prosed.ee Open in urlscan Pro
217.146.69.42 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://prosed.csgo.ee/
Effective URL:
https://prosed.ee/
Submission Tags: phishingrod
Submission: On June 20 via api (June 20th 2023, 12:06:33 am UTC) from DE — Scanned from DE

Summary HTTP 54 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 7 IPs in 2 countries across 5 domains to perform 54 HTTP transactions. The main IP is 217.146.69.42, located in Tallinn, Estonia and belongs to ZONE Zone Media OU, EE. The main domain is prosed.ee.
TLS certificate: Issued by R3 on May 13th 2023. Valid for: 3 months.

This is the only time prosed.ee was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	217.146.67.141 217.146.67.141	49604 (ZONE Zone...) (ZONE Zone Media OU)
2 22	217.146.69.42 217.146.69.42	49604 (ZONE Zone...) (ZONE Zone Media OU)
3	2620:1ec:a92:... 2620:1ec:a92::171	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
20	2a02:26f0:350... 2a02:26f0:3500:598::1c24	() ()
4	184.30.17.174 184.30.17.174	() ()
2	2603:1063:220... 2603:1063:2206:14::46	() ()
54	7

1 217.146.67.141 (Tallinn, Estonia)

ASN49604 (ZONE Zone Media OU, EE)
PTR: kinnas.kahtlane.info

prosed.csgo.ee	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 217.146.69.42 (Tallinn, Estonia) 2 redirects

ASN49604 (ZONE Zone Media OU, EE)
PTR: sn-69-42.tll07.zoneas.eu

prosed.ee	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:a92::171 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

view.officeapps.live.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pnl1-excel.officeapps.live.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2a02:26f0:3500:598::1c24 (None, )

ASN- ()

c1h-excel-15.cdn.office.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 184.30.17.174 (None, )

ASN- ()

fs.microsoft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2603:1063:2206:14::46 (None, )

ASN- ()

euc-excel-telemetry.officeapps.live.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
22	prosed.ee 2 redirects prosed.ee	256 KB
20	office.net c1h-excel-15.cdn.office.net	2 MB
5	live.com view.officeapps.live.com — Cisco Umbrella Rank: 25269 pnl1-excel.officeapps.live.com — Cisco Umbrella Rank: 184053 euc-excel-telemetry.officeapps.live.com	68 KB
4	microsoft.com fs.microsoft.com	2 MB
1	csgo.ee prosed.csgo.ee	365 B
54	5

	Domain	Requested by
22	prosed.ee	2 redirects prosed.ee
20	c1h-excel-15.cdn.office.net	pnl1-excel.officeapps.live.com c1h-excel-15.cdn.office.net
4	fs.microsoft.com	pnl1-excel.officeapps.live.com
2	euc-excel-telemetry.officeapps.live.com	c1h-excel-15.cdn.office.net
2	pnl1-excel.officeapps.live.com	c1h-excel-15.cdn.office.net
1	view.officeapps.live.com	prosed.ee
1	prosed.csgo.ee
54	7

This site contains links to these domains. Also see Links.

Domain
wordpress.org
www.techtrot.com

Subject Issuer	Validity	Valid
prosed.csgo.ee R3	`2023-04-20` - `2023-07-19`	3 months	crt.sh
prosed.ee R3	`2023-05-13` - `2023-08-11`	3 months	crt.sh
officeapps.live.com Microsoft Azure TLS Issuing CA 02	`2023-05-24` - `2024-05-18`	a year	crt.sh
*.cdn.office.net Microsoft Azure TLS Issuing CA 02	`2023-01-11` - `2024-01-06`	a year	crt.sh
fs.microsoft.com Microsoft Azure TLS Issuing CA 02	`2022-08-29` - `2023-08-24`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://prosed.ee/
Frame ID: 598F153E56DB266CE80172C6CADEB25D
Requests: 21 HTTP requests in this frame

Frame: https://view.officeapps.live.com/op/embed.aspx?src=https%3A%2F%2Fprosed.ee%2Fwp-content%2Fuploads%2F2023%2F05%2Fprosed-1.xlsx
Frame ID: 7EB2DC0A0DC68073699C4B343396E104
Requests: 2 HTTP requests in this frame

Frame: https://pnl1-excel.officeapps.live.com/x/_layouts/xlembed.aspx?ui=de%2DDE&rs=de%2DDE&WOPISrc=http%3A%2F%2Fpnl1%2Dview%2Dwopi%2Ewopi%2Eonline%2Eoffice%2Enet%3A808%2Foh%2Fwopi%2Ffiles%2F%40%2FwFileId%3FwFileId%3Dhttps%253A%252F%252Fprosed%252Eee%253A443%252Fwp%252Dcontent%252Fuploads%252F2023%252F05%252Fprosed%252D1%252Exlsx&access_token_ttl=0&hid=ba27edd4-2472-4e0e-8393-6de8b5ace1b0
Frame ID: 479DECD65617316E4C94A9F32D1ED5A4
Requests: 32 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Prosed

Page URL History Show full URLs

https://prosed.csgo.ee/ Page URL
http://prosed.ee/ HTTP 301
https://prosed.ee/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

54
Requests

91 %
HTTPS

50 %
IPv6

5
Domains

7
Subdomains

7
IPs

2
Countries

4290 kB
Transfer

12763 kB
Size

2
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: http://wordpress.org/
Title: WordPress

Search URL Search Domain Scan URL

URL: http://www.techtrot.com/primepress/
Title: WordPress theme

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://prosed.csgo.ee/ Page URL
http://prosed.ee/ HTTP 301
https://prosed.ee/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 14

https://prosed.ee/wp-content/themes/primepress/rotating.php?image=4 HTTP 302
https://prosed.ee/wp-content/themes/primepress/headers/PP-field%20of%20dreams.jpg

54 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 / Show response
prosed.csgo.ee/ 324 B
365 B 956ms
57ms Document
text/html 217.146.67.141
ZONE Zone Media OU

General

Check archive.org

Show headers Download Go to

Full URL: https://prosed.csgo.ee/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 217.146.67.141 Tallinn, Estonia, ASN49604 (ZONE Zone Media OU, EE),
Reverse DNS: kinnas.kahtlane.info
Software: nginx/1.18.0 /
Resource Hash: 789d019e3e63db8671974a2d101057e7da274cb953e62f78e4890f808ac1ddd7

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-type: text/html
date: Tue, 20 Jun 2023 00:06:27 GMT
etag: W/"5d068e7f-144"
last-modified: Sun, 16 Jun 2019 18:46:23 GMT
server: nginx/1.18.0

GET
H2

200

Primary Request / Show response
prosed.ee/
Redirect Chain

http://prosed.ee/
https://prosed.ee/

19 KB
5 KB

240ms
117ms

Document
text/html

217.146.69.42
ZONE Zone Media OU

General

Check archive.org

Show headers Download Go to

Full URL: https://prosed.ee/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 217.146.69.42 Tallinn, Estonia, ASN49604 (ZONE Zone Media OU, EE),
Reverse DNS: sn-69-42.tll07.zoneas.eu
Software: Apache / ZoneOS /
Resource Hash: 77f2fdbe0988be9b5d4aa7075d2bf038e2c50881bb3c485c826783824e1bbfd2

Request headers

Referer: https://prosed.csgo.ee/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-length: 4741
content-type: text/html; charset=UTF-8
date: Tue, 20 Jun 2023 00:06:30 GMT
link: <https://prosed.ee/wp-json/>; rel="https://api.w.org/", <https://prosed.ee/wp-json/wp/v2/pages/5>; rel="alternate"; type="application/json", <https://prosed.ee/>; rel=shortlink
server: Apache / ZoneOS
vary: Accept-Encoding

Redirect headers

Connection: Keep-Alive
Content-Length: 294
Content-Type: text/html; charset=iso-8859-1
Date: Tue, 20 Jun 2023 00:06:30 GMT
Keep-Alive: timeout=5, max=100
Location: https://prosed.ee/
Server: Apache / ZoneOS

GET
H2 200 style.css
prosed.ee/wp-content/themes/primepress/ 13 KB
4 KB 63ms
61ms Stylesheet
text/css 217.146.69.42
ZONE Zone Media OU

General

Check archive.org

Show headers Download Go to

Full URL: https://prosed.ee/wp-content/themes/primepress/style.css
Requested by: Host: prosed.ee
URL: https://prosed.ee/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 217.146.69.42 Tallinn, Estonia, ASN49604 (ZONE Zone Media OU, EE),
Reverse DNS: sn-69-42.tll07.zoneas.eu
Software: Apache / ZoneOS /
Resource Hash: 432c06e59533498982ee251f068e6e80030de6e4d40612ce02c476a56bab4ce6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://prosed.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 00:06:30 GMT
content-encoding: gzip
last-modified: Sun, 16 Jun 2019 18:17:25 GMT
server: Apache / ZoneOS
etag: "332f-58b74e43edfbd-gzip"
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 3821

GET
H2 200 custom.css
prosed.ee/wp-content/themes/primepress/ 58 B
139 B 62ms
60ms Stylesheet
text/css 217.146.69.42
ZONE Zone Media OU

General

Check archive.org

Show headers Download Go to

Full URL: https://prosed.ee/wp-content/themes/primepress/custom.css
Requested by: Host: prosed.ee
URL: https://prosed.ee/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 217.146.69.42 Tallinn, Estonia, ASN49604 (ZONE Zone Media OU, EE),
Reverse DNS: sn-69-42.tll07.zoneas.eu
Software: Apache / ZoneOS /
Resource Hash: b04bdff30310eedf24a6172757e5e8329a6c5f366a22213c8865db502c14f6ab

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://prosed.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 00:06:30 GMT
last-modified: Sun, 16 Jun 2019 18:17:24 GMT
server: Apache / ZoneOS
accept-ranges: bytes
etag: "3a-58b74e4349af2"
content-length: 58
content-type: text/css

GET
H2 200 style.min.css
prosed.ee/wp-includes/css/dist/block-library/ 95 KB
13 KB 121ms
119ms Stylesheet
text/css 217.146.69.42
ZONE Zone Media OU

General

Check archive.org

Show headers Download Go to

Full URL: https://prosed.ee/wp-includes/css/dist/block-library/style.min.css?ver=6.2.2
Requested by: Host: prosed.ee
URL: https://prosed.ee/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 217.146.69.42 Tallinn, Estonia, ASN49604 (ZONE Zone Media OU, EE),
Reverse DNS: sn-69-42.tll07.zoneas.eu
Software: Apache / ZoneOS /
Resource Hash: aca566587618e75fa291a419c7c430be02e03fc72f6105658c1bc8e7d59a65e4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://prosed.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 00:06:30 GMT
content-encoding: gzip
last-modified: Fri, 10 Mar 2023 00:22:37 GMT
server: Apache / ZoneOS
etag: "17ced-5f680c224ed40-gzip"
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 12736

GET
H2 200 style.min.css
prosed.ee/wp-includes/css/dist/components/ 81 KB
12 KB 65ms
63ms Stylesheet
text/css 217.146.69.42
ZONE Zone Media OU

General

Check archive.org

Show headers Download Go to

Full URL: https://prosed.ee/wp-includes/css/dist/components/style.min.css?ver=6.2.2
Requested by: Host: prosed.ee
URL: https://prosed.ee/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 217.146.69.42 Tallinn, Estonia, ASN49604 (ZONE Zone Media OU, EE),
Reverse DNS: sn-69-42.tll07.zoneas.eu
Software: Apache / ZoneOS /
Resource Hash: 072799c158a63f494abfbb8c4a0a7f1322029d531192c34092b88ddfdf693b2d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://prosed.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 00:06:30 GMT
content-encoding: gzip
last-modified: Fri, 10 Mar 2023 00:22:37 GMT
server: Apache / ZoneOS
etag: "14573-5f680c224ed40-gzip"
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 11771

GET
H2 200 style.min.css
prosed.ee/wp-includes/css/dist/block-editor/ 106 KB
15 KB 122ms
121ms Stylesheet
text/css 217.146.69.42
ZONE Zone Media OU

General

Check archive.org

Show headers Download Go to

Full URL: https://prosed.ee/wp-includes/css/dist/block-editor/style.min.css?ver=6.2.2
Requested by: Host: prosed.ee
URL: https://prosed.ee/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 217.146.69.42 Tallinn, Estonia, ASN49604 (ZONE Zone Media OU, EE),
Reverse DNS: sn-69-42.tll07.zoneas.eu
Software: Apache / ZoneOS /
Resource Hash: c952c87aaaae1786be3071abeadc6091a1f91f6df1381881cc204861cf770686

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://prosed.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 00:06:30 GMT
content-encoding: gzip
last-modified: Tue, 14 Mar 2023 16:33:41 GMT
server: Apache / ZoneOS
etag: "1a9c5-5f6deca508340-gzip"
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 14739

GET
H2 200 style.min.css
prosed.ee/wp-includes/css/dist/nux/ 3 KB
873 B 63ms
61ms Stylesheet
text/css 217.146.69.42
ZONE Zone Media OU

General

Check archive.org

Show headers Download Go to

Full URL: https://prosed.ee/wp-includes/css/dist/nux/style.min.css?ver=6.2.2
Requested by: Host: prosed.ee
URL: https://prosed.ee/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 217.146.69.42 Tallinn, Estonia, ASN49604 (ZONE Zone Media OU, EE),
Reverse DNS: sn-69-42.tll07.zoneas.eu
Software: Apache / ZoneOS /
Resource Hash: 05515f88d6473791cc2f54474a737327181ca00c0705ff3fdad4e54d752e2eda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://prosed.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 00:06:30 GMT
content-encoding: gzip
last-modified: Tue, 07 Feb 2023 07:04:52 GMT
server: Apache / ZoneOS
etag: "afb-5f416c39f2d00-gzip"
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 796

GET
H2 200 style.min.css
prosed.ee/wp-includes/css/dist/reusable-blocks/ 525 B
319 B 64ms
62ms Stylesheet
text/css 217.146.69.42
ZONE Zone Media OU

General

Check archive.org

Show headers Download Go to

Full URL: https://prosed.ee/wp-includes/css/dist/reusable-blocks/style.min.css?ver=6.2.2
Requested by: Host: prosed.ee
URL: https://prosed.ee/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 217.146.69.42 Tallinn, Estonia, ASN49604 (ZONE Zone Media OU, EE),
Reverse DNS: sn-69-42.tll07.zoneas.eu
Software: Apache / ZoneOS /
Resource Hash: 42ba9fce886a47d0d12947516f0f091c73df4f1cc62e2cd443ff2c5a34ee9647

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://prosed.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 00:06:30 GMT
content-encoding: gzip
last-modified: Tue, 07 Feb 2023 07:04:52 GMT
server: Apache / ZoneOS
etag: "20d-5f416c39f2d00-gzip"
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 265

GET
H2 200 style.min.css
prosed.ee/wp-includes/css/dist/editor/ 18 KB
4 KB 64ms
63ms Stylesheet
text/css 217.146.69.42
ZONE Zone Media OU

General

Check archive.org

Show headers Download Go to

Full URL: https://prosed.ee/wp-includes/css/dist/editor/style.min.css?ver=6.2.2
Requested by: Host: prosed.ee
URL: https://prosed.ee/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 217.146.69.42 Tallinn, Estonia, ASN49604 (ZONE Zone Media OU, EE),
Reverse DNS: sn-69-42.tll07.zoneas.eu
Software: Apache / ZoneOS /
Resource Hash: ed852397438aaf550af851196ec9b93418caf8b12b1acac0c6bb371265f0602c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://prosed.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 00:06:30 GMT
content-encoding: gzip
last-modified: Tue, 07 Feb 2023 13:00:09 GMT
server: Apache / ZoneOS
etag: "463c-5f41bba36c840-gzip"
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 3585

GET
H2 200 blocks.style.build.css
prosed.ee/wp-content/plugins/robo-gallery/includes/extensions/block/dist/ 0
68 B 63ms
62ms Stylesheet
text/css 217.146.69.42
ZONE Zone Media OU

General

Check archive.org

Show headers Download Go to

Full URL: https://prosed.ee/wp-content/plugins/robo-gallery/includes/extensions/block/dist/blocks.style.build.css?ver=3.1.8
Requested by: Host: prosed.ee
URL: https://prosed.ee/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 217.146.69.42 Tallinn, Estonia, ASN49604 (ZONE Zone Media OU, EE),
Reverse DNS: sn-69-42.tll07.zoneas.eu
Software: Apache / ZoneOS /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://prosed.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 00:06:30 GMT
last-modified: Mon, 14 Feb 2022 16:29:25 GMT
server: Apache / ZoneOS
accept-ranges: bytes
etag: "0-5d7fceb761245"
content-length: 0
content-type: text/css

GET
H2 200 classic-themes.min.css
prosed.ee/wp-includes/css/ 291 B
286 B 124ms
123ms Stylesheet
text/css 217.146.69.42
ZONE Zone Media OU

General

Check archive.org

Show headers Download Go to

Full URL: https://prosed.ee/wp-includes/css/classic-themes.min.css?ver=6.2.2
Requested by: Host: prosed.ee
URL: https://prosed.ee/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 217.146.69.42 Tallinn, Estonia, ASN49604 (ZONE Zone Media OU, EE),
Reverse DNS: sn-69-42.tll07.zoneas.eu
Software: Apache / ZoneOS /
Resource Hash: dcd9f488bd62ba0ee403b07a97e40b9ffd63a0eff61091588c913b16d5153d48

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://prosed.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 00:06:30 GMT
content-encoding: gzip
last-modified: Mon, 13 Feb 2023 20:50:19 GMT
server: Apache / ZoneOS
etag: "123-5f49afeb578c0-gzip"
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 210

GET
H2 200 styles.css
prosed.ee/wp-content/plugins/contact-form-7/includes/css/ 2 KB
728 B 125ms
123ms Stylesheet
text/css 217.146.69.42
ZONE Zone Media OU

General

Check archive.org

Show headers Download Go to

Full URL: https://prosed.ee/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.1.3
Requested by: Host: prosed.ee
URL: https://prosed.ee/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 217.146.69.42 Tallinn, Estonia, ASN49604 (ZONE Zone Media OU, EE),
Reverse DNS: sn-69-42.tll07.zoneas.eu
Software: Apache / ZoneOS /
Resource Hash: 3ad2fcb328295f1199d593adaba909f3eea790f695554ac3c1da7aa009fc0e0d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://prosed.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 00:06:30 GMT
content-encoding: gzip
last-modified: Sun, 16 Jun 2019 18:24:06 GMT
server: Apache / ZoneOS
etag: "695-58b74fc2ac03e-gzip"
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 651

GET
H2 200 jquery.min.js Show response
prosed.ee/wp-includes/js/jquery/ 88 KB
31 KB 126ms
125ms Script
application/javascript 217.146.69.42
ZONE Zone Media OU

General

Check archive.org

Show headers Download Go to

Full URL: https://prosed.ee/wp-includes/js/jquery/jquery.min.js?ver=3.6.4
Requested by: Host: prosed.ee
URL: https://prosed.ee/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 217.146.69.42 Tallinn, Estonia, ASN49604 (ZONE Zone Media OU, EE),
Reverse DNS: sn-69-42.tll07.zoneas.eu
Software: Apache / ZoneOS /
Resource Hash: afacce23cb4feaaaef37997f8439819d8f827df4951f3ff02704c9f16fb7f53a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://prosed.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 00:06:30 GMT
content-encoding: gzip
last-modified: Wed, 08 Mar 2023 18:37:33 GMT
server: Apache / ZoneOS
etag: "15ed7-5f667d23f9540-gzip"
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 31049

GET
H2 200 jquery-migrate.min.js Show response
prosed.ee/wp-includes/js/jquery/ 13 KB
5 KB 125ms
124ms Script
application/javascript 217.146.69.42
ZONE Zone Media OU

General

Check archive.org

Show headers Download Go to

Full URL: https://prosed.ee/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.0
Requested by: Host: prosed.ee
URL: https://prosed.ee/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 217.146.69.42 Tallinn, Estonia, ASN49604 (ZONE Zone Media OU, EE),
Reverse DNS: sn-69-42.tll07.zoneas.eu
Software: Apache / ZoneOS /
Resource Hash: 9810aee7e6d57d8cceaa96322b88e6df46710194689ae12b284149148cabc2f3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://prosed.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 00:06:30 GMT
content-encoding: gzip
last-modified: Mon, 06 Feb 2023 20:59:15 GMT
server: Apache / ZoneOS
etag: "3470-5f40e4dc48ec0-gzip"
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 4795

GET
H2

200

PP-field%20of%20dreams.jpg
prosed.ee/wp-content/themes/primepress/headers/
Redirect Chain

https://prosed.ee/wp-content/themes/primepress/rotating.php?image=4
https://prosed.ee/wp-content/themes/primepress/headers/PP-field%20of%20dreams.jpg

154 KB
155 KB

61ms
61ms

Image
image/jpeg

217.146.69.42
ZONE Zone Media OU

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prosed.ee/wp-content/themes/primepress/headers/PP-field%20of%20dreams.jpg
Requested by: Host: prosed.ee
URL: https://prosed.ee/
Protocol: H2
Server: 217.146.69.42 Tallinn, Estonia, ASN49604 (ZONE Zone Media OU, EE),
Reverse DNS: sn-69-42.tll07.zoneas.eu
Software: Apache / ZoneOS /
Resource Hash: 1238d28fce0cbeb31d0bd5bdf97e17d0c02a8827652f2d91ab6351b3a9e448f9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://prosed.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 00:06:30 GMT
last-modified: Sun, 16 Jun 2019 18:22:28 GMT
server: Apache / ZoneOS
accept-ranges: bytes
etag: "26893-58b74f65679f4"
content-length: 157843
content-type: image/jpeg

Redirect headers

location: headers/PP-field of dreams.jpg
date: Tue, 20 Jun 2023 00:06:30 GMT
server: Apache / ZoneOS
content-type: text/html; charset=UTF-8

GET
H2 200 comment-reply.min.js Show response
prosed.ee/wp-includes/js/ 3 KB
1 KB 60ms
60ms Script
application/javascript 217.146.69.42
ZONE Zone Media OU

General

Check archive.org

Show headers Download Go to

Full URL: https://prosed.ee/wp-includes/js/comment-reply.min.js?ver=6.2.2
Requested by: Host: prosed.ee
URL: https://prosed.ee/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 217.146.69.42 Tallinn, Estonia, ASN49604 (ZONE Zone Media OU, EE),
Reverse DNS: sn-69-42.tll07.zoneas.eu
Software: Apache / ZoneOS /
Resource Hash: e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://prosed.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 00:06:30 GMT
content-encoding: gzip
last-modified: Fri, 08 Apr 2022 20:07:18 GMT
server: Apache / ZoneOS
etag: "ba5-5dc2a2438e980-gzip"
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 1351

GET
H2 200 scripts.js Show response
prosed.ee/wp-content/plugins/contact-form-7/includes/js/ 14 KB
4 KB 61ms
61ms Script
application/javascript 217.146.69.42
ZONE Zone Media OU

General

Check archive.org

Show headers Download Go to

Full URL: https://prosed.ee/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.1.3
Requested by: Host: prosed.ee
URL: https://prosed.ee/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 217.146.69.42 Tallinn, Estonia, ASN49604 (ZONE Zone Media OU, EE),
Reverse DNS: sn-69-42.tll07.zoneas.eu
Software: Apache / ZoneOS /
Resource Hash: b7e17926b30342edecee8b3a93029ac51462e2b479277d8e077ba57173eb1900

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://prosed.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 00:06:30 GMT
content-encoding: gzip
last-modified: Sun, 16 Jun 2019 18:24:06 GMT
server: Apache / ZoneOS
etag: "3868-58b74fc2ac426-gzip"
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 3993

GET
H2 200 reset.css
prosed.ee/wp-content/themes/primepress/library/ 1015 B
624 B 117ms
117ms Stylesheet
text/css 217.146.69.42
ZONE Zone Media OU

General

Check archive.org

Show headers Download Go to

Full URL: https://prosed.ee/wp-content/themes/primepress/library/reset.css
Requested by: Host: prosed.ee
URL: https://prosed.ee/wp-content/themes/primepress/style.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 217.146.69.42 Tallinn, Estonia, ASN49604 (ZONE Zone Media OU, EE),
Reverse DNS: sn-69-42.tll07.zoneas.eu
Software: Apache / ZoneOS /
Resource Hash: 02199a3a74aa01644afe138e531c68a97bd44616553748399d12bd25a19d3ba3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://prosed.ee/wp-content/themes/primepress/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 00:06:30 GMT
content-encoding: gzip
last-modified: Sun, 16 Jun 2019 18:17:27 GMT
server: Apache / ZoneOS
etag: "3f7-58b74e45983c1-gzip"
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 570

GET
H2 200 layout.css
prosed.ee/wp-content/themes/primepress/library/ 1 KB
384 B 116ms
116ms Stylesheet
text/css 217.146.69.42
ZONE Zone Media OU

General

Check archive.org

Show headers Download Go to

Full URL: https://prosed.ee/wp-content/themes/primepress/library/layout.css
Requested by: Host: prosed.ee
URL: https://prosed.ee/wp-content/themes/primepress/style.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 217.146.69.42 Tallinn, Estonia, ASN49604 (ZONE Zone Media OU, EE),
Reverse DNS: sn-69-42.tll07.zoneas.eu
Software: Apache / ZoneOS /
Resource Hash: 6727d4b404f5a158670445c170e2922a588da60ce7948cb491001a9255f5fb9c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://prosed.ee/wp-content/themes/primepress/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 00:06:30 GMT
content-encoding: gzip
last-modified: Sun, 16 Jun 2019 18:17:27 GMT
server: Apache / ZoneOS
etag: "451-58b74e4583ba4-gzip"
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 307

GET
H2 200 wp-emoji-release.min.js Show response
prosed.ee/wp-includes/js/ 18 KB
5 KB 61ms
61ms Script
application/javascript 217.146.69.42
ZONE Zone Media OU

General

Check archive.org

Show headers Download Go to

Full URL: https://prosed.ee/wp-includes/js/wp-emoji-release.min.js?ver=6.2.2
Requested by: Host: prosed.ee
URL: https://prosed.ee/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 217.146.69.42 Tallinn, Estonia, ASN49604 (ZONE Zone Media OU, EE),
Reverse DNS: sn-69-42.tll07.zoneas.eu
Software: Apache / ZoneOS /
Resource Hash: 4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://prosed.ee/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 00:06:30 GMT
content-encoding: gzip
last-modified: Thu, 02 Feb 2023 00:53:25 GMT
server: Apache / ZoneOS
etag: "4904-5f3acfe01ab40-gzip"
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 5039

GET
H2 200 embed.aspx Show response
view.officeapps.live.com/op/ Frame 7EB2 4 KB
3 KB 139ms
44ms Document
text/html 2620:1ec:a92::171
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://view.officeapps.live.com/op/embed.aspx?src=https%3A%2F%2Fprosed.ee%2Fwp-content%2Fuploads%2F2023%2F05%2Fprosed-1.xlsx

Requested by

Host: prosed.ee
URL: https://prosed.ee/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:a92::171 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

3f3e19b22a8e669009d5e0aea6809bdda1432e7e6abec1a8f73390650e51be22

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://prosed.ee/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Tue, 20 Jun 2023 00:06:30 GMT
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
x-content-type-options: nosniff
x-correlationid: ba27edd4-2472-4e0e-8393-6de8b5ace1b0
x-msedge-features: tasmigration015,typeheadertest,afd_waccluster,afd_wordslice,afd_wacinfra4,afd_wacinfra5
x-msedge-flight: 2i49=afd_wacinfra4,2i4a=afd_wacinfra5
x-msedge-ref: Ref A: 5CBDD0CBE9034366AF0D2D36B230AE7E Ref B: AMS231032602039 Ref C: 2023-06-20T00:06:31Z
x-officecluster: PNL1
x-officefd: AM4PEPF00021F0E
x-officefe: AM4PEPF0001B1FD
x-officeversion: 16.0.16606.41015

GET
DATA 200
OK truncated
/ Frame 7EB2 695 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a3596c17dad9a003d0bfbe0b7ba6765f51391b5c3943660316f01c8e77b323db

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/gif

POST
H2 200 xlembed.aspx Show response
pnl1-excel.officeapps.live.com/x/_layouts/ Frame 479D 241 KB
56 KB 181ms
143ms Document
text/html 2620:1ec:a92::171
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://pnl1-excel.officeapps.live.com/x/_layouts/xlembed.aspx?ui=de%2DDE&rs=de%2DDE&WOPISrc=http%3A%2F%2Fpnl1%2Dview%2Dwopi%2Ewopi%2Eonline%2Eoffice%2Enet%3A808%2Foh%2Fwopi%2Ffiles%2F%40%2FwFileId%3FwFileId%3Dhttps%253A%252F%252Fprosed%252Eee%253A443%252Fwp%252Dcontent%252Fuploads%252F2023%252F05%252Fprosed%252D1%252Exlsx&access_token_ttl=0&hid=ba27edd4-2472-4e0e-8393-6de8b5ace1b0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:a92::171 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

b5ce068353ad62cf6ac85e5973b0ac5d6a7cd700f026279081a4c94118a04b73

Security Headers

Name	Value
Content-Security-Policy	font-src data: 'self' c1-excel-15.cdn.office.net c1h-excel-15.cdn.office.net .cdn.office.net res-cn.cdn.partner.office365.cn res-4.cdn.partner.office365.cn res-3.cdn.partner.office365.cn res-1-cdn.azureedge.microsoft.scloud res-1-cdn.azureedge.eaglex.ic.gov res-dev.cdn.officeppe.net .skype.com .skypeassets.com .msocdn.com sway.com .sway-cdn.com sway-cdn.com .sharepointonline.com spoprod-a.akamaihd.net .azureedge.net fs.microsoft.com .officeapps.live.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' c1-excel-15.cdn.office.net c1h-excel-15.cdn.office.net .officeapps.live.com .msftauth.net js.monitor.azure.com c1-officeapps-15.cdn.office.net .skype.com .skypeassets.com .msocdn.com js.live.net appsforoffice.microsoft.com contentstorage.osi.office.net .growth.office.net .rt.microsoft.com res-prod.cdn.office.net res.cdn.office.net messaging.office.com messaging.growth.office.com messaging.action.office.com messaging.engagement.office.com content.lifecycle.office.net www.microsoft.com .cdn.office.net res-cn.cdn.partner.office365.cn res-4.cdn.partner.office365.cn res-3.cdn.partner.office365.cn res-1-cdn.azureedge.microsoft.scloud res-1-cdn.azureedge.eaglex.ic.gov res-dev.cdn.officeppe.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' c1-excel-15.cdn.office.net c1h-excel-15.cdn.office.net c1-officeapps-15.cdn.office.net .skype.com .skypeassets.com .msocdn.com js.live.net sway.com .sway-cdn.com sway-cdn.com .cdn.office.net res-cn.cdn.partner.office365.cn res-4.cdn.partner.office365.cn res-3.cdn.partner.office365.cn res-1-cdn.azureedge.microsoft.scloud res-1-cdn.azureedge.eaglex.ic.gov res-dev.cdn.officeppe.net; media-src .skype.com .skypeassets.com .officeapps.live.com; object-src 'self'; child-src blob: * ms-excel:; worker-src blob: 'self'; img-src * data: blob:; report-uri /x/reportcsp.ashx
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://view.officeapps.live.com
Referer: https://view.officeapps.live.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, no-store
content-encoding: gzip
content-security-policy: font-src data: 'self' c1-excel-15.cdn.office.net c1h-excel-15.cdn.office.net *.cdn.office.net res-cn.cdn.partner.office365.cn res-4.cdn.partner.office365.cn res-3.cdn.partner.office365.cn res-1-cdn.azureedge.microsoft.scloud res-1-cdn.azureedge.eaglex.ic.gov res-dev.cdn.officeppe.net *.skype.com *.skypeassets.com *.msocdn.com sway.com *.sway-cdn.com sway-cdn.com *.sharepointonline.com spoprod-a.akamaihd.net *.azureedge.net fs.microsoft.com *.officeapps.live.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' c1-excel-15.cdn.office.net c1h-excel-15.cdn.office.net *.officeapps.live.com *.msftauth.net js.monitor.azure.com c1-officeapps-15.cdn.office.net *.skype.com *.skypeassets.com *.msocdn.com js.live.net appsforoffice.microsoft.com contentstorage.osi.office.net *.growth.office.net *.rt.microsoft.com res-prod.cdn.office.net res.cdn.office.net messaging.office.com messaging.growth.office.com messaging.action.office.com messaging.engagement.office.com content.lifecycle.office.net www.microsoft.com *.cdn.office.net res-cn.cdn.partner.office365.cn res-4.cdn.partner.office365.cn res-3.cdn.partner.office365.cn res-1-cdn.azureedge.microsoft.scloud res-1-cdn.azureedge.eaglex.ic.gov res-dev.cdn.officeppe.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' c1-excel-15.cdn.office.net c1h-excel-15.cdn.office.net c1-officeapps-15.cdn.office.net *.skype.com *.skypeassets.com *.msocdn.com js.live.net sway.com *.sway-cdn.com sway-cdn.com *.cdn.office.net res-cn.cdn.partner.office365.cn res-4.cdn.partner.office365.cn res-3.cdn.partner.office365.cn res-1-cdn.azureedge.microsoft.scloud res-1-cdn.azureedge.eaglex.ic.gov res-dev.cdn.officeppe.net; media-src *.skype.com *.skypeassets.com *.officeapps.live.com; object-src 'self'; child-src blob: * ms-excel:; worker-src blob: 'self'; img-src * data: blob:; report-uri /x/reportcsp.ashx
content-type: text/html; charset=utf-8
cross-origin-resource-policy: cross-origin
date: Tue, 20 Jun 2023 00:06:30 GMT
document-policy: js-profiling
expires: -1
nel: {"report_to":"network-errors","max_age":604800,"include_subdomains":true,"success_fraction":0.01,"failure_fraction":1.0}
origin-trial: AtAgCmjF9NSDe7WG5+zXddNhpryHIhWvHG5BxTAcMRn1V9oswBhX2RSXHeDxLcwXMB/NYHr3BAXOBJJY1ita2BAAAABteyJvcmlnaW4iOiJodHRwczovL29mZmljZWFwcHMubGl2ZS5jb206NDQzIiwiaXNTdWJkb21haW4iOnRydWUsImZlYXR1cmUiOiJIYXB0aWNzRGV2aWNlIiwiZXhwaXJ5IjoxNzAzOTgwODAwfQ==
p3p: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
pragma: no-cache
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://excelonline.nel.measure.office.net/api/report?FrontEnd=AFD&DestinationEndpoint=Edge-Prod-AMS23r8a&DC=PNL1&FileSource="}]}
reporting-endpoints: default="https://pnl1-excel.officeapps.live.com/x/_layouts/BrowserReportingHandler.ashx"
strict-transport-security: max-age=31536000
timing-allow-origin: *
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
x-content-type-options: nosniff
x-correlationid: f5126207-5b0c-4d58-a0d9-304e9bf50089
x-msedge-features: typeheadertest,afd_waccluster,afd_wacinfra4,afd_wacinfra5
x-msedge-flight: 2i49=afd_wacinfra4,2i4a=afd_wacinfra5
x-msedge-ref: Ref A: 316766C0FE254C9EAAB5D98541D7CD8D Ref B: AMS231032602039 Ref C: 2023-06-20T00:06:31Z
x-officecluster: PNL1
x-officefd: AM4PEPF00021F04
x-officefe: AM4PEPF000114C0
x-officeversion: 16.0.16611.42310
x-usersessionid: f5126207-5b0c-4d58-a0d9-304e9bf50089

GET
H2 200 EwrDefault.css
c1h-excel-15.cdn.office.net/x/s/h02742133213348EE__layouts/Resources/1031/ Frame 479D 148 KB
30 KB 177ms
34ms Stylesheet
text/css 2a02:26f0:3500:598::1c24

General

Check archive.org

Show headers Download Go to

Full URL

https://c1h-excel-15.cdn.office.net/x/s/h02742133213348EE__layouts/Resources/1031/EwrDefault.css

Requested by

Host: pnl1-excel.officeapps.live.com
URL: https://pnl1-excel.officeapps.live.com/x/_layouts/xlembed.aspx?ui=de%2DDE&rs=de%2DDE&WOPISrc=http%3A%2F%2Fpnl1%2Dview%2Dwopi%2Ewopi%2Eonline%2Eoffice%2Enet%3A808%2Foh%2Fwopi%2Ffiles%2F%40%2FwFileId%3FwFileId%3Dhttps%253A%252F%252Fprosed%252Eee%253A443%252Fwp%252Dcontent%252Fuploads%252F2023%252F05%252Fprosed%252D1%252Exlsx&access_token_ttl=0&hid=ba27edd4-2472-4e0e-8393-6de8b5ace1b0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:598::1c24 -, , ASN (),

Reverse DNS

Software

Resource Hash

02742133213348ee1021555ca59def59676f8a7d5da6d840ae593aaa64df557c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://pnl1-excel.officeapps.live.com/
Origin: https://pnl1-excel.officeapps.live.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
date: Tue, 20 Jun 2023 00:06:31 GMT
x-officeversion: 16.0.16605.42304
x-officefe: AM4PEPF000114B7
p3p: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
cross-origin-resource-policy: cross-origin
x-msedge-flight: 2i49=afd_wacinfra4,2i4a=afd_wacinfra5
content-length: 30547
x-msedge-features: typeheadertest,afd_waccluster,afd_wacinfra4,afd_wacinfra5
last-modified: Thu, 08 Jun 2023 12:42:34 GMT
x-correlationid: a36321e4-ed7a-4897-8feb-2adc55774c03
x-usersessionid: a36321e4-ed7a-4897-8feb-2adc55774c03
x-msedge-ref: Ref A: C601F0E8826A403387E62A010C5899D2 Ref B: FRA231050415031 Ref C: 2023-06-11T02:23:14Z
x-officecluster: PNL1
etag: "e97ecb269ad91:0"
x-officefd: AM4PEPF00021F14
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 excelframe.css
c1h-excel-15.cdn.office.net/x/s/h5B6F2A6DCFF5E4FA__layouts/Resources/1031/ Frame 479D 62 KB
10 KB 177ms
33ms Stylesheet
text/css 2a02:26f0:3500:598::1c24

General

Check archive.org

Show headers Download Go to

Full URL

https://c1h-excel-15.cdn.office.net/x/s/h5B6F2A6DCFF5E4FA__layouts/Resources/1031/excelframe.css

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:598::1c24 -, , ASN (),

Reverse DNS

Software

Resource Hash

5b6f2a6dcff5e4fa91361307a2d16e3fa4fdb2b137fc505a9711e727b493a080

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://pnl1-excel.officeapps.live.com/
Origin: https://pnl1-excel.officeapps.live.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
date: Tue, 20 Jun 2023 00:06:31 GMT
x-officeversion: 16.0.16605.42304
x-officefe: BL6PEPF000102EB
p3p: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
cross-origin-resource-policy: cross-origin
x-msedge-flight: 2i49=afd_wacinfra4,2i4a=afd_wacinfra5
content-length: 10013
x-msedge-features: typeheadertest,afd_waccluster,afd_onenoteslice_control,afd_wacinfra4,afd_wacinfra5
last-modified: Thu, 08 Jun 2023 12:03:10 GMT
x-correlationid: d9c1101d-a6aa-4760-aa23-07e1f2abfcf4
x-usersessionid: d9c1101d-a6aa-4760-aa23-07e1f2abfcf4
x-msedge-ref: Ref A: 1418CE883C004D50BFD559014B6525D7 Ref B: LON212050714039 Ref C: 2023-06-09T08:01:56Z
x-officecluster: PUS4
etag: "f8cba03119ad91:0"
x-officefd: BL6PEPF00007A63
content-type: text/css
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 MicrosoftAjaxDS.js Show response
c1h-excel-15.cdn.office.net/x/s/h16ABB4D4FBDA7915__layouts/App_Scripts/ Frame 479D 106 KB
24 KB 176ms
33ms Script
application/javascript 2a02:26f0:3500:598::1c24

General

Check archive.org

Show headers Download Go to

Full URL

https://c1h-excel-15.cdn.office.net/x/s/h16ABB4D4FBDA7915__layouts/App_Scripts/MicrosoftAjaxDS.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:598::1c24 -, , ASN (),

Reverse DNS

Software

Resource Hash

16abb4d4fbda791537009ace13309ea5ff47d731c4c11719d7aa4294d843bace

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://pnl1-excel.officeapps.live.com/
Origin: https://pnl1-excel.officeapps.live.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
date: Tue, 20 Jun 2023 00:06:31 GMT
x-officeversion: 16.0.16531.42313
x-officefe: DB5PEPF000119EB
p3p: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
cross-origin-resource-policy: cross-origin
x-msedge-flight: 2i49=afd_wacinfra4,2i4a=afd_wacinfra5
content-length: 23768
x-msedge-features: typeheadertest,afd_waccluster,afd_onenoteslice,afd_wacinfra4,afd_wacinfra5
last-modified: Tue, 06 Jun 2023 07:35:17 GMT
x-correlationid: eb3eb6ae-7dc1-4f34-a65e-054e87877579
x-usersessionid: eb3eb6ae-7dc1-4f34-a65e-054e87877579
x-msedge-ref: Ref A: 5400608DE6E9465087124876E51E31F5 Ref B: AMS231032605005 Ref C: 2023-06-08T09:48:41Z
x-officecluster: PIE1
etag: "c52b90704998d91:0"
x-officefd: DB5PEPF0001280F
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 EwaDSOpt.js Show response
c1h-excel-15.cdn.office.net/x/s/h76F4CBA8D762931D__layouts/App_Scripts/ Frame 479D 3 MB
755 KB 177ms
34ms Script
application/javascript 2a02:26f0:3500:598::1c24

General

Check archive.org

Show headers Download Go to

Full URL

https://c1h-excel-15.cdn.office.net/x/s/h76F4CBA8D762931D__layouts/App_Scripts/EwaDSOpt.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:598::1c24 -, , ASN (),

Reverse DNS

Software

Resource Hash

76f4cba8d762931dde5f191b6fbc41ec6a532be6d3692dc72de3064c9920ccfa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://pnl1-excel.officeapps.live.com/
Origin: https://pnl1-excel.officeapps.live.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
date: Tue, 20 Jun 2023 00:06:31 GMT
x-officeversion: 16.0.16605.42304
x-officefe: DB5PEPF00011A0F
p3p: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
cross-origin-resource-policy: cross-origin
x-msedge-flight: 2i49=afd_wacinfra4,2i4a=afd_wacinfra5
content-length: 771572
x-msedge-features: typeheadertest,afd_waccluster,afd_wacinfra4,afd_wacinfra5
last-modified: Tue, 13 Jun 2023 05:28:15 GMT
x-correlationid: c2a50adf-ebd0-48c2-9d61-d3e12425d495
x-usersessionid: c2a50adf-ebd0-48c2-9d61-d3e12425d495
x-msedge-ref: Ref A: CCD4E5FA8D0B425E9D1C5F368C891AEE Ref B: FRA231050415017 Ref C: 2023-06-13T05:28:15Z
x-officecluster: PIE1
etag: W/"3e1373dab79dd91:0"
x-officefd: DB5PEPF0001280C
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 Ewa.Strings.Wac.js Show response
c1h-excel-15.cdn.office.net/x/s/h9142F17542CD9F0A__layouts/App_Scripts/1031/ Frame 479D 127 KB
31 KB 175ms
32ms Script
application/javascript 2a02:26f0:3500:598::1c24

General

Check archive.org

Show headers Download Go to

Full URL

https://c1h-excel-15.cdn.office.net/x/s/h9142F17542CD9F0A__layouts/App_Scripts/1031/Ewa.Strings.Wac.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:598::1c24 -, , ASN (),

Reverse DNS

Software

Resource Hash

9142f17542cd9f0a62c280b1df9f4e88a05a0a66eeab49b863780bb044b3dc26

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://pnl1-excel.officeapps.live.com/
Origin: https://pnl1-excel.officeapps.live.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
date: Tue, 20 Jun 2023 00:06:31 GMT
x-officeversion: 16.0.16611.42310
x-officefe: AM4PEPF00006917
p3p: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
cross-origin-resource-policy: cross-origin
x-msedge-flight: 2i49=afd_wacinfra4,2i4a=afd_wacinfra5
content-length: 30928
x-msedge-features: typeheadertest,afd_waccluster,afd_wacinfra4,afd_wacinfra5
last-modified: Wed, 14 Jun 2023 11:33:43 GMT
x-correlationid: 264fcedb-9dbc-416e-a790-ea1e5d8c4be6
x-usersessionid: 264fcedb-9dbc-416e-a790-ea1e5d8c4be6
x-msedge-ref: Ref A: BB4CC37E862F42579F90CCA7782896A1 Ref B: FRA231050412035 Ref C: 2023-06-18T02:35:28Z
x-officecluster: PNL1
etag: "b0f913b49ed91:0"
x-officefd: AM4PEPF00021F05
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 gridRenderer.min.js Show response
c1h-excel-15.cdn.office.net/x/s/hD2C7C42AF541AC69__layouts/App_Scripts/ Frame 479D 727 KB
204 KB 178ms
35ms Script
application/javascript 2a02:26f0:3500:598::1c24

General

Check archive.org

Show headers Download Go to

Full URL

https://c1h-excel-15.cdn.office.net/x/s/hD2C7C42AF541AC69__layouts/App_Scripts/gridRenderer.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:598::1c24 -, , ASN (),

Reverse DNS

Software

Resource Hash

d2c7c42af541ac69b7e99325ec9b6d79828c2f597bb8752b3e65c3c710433399

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://pnl1-excel.officeapps.live.com/
Origin: https://pnl1-excel.officeapps.live.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
date: Tue, 20 Jun 2023 00:06:31 GMT
x-officeversion: 16.0.16611.42310
x-officefe: AM4PEPF000068D6
p3p: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
cross-origin-resource-policy: cross-origin
x-msedge-flight: 2i49=afd_wacinfra4,2i4a=afd_wacinfra5
content-length: 208248
x-msedge-features: typeheadertest,afd_waccluster,afd_wordcapacity,afd_wordcapacity_2_control,afd_wacinfra4,afd_wacinfra5
last-modified: Wed, 14 Jun 2023 12:47:24 GMT
x-correlationid: f2db21f8-4435-4202-91af-475ad6d24523
x-usersessionid: f2db21f8-4435-4202-91af-475ad6d24523
x-msedge-ref: Ref A: 11A92F8BE814493894D2053ABA6732C5 Ref B: FRA231050416029 Ref C: 2023-06-18T01:49:16Z
x-officecluster: PNL1
etag: "96b52c5ebe9ed91:0"
x-officefd: AM4PEPF00025F83
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 clientManifest.js Show response
c1h-excel-15.cdn.office.net/x/s/h98C8BFA7840D1A8D__layouts/Resources/de-DE/ Frame 479D 187 KB
59 KB 175ms
32ms Script
application/javascript 2a02:26f0:3500:598::1c24

General

Check archive.org

Show headers Download Go to

Full URL

https://c1h-excel-15.cdn.office.net/x/s/h98C8BFA7840D1A8D__layouts/Resources/de-DE/clientManifest.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:598::1c24 -, , ASN (),

Reverse DNS

Software

Resource Hash

98c8bfa7840d1a8dc998f64ec4a7a93bfa4a001cab6a846440e399d8d67de272

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://pnl1-excel.officeapps.live.com/
Origin: https://pnl1-excel.officeapps.live.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
date: Tue, 20 Jun 2023 00:06:31 GMT
x-officeversion: 16.0.16605.42304
x-officefe: AM4PEPF00006925
p3p: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
cross-origin-resource-policy: cross-origin
x-msedge-flight: 2i49=afd_wacinfra4,2i4a=afd_wacinfra5
content-length: 59687
x-msedge-features: typeheadertest,afd_waccluster,afd_wacinfra4,afd_wacinfra5
last-modified: Tue, 13 Jun 2023 13:59:46 GMT
x-correlationid: 7f4f0067-418f-4de1-9bc1-f3537f9ef5ee
x-usersessionid: 7f4f0067-418f-4de1-9bc1-f3537f9ef5ee
x-msedge-ref: Ref A: 0BD3FD42AC4041F1ABD6B939F809DC5B Ref B: FRA231050416053 Ref C: 2023-06-13T13:59:46Z
x-officecluster: PNL1
etag: W/"d3eaa54fff9dd91:0"
x-officefd: AM4PEPF00021F10
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 richTextEditor.min.js Show response
c1h-excel-15.cdn.office.net/x/s/h17921D9B7B99AFE2__layouts/App_Scripts/es6/ Frame 479D 317 KB
62 KB 88ms
87ms Script
application/javascript 2a02:26f0:3500:598::1c24

General

Check archive.org

Show headers Download Go to

Full URL

https://c1h-excel-15.cdn.office.net/x/s/h17921D9B7B99AFE2__layouts/App_Scripts/es6/richTextEditor.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:598::1c24 -, , ASN (),

Reverse DNS

Software

Resource Hash

17921d9b7b99afe2c59c1f1f68ad1919d764a33ed63e802f490733a686219d95

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://pnl1-excel.officeapps.live.com/
Origin: https://pnl1-excel.officeapps.live.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
date: Tue, 20 Jun 2023 00:06:31 GMT
x-officeversion: 16.0.16611.42310
x-officefe: AM4PEPF0000694A
p3p: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
cross-origin-resource-policy: cross-origin
x-msedge-flight: 2i49=afd_wacinfra4,2i4a=afd_wacinfra5
content-length: 62807
x-msedge-features: typeheadertest,afd_waccluster,afd_visioslice,afd_wacinfra4,afd_wacinfra5
last-modified: Wed, 14 Jun 2023 13:21:46 GMT
x-correlationid: 2e8ff274-eca8-48de-bf85-8610f54f14c0
x-usersessionid: 2e8ff274-eca8-48de-bf85-8610f54f14c0
x-msedge-ref: Ref A: 628FF31F5FB347C8848E3E6D1916F591 Ref B: FRA231050416053 Ref C: 2023-06-19T20:39:17Z
x-officecluster: PNL1
etag: "77ff2ac39ed91:0"
x-officefd: AM4PEPF00025F81
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 EwaDSOpt.bootCommon.js Show response
c1h-excel-15.cdn.office.net/x/s/h258B30D20837815F__layouts/App_Scripts/ Frame 479D 19 KB
6 KB 87ms
87ms Script
application/javascript 2a02:26f0:3500:598::1c24

General

Check archive.org

Show headers Download Go to

Full URL

https://c1h-excel-15.cdn.office.net/x/s/h258B30D20837815F__layouts/App_Scripts/EwaDSOpt.bootCommon.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:598::1c24 -, , ASN (),

Reverse DNS

Software

Resource Hash

258b30d20837815f470a25f6c609179292fea46780831434a8a10583f0de8c5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://pnl1-excel.officeapps.live.com/
Origin: https://pnl1-excel.officeapps.live.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
date: Tue, 20 Jun 2023 00:06:31 GMT
x-officeversion: 16.0.16605.42304
x-officefe: DB5PEPF00011A16
p3p: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
cross-origin-resource-policy: cross-origin
x-msedge-flight: 2i49=afd_wacinfra4,2i4a=afd_wacinfra5
content-length: 5930
x-msedge-features: typeheadertest,afd_waccluster,afd_wacinfra4,afd_wacinfra5
last-modified: Tue, 13 Jun 2023 13:59:09 GMT
x-correlationid: e5b84f9d-5a99-45f2-b164-1a96bee8ab05
x-usersessionid: e5b84f9d-5a99-45f2-b164-1a96bee8ab05
x-msedge-ref: Ref A: D76314EEDA674706B5AAD31EA80375E3 Ref B: FRA231050416035 Ref C: 2023-06-13T13:59:09Z
x-officecluster: PIE1
etag: W/"96febc39ff9dd91:0"
x-officefd: DB5PEPF00012924
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 ewaembed.png
c1h-excel-15.cdn.office.net/x/s/hDEF6F7343B3FA794__layouts/Resources/ Frame 479D 4 KB
4 KB 126ms
32ms Image
image/png 2a02:26f0:3500:598::1c24

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c1h-excel-15.cdn.office.net/x/s/hDEF6F7343B3FA794__layouts/Resources/ewaembed.png

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:598::1c24 -, , ASN (),

Reverse DNS

Software

Resource Hash

def6f7343b3fa79427426a51dbf484dc713fb9cc6d2813316303c73f05f29b3a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pnl1-excel.officeapps.live.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 20 Jun 2023 00:06:31 GMT
x-officeversion: 16.0.16611.42310
x-officefe: AM4PEPF000068DD
p3p: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
cross-origin-resource-policy: cross-origin
x-msedge-flight: 2i49=afd_wacinfra4,2i4a=afd_wacinfra5
content-length: 3592
x-msedge-features: typeheadertest,afd_waccluster,afd_visioslice,afd_wacinfra4,afd_wacinfra5
last-modified: Wed, 14 Jun 2023 12:47:11 GMT
x-correlationid: 019dbb36-3539-48ac-a149-11294e9ab490
x-usersessionid: 019dbb36-3539-48ac-a149-11294e9ab490
x-msedge-ref: Ref A: 330D4DDA7BDD4DE38DF944D1591E925E Ref B: AMS231022012019 Ref C: 2023-06-17T17:21:40Z
x-officecluster: PNL1
etag: "3fbc7f56be9ed91:0"
x-officefd: AM4PEPF00021F0D
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 excelembed28.png
c1h-excel-15.cdn.office.net/x/s/h66C6B19E56A3A283__layouts/Resources/ Frame 479D 458 B
1 KB 127ms
33ms Image
image/png 2a02:26f0:3500:598::1c24

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c1h-excel-15.cdn.office.net/x/s/h66C6B19E56A3A283__layouts/Resources/excelembed28.png

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:598::1c24 -, , ASN (),

Reverse DNS

Software

Resource Hash

66c6b19e56a3a283448cfa65e8c47dbc8ac0a83050bb9029f82ed18c4409e1b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pnl1-excel.officeapps.live.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 20 Jun 2023 00:06:31 GMT
x-officeversion: 16.0.16531.42313
x-officefe: AM4PEPF00006948
p3p: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
cross-origin-resource-policy: cross-origin
x-msedge-flight: 2i49=afd_wacinfra4,2i4a=afd_wacinfra5
content-length: 458
x-msedge-features: typeheadertest,afd_waccluster,afd_pptcapacity_control,afd_wacinfra4,afd_wacinfra5
last-modified: Tue, 06 Jun 2023 10:30:03 GMT
x-correlationid: f2536653-6d3d-458a-989c-5dae0c57b7b2
x-usersessionid: f2536653-6d3d-458a-989c-5dae0c57b7b2
x-msedge-ref: Ref A: D6B59B0C277247B7AAFAFFB9CB596B0F Ref B: AMS231032601025 Ref C: 2023-06-07T22:34:51Z
x-officecluster: PNL1
etag: "13db99da6198d91:0"
x-officefd: AM4PEPF00021F17
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
timing-allow-origin: *

GET
DATA 200
OK truncated
/ Frame 479D 376 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 46689198526f176cb3bb2881be2e8f1273be7293fea0625f2c3bfa2058c9b422

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET
H/1.1 200
OK 44327025345
fs.microsoft.com/fs/4.7/rawguids/ Frame 479D 1 MB
714 KB 448ms
33ms Font
application/octet-stream 184.30.17.174

General

Check archive.org

Show headers Download Go to

Full URL: https://fs.microsoft.com/fs/4.7/rawguids/44327025345
Requested by: Host: pnl1-excel.officeapps.live.com
URL: https://pnl1-excel.officeapps.live.com/x/_layouts/xlembed.aspx?ui=de%2DDE&rs=de%2DDE&WOPISrc=http%3A%2F%2Fpnl1%2Dview%2Dwopi%2Ewopi%2Eonline%2Eoffice%2Enet%3A808%2Foh%2Fwopi%2Ffiles%2F%40%2FwFileId%3FwFileId%3Dhttps%253A%252F%252Fprosed%252Eee%253A443%252Fwp%252Dcontent%252Fuploads%252F2023%252F05%252Fprosed%252D1%252Exlsx&access_token_ttl=0&hid=ba27edd4-2472-4e0e-8393-6de8b5ace1b0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.17.174 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1522f5c0f14d035c42540d84ad4d00d92b72240e91784c15c59e12921a1f0d79

Request headers

Referer: https://pnl1-excel.officeapps.live.com/
Origin: https://pnl1-excel.officeapps.live.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Tue, 20 Jun 2023 00:06:32 GMT
ApiVersion: Distribute 1.1
Content-Encoding: gzip
Last-Modified: Tue, 23 Apr 2019 00:37:40 GMT
ETag: "0x3C2106B47456A73C36601651E03CDF12759BC76A9DB2B15BB1B25E0EADD314AF"
X-Azure-Ref: 0+tFCYwAAAABXg0dkUO9VQJBEslSo7ueHQ0hJMzBFREdFMDUxOQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y=
Vary: Accept-Encoding
Content-Type: application/octet-stream
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=101254
Content-Disposition: attachment; filename=44327025345; filename*=UTF-8''44327025345
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 730601
X-CID: 2

GET
H/1.1 200
OK 39238612322
fs.microsoft.com/fs/4.7/rawguids/ Frame 479D 1 MB
625 KB 399ms
33ms Font
application/octet-stream 184.30.17.174

General

Check archive.org

Show headers Download Go to

Full URL: https://fs.microsoft.com/fs/4.7/rawguids/39238612322
Requested by: Host: pnl1-excel.officeapps.live.com
URL: https://pnl1-excel.officeapps.live.com/x/_layouts/xlembed.aspx?ui=de%2DDE&rs=de%2DDE&WOPISrc=http%3A%2F%2Fpnl1%2Dview%2Dwopi%2Ewopi%2Eonline%2Eoffice%2Enet%3A808%2Foh%2Fwopi%2Ffiles%2F%40%2FwFileId%3FwFileId%3Dhttps%253A%252F%252Fprosed%252Eee%253A443%252Fwp%252Dcontent%252Fuploads%252F2023%252F05%252Fprosed%252D1%252Exlsx&access_token_ttl=0&hid=ba27edd4-2472-4e0e-8393-6de8b5ace1b0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.17.174 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e77f429f5cde743c30216c2d5917706d09ddd938990f4f5ae98bfd4b5c7d0495

Request headers

Referer: https://pnl1-excel.officeapps.live.com/
Origin: https://pnl1-excel.officeapps.live.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Tue, 20 Jun 2023 00:06:32 GMT
ApiVersion: Distribute 1.1
Content-Encoding: gzip
Last-Modified: Tue, 23 Apr 2019 00:37:40 GMT
X-MSEdge-Ref: Ref A: 407852A91F8240D3B120231579E1E257 Ref B: LTSEDGE1016 Ref C: 2023-04-03T06:08:36Z
ETag: "0xAE151B36311CB1C574F050ECCDBE1CA34775215B05F0B5DBA5E4352E93DDDC28"
Vary: Accept-Encoding
Content-Type: application/octet-stream
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=74697
Content-Disposition: attachment; filename=39238612322; filename*=UTF-8''39238612322
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 639757
X-CID: 2

GET
H2 200 EwaDSOpt.tmcore.js Show response
c1h-excel-15.cdn.office.net/x/s/hA416FEAB51B13695__layouts/App_Scripts/ Frame 479D 21 KB
8 KB 32ms
32ms Script
application/javascript 2a02:26f0:3500:598::1c24

General

Check archive.org

Show headers Download Go to

Full URL

https://c1h-excel-15.cdn.office.net/x/s/hA416FEAB51B13695__layouts/App_Scripts/EwaDSOpt.tmcore.js

Requested by

Host: c1h-excel-15.cdn.office.net
URL: https://c1h-excel-15.cdn.office.net/x/s/h76F4CBA8D762931D__layouts/App_Scripts/EwaDSOpt.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:598::1c24 -, , ASN (),

Reverse DNS

Software

Resource Hash

a416feab51b13695eb3344f299d0754b19352582518a7497d903368e5eeb7cc3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://pnl1-excel.officeapps.live.com/
Origin: https://pnl1-excel.officeapps.live.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
date: Tue, 20 Jun 2023 00:06:32 GMT
x-officeversion: 16.0.16605.42304
x-officefe: BL6PEPF00007F9C
p3p: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
cross-origin-resource-policy: cross-origin
x-msedge-flight: 2i49=afd_wacinfra4,2i4a=afd_wacinfra5
content-length: 7132
x-msedge-features: typeheadertest,afd_waccluster,afd_wordcapacity,afd_visioslice_control,afd_wacinfra4,afd_wacinfra5
last-modified: Tue, 13 Jun 2023 13:59:11 GMT
x-correlationid: 988b711e-2ba6-4376-95de-b7b0eaa02611
x-usersessionid: 988b711e-2ba6-4376-95de-b7b0eaa02611
x-msedge-ref: Ref A: 63DB28EFF3BF418C94EA09A85FB3366B Ref B: FRA231050413047 Ref C: 2023-06-13T13:59:10Z
x-officecluster: PUS4
etag: W/"c91c83aff9dd91:0"
x-officefd: BL6PEPF00012961
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
timing-allow-origin: *

GET
BLOB 200
OK 9bf3affe-43cf-4d06-bbf3-978bfece1a3d
https://pnl1-excel.officeapps.live.com/ Frame 479D 193 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://pnl1-excel.officeapps.live.com/9bf3affe-43cf-4d06-bbf3-978bfece1a3d
Requested by: Host: pnl1-excel.officeapps.live.com
URL: https://pnl1-excel.officeapps.live.com/x/_layouts/xlembed.aspx?ui=de%2DDE&rs=de%2DDE&WOPISrc=http%3A%2F%2Fpnl1%2Dview%2Dwopi%2Ewopi%2Eonline%2Eoffice%2Enet%3A808%2Foh%2Fwopi%2Ffiles%2F%40%2FwFileId%3FwFileId%3Dhttps%253A%252F%252Fprosed%252Eee%253A443%252Fwp%252Dcontent%252Fuploads%252F2023%252F05%252Fprosed%252D1%252Exlsx&access_token_ttl=0&hid=ba27edd4-2472-4e0e-8393-6de8b5ace1b0
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e38e9d3ac766eaffa7f98d417558b6ddf7d2f35ef57f61802d563080405cc074

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Length: 193
Content-Type: application/javascript

OPTIONS
H2 200 RemoteUls.ashx
euc-excel-telemetry.officeapps.live.com/xt/ Frame 0
0 205ms
48ms Preflight 2603:1063:2206:14::46

General

Check archive.org

Show headers Download Go to

Full URL

https://euc-excel-telemetry.officeapps.live.com/xt/RemoteUls.ashx?waccluster=PNL1&officeserverversion=16.0.16611.42310&usid=f5126207-5b0c-4d58-a0d9-304e9bf50089

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2603:1063:2206:14::46 -, , ASN (),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Headers: haep,x-accesstoken,x-accesstokenttl,x-key,x-officeversion,x-requested-with,x-usersessionid,x-usertype,x-waccluster,x-xhr
Access-Control-Request-Method: POST
Origin: https://pnl1-excel.officeapps.live.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-headers: Content-Type, Origin, X-AccessToken, X-AccessTokenTtl, X-BrowserUlsBeacon, X-CorrelationId, X-IsCoauthSession, X-Key, X-OfficeVersion, X-Requested-With, X-UserSessionId, X-UserType, X-WacCluster, X-WacFrontEnd, X-WacUserAgent, X-bULS-OfficeAppMode, X-bULS-OfficeAppType, X-bULS-SuppressionETag, X-bULS-UseSourceMaps, X-xhr, haep, hascn, hascnt
access-control-allow-methods: POST, OPTIONS
access-control-allow-origin: https://pnl1-excel.officeapps.live.com
access-control-expose-headers: X-EndSession, X-CorrelationId, X-OfficeFE, X-NewKey, X-bULS-SuppressionETag, X-bULS-SuppressedTags
access-control-max-age: 86400
cache-control: private
content-length: 0
cross-origin-resource-policy: cross-origin
date: Tue, 20 Jun 2023 00:06:32 GMT
p3p: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
server: Microsoft-IIS/10.0
strict-transport-security: max-age=31536000
x-correlationid: bf615b6f-0cd5-43c0-a00f-98ada02b86cc
x-officecluster: PGTEU2
x-officefd: DB3PEPF000063BF
x-officefe: DB3PEPF000063BF
x-officeversion: 16.0.16616.42303
x-usersessionid: f5126207-5b0c-4d58-a0d9-304e9bf50089

GET
H2 200 excelOnline.min.js Show response
c1h-excel-15.cdn.office.net/x/s/h614EAA22C5C5F763__layouts/App_Scripts/ Frame 479D 9 KB
3 KB 32ms
32ms Script
application/javascript 2a02:26f0:3500:598::1c24

General

Check archive.org

Show headers Download Go to

Full URL

https://c1h-excel-15.cdn.office.net/x/s/h614EAA22C5C5F763__layouts/App_Scripts/excelOnline.min.js

Requested by

Host: c1h-excel-15.cdn.office.net
URL: https://c1h-excel-15.cdn.office.net/x/s/h76F4CBA8D762931D__layouts/App_Scripts/EwaDSOpt.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:598::1c24 -, , ASN (),

Reverse DNS

Software

Resource Hash

614eaa22c5c5f763501f2d67b0ed2dca859a2693c90deb70a90c83f4c7ef704f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://pnl1-excel.officeapps.live.com/
Origin: https://pnl1-excel.officeapps.live.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
date: Tue, 20 Jun 2023 00:06:33 GMT
x-officeversion: 16.0.16611.42310
x-officefe: AM4PEPF00006915
p3p: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
cross-origin-resource-policy: cross-origin
x-msedge-flight: 2i49=afd_wacinfra4,2i4a=afd_wacinfra5
content-length: 2645
x-msedge-features: typeheadertest,afd_waccluster,afd_wacinfra4,afd_wacinfra5
last-modified: Wed, 14 Jun 2023 10:54:27 GMT
x-correlationid: 55da5c5a-3fe6-4851-a5c6-aafea56be52f
x-usersessionid: 55da5c5a-3fe6-4851-a5c6-aafea56be52f
x-msedge-ref: Ref A: 1124DB23A9CF4D00A81F069D779ACBD8 Ref B: FRA231050416051 Ref C: 2023-06-17T21:46:20Z
x-officecluster: PNL1
etag: "4a6dd696ae9ed91:0"
x-officefd: AM4PEPF00021F10
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
timing-allow-origin: *

GET
H/1.1 200
OK 50941620409
fs.microsoft.com/fs/4.7/rawguids/ Frame 479D 910 KB
495 KB 29ms
29ms Font
application/octet-stream 184.30.17.174

General

Check archive.org

Show headers Download Go to

Full URL: https://fs.microsoft.com/fs/4.7/rawguids/50941620409
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.17.174 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: eb0ab622969875cccbaa658809cc6df6bfd73846f9c6c5e80774936cbc52845c

Request headers

Referer: https://pnl1-excel.officeapps.live.com/
Origin: https://pnl1-excel.officeapps.live.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Tue, 20 Jun 2023 00:06:33 GMT
ApiVersion: Distribute 1.1
Content-Encoding: gzip
Last-Modified: Tue, 23 Apr 2019 00:37:40 GMT
ETag: "0x178939ABA1E8A602911CDE0564920200E557D6568E6C74DF2AFEE537D0E55846"
X-Azure-Ref: 0Rq9NYwAAAAAmXd8zbvKFTaQ19ZaEMchaQ0hJMzBFREdFMDUwNgBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y=
Vary: Accept-Encoding
Content-Type: application/octet-stream
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=258205
Content-Disposition: attachment; filename=50941620409; filename*=UTF-8''50941620409
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 506404
X-CID: 2

GET
H/1.1 200
OK 44117086606
fs.microsoft.com/fs/4.7/rawguids/ Frame 479D 1005 KB
522 KB 30ms
30ms Font
application/octet-stream 184.30.17.174

General

Check archive.org

Show headers Download Go to

Full URL: https://fs.microsoft.com/fs/4.7/rawguids/44117086606
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.17.174 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a05710074ea675d0010555a386fea162a6ea24ecaddb87cc8deccf69dae97f82

Request headers

Referer: https://pnl1-excel.officeapps.live.com/
Origin: https://pnl1-excel.officeapps.live.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Tue, 20 Jun 2023 00:06:33 GMT
ApiVersion: Distribute 1.1
Content-Encoding: gzip
Last-Modified: Tue, 23 Apr 2019 00:37:40 GMT
ETag: "0xBF6803468A50E1D21952796420041DFE20DAF21F6E87D88AC56205D239F634D6"
X-Azure-Ref: 0Vd5oYwAAAADSXsxFGk6oQLqrWtT7PoQ+Q0hJMzBFREdFMDUxNQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y=
Vary: Accept-Encoding
Content-Type: application/octet-stream
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=246465
Content-Disposition: attachment; filename=44117086606; filename*=UTF-8''44117086606
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 533662
X-CID: 2

GET
H2 200 GetRangeContentJson
pnl1-excel.officeapps.live.com/x/_vti_bin/DynamicGridContent.json/ Frame 479D 100 KB
9 KB 79ms
79ms XHR
application/json 2620:1ec:a92::171
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://pnl1-excel.officeapps.live.com/x/_vti_bin/DynamicGridContent.json/GetRangeContentJson?context=%7B%22WorkbookMetadataParameter%22%3A%7B%22WorkbookMetadataState%22%3A%7B%22MetadataVersion%22%3A0%2C%22ServerEventVersion%22%3A0%7D%7D%2C%22ClientRequestId%22%3A%22ff2750e3-4f9c-4198-a541-68c6395a6c38%22%2C%22InstantaneousType%22%3A0%2C%22MakeInstantaneousChange%22%3Afalse%2C%22SessionId%22%3A%2215.AM4PEPF000114C01.A62.1.V22.65F0V5GKLno0E0mq2LkoXI14.5.de-DE5.de-DE9.prosed.ee1.S1.N16.16.0.16611.4231014.5.de-DE5.de-DE1.V1.N0.1.S%22%2C%22TransientEditSessionToken%22%3Anull%2C%22PermissionFlags%22%3A98235%2C%22Configurations%22%3A1639168%2C%22CompleteResponseTimeout%22%3A0%2C%22IsWindowHidden%22%3Afalse%2C%22IsWindowVisible%22%3Atrue%2C%22MachineCluster%22%3A%22PNL1%22%2C%22AjaxOptions%22%3A0%2C%22ReturnSheetProcessedData%22%3Afalse%7D&ewaControlId=%22m_excelEmbedRenderer_ctl15_ewaCtl_m_ewa%22&currentObject=%22PROSED%22&namedObjectViewData=%7B%22Mode%22%3A0%2C%22Settings%22%3A0%7D&row=28&column=0&rowCount=28&columnCount=30&blockPosition=%7B%22X%22%3A0%2C%22Y%22%3A1%2C%22PaneType%22%3A1%7D&revision=0&previousRevision=-1&digest=%22%22&renderingOptions=24&colorScheme=null&ecsSpreadsheetDigest=null&waccluster=PNL1

Requested by

Host: c1h-excel-15.cdn.office.net
URL: https://c1h-excel-15.cdn.office.net/x/s/h16ABB4D4FBDA7915__layouts/App_Scripts/MicrosoftAjaxDS.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:a92::171 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

X-WacNoAuth: 1
accept-language: de-DE,de;q=0.9
X-OfficeVersion: 16.0.16611.42310
X-ClientBootEpochTimeStamp: 1687219591.6006596
X-Key: DGrngbvaB5DA7UnFkuUTPo2w3mZnzEPgNk6OzLq729M=,638228163916006596
X-Requested-With: XMLHttpRequest
X-xhr: 1
X-XL-SessionId: 15.AM4PEPF000114C01.A62.1.V22.65F0V5GKLno0E0mq2LkoXI14.5.de-DE5.de-DE9.prosed.ee1.S1.N16.16.0.16611.4231014.5.de-DE5.de-DE1.V1.N0.1.S
haep: 1
X-CorrelationId: 07bfb74a-f7ce-4e8f-b9e0-36322c016229
X-AccessToken: 1
X-UserSessionId: f5126207-5b0c-4d58-a0d9-304e9bf50089
X-AccessTokenTtl: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type: application/json; charset=utf-8
Referer: https://pnl1-excel.officeapps.live.com/x/_layouts/xlembed.aspx?ui=de%2DDE&rs=de%2DDE&WOPISrc=http%3A%2F%2Fpnl1%2Dview%2Dwopi%2Ewopi%2Eonline%2Eoffice%2Enet%3A808%2Foh%2Fwopi%2Ffiles%2F%40%2FwFileId%3FwFileId%3Dhttps%253A%252F%252Fprosed%252Eee%253A443%252Fwp%252Dcontent%252Fuploads%252F2023%252F05%252Fprosed%252D1%252Exlsx&access_token_ttl=0&hid=ba27edd4-2472-4e0e-8393-6de8b5ace1b0
X-UserType: WOPI
X-WacCluster: PNL1

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 20 Jun 2023 00:06:32 GMT
x-officeversion: 16.0.16611.42310
x-officefe: AM4PEPF000114C0
p3p: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
x-cache: CONFIG_NOCACHE
x-msedge-flight: 2i49=afd_wacinfra4,2i4a=afd_wacinfra5
content-length: 9051
x-msedge-features: typeheadertest,afd_waccluster,afd_onenoteslice,afd_wacinfra4,afd_wacinfra5
x-correlationid: 07bfb74a-f7ce-4e8f-b9e0-36322c016229
x-officecluster: PNL1
x-usersessionid: f5126207-5b0c-4d58-a0d9-304e9bf50089
x-msedge-ref: Ref A: 908561C5EE02484B99F850B08D878019 Ref B: AMS231032602039 Ref C: 2023-06-20T00:06:33Z
x-officefd: AM4PEPF00021F11
vary: Accept-Encoding
content-type: application/json; charset=utf-8
cache-control: private, max-age=604800
timing-allow-origin: *

POST RemoteUls.ashx
euc-excel-telemetry.officeapps.live.com/xt/ Frame 479D 0
0

GET
DATA 200
OK truncated
/ Frame 479D 42 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pnl1-excel.officeapps.live.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 EwaDSOpt.tm.js
c1h-excel-15.cdn.office.net/x/s/h788BEE071475743D__layouts/App_Scripts/ Frame 479D 182 KB
47 KB 32ms
32ms Script
application/javascript 2a02:26f0:3500:598::1c24

General

Check archive.org

Show headers Download Go to

Full URL

https://c1h-excel-15.cdn.office.net/x/s/h788BEE071475743D__layouts/App_Scripts/EwaDSOpt.tm.js

Requested by

Host: c1h-excel-15.cdn.office.net
URL: https://c1h-excel-15.cdn.office.net/x/s/h76F4CBA8D762931D__layouts/App_Scripts/EwaDSOpt.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:598::1c24 -, , ASN (),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://pnl1-excel.officeapps.live.com/
Origin: https://pnl1-excel.officeapps.live.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
date: Tue, 20 Jun 2023 00:06:33 GMT
x-officeversion: 16.0.16605.42304
x-officefe: DB5PEPF00011A1C
p3p: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
cross-origin-resource-policy: cross-origin
x-msedge-flight: 2i49=afd_wacinfra4,2i4a=afd_wacinfra5
content-length: 47585
x-msedge-features: typeheadertest,afd_waccluster,afd_onenoteslice_control,afd_pptcapacity_2_control,afd_wacinfra4,afd_wacinfra5
last-modified: Tue, 13 Jun 2023 13:59:11 GMT
x-correlationid: 6fa40cf5-b824-4b95-8e9b-413647893aa8
x-usersessionid: 6fa40cf5-b824-4b95-8e9b-413647893aa8
x-msedge-ref: Ref A: 4A3EE31989F442B69C0EF6BE398CC493 Ref B: FRA231050415023 Ref C: 2023-06-13T13:59:10Z
x-officecluster: PIE1
etag: W/"6d90aa3aff9dd91:0"
x-officefd: DB5PEPF00012808
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 EwaDSOpt.otherCommon.js
c1h-excel-15.cdn.office.net/x/s/h3FD6B7CB903461CF__layouts/App_Scripts/ Frame 479D 357 KB
92 KB 32ms
32ms Script
application/javascript 2a02:26f0:3500:598::1c24

General

Check archive.org

Show headers Download Go to

Full URL

https://c1h-excel-15.cdn.office.net/x/s/h3FD6B7CB903461CF__layouts/App_Scripts/EwaDSOpt.otherCommon.js

Requested by

Host: c1h-excel-15.cdn.office.net
URL: https://c1h-excel-15.cdn.office.net/x/s/h76F4CBA8D762931D__layouts/App_Scripts/EwaDSOpt.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:598::1c24 -, , ASN (),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://pnl1-excel.officeapps.live.com/
Origin: https://pnl1-excel.officeapps.live.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
date: Tue, 20 Jun 2023 00:06:33 GMT
x-officeversion: 16.0.16605.42304
x-officefe: BL6PEPF000073C9
p3p: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
cross-origin-resource-policy: cross-origin
x-msedge-flight: 2i49=afd_wacinfra4,2i4a=afd_wacinfra5
content-length: 93835
x-msedge-features: typeheadertest,afd_waccluster,afd_visioslice,afd_wacinfra4,afd_wacinfra5
last-modified: Tue, 13 Jun 2023 13:59:11 GMT
x-correlationid: 097d4741-852f-46fe-b5be-60d3daade12c
x-usersessionid: 097d4741-852f-46fe-b5be-60d3daade12c
x-msedge-ref: Ref A: AD1EA22C429E4898AD7053A19C7C45EC Ref B: FRA231050414017 Ref C: 2023-06-13T13:59:10Z
x-officecluster: PUS4
etag: W/"d6e4f63aff9dd91:0"
x-officefd: BL6PEPF00011E99
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 EwaDSOpt.frs.js
c1h-excel-15.cdn.office.net/x/s/h47D1DB69EECF3200__layouts/App_Scripts/ Frame 479D 419 KB
102 KB 35ms
35ms Script
application/javascript 2a02:26f0:3500:598::1c24

General

Check archive.org

Show headers Download Go to

Full URL

https://c1h-excel-15.cdn.office.net/x/s/h47D1DB69EECF3200__layouts/App_Scripts/EwaDSOpt.frs.js

Requested by

Host: c1h-excel-15.cdn.office.net
URL: https://c1h-excel-15.cdn.office.net/x/s/h76F4CBA8D762931D__layouts/App_Scripts/EwaDSOpt.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:598::1c24 -, , ASN (),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://pnl1-excel.officeapps.live.com/
Origin: https://pnl1-excel.officeapps.live.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
date: Tue, 20 Jun 2023 00:06:33 GMT
x-officeversion: 16.0.16605.42304
x-officefe: BL6PEPF00011F41
p3p: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
cross-origin-resource-policy: cross-origin
x-msedge-flight: 2i49=afd_wacinfra4,2i4a=afd_wacinfra5
content-length: 103350
x-msedge-features: typeheadertest,afd_waccluster,afd_wordslice,afd_wacinfra4,afd_wacinfra5
last-modified: Tue, 13 Jun 2023 13:59:13 GMT
x-correlationid: 71582742-0fca-40f2-9ab3-f9a00f010a7f
x-usersessionid: 71582742-0fca-40f2-9ab3-f9a00f010a7f
x-msedge-ref: Ref A: 77E6566FD4D54C6AA8C4933BB5476F82 Ref B: FRA231050411025 Ref C: 2023-06-13T13:59:12Z
x-officecluster: PUS4
etag: W/"9cc3ea3bff9dd91:0"
x-officefd: BL6PEPF00007AB7
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 EwaDSOpt.ev.js
c1h-excel-15.cdn.office.net/x/s/h52B7F8B881FDDE29__layouts/App_Scripts/ Frame 479D 9 KB
4 KB 38ms
37ms Script
application/javascript 2a02:26f0:3500:598::1c24

General

Check archive.org

Show headers Download Go to

Full URL

https://c1h-excel-15.cdn.office.net/x/s/h52B7F8B881FDDE29__layouts/App_Scripts/EwaDSOpt.ev.js

Requested by

Host: c1h-excel-15.cdn.office.net
URL: https://c1h-excel-15.cdn.office.net/x/s/h76F4CBA8D762931D__layouts/App_Scripts/EwaDSOpt.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:598::1c24 -, , ASN (),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://pnl1-excel.officeapps.live.com/
Origin: https://pnl1-excel.officeapps.live.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
date: Tue, 20 Jun 2023 00:06:33 GMT
x-officeversion: 16.0.16605.42304
x-officefe: AM4PEPF0000693F
p3p: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
cross-origin-resource-policy: cross-origin
x-msedge-flight: 2i49=afd_wacinfra4,2i4a=afd_wacinfra5
content-length: 3074
x-msedge-features: typeheadertest,afd_waccluster,afd_visioslice_control,afd_wacinfra4,afd_wacinfra5
last-modified: Tue, 13 Jun 2023 14:05:14 GMT
x-correlationid: 01653672-4cd6-4d21-b3fb-8196f715eeb3
x-usersessionid: 01653672-4cd6-4d21-b3fb-8196f715eeb3
x-msedge-ref: Ref A: C98A31B2C0454160A78EEE212CD3D763 Ref B: FRA231050411009 Ref C: 2023-06-13T14:05:14Z
x-officecluster: PNL1
etag: W/"79f67a1309ed91:0"
x-officefd: AM4PEPF00021F12
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 EwaDSOpt.pi.js
c1h-excel-15.cdn.office.net/x/s/hE917849DFCD51D51__layouts/App_Scripts/ Frame 479D 498 KB
125 KB 38ms
38ms Script
application/javascript 2a02:26f0:3500:598::1c24

General

Check archive.org

Show headers Download Go to

Full URL

https://c1h-excel-15.cdn.office.net/x/s/hE917849DFCD51D51__layouts/App_Scripts/EwaDSOpt.pi.js

Requested by

Host: c1h-excel-15.cdn.office.net
URL: https://c1h-excel-15.cdn.office.net/x/s/h76F4CBA8D762931D__layouts/App_Scripts/EwaDSOpt.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:598::1c24 -, , ASN (),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://pnl1-excel.officeapps.live.com/
Origin: https://pnl1-excel.officeapps.live.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
date: Tue, 20 Jun 2023 00:06:33 GMT
x-officeversion: 16.0.16605.42304
x-officefe: AM4PEPF00006925
p3p: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
cross-origin-resource-policy: cross-origin
x-msedge-flight: 2i49=afd_wacinfra4,2i4a=afd_wacinfra5
content-length: 126948
x-msedge-features: typeheadertest,afd_waccluster,afd_pptcapacity_2_control,afd_wacinfra4,afd_wacinfra5
last-modified: Tue, 13 Jun 2023 13:59:12 GMT
x-correlationid: f6556269-217c-4f22-836e-b685ed932f5c
x-usersessionid: f6556269-217c-4f22-836e-b685ed932f5c
x-msedge-ref: Ref A: 8B4B6FDACB5540FE9B65734DB59537A6 Ref B: FRA231050411039 Ref C: 2023-06-13T13:59:12Z
x-officecluster: PNL1
etag: W/"831ea23bff9dd91:0"
x-officefd: AM4PEPF00021F14
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 EwaDSOpt.vrs.js
c1h-excel-15.cdn.office.net/x/s/hC6E334EBE6A820DD__layouts/App_Scripts/ Frame 479D 157 KB
42 KB 40ms
39ms Script
application/javascript 2a02:26f0:3500:598::1c24

General

Check archive.org

Show headers Download Go to

Full URL

https://c1h-excel-15.cdn.office.net/x/s/hC6E334EBE6A820DD__layouts/App_Scripts/EwaDSOpt.vrs.js

Requested by

Host: c1h-excel-15.cdn.office.net
URL: https://c1h-excel-15.cdn.office.net/x/s/h76F4CBA8D762931D__layouts/App_Scripts/EwaDSOpt.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:598::1c24 -, , ASN (),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://pnl1-excel.officeapps.live.com/
Origin: https://pnl1-excel.officeapps.live.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
date: Tue, 20 Jun 2023 00:06:33 GMT
x-officeversion: 16.0.16605.42304
x-officefe: AM4PEPF00006947
p3p: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
cross-origin-resource-policy: cross-origin
x-msedge-flight: 2i49=afd_wacinfra4,2i4a=afd_wacinfra5
content-length: 42352
x-msedge-features: typeheadertest,afd_waccluster,afd_wacinfra4,afd_wacinfra5
last-modified: Tue, 13 Jun 2023 13:59:11 GMT
x-correlationid: 957e1029-a87f-4e76-9abb-7403e1593026
x-usersessionid: 957e1029-a87f-4e76-9abb-7403e1593026
x-msedge-ref: Ref A: E60EB58C695B49DFB460A1B342E61F3C Ref B: FRA231050411027 Ref C: 2023-06-13T13:59:11Z
x-officecluster: PNL1
etag: W/"265ba53aff9dd91:0"
x-officefd: AM4PEPF00021F01
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 EwaDSOpt.cuixas.js
c1h-excel-15.cdn.office.net/x/s/hCE0BC20FAEA8EFFA__layouts/App_Scripts/ Frame 479D 647 KB
0 32ms
32ms Script
application/javascript 2a02:26f0:3500:598::1c24

General

Check archive.org

Show headers Download Go to

Full URL

https://c1h-excel-15.cdn.office.net/x/s/hCE0BC20FAEA8EFFA__layouts/App_Scripts/EwaDSOpt.cuixas.js

Requested by

Host: c1h-excel-15.cdn.office.net
URL: https://c1h-excel-15.cdn.office.net/x/s/h76F4CBA8D762931D__layouts/App_Scripts/EwaDSOpt.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:598::1c24 -, , ASN (),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://pnl1-excel.officeapps.live.com/
Origin: https://pnl1-excel.officeapps.live.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
date: Tue, 20 Jun 2023 00:06:33 GMT
x-officeversion: 16.0.16605.42304
x-officefe: BL6PEPF0000CFBA
p3p: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
cross-origin-resource-policy: cross-origin
x-msedge-flight: 2i49=afd_wacinfra4,2i4a=afd_wacinfra5
content-length: 142461
x-msedge-features: tasmigration015,typeheadertest,afd_waccluster,afd_powerpointslice,afd_onenoteslice_control,afd_wacinfra4,afd_wacinfra5
last-modified: Tue, 13 Jun 2023 13:59:11 GMT
x-correlationid: 39c130c2-3da6-411f-9501-656b8bab36c3
x-usersessionid: 39c130c2-3da6-411f-9501-656b8bab36c3
x-msedge-ref: Ref A: 7269C1605DED49D7BBA04DB852F801D0 Ref B: FRA231050413049 Ref C: 2023-06-13T13:59:10Z
x-officecluster: PUS4
etag: W/"f394ee3aff9dd91:0"
x-officefd: BL6PEPF00013AEA
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
timing-allow-origin: *

OPTIONS
H2 200 RemoteUls.ashx
euc-excel-telemetry.officeapps.live.com/xt/ Frame 0
0 63ms
63ms Preflight 2603:1063:2206:14::46

General

Check archive.org

Show headers Download Go to

Full URL

https://euc-excel-telemetry.officeapps.live.com/xt/RemoteUls.ashx?waccluster=PNL1&officeserverversion=16.0.16611.42310&usid=f5126207-5b0c-4d58-a0d9-304e9bf50089

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2603:1063:2206:14::46 -, , ASN (),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Headers: haep,x-accesstoken,x-accesstokenttl,x-key,x-officeversion,x-requested-with,x-usersessionid,x-usertype,x-waccluster,x-xhr
Access-Control-Request-Method: POST
Origin: https://pnl1-excel.officeapps.live.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-headers: Content-Type, Origin, X-AccessToken, X-AccessTokenTtl, X-BrowserUlsBeacon, X-CorrelationId, X-IsCoauthSession, X-Key, X-OfficeVersion, X-Requested-With, X-UserSessionId, X-UserType, X-WacCluster, X-WacFrontEnd, X-WacUserAgent, X-bULS-OfficeAppMode, X-bULS-OfficeAppType, X-bULS-SuppressionETag, X-bULS-UseSourceMaps, X-xhr, haep, hascn, hascnt
access-control-allow-methods: POST, OPTIONS
access-control-allow-origin: https://pnl1-excel.officeapps.live.com
access-control-expose-headers: X-EndSession, X-CorrelationId, X-OfficeFE, X-NewKey, X-bULS-SuppressionETag, X-bULS-SuppressedTags
access-control-max-age: 86400
cache-control: private
content-length: 0
cross-origin-resource-policy: cross-origin
date: Tue, 20 Jun 2023 00:06:32 GMT
p3p: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
server: Microsoft-IIS/10.0
strict-transport-security: max-age=31536000
x-correlationid: eb329fe6-9c58-428f-8129-942ac39e9eea
x-officecluster: PGTEU2
x-officefd: DB3PEPF000063BF
x-officefe: DB3PEPF000063BF
x-officeversion: 16.0.16616.42303
x-usersessionid: f5126207-5b0c-4d58-a0d9-304e9bf50089

POST RemoteUls.ashx
euc-excel-telemetry.officeapps.live.com/xt/ Frame 479D 0
0

POST BeaconHandler.ashx
pnl1-excel.officeapps.live.com/x/_layouts/ Frame 479D 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: euc-excel-telemetry.officeapps.live.com
URL: https://euc-excel-telemetry.officeapps.live.com/xt/RemoteUls.ashx?waccluster=PNL1&officeserverversion=16.0.16611.42310&usid=f5126207-5b0c-4d58-a0d9-304e9bf50089

Domain: euc-excel-telemetry.officeapps.live.com
URL: https://euc-excel-telemetry.officeapps.live.com/xt/RemoteUls.ashx?waccluster=PNL1&officeserverversion=16.0.16611.42310&usid=f5126207-5b0c-4d58-a0d9-304e9bf50089

Domain: pnl1-excel.officeapps.live.com
URL: https://pnl1-excel.officeapps.live.com/x/_layouts/BeaconHandler.ashx?WacUserType=WOPI&usid=f5126207-5b0c-4d58-a0d9-304e9bf50089&NoAuth=1&waccluster=PNL1&WebMethod=Xlplt

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.view.officeapps.live.com/	1969-12-31 23:59:59	Name: PNL1-ARRAffinity Value: 0872349633df2daae6dc68c2de8a5e56d3d23fd9f8f978f48fd523e81e300f4d
			.pnl1-excel.officeapps.live.com/	1969-12-31 23:59:59	Name: PNL1-Excel-ARRAffinity Value: 3ab3826a89a16327bc7ec15d0ecd27c88a706640de36b780f9c6122b77523ced

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

c1h-excel-15.cdn.office.net
euc-excel-telemetry.officeapps.live.com
fs.microsoft.com
pnl1-excel.officeapps.live.com
prosed.csgo.ee
prosed.ee
view.officeapps.live.com
euc-excel-telemetry.officeapps.live.com
pnl1-excel.officeapps.live.com
184.30.17.174
217.146.67.141
217.146.69.42
2603:1063:2206:14::46
2620:1ec:a92::171
2a02:26f0:3500:598::1c24
02199a3a74aa01644afe138e531c68a97bd44616553748399d12bd25a19d3ba3
02742133213348ee1021555ca59def59676f8a7d5da6d840ae593aaa64df557c
05515f88d6473791cc2f54474a737327181ca00c0705ff3fdad4e54d752e2eda
072799c158a63f494abfbb8c4a0a7f1322029d531192c34092b88ddfdf693b2d
1238d28fce0cbeb31d0bd5bdf97e17d0c02a8827652f2d91ab6351b3a9e448f9
1522f5c0f14d035c42540d84ad4d00d92b72240e91784c15c59e12921a1f0d79
16abb4d4fbda791537009ace13309ea5ff47d731c4c11719d7aa4294d843bace
17921d9b7b99afe2c59c1f1f68ad1919d764a33ed63e802f490733a686219d95
258b30d20837815f470a25f6c609179292fea46780831434a8a10583f0de8c5a
3ad2fcb328295f1199d593adaba909f3eea790f695554ac3c1da7aa009fc0e0d
3f3e19b22a8e669009d5e0aea6809bdda1432e7e6abec1a8f73390650e51be22
42ba9fce886a47d0d12947516f0f091c73df4f1cc62e2cd443ff2c5a34ee9647
432c06e59533498982ee251f068e6e80030de6e4d40612ce02c476a56bab4ce6
46689198526f176cb3bb2881be2e8f1273be7293fea0625f2c3bfa2058c9b422
4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230
5b6f2a6dcff5e4fa91361307a2d16e3fa4fdb2b137fc505a9711e727b493a080
614eaa22c5c5f763501f2d67b0ed2dca859a2693c90deb70a90c83f4c7ef704f
66c6b19e56a3a283448cfa65e8c47dbc8ac0a83050bb9029f82ed18c4409e1b2
6727d4b404f5a158670445c170e2922a588da60ce7948cb491001a9255f5fb9c
76f4cba8d762931dde5f191b6fbc41ec6a532be6d3692dc72de3064c9920ccfa
77f2fdbe0988be9b5d4aa7075d2bf038e2c50881bb3c485c826783824e1bbfd2
789d019e3e63db8671974a2d101057e7da274cb953e62f78e4890f808ac1ddd7
9142f17542cd9f0a62c280b1df9f4e88a05a0a66eeab49b863780bb044b3dc26
9810aee7e6d57d8cceaa96322b88e6df46710194689ae12b284149148cabc2f3
98c8bfa7840d1a8dc998f64ec4a7a93bfa4a001cab6a846440e399d8d67de272
a05710074ea675d0010555a386fea162a6ea24ecaddb87cc8deccf69dae97f82
a3596c17dad9a003d0bfbe0b7ba6765f51391b5c3943660316f01c8e77b323db
a416feab51b13695eb3344f299d0754b19352582518a7497d903368e5eeb7cc3
aca566587618e75fa291a419c7c430be02e03fc72f6105658c1bc8e7d59a65e4
afacce23cb4feaaaef37997f8439819d8f827df4951f3ff02704c9f16fb7f53a
b04bdff30310eedf24a6172757e5e8329a6c5f366a22213c8865db502c14f6ab
b5ce068353ad62cf6ac85e5973b0ac5d6a7cd700f026279081a4c94118a04b73
b7e17926b30342edecee8b3a93029ac51462e2b479277d8e077ba57173eb1900
c952c87aaaae1786be3071abeadc6091a1f91f6df1381881cc204861cf770686
d2c7c42af541ac69b7e99325ec9b6d79828c2f597bb8752b3e65c3c710433399
dcd9f488bd62ba0ee403b07a97e40b9ffd63a0eff61091588c913b16d5153d48
def6f7343b3fa79427426a51dbf484dc713fb9cc6d2813316303c73f05f29b3a
e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789
e38e9d3ac766eaffa7f98d417558b6ddf7d2f35ef57f61802d563080405cc074
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e77f429f5cde743c30216c2d5917706d09ddd938990f4f5ae98bfd4b5c7d0495
eb0ab622969875cccbaa658809cc6df6bfd73846f9c6c5e80774936cbc52845c
ed852397438aaf550af851196ec9b93418caf8b12b1acac0c6bb371265f0602c

prosed.ee Open in urlscan Pro 217.146.69.42 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

54 Requests

91 %HTTPS

50 %IPv6

5 Domains

7 Subdomains

7 IPs

2 Countries

4290 kBTransfer

12763 kBSize

2 Cookies

2 Outgoing links

Page URL History

Redirected requests

54 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

prosed.ee Open in urlscan Pro
217.146.69.42 Public Scan

Screenshot
Live screenshot

Full Image

54
Requests

91 %
HTTPS

50 %
IPv6

5
Domains

7
Subdomains

7
IPs

2
Countries

4290 kB
Transfer

12763 kB
Size

2
Cookies

54 HTTP transactions
3 data transactions