Submitted URL: https://u.to/RFxVFg
Effective URL: https://forms.office.com/Pages/ResponsePage.aspx?id=DQSIkWdsW0yxEjajBLZtrQAAAAAAAAAAAAa__QkcLxpUNlRNQVc4RTVZNlZBRkFTSjFXQ...
Submission: On September 18 via manual from US

Summary

This website contacted 10 IPs in 5 countries across 8 domains to perform 19 HTTP transactions. The main IP is 52.109.76.79, located in Dublin, Ireland and belongs to MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US. The main domain is forms.office.com.
TLS certificate: Issued by Microsoft IT TLS CA 4 on February 26th 2019. Valid for: 2 years.
This is the only time forms.office.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 195.216.243.155 29226 (MASTERTEL...)
5 52.109.76.79 8075 (MICROSOFT...)
1 2a02:6b8::1:119 13238 (YANDEX)
1 2 88.212.196.72 39134 (UNITEDNET)
5 2.16.186.106 20940 (AKAMAI-ASN1)
1 152.199.19.160 15133 (EDGECAST)
1 2 52.142.114.2 8075 (MICROSOFT...)
1 1 2620:1ec:c11:... 8068 (MICROSOFT...)
2 40.77.226.250 8075 (MICROSOFT...)
1 52.109.88.14 8075 (MICROSOFT...)
1 52.114.74.45 8075 (MICROSOFT...)
19 10
Domain Requested by
5 cdn.forms.office.net forms.office.com
cdn.forms.office.net
5 forms.office.com u.to
cdn.forms.office.net
2 web.vortex.data.microsoft.com az725175.vo.msecnd.net
2 c.office.com 1 redirects forms.office.com
2 counter.yadro.ru 1 redirects
1 browser.pipe.aria.microsoft.com cdn.forms.office.net
1 lists.office.com
1 c.bing.com 1 redirects
1 az725175.vo.msecnd.net forms.office.com
1 mc.yandex.ru u.to
1 u.to
19 11

This site contains links to these domains. Also see Links.

Domain
go.microsoft.com
Subject Issuer Validity Valid
u.to
Sectigo RSA Domain Validation Secure Server CA
2019-08-23 -
2021-08-22
2 years crt.sh
forms.office.com
Microsoft IT TLS CA 4
2019-02-26 -
2021-02-26
2 years crt.sh
bs.yandex.ru
Yandex CA
2018-10-03 -
2019-10-03
a year crt.sh
counter.yadro.ru
COMODO ECC Domain Validation Secure Server CA
2018-04-09 -
2020-04-08
2 years crt.sh
cdn.forms.office.net
Microsoft IT TLS CA 1
2019-07-29 -
2021-07-29
2 years crt.sh
*.vo.msecnd.net
Microsoft IT TLS CA 2
2018-03-30 -
2020-03-30
2 years crt.sh
c.msn.com
Microsoft IT TLS CA 1
2018-09-13 -
2020-09-13
2 years crt.sh
*.vortex.data.microsoft.com
Microsoft IT TLS CA 5
2018-01-30 -
2020-01-30
2 years crt.sh
lists.office.com
Microsoft IT TLS CA 4
2017-12-18 -
2019-12-18
2 years crt.sh
*.events.data.microsoft.com
Microsoft IT TLS CA 1
2019-03-26 -
2021-03-26
2 years crt.sh

This page contains 1 frames:

Primary Page: https://forms.office.com/Pages/ResponsePage.aspx?id=DQSIkWdsW0yxEjajBLZtrQAAAAAAAAAAAAa__QkcLxpUNlRNQVc4RTVZNlZBRkFTSjFXQVI0RUpaUS4u
Frame ID: CD77BF2E6E55659171E54D48DD9F2B01
Requests: 19 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://u.to/RFxVFg Page URL
  2. https://forms.office.com/Pages/ResponsePage.aspx?id=DQSIkWdsW0yxEjajBLZtrQAAAAAAAAAAAAa__QkcLxpUNlRNQ... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

19
Requests

100 %
HTTPS

18 %
IPv6

8
Domains

11
Subdomains

10
IPs

5
Countries

412 kB
Transfer

2129 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://u.to/RFxVFg Page URL
  2. https://forms.office.com/Pages/ResponsePage.aspx?id=DQSIkWdsW0yxEjajBLZtrQAAAAAAAAAAAAa__QkcLxpUNlRNQVc4RTVZNlZBRkFTSjFXQVI0RUpaUS4u Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2
  • https://counter.yadro.ru/hit;utostat?r;s1600*1200*24;uhttps%3A//u.to/RFxVFg;1568816163278 HTTP 302
  • https://counter.yadro.ru/hit;utostat?q;r;s1600*1200*24;uhttps%3A//u.to/RFxVFg;1568816163278
Request Chain 10
  • https://c.office.com/c.gif HTTP 302
  • https://c.bing.com/c.gif?&CtsSyncId=A627F0A594944F699D78C9A519384CEE&RedC=c.office.com&MXFR=0AE564DC731667FA1701690777166CEB HTTP 302
  • https://c.office.com/c.gif?&CtsSyncId=A627F0A594944F699D78C9A519384CEE&MUID=0AE564DC731667FA1701690777166CEB

19 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Cookie set RFxVFg
u.to/
1 KB
1 KB
Document
General
Full URL
https://u.to/RFxVFg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
195.216.243.155 Moscow, Russian Federation, ASN29226 (MASTERTEL-AS Moscow, Russia, RU),
Reverse DNS
s5.unet.com
Software
nginx/1.8.0 /
Resource Hash
fe36ba53d8cd843331dafd88e353602d982ad7c22ab1f2264972f72f1fa3610e

Request headers

Host
u.to
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
none
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1

Response headers

Server
nginx/1.8.0
Date
Wed, 18 Sep 2019 14:16:04 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Keep-Alive
timeout=15
Set-Cookie
lng=de; path=/; expires=Thu, 17-Sep-2020 14:16:04 GMT; domain=.u.to;
Cache-Control
no-cache no-store
Pragma
no-cache
Vary
host
Content-Encoding
gzip
Primary Request Cookie set ResponsePage.aspx
forms.office.com/Pages/
17 KB
8 KB
Document
General
Full URL
https://forms.office.com/Pages/ResponsePage.aspx?id=DQSIkWdsW0yxEjajBLZtrQAAAAAAAAAAAAa__QkcLxpUNlRNQVc4RTVZNlZBRkFTSjFXQVI0RUpaUS4u
Requested by
Host: u.to
URL: https://u.to/RFxVFg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
52.109.76.79 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
16e3ddcc2097e43bfc107f4420ff1e8fb27cea18d9f84e71497fe156bf188ef8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Host
forms.office.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
cross-site
Referer
https://u.to/RFxVFg
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Referer
https://u.to/RFxVFg

Response headers

Cache-Control
no-cache, no-store, must-revalidate
Pragma
no-cache
Content-Length
6624
Content-Type
text/html; charset=utf-8
Content-Encoding
gzip
Expires
0
Vary
Accept-Encoding
Server
Microsoft-IIS/8.5
X-RoutingOfficeCluster
neu-001.forms.office.com
X-RoutingOfficeFE
FormsSingleBox_IN_4
X-RoutingOfficeVersion
16.0.12111.33225
X-RoutingSessionId
ec7d0b1a-26de-411c-b93a-7de83dee72ea
X-RoutingCorrelationId
c558f852-fa05-4720-b3af-464113e40bf6
P3P
CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
Set-Cookie
DcLcid=ui=1033&data=1033; expires=Wed, 18-Dec-2019 14:16:03 GMT; path=/; secure; HttpOnly __RequestVerificationToken=elKxKkEa-ZR_rJ-guaC2AjylyuxiZvD3qK-mGxW7kgBVd2wAOVMq9r-WFDMY93_iBLxn3kk3x9WjZxYmOAY9pJI6ZZ41; path=/; secure; HttpOnly AADNonce.forms=43d1e2db-2a7c-4ff7-94b1-55c860538536.637044129634782146; domain=forms.office.com; path=/; secure; HttpOnly
X-CorrelationId
c558f852-fa05-4720-b3af-464113e40bf6
X-UserSessionId
ec7d0b1a-26de-411c-b93a-7de83dee72ea
X-OfficeFE
FormsSingleBox_IN_8
X-OfficeVersion
16.0.12110.36678
X-OfficeCluster
ncus-001.forms.office.com
X-FailureReason
MissingCookieOrToken
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000
Date
Wed, 18 Sep 2019 14:16:02 GMT
tag.js
mc.yandex.ru/metrika/
315 KB
0
Script
General
Full URL
https://mc.yandex.ru/metrika/tag.js
Requested by
Host: u.to
URL: https://u.to/RFxVFg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx/1.14.2 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://u.to/RFxVFg
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 18 Sep 2019 14:16:03 GMT
Content-Encoding
br
Last-Modified
Wed, 18 Sep 2019 09:49:20 GMT
Server
nginx/1.14.2
ETag
"5d81fda0-16999"
Strict-Transport-Security
max-age=31536000
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600
Connection
keep-alive
Content-Length
92569
Expires
Wed, 18 Sep 2019 15:16:03 GMT
hit;utostat
counter.yadro.ru/
Redirect Chain
  • https://counter.yadro.ru/hit;utostat?r;s1600*1200*24;uhttps%3A//u.to/RFxVFg;1568816163278
  • https://counter.yadro.ru/hit;utostat?q;r;s1600*1200*24;uhttps%3A//u.to/RFxVFg;1568816163278
43 B
421 B
Image
General
Full URL
https://counter.yadro.ru/hit;utostat?q;r;s1600*1200*24;uhttps%3A//u.to/RFxVFg;1568816163278
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
88.212.196.72 , Russian Federation, ASN39134 (UNITEDNET, RU),
Reverse DNS
host42.rax.ru
Software
nginx/1.11.1 /
Resource Hash

Request headers

Referer
https://u.to/RFxVFg
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 18 Sep 2019 14:16:03 GMT
Server
nginx/1.11.1
P3P
policyref="/w3c/p3p.xml", CP="UNI"
Cache-control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Mon, 17 Sep 2018 21:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Wed, 18 Sep 2019 14:16:03 GMT
Server
nginx/1.11.1
P3P
policyref="/w3c/p3p.xml", CP="UNI"
Location
https://counter.yadro.ru/hit;utostat?q;r;s1600*1200*24;uhttps%3A//u.to/RFxVFg;1568816163278
Cache-control
no-cache
Connection
keep-alive
Content-Type
text/html
Content-Length
32
Expires
Mon, 17 Sep 2018 21:00:00 GMT
response-page-customize-fabric-bootstrap.min.90b4e94.css
cdn.forms.office.net/forms/css/dist/
142 KB
21 KB
Stylesheet
General
Full URL
https://cdn.forms.office.net/forms/css/dist/response-page-customize-fabric-bootstrap.min.90b4e94.css
Requested by
Host: forms.office.com
URL: https://forms.office.com/Pages/ResponsePage.aspx?id=DQSIkWdsW0yxEjajBLZtrQAAAAAAAAAAAAa__QkcLxpUNlRNQVc4RTVZNlZBRkFTSjFXQVI0RUpaUS4u
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.16.186.106 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-16-186-106.deploy.static.akamaitechnologies.com
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
1cabf3c1e5e2178d9aea793263e0104b27ac2d8f9a99fa7a5ebc46d46cdb8a27

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://forms.office.com/Pages/ResponsePage.aspx?id=DQSIkWdsW0yxEjajBLZtrQAAAAAAAAAAAAa__QkcLxpUNlRNQVc4RTVZNlZBRkFTSjFXQVI0RUpaUS4u
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 18 Sep 2019 14:16:03 GMT
content-encoding
br
content-md5
ruD41WVK76/Lzw4q2pK4yQ==
status
200
content-length
20800
x-ms-lease-status
unlocked
last-modified
Tue, 10 Sep 2019 23:28:21 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8D7364691C6B7FC
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
0c927e6d-101e-00c7-7176-684cb7000000
access-control-expose-headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
cache-control
max-age=31536000
x-ms-version
2009-09-19
expires
Thu, 17 Sep 2020 14:16:03 GMT
basics.min.d9f547c.js
cdn.forms.office.net/forms/scripts/vendors/combinedmin/
353 KB
99 KB
Script
General
Full URL
https://cdn.forms.office.net/forms/scripts/vendors/combinedmin/basics.min.d9f547c.js
Requested by
Host: forms.office.com
URL: https://forms.office.com/Pages/ResponsePage.aspx?id=DQSIkWdsW0yxEjajBLZtrQAAAAAAAAAAAAa__QkcLxpUNlRNQVc4RTVZNlZBRkFTSjFXQVI0RUpaUS4u
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.16.186.106 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-16-186-106.deploy.static.akamaitechnologies.com
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
b9b609c0a90368a3481662bff42a32151ed00cf7d5991756a2e0d6f61040126d

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://forms.office.com/Pages/ResponsePage.aspx?id=DQSIkWdsW0yxEjajBLZtrQAAAAAAAAAAAAa__QkcLxpUNlRNQVc4RTVZNlZBRkFTSjFXQVI0RUpaUS4u
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 18 Sep 2019 14:16:03 GMT
content-encoding
br
content-md5
LssgcJu69YcwPUqQ0d6gEA==
status
200
content-length
100427
x-ms-lease-status
unlocked
last-modified
Wed, 28 Aug 2019 23:33:41 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8D72C1028FD14E6
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
922ac9d4-c01e-0002-2852-5e328c000000
access-control-expose-headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
cache-control
max-age=31536000
x-ms-version
2009-09-19
expires
Thu, 17 Sep 2020 14:16:03 GMT
response-page.min.5463b97.js
cdn.forms.office.net/forms/scripts/dists/
956 KB
165 KB
Script
General
Full URL
https://cdn.forms.office.net/forms/scripts/dists/response-page.min.5463b97.js
Requested by
Host: forms.office.com
URL: https://forms.office.com/Pages/ResponsePage.aspx?id=DQSIkWdsW0yxEjajBLZtrQAAAAAAAAAAAAa__QkcLxpUNlRNQVc4RTVZNlZBRkFTSjFXQVI0RUpaUS4u
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.16.186.106 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-16-186-106.deploy.static.akamaitechnologies.com
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
ce6db9d0a1eff317004092d72cc62d7e5fceb3220ae957937233bb4045c865f3

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://forms.office.com/Pages/ResponsePage.aspx?id=DQSIkWdsW0yxEjajBLZtrQAAAAAAAAAAAAa__QkcLxpUNlRNQVc4RTVZNlZBRkFTSjFXQVI0RUpaUS4u
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 18 Sep 2019 14:16:03 GMT
content-encoding
br
content-md5
Rm5ikfJWr1SbRKZtxFNFRQ==
status
200
content-length
168533
x-ms-lease-status
unlocked
last-modified
Tue, 10 Sep 2019 23:34:27 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8D736476BF9CFAB
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
a2451bf7-201e-00e6-2076-682186000000
access-control-expose-headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
cache-control
max-age=31536000
x-ms-version
2009-09-19
expires
Thu, 17 Sep 2020 14:16:03 GMT
jsll-4.js
az725175.vo.msecnd.net/scripts/
54 KB
18 KB
Script
General
Full URL
https://az725175.vo.msecnd.net/scripts/jsll-4.js
Requested by
Host: forms.office.com
URL: https://forms.office.com/Pages/ResponsePage.aspx?id=DQSIkWdsW0yxEjajBLZtrQAAAAAAAAAAAAa__QkcLxpUNlRNQVc4RTVZNlZBRkFTSjFXQVI0RUpaUS4u
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.19.160 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (frc/8F78) /
Resource Hash
e6bbfa4af18fb4f0e9c8a31d6654eac92d0f82dc895c6e5f49b54a8de51e5923

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://forms.office.com/Pages/ResponsePage.aspx?id=DQSIkWdsW0yxEjajBLZtrQAAAAAAAAAAAAa__QkcLxpUNlRNQVc4RTVZNlZBRkFTSjFXQVI0RUpaUS4u
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 18 Sep 2019 14:16:03 GMT
content-encoding
gzip
content-md5
Dy7dMa7nsOSUbofNz/X23A==
x-cache
HIT
status
200
content-length
18058
x-ms-lease-status
unlocked
last-modified
Thu, 14 Mar 2019 00:43:49 GMT
server
ECAcc (frc/8F78)
etag
0x8D6A8161FD3B925
vary
Accept-Encoding
content-type
text/javascript; charset="utf-8"
x-ms-request-id
ba113692-d01e-0005-6827-6e3b54000000
cache-control
public, max-age=1800, immutable
x-ms-version
2009-09-19
runtimeForms('DQSIkWdsW0yxEjajBLZtrQAAAAAAAAAAAAa__QkcLxpUNlRNQVc4RTVZNlZBRkFTSjFXQVI0RUpaUS4u')
forms.office.com/formapi/api/9188040d-6c67-4c5b-b112-36a304b66dad/users/00000000-0000-0000-0006-bffd091c2f1a/light/
3 KB
2 KB
XHR
General
Full URL
https://forms.office.com/formapi/api/9188040d-6c67-4c5b-b112-36a304b66dad/users/00000000-0000-0000-0006-bffd091c2f1a/light/runtimeForms('DQSIkWdsW0yxEjajBLZtrQAAAAAAAAAAAAa__QkcLxpUNlRNQVc4RTVZNlZBRkFTSjFXQVI0RUpaUS4u')?$select=id,title,modifiedDate,description,settings,background,otherInfo,questions,descriptiveQuestions,logo,category,predefinedResponses,thankYouMessage,emailReceiptEnabled,DataClassificationLabel,type,defaultLanguage,localeList,onlineSafetyLevel&$expand=questions($expand=choices)
Requested by
Host: cdn.forms.office.net
URL: https://cdn.forms.office.net/forms/scripts/vendors/combinedmin/basics.min.d9f547c.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
52.109.76.79 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
7e81ee7c9fd31a790cc2d297433a0fe5fb39519a8cd2539a786f33016e8c4849
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
cors
X-CorrelationId
6bedb202-ad22-4b07-8a94-b38e091d0300
X-UserSessionId
ec7d0b1a-26de-411c-b93a-7de83dee72ea
x-ms-form-request-ring
msa
Authorization
Accept
application/json
Referer
https://forms.office.com/Pages/ResponsePage.aspx?id=DQSIkWdsW0yxEjajBLZtrQAAAAAAAAAAAAa__QkcLxpUNlRNQVc4RTVZNlZBRkFTSjFXQVI0RUpaUS4u
__RequestVerificationToken
7rFZvfc-rP3pNsdN6Ov5xQhL_KlPmAg-pYUV8Ins0V1Lzr1Qz9ZUvvC29HK1iw793q8JPDfzcrqjP-IjG_4uQBJUvEo1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
x-ms-form-request-source
ms-formweb
OData-MaxVersion
4.0

Response headers

Strict-Transport-Security
max-age=31536000
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-OfficeVersion
16.0.12110.36678
X-OfficeFE
FormsSingleBox_IN_6, FormsSingleBox_IN_2
P3P
CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
Server
Microsoft-IIS/8.5
Content-Length
1269
X-RoutingOfficeFE
FormsSingleBox_IN_4
Pragma
no-cache
X-RoutingOfficeVersion
16.0.12111.33225
X-CorrelationId
6bedb202-ad22-4b07-8a94-b38e091d0300
X-OfficeCluster
ncus-001.forms.office.com
X-UserSessionId
ec7d0b1a-26de-411c-b93a-7de83dee72ea
X-Powered-By
ASP.NET
Date
Wed, 18 Sep 2019 14:16:03 GMT
Vary
Accept-Encoding
Content-Type
application/json; charset=utf-8
X-RoutingCorrelationId
6bedb202-ad22-4b07-8a94-b38e091d0300
Cache-Control
no-cache
X-FailureReason
MissingCookieOrToken
X-RoutingSessionId
ec7d0b1a-26de-411c-b93a-7de83dee72ea
X-RoutingOfficeCluster
neu-001.forms.office.com
Expires
-1
GetResourceStrings
forms.office.com/Pages/ResponsePage.aspx/
183 KB
52 KB
XHR
General
Full URL
https://forms.office.com/Pages/ResponsePage.aspx/GetResourceStrings
Requested by
Host: cdn.forms.office.net
URL: https://cdn.forms.office.net/forms/scripts/vendors/combinedmin/basics.min.d9f547c.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
52.109.76.79 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
692886753b131d6ff615c17e0915eb104ed4610f578523a74222d80221f69fc1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
cors
X-CorrelationId
6f5b2570-c6f8-4b44-8f7c-a979a1718a70
X-UserSessionId
ec7d0b1a-26de-411c-b93a-7de83dee72ea
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
application/json; charset=UTF-8
Accept
application/json, text/javascript, */*; q=0.01
Referer
https://forms.office.com/Pages/ResponsePage.aspx?id=DQSIkWdsW0yxEjajBLZtrQAAAAAAAAAAAAa__QkcLxpUNlRNQVc4RTVZNlZBRkFTSjFXQVI0RUpaUS4u
X-Requested-With
XMLHttpRequest

Response headers

Strict-Transport-Security
max-age=31536000
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-OfficeVersion
16.0.12111.33225
X-OfficeFE
FormsSingleBox_IN_4
P3P
CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
Server
Microsoft-IIS/8.5
Content-Length
52003
X-RoutingOfficeFE
FormsSingleBox_IN_4
X-RoutingOfficeVersion
16.0.12111.33225
X-CorrelationId
6f5b2570-c6f8-4b44-8f7c-a979a1718a70
X-OfficeCluster
neu-001.forms.office.com
X-UserSessionId
ec7d0b1a-26de-411c-b93a-7de83dee72ea
X-Powered-By
ASP.NET
Date
Wed, 18 Sep 2019 14:16:03 GMT
Vary
Accept-Encoding
Content-Type
application/json; charset=utf-8
X-RoutingCorrelationId
6f5b2570-c6f8-4b44-8f7c-a979a1718a70
Cache-Control
private, max-age=0
X-FailureReason
MissingCookieOrToken
X-RoutingSessionId
ec7d0b1a-26de-411c-b93a-7de83dee72ea
X-RoutingOfficeCluster
neu-001.forms.office.com
response.min.6275218.js
cdn.forms.office.net/forms/scripts/vendors/combinedmin/
88 KB
26 KB
Script
General
Full URL
https://cdn.forms.office.net/forms/scripts/vendors/combinedmin/response.min.6275218.js
Requested by
Host: cdn.forms.office.net
URL: https://cdn.forms.office.net/forms/scripts/dists/response-page.min.5463b97.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.16.186.106 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-16-186-106.deploy.static.akamaitechnologies.com
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
f3fb5447e1b13ce7ee31c1d21884e31e7c10a2aa29858c03c99f1af6240ea72c

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://forms.office.com/Pages/ResponsePage.aspx?id=DQSIkWdsW0yxEjajBLZtrQAAAAAAAAAAAAa__QkcLxpUNlRNQVc4RTVZNlZBRkFTSjFXQVI0RUpaUS4u
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 18 Sep 2019 14:16:03 GMT
content-encoding
br
content-md5
siK+mfzLRdA3JsH4RaYu8w==
status
200
content-length
26479
x-ms-lease-status
unlocked
last-modified
Fri, 06 Sep 2019 00:21:59 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8D732603B70BD7F
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
c7bf1589-401e-005c-4a7d-64c18f000000
access-control-expose-headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
cache-control
max-age=31536000
x-ms-version
2009-09-19
expires
Thu, 17 Sep 2020 14:16:03 GMT
c.gif
c.office.com/
Redirect Chain
  • https://c.office.com/c.gif
  • https://c.bing.com/c.gif?&CtsSyncId=A627F0A594944F699D78C9A519384CEE&RedC=c.office.com&MXFR=0AE564DC731667FA1701690777166CEB
  • https://c.office.com/c.gif?&CtsSyncId=A627F0A594944F699D78C9A519384CEE&MUID=0AE564DC731667FA1701690777166CEB
42 B
225 B
Image
General
Full URL
https://c.office.com/c.gif?&CtsSyncId=A627F0A594944F699D78C9A519384CEE&MUID=0AE564DC731667FA1701690777166CEB
Requested by
Host: forms.office.com
URL: https://forms.office.com/Pages/ResponsePage.aspx?id=DQSIkWdsW0yxEjajBLZtrQAAAAAAAAAAAAa__QkcLxpUNlRNQVc4RTVZNlZBRkFTSjFXQVI0RUpaUS4u
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.142.114.2 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Referer
https://forms.office.com/Pages/ResponsePage.aspx?id=DQSIkWdsW0yxEjajBLZtrQAAAAAAAAAAAAa__QkcLxpUNlRNQVc4RTVZNlZBRkFTSjFXQVI0RUpaUS4u
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Sep 2019 14:16:03 GMT
etag
"a382a3eac26cd51:0"
last-modified
Mon, 16 Sep 2019 19:14:09 GMT
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
status
200
cache-control
private, no-cache, proxy-revalidate, no-store
accept-ranges
bytes
content-type
image/gif
content-length
42

Redirect headers

pragma
no-cache
date
Wed, 18 Sep 2019 14:16:03 GMT
x-msedge-ref
Ref A: 5B451C4CB2B1454FAFE905B7D8730367 Ref B: VIEEDGE0909 Ref C: 2019-09-18T14:16:04Z
x-powered-by
ASP.NET
status
302
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location
https://c.office.com/c.gif?&CtsSyncId=A627F0A594944F699D78C9A519384CEE&MUID=0AE564DC731667FA1701690777166CEB
cache-control
private, no-cache, proxy-revalidate, no-store
content-length
0
t.js
web.vortex.data.microsoft.com/collect/v1/
260 B
909 B
Script
General
Full URL
https://web.vortex.data.microsoft.com/collect/v1/t.js?ver=%272.1%27&name=%27Ms.Webi.PageView%27&time=%272019-09-18T14%3A16%3A03.898Z%27&os=%27MacOS%27&appId=%27JS%3Aforms.office.com%27&-ver=%271.0%27&-impressionGuid=%273ee801be-01ce-4122-a750-9a7cd1cb4d92%27&-pageName=%27ResponsePage.aspx%27&-uri=%27https%3A%2F%2Fforms.office.com%2FPages%2FResponsePage.aspx%3Fid%3DDQSIkWdsW0yxEjajBLZtrQAAAAAAAAAAAAa__QkcLxpUNlRNQVc4RTVZNlZBRkFTSjFXQVI0RUpaUS4u%27&-referrerUri=%27https%3A%2F%2Fu.to%2FRFxVFg%27&-resHeight=1200&-resWidth=1600&-pageTags=%27%7B%22metaTags%22%3A%7B%7D%7D%27&-behavior=0&*baseType=%27Ms.Content.PageView%27&*cookieEnabled=true&*isJs=true&*title=%27Microsoft%20Forms%27&*isLoggedIn=false&*flashInstalled=false&ext-javascript-ver=%271.1%27&ext-javascript-libVer=%274.2.14%27&ext-javascript-domain=%27forms.office.com%27&ext-javascript-userConsent=false&$mscomCookies=false
Requested by
Host: az725175.vo.msecnd.net
URL: https://az725175.vo.msecnd.net/scripts/jsll-4.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
40.77.226.250 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
/
Resource Hash
99274b8a75ca0ac46a7d512cada914a6610fd90ca1b047fe81293fee731480e4
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://forms.office.com/Pages/ResponsePage.aspx?id=DQSIkWdsW0yxEjajBLZtrQAAAAAAAAAAAAa__QkcLxpUNlRNQVc4RTVZNlZBRkFTSjFXQVI0RUpaUS4u
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 18 Sep 2019 14:16:03 GMT
X-Content-Type-Options
nosniff
P3P
CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Cache-Control
no-cache, no-store
MS-CV
MDnfKj7350a2TDC+hKFXQw.0
Content-Type
application/javascript
Content-Length
260
Expires
0
v1
web.vortex.data.microsoft.com/collect/
0
0
Other
General
Full URL
https://web.vortex.data.microsoft.com/collect/v1?$mscomCookies=false&ext-javascript-msfpc=%27GUID%3Dec96c5fb4c544897bac58636315939bd%26HASH%3Dec96%26LV%3D201909%26V%3D4%26LU%3D1568816164000%27
Requested by
Host: az725175.vo.msecnd.net
URL: https://az725175.vo.msecnd.net/scripts/jsll-4.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
40.77.226.250 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://forms.office.com/Pages/ResponsePage.aspx?id=DQSIkWdsW0yxEjajBLZtrQAAAAAAAAAAAAa__QkcLxpUNlRNQVc4RTVZNlZBRkFTSjFXQVI0RUpaUS4u
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin
https://forms.office.com
Access-Control-Allow-Headers
Accept, Authorization, Content-Type, Origin, X-Xbl-Contract-Version, X-Xbl-Device-Type, Xbl-Authz-Actor-10, WithCredentials
Access-Control-Allow-Credentials
true
GetThemes
forms.office.com/Pages/ResponsePage.aspx/
297 B
1 KB
XHR
General
Full URL
https://forms.office.com/Pages/ResponsePage.aspx/GetThemes
Requested by
Host: cdn.forms.office.net
URL: https://cdn.forms.office.net/forms/scripts/vendors/combinedmin/basics.min.d9f547c.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
52.109.76.79 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
c28de49a775fca372784b9f662136f8ac438cb5a42614bbbb9786b566643c825
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
cors
X-CorrelationId
00374869-a037-4266-905d-dc219504901f
X-UserSessionId
ec7d0b1a-26de-411c-b93a-7de83dee72ea
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
application/json; charset=UTF-8
Accept
application/json, text/javascript, */*; q=0.01
Referer
https://forms.office.com/Pages/ResponsePage.aspx?id=DQSIkWdsW0yxEjajBLZtrQAAAAAAAAAAAAa__QkcLxpUNlRNQVc4RTVZNlZBRkFTSjFXQVI0RUpaUS4u
X-Requested-With
XMLHttpRequest

Response headers

Strict-Transport-Security
max-age=31536000
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-OfficeVersion
16.0.12111.33225
X-OfficeFE
FormsSingleBox_IN_4
P3P
CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
Server
Microsoft-IIS/8.5
Content-Length
184
X-RoutingOfficeFE
FormsSingleBox_IN_4
X-RoutingOfficeVersion
16.0.12111.33225
X-CorrelationId
00374869-a037-4266-905d-dc219504901f
X-OfficeCluster
neu-001.forms.office.com
X-UserSessionId
ec7d0b1a-26de-411c-b93a-7de83dee72ea
X-Powered-By
ASP.NET
Date
Wed, 18 Sep 2019 14:16:03 GMT
Vary
Accept-Encoding
Content-Type
application/json; charset=utf-8
X-RoutingCorrelationId
00374869-a037-4266-905d-dc219504901f
Cache-Control
private, max-age=0
X-FailureReason
MissingCookieOrToken
X-RoutingSessionId
ec7d0b1a-26de-411c-b93a-7de83dee72ea
X-RoutingOfficeCluster
neu-001.forms.office.com
privacy
forms.office.com/formapi/api/
63 B
1 KB
XHR
General
Full URL
https://forms.office.com/formapi/api/privacy?ownerTenantId=9188040d-6c67-4c5b-b112-36a304b66dad
Requested by
Host: cdn.forms.office.net
URL: https://cdn.forms.office.net/forms/scripts/vendors/combinedmin/basics.min.d9f547c.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
52.109.76.79 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
2b3de487841717411e136ce253f066629c77b04389188f53d72c3e918350599f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
cors
X-CorrelationId
10f15901-5560-4637-9243-0059a6f4dabf
X-UserSessionId
ec7d0b1a-26de-411c-b93a-7de83dee72ea
x-ms-form-request-ring
msa
Authorization
Accept
application/json
Referer
https://forms.office.com/Pages/ResponsePage.aspx?id=DQSIkWdsW0yxEjajBLZtrQAAAAAAAAAAAAa__QkcLxpUNlRNQVc4RTVZNlZBRkFTSjFXQVI0RUpaUS4u
__RequestVerificationToken
7rFZvfc-rP3pNsdN6Ov5xQhL_KlPmAg-pYUV8Ins0V1Lzr1Qz9ZUvvC29HK1iw793q8JPDfzcrqjP-IjG_4uQBJUvEo1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
x-ms-form-request-source
ms-formweb
OData-MaxVersion
4.0

Response headers

Strict-Transport-Security
max-age=31536000
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-OfficeVersion
16.0.12111.33225
X-OfficeFE
FormsSingleBox_IN_4, FormsSingleBox_IN_4
P3P
CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
Server
Microsoft-IIS/8.5
Content-Length
92
X-RoutingOfficeFE
FormsSingleBox_IN_4
Pragma
no-cache
X-RoutingOfficeVersion
16.0.12111.33225
X-CorrelationId
10f15901-5560-4637-9243-0059a6f4dabf
X-OfficeCluster
neu-001.forms.office.com
X-UserSessionId
ec7d0b1a-26de-411c-b93a-7de83dee72ea
X-Powered-By
ASP.NET
Date
Wed, 18 Sep 2019 14:16:03 GMT
Vary
Accept-Encoding
Content-Type
application/json; charset=utf-8
X-RoutingCorrelationId
10f15901-5560-4637-9243-0059a6f4dabf
Cache-Control
no-cache
X-FailureReason
MissingCookieOrToken
X-RoutingSessionId
ec7d0b1a-26de-411c-b93a-7de83dee72ea
X-RoutingOfficeCluster
neu-001.forms.office.com
Expires
-1
10edc004-fd5f-49f4-a28a-5a62aa0bff6c
lists.office.com/Images/9188040d-6c67-4c5b-b112-36a304b66dad/00000000-0000-0000-0006-bffd091c2f1a/T6TMAW8E5Y6VAFASJ1WAR4EJZQ/
4 KB
5 KB
Image
General
Full URL
https://lists.office.com/Images/9188040d-6c67-4c5b-b112-36a304b66dad/00000000-0000-0000-0006-bffd091c2f1a/T6TMAW8E5Y6VAFASJ1WAR4EJZQ/10edc004-fd5f-49f4-a28a-5a62aa0bff6c
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.109.88.14 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
/ ASP.NET
Resource Hash
7b2e293f7b75f22b84ba651a1968b6819834cb8491f9e57ca7182b9b47fa5c63

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://forms.office.com/Pages/ResponsePage.aspx?id=DQSIkWdsW0yxEjajBLZtrQAAAAAAAAAAAAa__QkcLxpUNlRNQVc4RTVZNlZBRkFTSjFXQVI0RUpaUS4u
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Sep 2019 14:16:04 GMT
x-routingofficeversion
16.0.12110.36251
x-aspnet-version
4.0.30319
x-powered-by
ASP.NET
content-type
image/png
status
200
cache-control
no-cache
x-routingsessionid
6efd3b6c-62c1-4021-8159-4162307bfe5d
x-routingcorrelationid
96d58e13-6418-4acf-ada0-54da42ce9dd9
content-length
4445
x-hivering
2
x-routingofficecluster
weu-001.lists.office.com
x-routingofficefe
CollabDBReverseProxyWithMappingService_IN_5
expires
-1
fabricmdl2icons-2.68.subset.woff2
cdn.forms.office.net/forms/fonts/
11 KB
11 KB
Font
General
Full URL
https://cdn.forms.office.net/forms/fonts/fabricmdl2icons-2.68.subset.woff2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.16.186.106 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-16-186-106.deploy.static.akamaitechnologies.com
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
76ff4733c2a26eb48ca910eac9496efa997964d90fbc34f5828a1a4be2e4366d

Request headers

Sec-Fetch-Mode
cors
Referer
https://cdn.forms.office.net/forms/css/dist/response-page-customize-fabric-bootstrap.min.90b4e94.css
Origin
https://forms.office.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 18 Sep 2019 14:16:04 GMT
content-md5
quenEsGsor+y+Gol1SxWwg==
status
200
content-length
11096
x-ms-lease-status
unlocked
last-modified
Thu, 29 Aug 2019 23:25:07 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8D72CD821311FE4
content-type
font/woff2
access-control-allow-origin
*
x-ms-request-id
697f5ba4-e01e-009d-2b4f-5f4a36000000
access-control-expose-headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
cache-control
max-age=31536000
x-ms-version
2009-09-19
expires
Thu, 17 Sep 2020 14:16:04 GMT
/
browser.pipe.aria.microsoft.com/Collector/3.0/
0
397 B
XHR
General
Full URL
https://browser.pipe.aria.microsoft.com/Collector/3.0/?qsp=true&content-type=application%2Fbond-compact-binary&client-id=NO_AUTH&sdk-version=AWT-Web-JS-1.6.0&x-apikey=5f4ebf0f9a11474199e89f94bc7e2f50-61b8420a-22b1-4220-b531-4a4b96e4edb9-7406&client-time-epoch-millis=1568816165914&time-delta-to-apply-millis=use-collector-delta
Requested by
Host: cdn.forms.office.net
URL: https://cdn.forms.office.net/forms/scripts/vendors/combinedmin/basics.min.d9f547c.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.114.74.45 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Sec-Fetch-Mode
cors
Referer
https://forms.office.com/Pages/ResponsePage.aspx?id=DQSIkWdsW0yxEjajBLZtrQAAAAAAAAAAAAa__QkcLxpUNlRNQVc4RTVZNlZBRkFTSjFXQVI0RUpaUS4u
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 18 Sep 2019 14:16:05 GMT
Server
Microsoft-HTTPAPI/2.0
time-delta-millis
223
Access-Control-Allow-Methods
POST
Content-Type
application/json
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
kill-tokens, kill-duration-seconds, time-delta-millis
Access-Control-Allow-Headers
Accept, Content-Type, Content-Encoding, Client-Id
Content-Length
0

Verdicts & Comments Add Verdict or Comment

71 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| NavKeyPoints function| reloadNoCdn object| OfficeFormServerInfo function| init object| datas object| modules function| require object| Logging function| AuthenticationContext object| AWTPropertyType object| AWTPiiKind object| AWTEventPriority object| AWTEventsDroppedReason object| AWTEventsRejectedReason object| AWTCustomerContentKind object| AWTUserIdType object| AWTSessionState string| AWT_BEST_EFFORT string| AWT_NEAR_REAL_TIME string| AWT_REAL_TIME function| AWTEventProperties function| AWTLogger function| AWTLogManager function| AWTTransmissionManager function| AWTSerializer function| AWTSemanticContext string| AWT_COLLECTOR_URL_UNITED_STATES string| AWT_COLLECTOR_URL_GERMANY string| AWT_COLLECTOR_URL_JAPAN string| AWT_COLLECTOR_URL_AUSTRALIA string| AWT_COLLECTOR_URL_EUROPE string| AWT_COLLECTOR_URL_USGOV_DOD string| AWT_COLLECTOR_URL_USGOV_DOJ function| $ function| jQuery object| odatajs function| DomStore function| IndexedDBStore function| MemoryStore function| _ object| React object| ReactDOM function| makeDOMException function| getbyte64 function| decode function| getbyte function| encode function| escapeRegExp function| formatNumber function| extractDigits function| removeQuatos function| parseStringToDateLabels function| getTime function| __extends function| __assign object| NerveImplementation object| Nerve object| OfficeForm undefined| PADCHAR_1 undefined| ALPHA_1 object| stringDelimiter object| dateLabelsRegExp object| Forms object| FormsPro function| jsllloaded object| awa string| behaviorKey object| linkify function| Picker

5 Cookies

Domain/Path Name / Value
.office.com/ Name: MUID
Value: 0AE564DC731667FA1701690777166CEB
.forms.office.com/ Name: AADNonce.forms
Value: 43d1e2db-2a7c-4ff7-94b1-55c860538536.637044129634782146
forms.office.com/ Name: __RequestVerificationToken
Value: elKxKkEa-ZR_rJ-guaC2AjylyuxiZvD3qK-mGxW7kgBVd2wAOVMq9r-WFDMY93_iBLxn3kk3x9WjZxYmOAY9pJI6ZZ41
forms.office.com/ Name: MSFPC
Value: GUID=ec96c5fb4c544897bac58636315939bd&HASH=ec96&LV=201909&V=4&LU=1568816164000
forms.office.com/ Name: DcLcid
Value: ui=1033&data=1033

16 Console Messages

Source Level URL
Text
console-api log URL: https://cdn.forms.office.net/forms/scripts/vendors/combinedmin/basics.min.d9f547c.js(Line 64)
Message:
deferred
console-api log URL: https://cdn.forms.office.net/forms/scripts/vendors/combinedmin/basics.min.d9f547c.js(Line 64)
Message:
utils
console-api log URL: https://cdn.forms.office.net/forms/scripts/vendors/combinedmin/basics.min.d9f547c.js(Line 64)
Message:
xml
console-api log URL: https://cdn.forms.office.net/forms/scripts/vendors/combinedmin/basics.min.d9f547c.js(Line 64)
Message:
odata
console-api log URL: https://cdn.forms.office.net/forms/scripts/vendors/combinedmin/basics.min.d9f547c.js(Line 64)
Message:
odatautils
console-api log URL: https://cdn.forms.office.net/forms/scripts/vendors/combinedmin/basics.min.d9f547c.js(Line 64)
Message:
handler
console-api log URL: https://cdn.forms.office.net/forms/scripts/vendors/combinedmin/basics.min.d9f547c.js(Line 64)
Message:
metadata
console-api log URL: https://cdn.forms.office.net/forms/scripts/vendors/combinedmin/basics.min.d9f547c.js(Line 64)
Message:
net
console-api log URL: https://cdn.forms.office.net/forms/scripts/vendors/combinedmin/basics.min.d9f547c.js(Line 64)
Message:
json
console-api log URL: https://cdn.forms.office.net/forms/scripts/vendors/combinedmin/basics.min.d9f547c.js(Line 64)
Message:
batch
console-api log URL: https://cdn.forms.office.net/forms/scripts/vendors/combinedmin/basics.min.d9f547c.js(Line 64)
Message:
store
console-api log URL: https://cdn.forms.office.net/forms/scripts/vendors/combinedmin/basics.min.d9f547c.js(Line 64)
Message:
dom
console-api log URL: https://cdn.forms.office.net/forms/scripts/vendors/combinedmin/basics.min.d9f547c.js(Line 64)
Message:
indexeddb
console-api log URL: https://cdn.forms.office.net/forms/scripts/vendors/combinedmin/basics.min.d9f547c.js(Line 64)
Message:
memory
console-api log URL: https://cdn.forms.office.net/forms/scripts/vendors/combinedmin/basics.min.d9f547c.js(Line 64)
Message:
cache
console-api log URL: https://cdn.forms.office.net/forms/scripts/vendors/combinedmin/basics.min.d9f547c.js(Line 64)
Message:
source

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

az725175.vo.msecnd.net
browser.pipe.aria.microsoft.com
c.bing.com
c.office.com
cdn.forms.office.net
counter.yadro.ru
forms.office.com
lists.office.com
mc.yandex.ru
u.to
web.vortex.data.microsoft.com
152.199.19.160
195.216.243.155
2.16.186.106
2620:1ec:c11::200
2a02:6b8::1:119
40.77.226.250
52.109.76.79
52.109.88.14
52.114.74.45
52.142.114.2
88.212.196.72
16e3ddcc2097e43bfc107f4420ff1e8fb27cea18d9f84e71497fe156bf188ef8
1cabf3c1e5e2178d9aea793263e0104b27ac2d8f9a99fa7a5ebc46d46cdb8a27
2b3de487841717411e136ce253f066629c77b04389188f53d72c3e918350599f
692886753b131d6ff615c17e0915eb104ed4610f578523a74222d80221f69fc1
76ff4733c2a26eb48ca910eac9496efa997964d90fbc34f5828a1a4be2e4366d
7b2e293f7b75f22b84ba651a1968b6819834cb8491f9e57ca7182b9b47fa5c63
7e81ee7c9fd31a790cc2d297433a0fe5fb39519a8cd2539a786f33016e8c4849
99274b8a75ca0ac46a7d512cada914a6610fd90ca1b047fe81293fee731480e4
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
b9b609c0a90368a3481662bff42a32151ed00cf7d5991756a2e0d6f61040126d
c28de49a775fca372784b9f662136f8ac438cb5a42614bbbb9786b566643c825
ce6db9d0a1eff317004092d72cc62d7e5fceb3220ae957937233bb4045c865f3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6bbfa4af18fb4f0e9c8a31d6654eac92d0f82dc895c6e5f49b54a8de51e5923
f3fb5447e1b13ce7ee31c1d21884e31e7c10a2aa29858c03c99f1af6240ea72c
fe36ba53d8cd843331dafd88e353602d982ad7c22ab1f2264972f72f1fa3610e