urlscan.io logo urlscan.io
SecurityTrails logo

forms.office.com Open in urlscan Pro
52.109.76.79  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://bea-factory.com//modules/zcan.php?email=dave.ross@ros.com
Effective URL: https://forms.office.com/Pages/ResponsePage.aspx?id=CEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWN...
Submission: On June 13 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 5 countries across 6 domains to perform 18 HTTP transactions. The main IP is 52.109.76.79, located in Dublin, Ireland and belongs to MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US. The main domain is forms.office.com.
TLS certificate: Issued by Microsoft IT TLS CA 4 on February 26th 2019. Valid for: 2 years.
This is the only time forms.office.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 213.186.33.97 16276 (OVH)
10 52.109.76.79 8075 (MICROSOFT...)
1 152.199.19.160 15133 (EDGECAST)
2 64.4.54.254 8075 (MICROSOFT...)
1 2 52.142.114.2 8075 (MICROSOFT...)
1 1 2620:1ec:c11:... 8068 (MICROSOFT...)
1 52.109.88.14 8075 (MICROSOFT...)
1 104.103.74.164 16625 (AKAMAI-AS)
1 52.114.88.28 8075 (MICROSOFT...)
18 8
1    213.186.33.97 (France)

ASN16276 (OVH, FR)
PTR: full-cdn-01.cluster006.ovh.net
bea-factory.com
10    52.109.76.79 (Dublin, Ireland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
forms.office.com
1    152.199.19.160 (United States)

ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)
az725175.vo.msecnd.net
2    64.4.54.254 (Cheyenne, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
web.vortex.data.microsoft.com
2    52.142.114.2 (Dublin, Ireland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
c.office.com
1    2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
c.bing.com
1    52.109.88.14 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
lists.office.com
1    104.103.74.164 (Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-103-74-164.deploy.static.akamaitechnologies.com
static2.sharepointonline.com
1    52.114.88.28 (London, United Kingdom)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
browser.pipe.aria.microsoft.com
Domain Requested by
10 forms.office.com forms.office.com
2 c.office.com 1 redirects forms.office.com
2 web.vortex.data.microsoft.com az725175.vo.msecnd.net
1 browser.pipe.aria.microsoft.com forms.office.com
1 static2.sharepointonline.com forms.office.com
1 lists.office.com forms.office.com
1 c.bing.com 1 redirects
1 az725175.vo.msecnd.net forms.office.com
1 bea-factory.com
18 9

This site contains links to these domains. Also see Links.

Domain
go.microsoft.com
Subject Issuer Validity Valid
forms.office.com
Microsoft IT TLS CA 4		 2019-02-26 -
2021-02-26		 2 years crt.sh
*.vo.msecnd.net
Microsoft IT TLS CA 2		 2018-03-30 -
2020-03-30		 2 years crt.sh
*.vortex.data.microsoft.com
Microsoft IT TLS CA 5		 2018-01-30 -
2020-01-30		 2 years crt.sh
c.msn.com
Microsoft IT TLS CA 1		 2018-09-13 -
2020-09-13		 2 years crt.sh
lists.office.com
Microsoft IT TLS CA 4		 2017-12-18 -
2019-12-18		 2 years crt.sh
*.sharepointonline.com
Microsoft IT TLS CA 2		 2017-11-03 -
2019-11-03		 2 years crt.sh
*.events.data.microsoft.com
Microsoft IT TLS CA 2		 2017-11-07 -
2019-11-07		 2 years crt.sh

This page contains 1 frames:

Primary Page: https://forms.office.com/Pages/ResponsePage.aspx?id=CEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWNzJZTDZPSS4u=dave.ross@ros.com
Frame ID: 768357CCC7C67094D2E5967BE2D75BD4
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://bea-factory.com//modules/zcan.php?email=dave.ross@ros.com Page URL
  2. https://forms.office.com/Pages/ResponsePage.aspx?id=CEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMT... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i
Overall confidence: 100%
Detected patterns
  • env /^React$/i
Overall confidence: 100%
Detected patterns
  • env /^jQuery$/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]+?href="[^"]+bootstrap(?:\.min)?\.css/i

Page Statistics

18
Requests

94 %
HTTPS

11 %
IPv6

6
Domains

9
Subdomains

8
IPs

5
Countries

683 kB
Transfer

2277 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://bea-factory.com//modules/zcan.php?email=dave.ross@ros.com Page URL
  2. https://forms.office.com/Pages/ResponsePage.aspx?id=CEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWNzJZTDZPSS4u=dave.ross@ros.com Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 10
  • https://c.office.com/c.gif HTTP 302
  • https://c.bing.com/c.gif?&CtsSyncId=1BA80341EC084A7788137F970DB58CFC&RedC=c.office.com&MXFR=0E75E60DA19960171FB2EB77A5996B82 HTTP 302
  • https://c.office.com/c.gif?&CtsSyncId=1BA80341EC084A7788137F970DB58CFC&MUID=0E75E60DA19960171FB2EB77A5996B82

18 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Cookie set zcan.php
bea-factory.com//modules/ 		191 B
614 B 		Document
General
Check archive.org
Download Go to
Full URL
http://bea-factory.com//modules/zcan.php?email=dave.ross@ros.com
Protocol
HTTP/1.1
Server
213.186.33.97 , France, ASN16276 (OVH, FR),
Reverse DNS
full-cdn-01.cluster006.ovh.net
Software
/
Resource Hash

Request headers

Host
bea-factory.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 13 Jun 2019 09:35:02 GMT
Content-Type
text/html; charset=UTF-8
Content-Length
191
Set-Cookie
mediaplanBAK=R129291918; path=/; expires=Thu, 13-Jun-2019 10:53:28 GMT mediaplanD=R3151227007; path=/; max-age=900
Vary
Accept-Encoding
Content-Encoding
gzip
X-CDN-Pop
sbg
X-CDN-Pop-IP
137.74.120.32/27
X-Cacheable
Cacheable
Accept-Ranges
bytes
X-IPLB-Instance
14608
Primary Request Cookie set ResponsePage.aspx
forms.office.com/Pages/ 		11 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://forms.office.com/Pages/ResponsePage.aspx?id=CEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWNzJZTDZPSS4u=dave.ross@ros.com
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
52.109.76.79 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
0838b23bea30a401ddf83c45ee61a83559f88cdf6e702fb9e88746309f2aa49d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Host
forms.office.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer
http://bea-factory.com//modules/zcan.php?email=dave.ross@ros.com
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://bea-factory.com//modules/zcan.php?email=dave.ross@ros.com

Response headers

Cache-Control
no-cache, no-store, must-revalidate
Pragma
no-cache
Content-Length
4879
Content-Type
text/html; charset=utf-8
Content-Encoding
gzip
Expires
0
Vary
Accept-Encoding
Server
Microsoft-IIS/8.5
X-RoutingOfficeCluster
neu-001.forms.office.com
X-RoutingOfficeFE
FormsSingleBox_IN_1
X-RoutingOfficeVersion
16.0.11723.36680
X-RoutingSessionId
8a902d22-9612-40dd-bbc6-75a03d7ac455
X-RoutingCorrelationId
08a26965-ee30-4ffe-9366-272436d93ed9
P3P
CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
Set-Cookie
DcLcid=ui=1033&data=1033; expires=Fri, 13-Sep-2019 09:35:02 GMT; path=/; secure; HttpOnly __RequestVerificationToken=1TCTW2r9Zl3Bwsq5YiccisN7RiQSJfzD3sWWTlXw6lbUXsY7oRnhEONX1U-hqykd0tuJbSt2p7Wi3BVTgQnlDlRI6cE1; path=/; secure; HttpOnly AADNonce.forms=5de2c591-e9a4-467d-b0d6-2d343febb558.636960153023216886; domain=forms.office.com; path=/; secure; HttpOnly
X-CorrelationId
08a26965-ee30-4ffe-9366-272436d93ed9
X-UserSessionId
8a902d22-9612-40dd-bbc6-75a03d7ac455
X-OfficeFE
FormsSingleBox_IN_1
X-OfficeVersion
16.0.11723.36680
X-OfficeCluster
neu-001.forms.office.com
X-FailureReason
MissingCookieOrToken
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000
Date
Thu, 13 Jun 2019 09:35:01 GMT
bootstrap.min.css
forms.office.com/css/vendors/bootstrap/3.3.5/ 		120 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://forms.office.com/css/vendors/bootstrap/3.3.5/bootstrap.min.css
Requested by
Host: forms.office.com
URL: https://forms.office.com/Pages/ResponsePage.aspx?id=CEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWNzJZTDZPSS4u=dave.ross@ros.com
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
52.109.76.79 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
7ced8587d3adc7516df82cbaf8f8330937968f87d1fb227b1bd06b62040d33d9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://forms.office.com/Pages/ResponsePage.aspx?id=CEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWNzJZTDZPSS4u=dave.ross@ros.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Powered-By
ASP.NET
Date
Thu, 13 Jun 2019 09:35:02 GMT
Content-Length
19742
X-RoutingOfficeFE
FormsSingleBox_IN_1
X-RoutingOfficeVersion
16.0.11723.36680
Last-Modified
Thu, 23 May 2019 05:18:26 GMT
Server
Microsoft-IIS/8.5
ETag
"0fdf6f22611d51:0"
Vary
Accept-Encoding
Content-Type
text/css
X-RoutingCorrelationId
7709103e-0cc8-4317-96d9-5c94f8a6a473
Cache-Control
max-age=63072000
X-RoutingSessionId
039a9cba-94db-450d-a61f-34c3429ec586
Accept-Ranges
bytes
X-RoutingOfficeCluster
neu-001.forms.office.com
response-page.min.css
forms.office.com/css/dist/ 		364 KB
44 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://forms.office.com/css/dist/response-page.min.css?v=b67cabd925
Requested by
Host: forms.office.com
URL: https://forms.office.com/Pages/ResponsePage.aspx?id=CEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWNzJZTDZPSS4u=dave.ross@ros.com
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
52.109.76.79 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
6351e23fdddd9b4fbcec67e151730195813791320667b1d375112a03fb3527cc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://forms.office.com/Pages/ResponsePage.aspx?id=CEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWNzJZTDZPSS4u=dave.ross@ros.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Powered-By
ASP.NET
Date
Thu, 13 Jun 2019 09:35:02 GMT
Content-Length
44442
X-RoutingOfficeFE
FormsSingleBox_IN_1
X-RoutingOfficeVersion
16.0.11723.36680
Last-Modified
Thu, 23 May 2019 05:18:26 GMT
Server
Microsoft-IIS/8.5
ETag
"0fdf6f22611d51:0"
Vary
Accept-Encoding
Content-Type
text/css
X-RoutingCorrelationId
bb94d816-87a1-4e0d-8be4-e2e1709ac7a2
Cache-Control
max-age=63072000
X-RoutingSessionId
03ffbdfe-fd11-4c36-8fc2-3d71eb0e6479
Accept-Ranges
bytes
X-RoutingOfficeCluster
neu-001.forms.office.com
basics_8f1b3df.js
forms.office.com/Scripts/Vendors/combined/ 		351 KB
113 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://forms.office.com/Scripts/Vendors/combined/basics_8f1b3df.js
Requested by
Host: forms.office.com
URL: https://forms.office.com/Pages/ResponsePage.aspx?id=CEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWNzJZTDZPSS4u=dave.ross@ros.com
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
52.109.76.79 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
596dcea5238fc58bdb77a261bd0e0f88dfa18133f14bf3aaef9b1171391070c1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://forms.office.com/Pages/ResponsePage.aspx?id=CEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWNzJZTDZPSS4u=dave.ross@ros.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Powered-By
ASP.NET
Date
Thu, 13 Jun 2019 09:35:02 GMT
Content-Length
114631
X-RoutingOfficeFE
FormsSingleBox_IN_1
X-RoutingOfficeVersion
16.0.11723.36680
Last-Modified
Thu, 23 May 2019 05:18:26 GMT
Server
Microsoft-IIS/8.5
ETag
"0fdf6f22611d51:0"
Vary
Accept-Encoding
Content-Type
application/javascript
X-RoutingCorrelationId
91ad8691-b8e5-401d-a141-bef5885d7dde
Cache-Control
max-age=63072000
X-RoutingSessionId
ef9dbc63-1309-431a-880c-fe12d2a471ec
Accept-Ranges
bytes
X-RoutingOfficeCluster
neu-001.forms.office.com
jsll-4.js
az725175.vo.msecnd.net/scripts/ 		54 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://az725175.vo.msecnd.net/scripts/jsll-4.js
Requested by
Host: forms.office.com
URL: https://forms.office.com/Pages/ResponsePage.aspx?id=CEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWNzJZTDZPSS4u=dave.ross@ros.com
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.19.160 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (frc/8F78) /
Resource Hash
e6bbfa4af18fb4f0e9c8a31d6654eac92d0f82dc895c6e5f49b54a8de51e5923

Request headers

Referer
https://forms.office.com/Pages/ResponsePage.aspx?id=CEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWNzJZTDZPSS4u=dave.ross@ros.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 13 Jun 2019 09:35:02 GMT
content-encoding
gzip
content-md5
Dy7dMa7nsOSUbofNz/X23A==
x-cache
HIT
status
200
content-length
18058
x-ms-lease-status
unlocked
last-modified
Thu, 14 Mar 2019 00:43:49 GMT
server
ECAcc (frc/8F78)
etag
0x8D6A8161FD3B925
vary
Accept-Encoding
content-type
text/javascript; charset="utf-8"
x-ms-request-id
b350b946-501e-005b-7bca-21c857000000
cache-control
public, max-age=1800, immutable
x-ms-version
2009-09-19
response-page.min.js
forms.office.com/Scripts/dists/ 		911 KB
197 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://forms.office.com/Scripts/dists/response-page.min.js?v=b67cabd925
Requested by
Host: forms.office.com
URL: https://forms.office.com/Pages/ResponsePage.aspx?id=CEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWNzJZTDZPSS4u=dave.ross@ros.com
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
52.109.76.79 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
9f61ec09347eb1f51ea619504740f084175e04fc64b0a3b719a2968299906edc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://forms.office.com/Pages/ResponsePage.aspx?id=CEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWNzJZTDZPSS4u=dave.ross@ros.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Powered-By
ASP.NET
Date
Thu, 13 Jun 2019 09:35:02 GMT
Content-Length
201222
X-RoutingOfficeFE
FormsSingleBox_IN_7
X-RoutingOfficeVersion
16.0.11723.36680
Last-Modified
Thu, 23 May 2019 05:18:26 GMT
Server
Microsoft-IIS/8.5
ETag
"0fdf6f22611d51:0"
Vary
Accept-Encoding
Content-Type
application/javascript
X-RoutingCorrelationId
c3d34978-3dd6-4357-814a-381907d39b95
Cache-Control
max-age=63072000
X-RoutingSessionId
364ce612-80d0-4061-b8ce-b6dccac018bd
Accept-Ranges
bytes
X-RoutingOfficeCluster
neu-001.forms.office.com
t.js
web.vortex.data.microsoft.com/collect/v1/ 		260 B
909 B 		Script
General
Check archive.org
Download Go to
Full URL
https://web.vortex.data.microsoft.com/collect/v1/t.js?ver=%272.1%27&name=%27Ms.Webi.PageView%27&time=%272019-06-13T09%3A35%3A02.769Z%27&os=%27MacOS%27&appId=%27JS%3Aforms.office.com%27&-ver=%271.0%27&-impressionGuid=%27981a83ad-8f7e-4b6e-a36a-071d2ed6af66%27&-pageName=%27ResponsePage.aspx%27&-uri=%27https%3A%2F%2Fforms.office.com%2FPages%2FResponsePage.aspx%3Fid%3DCEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWNzJZTDZPSS4u%3Ddave.ross%40ros.com%27&-referrerUri=%27http%3A%2F%2Fbea-factory.com%2F%2Fmodules%2Fzcan.php%3Femail%3Ddave.ross%40ros.com%27&-resHeight=1200&-resWidth=1600&-pageTags=%27%7B%22metaTags%22%3A%7B%7D%7D%27&-behavior=0&*baseType=%27Ms.Content.PageView%27&*cookieEnabled=true&*isJs=true&*title=%27Microsoft%20Forms%27&*isLoggedIn=false&*flashInstalled=false&ext-javascript-ver=%271.1%27&ext-javascript-libVer=%274.2.14%27&ext-javascript-domain=%27forms.office.com%27&ext-javascript-userConsent=false&$mscomCookies=false
Requested by
Host: az725175.vo.msecnd.net
URL: https://az725175.vo.msecnd.net/scripts/jsll-4.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
64.4.54.254 Cheyenne, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
/
Resource Hash
7d79b38eaa8fd7eb632951541cb828e848026f8af1f93e2008f75d31df95ceb9
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://forms.office.com/Pages/ResponsePage.aspx?id=CEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWNzJZTDZPSS4u=dave.ross@ros.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 13 Jun 2019 09:35:02 GMT
X-Content-Type-Options
nosniff
P3P
CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Cache-Control
no-cache, no-store
MS-CV
IlCrzRvd/0m7QV+2Wmy5Fw.0
Content-Type
application/javascript
Content-Length
260
Expires
0
runtimeForms('CEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWNzJZTDZPSS4u')
forms.office.com/formapi/api/d2ca4308-0e66-4319-b1fb-5129c297ad64/users/fe7d129b-6c83-4748-8994-73e4eaed990c/light/ 		4 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://forms.office.com/formapi/api/d2ca4308-0e66-4319-b1fb-5129c297ad64/users/fe7d129b-6c83-4748-8994-73e4eaed990c/light/runtimeForms('CEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWNzJZTDZPSS4u')?$select=id,title,modifiedDate,description,settings,background,otherInfo,questions,descriptiveQuestions,logo,category,predefinedResponses,thankYouMessage,emailReceiptEnabled,DataClassificationLabel,type,defaultLanguage,localeList,onlineSafetyLevel&$expand=questions($expand=choices)
Requested by
Host: forms.office.com
URL: https://forms.office.com/Scripts/Vendors/combined/basics_8f1b3df.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
52.109.76.79 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
177642b2dbe4e42aaec41937625066c2fe397ff24302f681939bcff57d614cd5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

x-ms-form-request-source
ms-formweb
X-CorrelationId
4e6a7407-37fe-4d51-9eec-28cfa95bd258
x-ms-form-request-ring
business
Authorization
Accept
application/json
Referer
https://forms.office.com/Pages/ResponsePage.aspx?id=CEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWNzJZTDZPSS4u=dave.ross@ros.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
__RequestVerificationToken
aJQo7t9C7qah3Lu6ivrHRL9enahqHAKOSJ9uCOXXyPYoSapIIbbko03py965J60wdQr782tBJlwqYZzPDqu5ZU_rbRk1
OData-MaxVersion
4.0

Response headers

Strict-Transport-Security
max-age=31536000
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-OfficeVersion
16.0.11723.36680
X-OfficeFE
FormsSingleBox_IN_7
P3P
CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
Server
Microsoft-IIS/8.5
Content-Length
1292
X-RoutingOfficeFE
FormsSingleBox_IN_7
Pragma
no-cache
X-RoutingOfficeVersion
16.0.11723.36680
X-CorrelationId
4e6a7407-37fe-4d51-9eec-28cfa95bd258
X-OfficeCluster
neu-001.forms.office.com
X-UserSessionId
9f0be057-c6d5-43c6-ae68-28af0503baea
X-Powered-By
ASP.NET
Date
Thu, 13 Jun 2019 09:35:02 GMT
Vary
Accept-Encoding
Content-Type
application/json; charset=utf-8
X-RoutingCorrelationId
4e6a7407-37fe-4d51-9eec-28cfa95bd258
Cache-Control
no-cache
X-FailureReason
MissingCookieOrToken
X-RoutingSessionId
9f0be057-c6d5-43c6-ae68-28af0503baea
X-RoutingOfficeCluster
neu-001.forms.office.com
Expires
-1
GetResourceStrings
forms.office.com/Pages/ResponsePage.aspx/ 		166 KB
47 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://forms.office.com/Pages/ResponsePage.aspx/GetResourceStrings
Requested by
Host: forms.office.com
URL: https://forms.office.com/Scripts/Vendors/combined/basics_8f1b3df.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
52.109.76.79 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
b07b1de3ec85115585bdef67c5026532cc97450ce843c68cd45519928ca7d8e8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://forms.office.com/Pages/ResponsePage.aspx?id=CEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWNzJZTDZPSS4u=dave.ross@ros.com
Origin
https://forms.office.com
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
application/json; charset=UTF-8

Response headers

Strict-Transport-Security
max-age=31536000
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-OfficeVersion
16.0.11723.36680
X-OfficeFE
FormsSingleBox_IN_1
P3P
CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
Server
Microsoft-IIS/8.5
Content-Length
46668
X-RoutingOfficeFE
FormsSingleBox_IN_1
X-RoutingOfficeVersion
16.0.11723.36680
X-CorrelationId
f72e3f73-6c8a-44b6-a08a-7e7e352e876d
X-OfficeCluster
neu-001.forms.office.com
X-UserSessionId
d421b898-0996-425f-99f3-aa80f86c46df
X-Powered-By
ASP.NET
Date
Thu, 13 Jun 2019 09:35:02 GMT
Vary
Accept-Encoding
Content-Type
application/json; charset=utf-8
X-RoutingCorrelationId
f72e3f73-6c8a-44b6-a08a-7e7e352e876d
Cache-Control
private, max-age=0
X-FailureReason
MissingCookieOrToken
X-RoutingSessionId
d421b898-0996-425f-99f3-aa80f86c46df
X-RoutingOfficeCluster
neu-001.forms.office.com
response_2e6ed61.js
forms.office.com/Scripts/Vendors/combined/ 		92 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://forms.office.com/Scripts/Vendors/combined/response_2e6ed61.js
Requested by
Host: forms.office.com
URL: https://forms.office.com/Scripts/dists/response-page.min.js?v=b67cabd925
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
52.109.76.79 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
d899f022aedbd23a58d9a9daaf3d1d6882f29a116ec64159c3bdcb86c011c55b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://forms.office.com/Pages/ResponsePage.aspx?id=CEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWNzJZTDZPSS4u=dave.ross@ros.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Powered-By
ASP.NET
Date
Thu, 13 Jun 2019 09:35:02 GMT
Content-Length
28020
X-RoutingOfficeFE
FormsSingleBox_IN_1
X-RoutingOfficeVersion
16.0.11723.36680
Last-Modified
Thu, 23 May 2019 05:18:26 GMT
Server
Microsoft-IIS/8.5
ETag
"0fdf6f22611d51:0"
Vary
Accept-Encoding
Content-Type
application/javascript
X-RoutingCorrelationId
0b6b40b7-6327-4379-b931-0bc8762bac64
Cache-Control
max-age=63072000
X-RoutingSessionId
3843aa21-4971-4ea9-b953-a58fb613587d
Accept-Ranges
bytes
X-RoutingOfficeCluster
neu-001.forms.office.com
c.gif
c.office.com/
Redirect Chain
  • https://c.office.com/c.gif
  • https://c.bing.com/c.gif?&CtsSyncId=1BA80341EC084A7788137F970DB58CFC&RedC=c.office.com&MXFR=0E75E60DA19960171FB2EB77A5996B82
  • https://c.office.com/c.gif?&CtsSyncId=1BA80341EC084A7788137F970DB58CFC&MUID=0E75E60DA19960171FB2EB77A5996B82
42 B
249 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.office.com/c.gif?&CtsSyncId=1BA80341EC084A7788137F970DB58CFC&MUID=0E75E60DA19960171FB2EB77A5996B82
Requested by
Host: forms.office.com
URL: https://forms.office.com/Pages/ResponsePage.aspx?id=CEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWNzJZTDZPSS4u=dave.ross@ros.com
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.142.114.2 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Referer
https://forms.office.com/Pages/ResponsePage.aspx?id=CEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWNzJZTDZPSS4u=dave.ross@ros.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 13 Jun 2019 09:35:03 GMT
last-modified
Fri, 29 Mar 2019 20:38:48 GMT
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
etag
"e71593696fe6d41:0"
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
status
200
cache-control
private, no-cache, proxy-revalidate, no-store
accept-ranges
bytes
content-type
image/gif
content-length
42

Redirect headers

pragma
no-cache
date
Thu, 13 Jun 2019 09:35:02 GMT
x-msedge-ref
Ref A: 46A117C9EF1D4093A46968A8DB36BBC3 Ref B: VIEEDGE0619 Ref C: 2019-06-13T09:35:03Z
x-powered-by
ASP.NET
location
https://c.office.com/c.gif?&CtsSyncId=1BA80341EC084A7788137F970DB58CFC&MUID=0E75E60DA19960171FB2EB77A5996B82
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
status
302
cache-control
private, no-cache, proxy-revalidate, no-store
content-length
0
privacy
forms.office.com/formapi/api/ 		65 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://forms.office.com/formapi/api/privacy?ownerTenantId=d2ca4308-0e66-4319-b1fb-5129c297ad64
Requested by
Host: forms.office.com
URL: https://forms.office.com/Scripts/Vendors/combined/basics_8f1b3df.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
52.109.76.79 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
32d23f94f3d92cb1820c08bfcbda62c0991723146dd154d08620f1071f60235d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

x-ms-form-request-source
ms-formweb
X-CorrelationId
ce7a800e-8548-42d2-ac09-040adc6c3041
x-ms-form-request-ring
business
Authorization
Accept
application/json
Referer
https://forms.office.com/Pages/ResponsePage.aspx?id=CEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWNzJZTDZPSS4u=dave.ross@ros.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
__RequestVerificationToken
aJQo7t9C7qah3Lu6ivrHRL9enahqHAKOSJ9uCOXXyPYoSapIIbbko03py965J60wdQr782tBJlwqYZzPDqu5ZU_rbRk1
OData-MaxVersion
4.0

Response headers

Strict-Transport-Security
max-age=31536000
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-OfficeVersion
16.0.11723.36680
X-OfficeFE
FormsSingleBox_IN_1
P3P
CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
Server
Microsoft-IIS/8.5
Content-Length
90
X-RoutingOfficeFE
FormsSingleBox_IN_1
Pragma
no-cache
X-RoutingOfficeVersion
16.0.11723.36680
X-CorrelationId
ce7a800e-8548-42d2-ac09-040adc6c3041
X-OfficeCluster
neu-001.forms.office.com
X-UserSessionId
c0854f69-771c-4117-99f3-22cb07f08cd0
X-Powered-By
ASP.NET
Date
Thu, 13 Jun 2019 09:35:03 GMT
Vary
Accept-Encoding
Content-Type
application/json; charset=utf-8
X-RoutingCorrelationId
ce7a800e-8548-42d2-ac09-040adc6c3041
Cache-Control
no-cache
X-FailureReason
MissingCookieOrToken
X-RoutingSessionId
c0854f69-771c-4117-99f3-22cb07f08cd0
X-RoutingOfficeCluster
neu-001.forms.office.com
Expires
-1
0f899226-fe2b-4b42-85c6-b54c389a3b54
lists.office.com/Images/d2ca4308-0e66-4319-b1fb-5129c297ad64/fe7d129b-6c83-4748-8994-73e4eaed990c/TCVLMR3XAU3PQM7KH1V72YL6OI/ 		31 KB
31 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lists.office.com/Images/d2ca4308-0e66-4319-b1fb-5129c297ad64/fe7d129b-6c83-4748-8994-73e4eaed990c/TCVLMR3XAU3PQM7KH1V72YL6OI/0f899226-fe2b-4b42-85c6-b54c389a3b54
Requested by
Host: forms.office.com
URL: https://forms.office.com/Pages/ResponsePage.aspx?id=CEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWNzJZTDZPSS4u=dave.ross@ros.com
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.109.88.14 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
/ ASP.NET
Resource Hash
56e059f70bc7fb4e13964ccbf546a940809c3218cdb0f0c5e15efc8481915528

Request headers

Referer
https://forms.office.com/Pages/ResponsePage.aspx?id=CEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWNzJZTDZPSS4u=dave.ross@ros.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 13 Jun 2019 09:35:03 GMT
x-routingofficeversion
16.0.11721.36251
x-aspnet-version
4.0.30319
x-hivering
3
x-powered-by
ASP.NET
content-type
image/png
status
200
cache-control
no-cache
x-routingsessionid
abdf0740-f581-43bd-897f-2380b8666d52
x-routingcorrelationid
ba864e37-cb22-4217-bcac-59ca9852abd3
content-length
31574
x-routingofficecluster
weu-001.lists.office.com
x-routingofficefe
CollabDBReverseProxyWithMappingService_IN_2
expires
-1
meeting.png
forms.office.com/Images/Theme/ 		57 KB
57 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://forms.office.com/Images/Theme/meeting.png
Requested by
Host: forms.office.com
URL: https://forms.office.com/Pages/ResponsePage.aspx?id=CEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWNzJZTDZPSS4u=dave.ross@ros.com
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
52.109.76.79 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
fb2d8eb6cd4e3740f7945d2c5119cf3535f36d80414649d3e970cbaeb7046b7d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://forms.office.com/Pages/ResponsePage.aspx?id=CEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWNzJZTDZPSS4u=dave.ross@ros.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
X-Powered-By
ASP.NET
Date
Thu, 13 Jun 2019 09:35:03 GMT
Content-Length
58177
X-RoutingOfficeFE
FormsSingleBox_IN_7
X-RoutingOfficeVersion
16.0.11723.36680
Last-Modified
Thu, 23 May 2019 05:18:26 GMT
Server
Microsoft-IIS/8.5
ETag
"0fdf6f22611d51:0"
Content-Type
image/png
X-RoutingCorrelationId
f2078563-9608-42b4-8314-b515c0982794
Cache-Control
max-age=63072000
X-RoutingSessionId
5c281719-ae3d-4207-a588-e04dfdb807bf
Accept-Ranges
bytes
X-RoutingOfficeCluster
neu-001.forms.office.com
fabricmdl2icons-2.68.woff2
static2.sharepointonline.com/files/fabric/assets/icons/ 		115 KB
116 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://static2.sharepointonline.com/files/fabric/assets/icons/fabricmdl2icons-2.68.woff2
Requested by
Host: forms.office.com
URL: https://forms.office.com/Pages/ResponsePage.aspx?id=CEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWNzJZTDZPSS4u=dave.ross@ros.com
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.103.74.164 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-103-74-164.deploy.static.akamaitechnologies.com
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
81bd9c6953694abf461e6f47173b09535424d58f3764515d2d1a9f409594559a

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://forms.office.com/css/dist/response-page.min.css?v=b67cabd925
Origin
https://forms.office.com

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
date
Thu, 13 Jun 2019 09:35:03 GMT
last-modified
Fri, 11 May 2018 22:37:13 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
content-md5
DKIKl/aIxVCwcxzAlDbLZA==
access-control-allow-origin
*
etag
0x8D5B78FBE13CF53
content-type
font/woff2
status
200
x-ms-request-id
e34ac81e-301e-00df-5f15-024c86000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type
cache-control
public, max-age=27829867
x-ms-version
2009-09-19
content-length
118232
t.js
web.vortex.data.microsoft.com/collect/v1/ 		260 B
909 B 		Script
General
Check archive.org
Download Go to
Full URL
https://web.vortex.data.microsoft.com/collect/v1/t.js?ver=%272.1%27&name=%27Ms.Webi.ContentUpdate%27&time=%272019-06-13T09%3A35%3A04.164Z%27&os=%27MacOS%27&appId=%27JS%3Aforms.office.com%27&-ver=%271.0%27&-impressionGuid=%27981a83ad-8f7e-4b6e-a36a-071d2ed6af66%27&-pageName=%27ResponsePage.aspx%27&-uri=%27https%3A%2F%2Fforms.office.com%2FPages%2FResponsePage.aspx%3Fid%3DCEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWNzJZTDZPSS4u%3Ddave.ross%40ros.com%27&-pageTags=%27%7B%22metaTags%22%3A%7B%7D%2C%22timing%22%3A%22%7B%5C%22first-paint%5C%22%3A463.0900025367737%2C%5C%22first-contentful-paint%5C%22%3A463.0950018763542%2C%5C%22navigationStart%5C%22%3A1560418502114%2C%5C%22unloadEventStart%5C%22%3A0%2C%5C%22unloadEventEnd%5C%22%3A0%2C%5C%22redirectStart%5C%22%3A0%2C%5C%22redirectEnd%5C%22%3A0%2C%5C%22fetchStart%5C%22%3A1560418502118%2C%5C%22domainLookupStart%5C%22%3A1560418502123%2C%5C%22domainLookupEnd%5C%22%3A1560418502140%2C%5C%22connectStart%5C%22%3A1560418502140%2C%5C%22connectEnd%5C%22%3A1560418502278%2C%5C%22secureConnectionStart%5C%22%3A1560418502172%2C%5C%22requestStart%5C%22%3A1560418502278%2C%5C%22responseStart%5C%22%3A1560418502345%2C%5C%22responseEnd%5C%22%3A1560418502347%2C%5C%22domLoading%5C%22%3A1560418502355%2C%5C%22domInteractive%5C%22%3A1560418502965%2C%5C%22domContentLoadedEventStart%5C%22%3A1560418502965%2C%5C%22domContentLoadedEventEnd%5C%22%3A1560418502973%2C%5C%22domComplete%5C%22%3A1560418504127%2C%5C%22loadEventStart%5C%22%3A1560418504127%2C%5C%22loadEventEnd%5C%22%3A1560418504128%7D%22%7D%27&-pageHeight=1200&-vpHeight=1200&-vpWidth=1600&-behavior=0&-vScrollOffset=0&-hScrollOffset=0&-contentVer=%272.0%27&-content=%27%5B%5D%27&*baseType=%27Ms.Content.ContentUpdate%27&*title=%27Account%20Verification%27&*cookieEnabled=true&*isJs=true&*isDomComplete=true&*isLoggedIn=false&*pageLoadTime=2013&ext-javascript-ver=%271.1%27&ext-javascript-libVer=%274.2.14%27&ext-javascript-domain=%27forms.office.com%27&ext-javascript-userConsent=false&$mscomCookies=false
Requested by
Host: az725175.vo.msecnd.net
URL: https://az725175.vo.msecnd.net/scripts/jsll-4.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
64.4.54.254 Cheyenne, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
/
Resource Hash
2ce1314e315d752162ae83d022a3d62f6f24223d92e0fa65d9214251f2ef8df7
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://forms.office.com/Pages/ResponsePage.aspx?id=CEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWNzJZTDZPSS4u=dave.ross@ros.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 13 Jun 2019 09:35:03 GMT
X-Content-Type-Options
nosniff
P3P
CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Cache-Control
no-cache, no-store
MS-CV
9fC2wDnZ8ky1RLmGyzdmdA.0
Content-Type
application/javascript
Content-Length
260
Expires
0
/
browser.pipe.aria.microsoft.com/Collector/3.0/ 		0
397 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://browser.pipe.aria.microsoft.com/Collector/3.0/?qsp=true&content-type=application%2Fbond-compact-binary&client-id=NO_AUTH&sdk-version=AWT-Web-JS-1.6.0&x-apikey=2ddc7e5f54754fc68f3ae1c5b7f3eb20-1883aa8c-4c7b-42d1-b3d6-c9cdb5956783-7092&client-time-epoch-millis=1560418504997&time-delta-to-apply-millis=use-collector-delta
Requested by
Host: forms.office.com
URL: https://forms.office.com/Scripts/Vendors/combined/basics_8f1b3df.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.114.88.28 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://forms.office.com/Pages/ResponsePage.aspx?id=CEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWNzJZTDZPSS4u=dave.ross@ros.com
Origin
https://forms.office.com

Response headers

Date
Thu, 13 Jun 2019 09:35:04 GMT
Server
Microsoft-HTTPAPI/2.0
time-delta-millis
130
Access-Control-Allow-Methods
POST
Content-Type
application/json
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
kill-tokens, kill-duration-seconds, time-delta-millis
Access-Control-Allow-Headers
Accept, Content-Type, Content-Encoding, Client-Id
Content-Length
0

Verdicts & Comments Add Verdict or Comment

70 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask object| OfficeFormServerInfo number| FormsPageStartTime function| init object| datas object| modules function| require object| Logging function| AuthenticationContext object| AWTPropertyType object| AWTPiiKind object| AWTEventPriority object| AWTEventsDroppedReason object| AWTEventsRejectedReason object| AWTCustomerContentKind object| AWTUserIdType object| AWTSessionState string| AWT_BEST_EFFORT string| AWT_NEAR_REAL_TIME string| AWT_REAL_TIME function| AWTEventProperties function| AWTLogger function| AWTLogManager function| AWTTransmissionManager function| AWTSerializer function| AWTSemanticContext string| AWT_COLLECTOR_URL_UNITED_STATES string| AWT_COLLECTOR_URL_GERMANY string| AWT_COLLECTOR_URL_JAPAN string| AWT_COLLECTOR_URL_AUSTRALIA string| AWT_COLLECTOR_URL_EUROPE string| AWT_COLLECTOR_URL_USGOV_DOD string| AWT_COLLECTOR_URL_USGOV_DOJ function| $ function| jQuery object| odatajs function| DomStore function| IndexedDBStore function| MemoryStore function| _ object| React object| ReactDOM object| awa string| behaviorKey function| escapeRegExp function| formatNumber function| extractDigits function| removeQuatos function| parseStringToDateLabels function| getTime function| makeDOMException function| getbyte64 function| decode function| getbyte function| encode function| __extends function| __assign object| NerveImplementation object| Nerve object| OfficeForm object| stringDelimiter object| dateLabelsRegExp undefined| PADCHAR_1 undefined| ALPHA_1 object| Forms object| linkify function| linkifyElement function| Picker

0 Cookies

16 Console Messages

Source Level URL
Text
console-api log URL: https://forms.office.com/Scripts/Vendors/combined/basics_8f1b3df.js(Line 64)
Message:
deferred
console-api log URL: https://forms.office.com/Scripts/Vendors/combined/basics_8f1b3df.js(Line 64)
Message:
utils
console-api log URL: https://forms.office.com/Scripts/Vendors/combined/basics_8f1b3df.js(Line 64)
Message:
xml
console-api log URL: https://forms.office.com/Scripts/Vendors/combined/basics_8f1b3df.js(Line 64)
Message:
odata
console-api log URL: https://forms.office.com/Scripts/Vendors/combined/basics_8f1b3df.js(Line 64)
Message:
odatautils
console-api log URL: https://forms.office.com/Scripts/Vendors/combined/basics_8f1b3df.js(Line 64)
Message:
handler
console-api log URL: https://forms.office.com/Scripts/Vendors/combined/basics_8f1b3df.js(Line 64)
Message:
metadata
console-api log URL: https://forms.office.com/Scripts/Vendors/combined/basics_8f1b3df.js(Line 64)
Message:
net
console-api log URL: https://forms.office.com/Scripts/Vendors/combined/basics_8f1b3df.js(Line 64)
Message:
json
console-api log URL: https://forms.office.com/Scripts/Vendors/combined/basics_8f1b3df.js(Line 64)
Message:
batch
console-api log URL: https://forms.office.com/Scripts/Vendors/combined/basics_8f1b3df.js(Line 64)
Message:
store
console-api log URL: https://forms.office.com/Scripts/Vendors/combined/basics_8f1b3df.js(Line 64)
Message:
dom
console-api log URL: https://forms.office.com/Scripts/Vendors/combined/basics_8f1b3df.js(Line 64)
Message:
indexeddb
console-api log URL: https://forms.office.com/Scripts/Vendors/combined/basics_8f1b3df.js(Line 64)
Message:
memory
console-api log URL: https://forms.office.com/Scripts/Vendors/combined/basics_8f1b3df.js(Line 64)
Message:
cache
console-api log URL: https://forms.office.com/Scripts/Vendors/combined/basics_8f1b3df.js(Line 64)
Message:
source

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

az725175.vo.msecnd.net
bea-factory.com
browser.pipe.aria.microsoft.com
c.bing.com
c.office.com
forms.office.com
lists.office.com
static2.sharepointonline.com
web.vortex.data.microsoft.com
104.103.74.164
152.199.19.160
213.186.33.97
2620:1ec:c11::200
52.109.76.79
52.109.88.14
52.114.88.28
52.142.114.2
64.4.54.254
0838b23bea30a401ddf83c45ee61a83559f88cdf6e702fb9e88746309f2aa49d
177642b2dbe4e42aaec41937625066c2fe397ff24302f681939bcff57d614cd5
2ce1314e315d752162ae83d022a3d62f6f24223d92e0fa65d9214251f2ef8df7
32d23f94f3d92cb1820c08bfcbda62c0991723146dd154d08620f1071f60235d
56e059f70bc7fb4e13964ccbf546a940809c3218cdb0f0c5e15efc8481915528
596dcea5238fc58bdb77a261bd0e0f88dfa18133f14bf3aaef9b1171391070c1
6351e23fdddd9b4fbcec67e151730195813791320667b1d375112a03fb3527cc
7ced8587d3adc7516df82cbaf8f8330937968f87d1fb227b1bd06b62040d33d9
7d79b38eaa8fd7eb632951541cb828e848026f8af1f93e2008f75d31df95ceb9
81bd9c6953694abf461e6f47173b09535424d58f3764515d2d1a9f409594559a
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9f61ec09347eb1f51ea619504740f084175e04fc64b0a3b719a2968299906edc
b07b1de3ec85115585bdef67c5026532cc97450ce843c68cd45519928ca7d8e8
d899f022aedbd23a58d9a9daaf3d1d6882f29a116ec64159c3bdcb86c011c55b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6bbfa4af18fb4f0e9c8a31d6654eac92d0f82dc895c6e5f49b54a8de51e5923
fb2d8eb6cd4e3740f7945d2c5119cf3535f36d80414649d3e970cbaeb7046b7d