w5
x-evy-trace-virtual-host
all
x-hubspot-correlation-id
d9aa96c6-99b1-4b69-b421-ad1bbf23d512
x-request-id
754b0979-3647-4ecf-b404-c726cc841cdf
x-robots-tag
none
ls-response.de.b1129fee5.js
cdn.forms.office.net/forms/scripts/dists/ 		38 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.forms.office.net/forms/scripts/dists/ls-response.de.b1129fee5.js
Requested by
Host: forms.office.com
URL: https://forms.office.com/Pages/ResponsePage.aspx?id=W8FT8jyv2EaRBTCyeq83uXIYnf4f3e5Di1TKHHIxHwxUMTFHN0NRTk1KNkFWMkJWU01BSEFaQjBTNS4u&utm_medium=email&_hsmi=223439219&_hsenc=p2ANqtz-81sCWJm7j4PLY1XDXrHiKTE6Lz1wLdPIU9Ihi5RWl1enjSaqgzEDjlZfbKly8u8aN25EPv1pn9KFYESjhcmEp0vTK8imadhFxN7NFLz_9CktVV5H8&utm_content=223439219&utm_source=hs_automation
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3000::170a:f920 Glattbrugg, Switzerland, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
cf24b8e01033450ebb7a0501d9c7387938256092340b92fc9b1503be6ea43326

Request headers

Referer
https://forms.office.com/
Origin
https://forms.office.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 19 May 2023 13:13:21 GMT
content-encoding
br
content-md5
S4LLyMVFivYeMD79+M5OPw==
content-length
11944
x-ms-lease-status
unlocked
last-modified
Wed, 17 May 2023 05:52:06 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8DB569AD8C26C60
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
cab21b4d-201e-001a-048f-888696000000
access-control-expose-headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
cache-control
max-age=31536000
x-ms-version
2009-09-19
timing-allow-origin
*
expires
Sat, 18 May 2024 13:13:21 GMT
light-response-page.min.d811f95.js
cdn.forms.office.net/forms/scripts/dists/ 		392 KB
108 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.forms.office.net/forms/scripts/dists/light-response-page.min.d811f95.js
Requested by
Host: forms.office.com
URL: https://forms.office.com/Pages/ResponsePage.aspx?id=W8FT8jyv2EaRBTCyeq83uXIYnf4f3e5Di1TKHHIxHwxUMTFHN0NRTk1KNkFWMkJWU01BSEFaQjBTNS4u&utm_medium=email&_hsmi=223439219&_hsenc=p2ANqtz-81sCWJm7j4PLY1XDXrHiKTE6Lz1wLdPIU9Ihi5RWl1enjSaqgzEDjlZfbKly8u8aN25EPv1pn9KFYESjhcmEp0vTK8imadhFxN7NFLz_9CktVV5H8&utm_content=223439219&utm_source=hs_automation
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3000::170a:f920 Glattbrugg, Switzerland, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
a90ed81e8dd95e8b280f78a6af21a35636574620dde24d0922e1ee83ada86a68

Request headers

Referer
https://forms.office.com/
Origin
https://forms.office.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 19 May 2023 13:13:22 GMT
content-encoding
br
content-md5
4Fjo8KRIcQN+yJ/DX680Zw==
content-length
110252
x-ms-lease-status
unlocked
last-modified
Thu, 18 May 2023 12:36:05 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8DB579C72F0A194
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
77f69310-901e-0065-49f2-8918a4000000
access-control-expose-headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
cache-control
max-age=31536000
x-ms-version
2009-09-19
timing-allow-origin
*
expires
Sat, 18 May 2024 13:13:22 GMT
runtimeFormsWithResponses('W8FT8jyv2EaRBTCyeq83uXIYnf4f3e5Di1TKHHIxHwxUMTFHN0NRTk1KNkFWMkJWU01BSEFaQjBTNS4u')
forms.office.com/formapi/api/f253c15b-af3c-46d8-9105-30b27aaf37b9/users/fe9d1872-dd1f-43ee-8b54-ca1c72311f0c/light/ 		13 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://forms.office.com/formapi/api/f253c15b-af3c-46d8-9105-30b27aaf37b9/users/fe9d1872-dd1f-43ee-8b54-ca1c72311f0c/light/runtimeFormsWithResponses('W8FT8jyv2EaRBTCyeq83uXIYnf4f3e5Di1TKHHIxHwxUMTFHN0NRTk1KNkFWMkJWU01BSEFaQjBTNS4u')?$expand=questions($expand=choices)&$top=1
Requested by
Host: forms.office.com
URL: https://forms.office.com/Pages/ResponsePage.aspx?id=W8FT8jyv2EaRBTCyeq83uXIYnf4f3e5Di1TKHHIxHwxUMTFHN0NRTk1KNkFWMkJWU01BSEFaQjBTNS4u&utm_medium=email&_hsmi=223439219&_hsenc=p2ANqtz-81sCWJm7j4PLY1XDXrHiKTE6Lz1wLdPIU9Ihi5RWl1enjSaqgzEDjlZfbKly8u8aN25EPv1pn9KFYESjhcmEp0vTK8imadhFxN7NFLz_9CktVV5H8&utm_content=223439219&utm_source=hs_automation
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:a92::194 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
b411aaa5b3417fef3d3f383ab8a2ae5f7c9769e01824dacfc4a8f927b200df09
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

Referer
https://forms.office.com/Pages/ResponsePage.aspx?id=W8FT8jyv2EaRBTCyeq83uXIYnf4f3e5Di1TKHHIxHwxUMTFHN0NRTk1KNkFWMkJWU01BSEFaQjBTNS4u&utm_medium=email&_hsmi=223439219&_hsenc=p2ANqtz-81sCWJm7j4PLY1XDXrHiKTE6Lz1wLdPIU9Ihi5RWl1enjSaqgzEDjlZfbKly8u8aN25EPv1pn9KFYESjhcmEp0vTK8imadhFxN7NFLz_9CktVV5H8&utm_content=223439219&utm_source=hs_automation
X-UserSessionId
28ca852a-d4c7-4805-b2fa-26d199e7a376
accept-language
de-DE,de;q=0.9
__RequestVerificationToken
PP0klpGUc0fISEQ6FWwz6RJcsgO8rO38EE_SP7lG11tS3Y4EID9zo4z5Wdw8CKIVxNSi7dy_BQs8mSP612oBHfxg7IAm6kAm3958XCeXrsw1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type
application/json

Response headers

strict-transport-security
max-age=2592000; includeSubDomains
content-encoding
gzip
date
Fri, 19 May 2023 13:13:21 GMT
x-officeversion
16.0.16515.42054
x-officefe
FormsSingleBox_IN_3
x-cache
CONFIG_NOCACHE
x-routingofficefe
FormsSingleBox_IN_12
x-routingofficeversion
16.0.16515.42054
x-correlationid
0f87ad1f-b7ac-4281-85e2-a2624af93ce9
x-officecluster
neu-100.forms.office.com
x-usersessionid
28ca852a-d4c7-4805-b2fa-26d199e7a376
x-msedge-ref
Ref A: 313345FAAF1445C982B77349656A2697 Ref B: AMS231032605027 Ref C: 2023-05-19T13:13:21Z
vary
Accept-Encoding
content-type
application/json; charset=utf-8
x-routingcorrelationid
0f87ad1f-b7ac-4281-85e2-a2624af93ce9
x-routingsessionid
28ca852a-d4c7-4805-b2fa-26d199e7a376
x-robots-tag
noindex, nofollow
x-routingofficecluster
neu-100.forms.office.com
light-response-page.chunk.lrp_ext.6da042f.js
cdn.forms.office.net/forms/scripts/dists/ 		0
87 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://cdn.forms.office.net/forms/scripts/dists/light-response-page.chunk.lrp_ext.6da042f.js
Requested by
Host: cdn.forms.office.net
URL: https://cdn.forms.office.net/forms/scripts/dists/light-response-page.min.d811f95.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3000::170a:f920 Glattbrugg, Switzerland, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://forms.office.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 19 May 2023 13:13:22 GMT
content-encoding
br
content-md5
whC4LF4wEyVUQC27dNAZFw==
content-length
88865
x-ms-lease-status
unlocked
last-modified
Thu, 18 May 2023 12:36:05 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8DB579C72A06A65
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
4a577592-301e-0068-0ded-89f7a8000000
access-control-expose-headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
cache-control
max-age=31536000
x-ms-version
2009-09-19
timing-allow-origin
*
expires
Sat, 18 May 2024 13:13:22 GMT
light-response-page.chunk.lrp_phishing.962890b.js
cdn.forms.office.net/forms/scripts/dists/ 		0
3 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://cdn.forms.office.net/forms/scripts/dists/light-response-page.chunk.lrp_phishing.962890b.js
Requested by
Host: cdn.forms.office.net
URL: https://cdn.forms.office.net/forms/scripts/dists/light-response-page.min.d811f95.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3000::170a:f920 Glattbrugg, Switzerland, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://forms.office.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 19 May 2023 13:13:22 GMT
content-encoding
br
content-md5
YSPqsNuxT/4Ze3mlRiwpJg==
content-length
2477
x-ms-lease-status
unlocked
last-modified
Thu, 18 May 2023 12:36:05 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8DB579C72E77B1E
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
910554eb-901e-0003-02ed-89aafe000000
access-control-expose-headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
cache-control
max-age=31536000
x-ms-version
2009-09-19
timing-allow-origin
*
expires
Sat, 18 May 2024 13:13:22 GMT
light-response-page.chunk.lrp_saveresponse.1c32d14.js
cdn.forms.office.net/forms/scripts/dists/ 		0
4 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://cdn.forms.office.net/forms/scripts/dists/light-response-page.chunk.lrp_saveresponse.1c32d14.js
Requested by
Host: cdn.forms.office.net
URL: https://cdn.forms.office.net/forms/scripts/dists/light-response-page.min.d811f95.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3000::170a:f920 Glattbrugg, Switzerland, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://forms.office.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 19 May 2023 13:13:22 GMT
content-encoding
br
content-md5
s08EDiTzIJzXkdBu1eXnvw==
content-length
3745
x-ms-lease-status
unlocked
last-modified
Thu, 18 May 2023 12:36:05 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8DB579C72E94F98
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
72a304ac-601e-0070-38ed-89da3d000000
access-control-expose-headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
cache-control
max-age=31536000
x-ms-version
2009-09-19
timing-allow-origin
*
expires
Sat, 18 May 2024 13:13:22 GMT
light-response-page.chunk.lrp_cover.6790ea5.js
cdn.forms.office.net/forms/scripts/dists/ 		0
23 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://cdn.forms.office.net/forms/scripts/dists/light-response-page.chunk.lrp_cover.6790ea5.js
Requested by
Host: cdn.forms.office.net
URL: https://cdn.forms.office.net/forms/scripts/dists/light-response-page.min.d811f95.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3000::170a:f920 Glattbrugg, Switzerland, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://forms.office.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 19 May 2023 13:13:22 GMT
content-encoding
br
content-md5
8Xle+Crme/WgpXn14a6PTg==
content-length
23404
x-ms-lease-status
unlocked
last-modified
Thu, 18 May 2023 12:36:05 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8DB579C729BD733
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
5c26c972-901e-0021-79ed-89c4c8000000
access-control-expose-headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
cache-control
max-age=31536000
x-ms-version
2009-09-19
timing-allow-origin
*
expires
Sat, 18 May 2024 13:13:22 GMT
light-response-page.chunk.lrp_post.boot.c9962b2.js
cdn.forms.office.net/forms/scripts/dists/ 		0
5 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://cdn.forms.office.net/forms/scripts/dists/light-response-page.chunk.lrp_post.boot.c9962b2.js
Requested by
Host: cdn.forms.office.net
URL: https://cdn.forms.office.net/forms/scripts/dists/light-response-page.min.d811f95.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3000::170a:f920 Glattbrugg, Switzerland, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://forms.office.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 19 May 2023 13:13:22 GMT
content-encoding
br
content-md5
6g2uCAC6R9CzLCgWZNgvAA==
content-length
4872
x-ms-lease-status
unlocked
last-modified
Thu, 18 May 2023 12:36:05 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8DB579C72E7A226
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
000c5045-701e-004d-5fed-896f1b000000
access-control-expose-headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
cache-control
max-age=31536000
x-ms-version
2009-09-19
timing-allow-origin
*
expires
Sat, 18 May 2024 13:13:22 GMT
light-response-page.chunk.lrp_ext.6da042f.js
cdn.forms.office.net/forms/scripts/dists/ 		294 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.forms.office.net/forms/scripts/dists/light-response-page.chunk.lrp_ext.6da042f.js
Requested by
Host: cdn.forms.office.net
URL: https://cdn.forms.office.net/forms/scripts/dists/light-response-page.min.d811f95.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3000::170a:f920 Glattbrugg, Switzerland, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
82ad19a373e0c2f4fe81054d51e18dbdf0284c2322749dc952a911df12d09f7e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://forms.office.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 19 May 2023 13:13:22 GMT
content-encoding
br
content-md5
whC4LF4wEyVUQC27dNAZFw==
content-length
88865
x-ms-lease-status
unlocked
last-modified
Thu, 18 May 2023 12:36:05 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8DB579C72A06A65
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
4a577592-301e-0068-0ded-89f7a8000000
access-control-expose-headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
cache-control
max-age=31536000
x-ms-version
2009-09-19
timing-allow-origin
*
expires
Sat, 18 May 2024 13:13:22 GMT
light-response-page.chunk.lrp_phishing.962890b.js
cdn.forms.office.net/forms/scripts/dists/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.forms.office.net/forms/scripts/dists/light-response-page.chunk.lrp_phishing.962890b.js
Requested by
Host: cdn.forms.office.net
URL: https://cdn.forms.office.net/forms/scripts/dists/light-response-page.min.d811f95.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3000::170a:f920 Glattbrugg, Switzerland, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
ae44b15d1a693293f184de2769794e840d288f69cfcbb399b971c72d6263a38f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://forms.office.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 19 May 2023 13:13:22 GMT
content-encoding
br
content-md5
YSPqsNuxT/4Ze3mlRiwpJg==
content-length
2477
x-ms-lease-status
unlocked
last-modified
Thu, 18 May 2023 12:36:05 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8DB579C72E77B1E
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
910554eb-901e-0003-02ed-89aafe000000
access-control-expose-headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
cache-control
max-age=31536000
x-ms-version
2009-09-19
timing-allow-origin
*
expires
Sat, 18 May 2024 13:13:22 GMT
light-response-page.chunk.lrp_cover.6790ea5.js
cdn.forms.office.net/forms/scripts/dists/ 		84 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.forms.office.net/forms/scripts/dists/light-response-page.chunk.lrp_cover.6790ea5.js
Requested by
Host: cdn.forms.office.net
URL: https://cdn.forms.office.net/forms/scripts/dists/light-response-page.min.d811f95.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3000::170a:f920 Glattbrugg, Switzerland, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
f4893871e862063be2634b962916217002cdf129cc4e898ea28adf0a85708ddf

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://forms.office.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 19 May 2023 13:13:22 GMT
content-encoding
br
content-md5
8Xle+Crme/WgpXn14a6PTg==
content-length
23404
x-ms-lease-status
unlocked
last-modified
Thu, 18 May 2023 12:36:05 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8DB579C729BD733
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
5c26c972-901e-0021-79ed-89c4c8000000
access-control-expose-headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
cache-control
max-age=31536000
x-ms-version
2009-09-19
timing-allow-origin
*
expires
Sat, 18 May 2024 13:13:22 GMT
light-response-page.chunk.lrp_ty2svg.2ac265e.js
cdn.forms.office.net/forms/scripts/dists/ 		0
15 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://cdn.forms.office.net/forms/scripts/dists/light-response-page.chunk.lrp_ty2svg.2ac265e.js
Requested by
Host: cdn.forms.office.net
URL: https://cdn.forms.office.net/forms/scripts/dists/light-response-page.min.d811f95.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3000::170a:f920 Glattbrugg, Switzerland, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://forms.office.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 19 May 2023 13:13:22 GMT
content-encoding
br
content-md5
j434Z+kIHtJwXLYAb4kw6Q==
content-length
15309
x-ms-lease-status
unlocked
last-modified
Wed, 26 Apr 2023 05:39:18 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8DB461894451108
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
1bc48d1d-101e-0056-070e-784189000000
access-control-expose-headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
cache-control
max-age=31536000
x-ms-version
2009-09-19
timing-allow-origin
*
expires
Sat, 18 May 2024 13:13:22 GMT
light-response-page.chunk.officebrowserfeedback.39bdf71.js
cdn.forms.office.net/forms/scripts/dists/ 		0
105 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://cdn.forms.office.net/forms/scripts/dists/light-response-page.chunk.officebrowserfeedback.39bdf71.js
Requested by
Host: cdn.forms.office.net
URL: https://cdn.forms.office.net/forms/scripts/dists/light-response-page.min.d811f95.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3000::170a:f920 Glattbrugg, Switzerland, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://forms.office.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 19 May 2023 13:13:22 GMT
content-encoding
br
content-md5
g077WZtojOm9a9CkyPtrow==
content-length
107103
x-ms-lease-status
unlocked
last-modified
Tue, 16 May 2023 04:56:29 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8DB55C9E92A04E9
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
1504d0f4-a01e-006d-1dbe-8703d7000000
access-control-expose-headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
cache-control
max-age=31536000
x-ms-version
2009-09-19
timing-allow-origin
*
expires
Sat, 18 May 2024 13:13:22 GMT
light-response-page.chunk.try_dv.d33b8a6.js
cdn.forms.office.net/forms/scripts/dists/ 		0
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://cdn.forms.office.net/forms/scripts/dists/light-response-page.chunk.try_dv.d33b8a6.js
Requested by
Host: cdn.forms.office.net
URL: https://cdn.forms.office.net/forms/scripts/dists/light-response-page.min.d811f95.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3000::170a:f920 Glattbrugg, Switzerland, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://forms.office.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 19 May 2023 13:13:22 GMT
content-encoding
br
content-md5
inakQNjDFIYjDVPGieJ6aw==
content-length
1754
x-ms-lease-status
unlocked
last-modified
Thu, 13 Apr 2023 04:05:59 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8DB3BD463DAFBC7
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
023ee56a-901e-0021-31c4-6dc4c8000000
access-control-expose-headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
cache-control
max-age=31536000
x-ms-version
2009-09-19
timing-allow-origin
*
expires
Sat, 18 May 2024 13:13:22 GMT
light-response-page.chunk.1ds.aaf0407.js
cdn.forms.office.net/forms/scripts/dists/ 		104 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.forms.office.net/forms/scripts/dists/light-response-page.chunk.1ds.aaf0407.js
Requested by
Host: cdn.forms.office.net
URL: https://cdn.forms.office.net/forms/scripts/dists/light-response-page.min.d811f95.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3000::170a:f920 Glattbrugg, Switzerland, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
75bb2ee5101a73dfd44373652da2ede4d17ea680eabea994208314b11e638870

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://forms.office.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 19 May 2023 13:13:22 GMT
content-encoding
br
content-md5
56SpHjwP9MPURIXTTIHzxQ==
content-length
33816
x-ms-lease-status
unlocked
last-modified
Tue, 09 May 2023 04:55:53 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8DB5049AB181808
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
e66cecb2-f01e-0057-0d3d-824074000000
access-control-expose-headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
cache-control
max-age=31536000
x-ms-version
2009-09-19
timing-allow-origin
*
expires
Sat, 18 May 2024 13:13:22 GMT
c.gif
c.office.com/
Redirect Chain
  • https://c.office.com/c.gif
  • https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=95245872710C4C26815661EE04912AE9&RedC=c.office.com&MXFR=029D26BBBA036E5911DC35ADBE0365C9
  • https://c.office.com/c.gif?ctsa=mr&CtsSyncId=95245872710C4C26815661EE04912AE9&MUID=029D26BBBA036E5911DC35ADBE0365C9
42 B
334 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.office.com/c.gif?ctsa=mr&CtsSyncId=95245872710C4C26815661EE04912AE9&MUID=029D26BBBA036E5911DC35ADBE0365C9
Protocol
H2
Server
68.219.88.97 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://forms.office.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 19 May 2023 13:13:21 GMT
last-modified
Thu, 04 May 2023 15:33:28 GMT
server
Microsoft-IIS/10.0
etag
"6de038c69d7ed91:0"
x-powered-by
ASP.NET
content-type
image/gif
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
private, no-cache, proxy-revalidate, no-store
accept-ranges
bytes
content-length
42

Redirect headers

pragma
no-cache
date
Fri, 19 May 2023 13:13:22 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 5C860212FF984D93B04A0F9158AC3CEF Ref B: FRAEDGE1916 Ref C: 2023-05-19T13:13:22Z
x-powered-by
ASP.NET
x-cache
CONFIG_NOCACHE
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location
https://c.office.com/c.gif?ctsa=mr&CtsSyncId=95245872710C4C26815661EE04912AE9&MUID=029D26BBBA036E5911DC35ADBE0365C9
cache-control
private, no-cache, proxy-revalidate, no-store
content-length
0
'de'
forms.office.com/formapi/api/f253c15b-af3c-46d8-9105-30b27aaf37b9/users/fe9d1872-dd1f-43ee-8b54-ca1c72311f0c/forms('W8FT8jyv2EaRBTCyeq83uXIYnf4f3e5Di1TKHHIxHwxUMTFHN0NRTk1KNkFWMkJWU01BSEFaQjBTNS4u'... 		2 B
252 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://forms.office.com/formapi/api/f253c15b-af3c-46d8-9105-30b27aaf37b9/users/fe9d1872-dd1f-43ee-8b54-ca1c72311f0c/forms('W8FT8jyv2EaRBTCyeq83uXIYnf4f3e5Di1TKHHIxHwxUMTFHN0NRTk1KNkFWMkJWU01BSEFaQjBTNS4u')/localeResource/'de'
Requested by
Host: cdn.forms.office.net
URL: https://cdn.forms.office.net/forms/scripts/dists/light-response-page.chunk.lrp_ext.6da042f.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:a92::194 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

odata-version
4.0
x-correlationid
10bc54d8-80d3-4d0b-9d31-dd66e3667f43
x-usersessionid
28ca852a-d4c7-4805-b2fa-26d199e7a376
x-ms-form-request-ring
business
accept-language
de-DE,de;q=0.9
authorization
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
content-type
application/json
odata-maxverion
4.0
accept
application/json
Referer
https://forms.office.com/Pages/ResponsePage.aspx?id=W8FT8jyv2EaRBTCyeq83uXIYnf4f3e5Di1TKHHIxHwxUMTFHN0NRTk1KNkFWMkJWU01BSEFaQjBTNS4u&utm_medium=email&_hsmi=223439219&_hsenc=p2ANqtz-81sCWJm7j4PLY1XDXrHiKTE6Lz1wLdPIU9Ihi5RWl1enjSaqgzEDjlZfbKly8u8aN25EPv1pn9KFYESjhcmEp0vTK8imadhFxN7NFLz_9CktVV5H8&utm_content=223439219&utm_source=hs_automation
x-ms-form-request-source
ms-formweb
__requestverificationtoken
PP0klpGUc0fISEQ6FWwz6RJcsgO8rO38EE_SP7lG11tS3Y4EID9zo4z5Wdw8CKIVxNSi7dy_BQs8mSP612oBHfxg7IAm6kAm3958XCeXrsw1

Response headers

strict-transport-security
max-age=2592000; includeSubDomains
content-encoding
gzip
date
Fri, 19 May 2023 13:13:21 GMT
x-officeversion
16.0.16515.42054
x-officefe
FormsSingleBox_IN_3
x-cache
CONFIG_NOCACHE
x-routingofficefe
FormsSingleBox_IN_1
x-routingofficeversion
16.0.16515.42054
x-correlationid
10bc54d8-80d3-4d0b-9d31-dd66e3667f43
x-officecluster
neu-100.forms.office.com
x-usersessionid
28ca852a-d4c7-4805-b2fa-26d199e7a376
x-msedge-ref
Ref A: 9CDB9BBED0AA461F8F08111C1AA9C56B Ref B: AMS231032605027 Ref C: 2023-05-19T13:13:22Z
vary
Accept-Encoding
content-type
application/json; charset=utf-8
x-routingcorrelationid
10bc54d8-80d3-4d0b-9d31-dd66e3667f43
x-routingsessionid
28ca852a-d4c7-4805-b2fa-26d199e7a376
x-robots-tag
noindex, nofollow
x-routingofficecluster
neu-100.forms.office.com
light-response-page.chunk.lrp_post.boot.c9962b2.js
cdn.forms.office.net/forms/scripts/dists/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.forms.office.net/forms/scripts/dists/light-response-page.chunk.lrp_post.boot.c9962b2.js
Requested by
Host: cdn.forms.office.net
URL: https://cdn.forms.office.net/forms/scripts/dists/light-response-page.min.d811f95.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3000::170a:f920 Glattbrugg, Switzerland, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
67ea9419e213d4caaed714bb9b8556b38360f61674bd76395aac70376ce5e08a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://forms.office.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 19 May 2023 13:13:22 GMT
content-encoding
br
content-md5
6g2uCAC6R9CzLCgWZNgvAA==
content-length
4872
x-ms-lease-status
unlocked
last-modified
Thu, 18 May 2023 12:36:05 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8DB579C72E7A226
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
000c5045-701e-004d-5fed-896f1b000000
access-control-expose-headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
cache-control
max-age=31536000
x-ms-version
2009-09-19
timing-allow-origin
*
expires
Sat, 18 May 2024 13:13:22 GMT
93030099-614c-4233-b588-49f4ecb8b0f0
lists.office.com/Images/f253c15b-af3c-46d8-9105-30b27aaf37b9/fe9d1872-dd1f-43ee-8b54-ca1c72311f0c/T11G7CQNMJ6AV2BVSMAHAZB0S5/ 		1 MB
1 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lists.office.com/Images/f253c15b-af3c-46d8-9105-30b27aaf37b9/fe9d1872-dd1f-43ee-8b54-ca1c72311f0c/T11G7CQNMJ6AV2BVSMAHAZB0S5/93030099-614c-4233-b588-49f4ecb8b0f0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.109.88.76 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
65fd204044cf858a750d498da766dde917746e17dc1097ead05249527b8573f4
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://forms.office.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 19 May 2023 13:13:22 GMT
strict-transport-security
max-age=2592000; includeSubDomains
x-routingofficeversion
16.0.16514.42100
content-type
image/jpeg
x-routingcorrelationid
6ccfb1d9-c305-4190-9b9c-e6354b8af8ed
cache-control
no-cache
x-routingsessionid
6a02bcec-038f-4b47-8811-4881d18eb517
x-hivering
3
x-routingofficecluster
weu-100.lists.office.com
x-routingofficefe
CollabDBReverseProxyWithMappingService_IN_1
expires
-1
light-response-page.chunk.sw.b51c01e.js
cdn.forms.office.net/forms/scripts/dists/ 		1 KB
981 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.forms.office.net/forms/scripts/dists/light-response-page.chunk.sw.b51c01e.js
Requested by
Host: cdn.forms.office.net
URL: https://cdn.forms.office.net/forms/scripts/dists/light-response-page.min.d811f95.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3000::170a:f920 Glattbrugg, Switzerland, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
3cc4ab68d26de4335059e71536265bec6d6b3c97cc62d5a10aee44baaaacd75a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://forms.office.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 19 May 2023 13:13:22 GMT
content-encoding
br
content-md5
MGQnoR35q31ZWoIJCqP+Gg==
content-length
565
x-ms-lease-status
unlocked
last-modified
Thu, 13 Apr 2023 04:05:59 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8DB3BD463DBBEF9
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
6b987075-401e-004e-78c6-6d6c1c000000
access-control-expose-headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
cache-control
max-age=31536000
x-ms-version
2009-09-19
timing-allow-origin
*
expires
Sat, 18 May 2024 13:13:22 GMT
light-response-page.chunk.lrp_trial.d95666b.js
cdn.forms.office.net/forms/scripts/dists/ 		0
22 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://cdn.forms.office.net/forms/scripts/dists/light-response-page.chunk.lrp_trial.d95666b.js
Requested by
Host: cdn.forms.office.net
URL: https://cdn.forms.office.net/forms/scripts/dists/light-response-page.min.d811f95.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3000::170a:f920 Glattbrugg, Switzerland, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://forms.office.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 19 May 2023 13:13:22 GMT
content-encoding
br
content-md5
N9EBoriMyJ+p2H8ktWBNng==
content-length
22277
x-ms-lease-status
unlocked
last-modified
Thu, 18 May 2023 12:36:05 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8DB579C72ED1F9E
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
f5ceef44-801e-0053-30f2-89b5f6000000
access-control-expose-headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
cache-control
max-age=31536000
x-ms-version
2009-09-19
timing-allow-origin
*
expires
Sat, 18 May 2024 13:13:22 GMT
ms.jsll-3.min.js
js.monitor.azure.com/scripts/c/ 		179 KB
61 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.monitor.azure.com/scripts/c/ms.jsll-3.min.js
Requested by
Host: cdn.forms.office.net
URL: https://cdn.forms.office.net/forms/scripts/dists/light-response-page.chunk.lrp_post.boot.c9962b2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:48:1::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
cf9f5c9a0e93cce79c35e82d6ae093f427a4ab7bf61c4a980854e6d6589d3a6f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://forms.office.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Fri, 19 May 2023 13:13:22 GMT
content-encoding
br
x-azure-ref-originshield
0LXVnZAAAAAC6RsztwKmoRoAjX7L5Qg38RlJBMjMxMDUwNDE3MDUxAGYxY2E3M2Q0LTg4ODMtNGNhZi1hYmRjLWZlMmQ1NjdhZmI5Ng==
content-md5
/marBaXljvDfmTXcxJKiCA==
x-cache
TCP_HIT
x-ms-meta-jssdkver
3.2.11
last-modified
Tue, 16 May 2023 17:35:05 GMT
x-ms-meta-jssdksrc
[cdn]/scripts/c/ms.jsll-3.2.11.min.js
etag
0x8DB5633E2D59C23
x-azure-ref
08nVnZAAAAAB4C/UFZ+t1QpIclL1X5gCzRlJBMjMxMDUwNDIwMDIzAGYxY2E3M2Q0LTg4ODMtNGNhZi1hYmRjLWZlMmQ1NjdhZmI5Ng==
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
x-ms-request-id
08dee3c4-501e-003f-6652-8a3085000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,x-ms-meta-jssdkver,x-ms-meta-jssdksrc,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=1800, immutable, no-transform
x-ms-version
2009-09-19
/
browser.events.data.microsoft.com/OneCollector/1.0/ 		153 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0
Requested by
Host: js.monitor.azure.com
URL: https://js.monitor.azure.com/scripts/c/ms.jsll-3.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.89.178.26 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
e3b07b5d5166845956b1e2b0118527525f86ae3867cfe9fb0ffb673ad01c5def
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

upload-time
1684502003551
accept-language
de-DE,de;q=0.9
client-version
1DS-Web-JS-3.2.11
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
time-delta-to-apply-millis
use-collector-delta
content-type
application/x-json-stream
cache-control
no-cache, no-store
Referer
https://forms.office.com/
apikey
a0d933fc7f95442badc743f4d77f4aab-f980f8ea-160a-4432-92a4-80c87df83f4b-7539
Client-Id
NO_AUTH

Response headers

Strict-Transport-Security
max-age=31536000
Date
Fri, 19 May 2023 13:13:24 GMT
Server
Microsoft-HTTPAPI/2.0
time-delta-millis
1269
Access-Control-Allow-Methods
POST
P3P
CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Content-Type
application/json
Access-Control-Allow-Origin
https://forms.office.com
Access-Control-Expose-Headers
time-delta-millis
Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
P3P,Set-Cookie,time-delta-millis
Content-Length
153
/
browser.events.data.microsoft.com/OneCollector/1.0/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.89.178.26 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Headers
apikey,cache-control,client-id,client-version,content-type,time-delta-to-apply-millis,upload-time
Access-Control-Request-Method
POST
Origin
https://forms.office.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
AuthMsaDeviceTicket,AuthXToken,Content-Encoding,Content-Type,Cache-Control,Client-Id,SDK-Name,sdk-version,apikey,x-apikey,client-version,upload-time,time-delta-to-apply-millis,client-time-epoch-millis,persistence-mode,reliability-mode,NoResponseBody
Access-Control-Allow-Origin
https://forms.office.com
Access-Control-Max-Age
3600
Cache-Control
public, 3600
Content-Length
0
Date
Fri, 19 May 2023 13:13:23 GMT
Server
Microsoft-HTTPAPI/2.0
Strict-Transport-Security
max-age=31536000
/
browser.events.data.microsoft.com/OneCollector/1.0/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.89.178.26 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Headers
apikey,cache-control,client-id,client-version,content-type,time-delta-to-apply-millis,upload-time
Access-Control-Request-Method
POST
Origin
https://forms.office.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
AuthMsaDeviceTicket,AuthXToken,Content-Encoding,Content-Type,Cache-Control,Client-Id,SDK-Name,sdk-version,apikey,x-apikey,client-version,upload-time,time-delta-to-apply-millis,client-time-epoch-millis,persistence-mode,reliability-mode,NoResponseBody
Access-Control-Allow-Origin
https://forms.office.com
Access-Control-Max-Age
3600
Cache-Control
public, 3600
Content-Length
0
Date
Fri, 19 May 2023 13:13:24 GMT
Server
Microsoft-HTTPAPI/2.0
Strict-Transport-Security
max-age=31536000
/
browser.events.data.microsoft.com/OneCollector/1.0/ 		153 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0
Requested by
Host: cdn.forms.office.net
URL: https://cdn.forms.office.net/forms/scripts/dists/light-response-page.chunk.1ds.aaf0407.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.89.178.26 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
618dec7cb0711554dd53e6e55003ff9875d07d24c95761892646f6840389301c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

upload-time
1684502004573
accept-language
de-DE,de;q=0.9
client-version
1DS-Web-JS-3.2.8
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
time-delta-to-apply-millis
use-collector-delta
content-type
application/x-json-stream
cache-control
no-cache, no-store
Referer
https://forms.office.com/
apikey
2ddc7e5f54754fc68f3ae1c5b7f3eb20-1883aa8c-4c7b-42d1-b3d6-c9cdb5956783-7092
Client-Id
NO_AUTH

Response headers

Strict-Transport-Security
max-age=31536000
Date
Fri, 19 May 2023 13:13:24 GMT
Server
Microsoft-HTTPAPI/2.0
time-delta-millis
794
Access-Control-Allow-Methods
POST
P3P
CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Content-Type
application/json
Access-Control-Allow-Origin
https://forms.office.com
Access-Control-Expose-Headers
time-delta-millis
Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
P3P,Set-Cookie,time-delta-millis
Content-Length
153
/
browser.events.data.microsoft.com/OneCollector/1.0/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.89.178.26 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Headers
apikey,cache-control,client-id,client-version,content-type,time-delta-to-apply-millis,upload-time
Access-Control-Request-Method
POST
Origin
https://forms.office.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
AuthMsaDeviceTicket,AuthXToken,Content-Encoding,Content-Type,Cache-Control,Client-Id,SDK-Name,sdk-version,apikey,x-apikey,client-version,upload-time,time-delta-to-apply-millis,client-time-epoch-millis,persistence-mode,reliability-mode,NoResponseBody
Access-Control-Allow-Origin
https://forms.office.com
Access-Control-Max-Age
3600
Cache-Control
public, 3600
Content-Length
0
Date
Fri, 19 May 2023 13:13:24 GMT
Server
Microsoft-HTTPAPI/2.0
Strict-Transport-Security
max-age=31536000
/
browser.events.data.microsoft.com/OneCollector/1.0/ 		153 B
592 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0
Requested by
Host: js.monitor.azure.com
URL: https://js.monitor.azure.com/scripts/c/ms.jsll-3.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.89.178.26 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
e1f1cc23ff6ec6a14933944d5b47d355eea8ccad41f47d2b886abb7430d1fa81
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

upload-time
1684502004897
accept-language
de-DE,de;q=0.9
client-version
1DS-Web-JS-3.2.11
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
time-delta-to-apply-millis
1269
content-type
application/x-json-stream
cache-control
no-cache, no-store
Referer
https://forms.office.com/
apikey
a0d933fc7f95442badc743f4d77f4aab-f980f8ea-160a-4432-92a4-80c87df83f4b-7539
Client-Id
NO_AUTH

Response headers

Strict-Transport-Security
max-age=31536000
Date
Fri, 19 May 2023 13:13:24 GMT
Server
Microsoft-HTTPAPI/2.0
time-delta-millis
224
Access-Control-Allow-Methods
POST
Content-Type
application/json
Access-Control-Allow-Origin
https://forms.office.com
Access-Control-Expose-Headers
time-delta-millis
Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
time-delta-millis
Content-Length
153

Verdicts & Comments Add Verdict or Comment

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| NavKeyPoints function| reloadNoCdn object| OfficeFormServerInfo object| FormPrefetchCache object| FormsLsMap object| webpackChunk function| getChunkPath function| replaceChunkSrc object| __stylesheet__ function| formsModuleResolveErrorCallback object| formClientApi object| formsLsPromiseMap object| __globalSettings__ object| __themeState__ object| __packages__ object| __dynProto$Gbl object| e function| t object| oneDS object| awa

14 Cookies

Domain/Path Name / Value
forms.office.com/ Name: RpsAuthNonce
Value: 095809e3-e87f-4424-a795-34798647c569
.forms.office.com/ Name: RpsAuthNonce
Value: 095809e3-e87f-4424-a795-34798647c569
forms.office.com/ Name: __RequestVerificationToken
Value: jb1wOCWpkGfNS_G_JSBKxyWW3ah3bSTwulGolqoVgK1NDiXGbmAyPePYeXq44RI5_GQmwuqEtkfaIjt3SsM10fl9-pvfA7YsrHHsYCDi80A1
.office.com/ Name: MUID
Value: 029D26BBBA036E5911DC35ADBE0365C9
.bing.com/ Name: MUID
Value: 029D26BBBA036E5911DC35ADBE0365C9
.c.bing.com/ Name: MR
Value: 0
.c.bing.com/ Name: SRM_B
Value: 029D26BBBA036E5911DC35ADBE0365C9
.c.office.com/ Name: SM
Value: C
.c.office.com/ Name: MR
Value: 0
.c.office.com/ Name: ANONCHK
Value: 0
forms.office.com/ Name: ai_session
Value: ahdQSvpIeTE33cb67UQcWs|1684502002547|1684502002547
forms.office.com/ Name: MSFPC
Value: GUID=e322053f5d8748b783aa7a10011cd4f3&HASH=e322&LV=202305&V=4&LU=1684502004820
.microsoft.com/ Name: MC1
Value: GUID=74125e2195624dcabc7c21590d611ee2&HASH=7412&LV=202305&V=4&LU=1684502005367
.microsoft.com/ Name: MS0
Value: 5d744e3b6326442499f038bbe9eee12c

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

browser.events.data.microsoft.com
c.bing.com
c.office.com
c5cwm04.na1.hubspotlinks.com
cdn.forms.office.net
forms.office.com
js.monitor.azure.com
lists.office.com
13.89.178.26
2606:4700::6812:db1
2620:1ec:48:1::45
2620:1ec:a92::194
2620:1ec:c11::200
2a02:26f0:3000::170a:f920
52.109.88.76
68.219.88.97
3cc4ab68d26de4335059e71536265bec6d6b3c97cc62d5a10aee44baaaacd75a
3fd46af25463c3bdbb459aa3222568205d2647121b7348d28ea99eea2ddc87b0
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
618dec7cb0711554dd53e6e55003ff9875d07d24c95761892646f6840389301c
65fd204044cf858a750d498da766dde917746e17dc1097ead05249527b8573f4
67ea9419e213d4caaed714bb9b8556b38360f61674bd76395aac70376ce5e08a
75bb2ee5101a73dfd44373652da2ede4d17ea680eabea994208314b11e638870
82ad19a373e0c2f4fe81054d51e18dbdf0284c2322749dc952a911df12d09f7e
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
a90ed81e8dd95e8b280f78a6af21a35636574620dde24d0922e1ee83ada86a68
ae44b15d1a693293f184de2769794e840d288f69cfcbb399b971c72d6263a38f
b411aaa5b3417fef3d3f383ab8a2ae5f7c9769e01824dacfc4a8f927b200df09
cf24b8e01033450ebb7a0501d9c7387938256092340b92fc9b1503be6ea43326
cf9f5c9a0e93cce79c35e82d6ae093f427a4ab7bf61c4a980854e6d6589d3a6f
e1f1cc23ff6ec6a14933944d5b47d355eea8ccad41f47d2b886abb7430d1fa81
e3b07b5d5166845956b1e2b0118527525f86ae3867cfe9fb0ffb673ad01c5def
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f4893871e862063be2634b962916217002cdf129cc4e898ea28adf0a85708ddf