urlscan.io logo urlscan.io
SecurityTrails logo

www.onenote.com Open in urlscan Pro
52.109.76.2  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www.onenote.com/notebooks?WT.mc_id=O16_BingHP
Effective URL: https://www.onenote.com/signin?wdorigin=ondcnotebooks&showHrd=true
Submission: On September 08 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 4 countries across 6 domains to perform 12 HTTP transactions. The main IP is 52.109.76.2, located in Dublin, Ireland and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is www.onenote.com.
TLS certificate: Issued by Microsoft RSA TLS CA 01 on October 6th 2020. Valid for: a year.
This is the only time www.onenote.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 4 52.109.76.2 8075 (MICROSOFT...)
1 152.199.19.160 15133 (EDGECAST)
5 23.197.254.169 16625 (AKAMAI-AS)
1 20.190.160.129 8075 (MICROSOFT...)
1 192.229.221.185 15133 (EDGECAST)
12 6
4    52.109.76.2 (Dublin, Ireland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.onenote.com
1    152.199.19.160 (United States)

ASN15133 (EDGECAST, US)
ajax.aspnetcdn.com
5    23.197.254.169 (London, United Kingdom)

ASN16625 (AKAMAI-AS, US)
PTR: a23-197-254-169.deploy.static.akamaitechnologies.com
site-cdn.onenote.net
1    20.190.160.129 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
login.live.com
1    192.229.221.185 (United States)

ASN15133 (EDGECAST, US)
logincdn.msauth.net
Domain Requested by
5 site-cdn.onenote.net www.onenote.com
4 www.onenote.com 1 redirects site-cdn.onenote.net
1 logincdn.msauth.net login.live.com
1 login.live.com site-cdn.onenote.net
1 ajax.aspnetcdn.com www.onenote.com
0 login.microsoftonline.com Failed site-cdn.onenote.net
12 6

This site contains no links.

Subject Issuer Validity Valid
reverseproxy.onenote.com
Microsoft RSA TLS CA 01		 2020-10-06 -
2021-10-06		 a year crt.sh
*.vo.msecnd.net
DigiCert SHA2 Secure Server CA		 2020-11-16 -
2021-11-10		 a year crt.sh
site-cdn.onenote.net
Microsoft RSA TLS CA 01		 2020-10-02 -
2021-10-02		 a year crt.sh
graph.windows.net
DigiCert SHA2 Secure Server CA		 2021-08-17 -
2022-08-17		 a year crt.sh
identitycdn.msauth.net
DigiCert SHA2 Secure Server CA		 2021-05-13 -
2022-05-13		 a year crt.sh

This page contains 3 frames:

Primary Page: https://www.onenote.com/signin?wdorigin=ondcnotebooks&showHrd=true
Frame ID: 93B942C61AFAF4521C917811552166B4
Requests: 9 HTTP requests in this frame

Frame: https://login.live.com/Me.srf?wa=wsignin1.0&wreply=https://www.onenote.com/notebooks?wdoriginondcnotebooks&auth=1&nf=1
Frame ID: 814A7FB253176DB2FEC2479DB01EB78C
Requests: 2 HTTP requests in this frame

Frame: https://login.microsoftonline.com/savedusers?wreply=https://www.onenote.com/notebooks?wdoriginondcnotebooks&auth=2&nf=1&appid=2d4d3d8e-2be3-4bef-9f87-7875a61c29de
Frame ID: AB2FAD10329FA3A0930D5A946E440599
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Microsoft OneNote | Die App für digitale Notizen für Ihre Geräte

Page URL History Show full URLs

  1. https://www.onenote.com/notebooks?WT.mc_id=O16_BingHP HTTP 302
    https://www.onenote.com/signin?wdorigin=ondcnotebooks&showHrd=true Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

12
Requests

92 %
HTTPS

0 %
IPv6

6
Domains

6
Subdomains

6
IPs

4
Countries

150 kB
Transfer

506 kB
Size

9
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.onenote.com/notebooks?WT.mc_id=O16_BingHP HTTP 302
    https://www.onenote.com/signin?wdorigin=ondcnotebooks&showHrd=true Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request signin
www.onenote.com/
Redirect Chain
  • https://www.onenote.com/notebooks?WT.mc_id=O16_BingHP
  • https://www.onenote.com/signin?wdorigin=ondcnotebooks&showHrd=true
21 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.onenote.com/signin?wdorigin=ondcnotebooks&showHrd=true
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.109.76.2 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ ASP.NET
Resource Hash
44393101851792342f496893888524e1a375dc8af16a9ffbcbac896504041827
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com *.teams.microsoft.us teams.microsoft.us *.teams.office.com *.skype.com outlook.office.com outlook-sdf.office.com outlook.office365.com outlook-sdf.office365.com outlook.live.com outlook-sdf.live.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.onenote.com
:scheme
https
:path
/signin?wdorigin=ondcnotebooks&showHrd=true
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
cookie
UserTrackerKey=AnonymousId=91eaa537-db99-4289-9b5e-7314f24464f8&FirstVisit=09/08/2021 22:38:47&LastVisit=09/08/2021 22:38:47; ONSessionKey=SessionId=6d393a54-2e08-441c-930b-1d8117d531fa&StartTime=09/08/2021 22:38:47&LastActivityTime=09/08/2021 22:38:47; TreatmentGroups=SiteShowPlatformsAboveInfoPanels=Disabled&SiteShowInfoPanels=Disabled&NotebookIntroPageExperiment=Treatment2&UpgradePageDownloadButtonExperiment=Treatment1&FreBeforeAfterSigninExperiment=Control; OneNoteMvcUserIdentifier=0c3acc4d-eaeb-40b9-9bef-6ac442840a02
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

cache-control
private
content-type
text/html; charset=utf-8
content-encoding
gzip
x-routingofficecluster
neu-000.reverseproxy.onenote.com
x-routingofficefe
ReverseProxyFrontEnd_IN_7
x-routingofficeversion
16.0.14501.40454
x-routingsessionid
d8e26bbb-63d8-4b3e-a332-5b4f708c97e3
x-routingcorrelationid
ee6cd033-7d0a-47fe-9054-16709ecea8ec
p3p
CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
set-cookie
UserTrackerKey=AnonymousId=91eaa537-db99-4289-9b5e-7314f24464f8&FirstVisit=09/08/2021 22:38:47&LastVisit=09/08/2021 22:38:47; expires=Thu, 08-Sep-2022 22:38:47 GMT; path=/; secure; HttpOnly ONSessionKey=SessionId=6d393a54-2e08-441c-930b-1d8117d531fa&StartTime=09/08/2021 22:38:47&LastActivityTime=09/08/2021 22:38:47; path=/; secure; HttpOnly TreatmentGroups=SiteShowPlatformsAboveInfoPanels=Disabled&SiteShowInfoPanels=Disabled&NotebookIntroPageExperiment=Treatment2&UpgradePageDownloadButtonExperiment=Treatment1&FreBeforeAfterSigninExperiment=Control; expires=Thu, 08-Sep-2022 22:38:47 GMT; path=/; secure; HttpOnly PageVisitKey=PublicSiteHomepage=1; expires=Thu, 08-Sep-2022 22:38:47 GMT; path=/; secure; HttpOnly AuthSess=6a6ae2d8-acba-4016-89f2-28172bcb7a95; domain=www.onenote.com; path=/; samesite=none; secure; HttpOnly AADNonce=89149baf-30ab-4110-8e19-e92d5b1c9d31.637667375273660240; domain=onenote.com; path=/; samesite=none; secure; HttpOnly
x-correlationid
ee6cd033-7d0a-47fe-9054-16709ecea8ec
x-usersessionid
d8e26bbb-63d8-4b3e-a332-5b4f708c97e3
x-officefe
SiteFrontEnd_IN_6
x-officeversion
16.0.14507.40452
x-officecluster
neu-000.site.onenote.com
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com *.teams.microsoft.us teams.microsoft.us *.teams.office.com *.skype.com outlook.office.com outlook-sdf.office.com outlook.office365.com outlook-sdf.office365.com outlook.live.com outlook-sdf.live.com
x-xss-protection
1; mode=block
x-content-type-options
nosniff nosniff
x-aspnetmvc-version
5.2
x-aspnet-version
4.0.30319
x-powered-by
ASP.NET
date
Wed, 08 Sep 2021 22:38:47 GMT
content-length
3030

Redirect headers

cache-control
private
content-type
text/html; charset=utf-8
content-encoding
gzip
location
https://www.onenote.com/signin?wdorigin=ondcnotebooks&showHrd=true
x-routingofficecluster
neu-000.reverseproxy.onenote.com
x-routingofficefe
ReverseProxyFrontEnd_IN_7
x-routingofficeversion
16.0.14501.40454
x-routingsessionid
1762951e-4664-4fdc-b2c5-b2d19bd5b19c
x-routingcorrelationid
c64bf91f-165b-4a6d-98dc-b45e1d46a487
p3p
CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
set-cookie
UserTrackerKey=AnonymousId=91eaa537-db99-4289-9b5e-7314f24464f8&FirstVisit=09/08/2021 22:38:47&LastVisit=09/08/2021 22:38:47; expires=Thu, 08-Sep-2022 22:38:47 GMT; path=/; secure; HttpOnly ONSessionKey=SessionId=6d393a54-2e08-441c-930b-1d8117d531fa&StartTime=09/08/2021 22:38:47&LastActivityTime=09/08/2021 22:38:47; path=/; secure; HttpOnly TreatmentGroups=SiteShowPlatformsAboveInfoPanels=Disabled&SiteShowInfoPanels=Disabled&NotebookIntroPageExperiment=Treatment2&UpgradePageDownloadButtonExperiment=Treatment1&FreBeforeAfterSigninExperiment=Control; expires=Thu, 08-Sep-2022 22:38:47 GMT; path=/; secure; HttpOnly OneNoteMvcUserIdentifier=0c3acc4d-eaeb-40b9-9bef-6ac442840a02; expires=Wed, 08-Dec-2021 22:38:47 GMT; path=/; secure; HttpOnly
x-correlationid
c64bf91f-165b-4a6d-98dc-b45e1d46a487
x-usersessionid
1762951e-4664-4fdc-b2c5-b2d19bd5b19c
x-officefe
SiteFrontEnd_IN_3
x-officeversion
16.0.14507.40452
x-officecluster
weu-000.site.onenote.com
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com *.teams.microsoft.us teams.microsoft.us *.teams.office.com *.skype.com outlook.office.com outlook-sdf.office.com outlook.office365.com outlook-sdf.office365.com outlook.live.com outlook-sdf.live.com
x-xss-protection
1; mode=block
x-content-type-options
nosniff nosniff
x-aspnetmvc-version
5.2
x-aspnet-version
4.0.30319
x-powered-by
ASP.NET
date
Wed, 08 Sep 2021 22:38:47 GMT
content-length
161
jquery-1.12.0.min.js
ajax.aspnetcdn.com/ajax/jQuery/ 		95 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.12.0.min.js
Requested by
Host: www.onenote.com
URL: https://www.onenote.com/signin?wdorigin=ondcnotebooks&showHrd=true
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.19.160 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8F0A) /
Resource Hash
5f1ab65fe2ad6b381a1ae036716475bf78c9b2e309528cf22170c1ddeefddcbf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.onenote.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Wed, 08 Sep 2021 22:38:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
15750212
x-cache
HIT
content-length
43431
x-xss-protection
1; mode=block
last-modified
Mon, 31 Oct 2016 23:10:51 GMT
server
ECAcc (frc/8F0A)
etag
"cdbbdc5cc33d21:0"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
bodymovin.min.js
site-cdn.onenote.net/libraries/bodymovin/4.13.0/ 		248 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://site-cdn.onenote.net/libraries/bodymovin/4.13.0/bodymovin.min.js
Requested by
Host: www.onenote.com
URL: https://www.onenote.com/signin?wdorigin=ondcnotebooks&showHrd=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.197.254.169 London, United Kingdom, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-197-254-169.deploy.static.akamaitechnologies.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
61957faa2ae6d22ca8ce9d5ef15e1eda1ff8841f17bbd1bba0247a0d5a4f6e69

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.onenote.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 08 Sep 2021 22:38:47 GMT
Content-Encoding
gzip
X-OfficeCluster
ukw-000.site.onenote.com
X-Powered-By
ASP.NET
X-OfficeFE
SiteFrontEnd_IN_0
P3P
CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
Connection
keep-alive
Content-Length
60057
Cache-Control
public, max-age=28630148
Last-Modified
Tue, 03 Aug 2021 13:45:04 GMT
Server
Microsoft-IIS/10.0
X-UserSessionId
d6519b5c-b910-48f7-93dd-88d5eadc7600
ETag
"0f04ac36d88d71:0"
Vary
Accept-Encoding
Content-Type
application/javascript
X-CorrelationId
d6519b5c-b910-48f7-93dd-88d5eadc7600
Accept-Ranges
bytes
X-OfficeVersion
16.0.14403.40451
CommonDiagnostics.js
site-cdn.onenote.net/161450740452_Scripts/ 		39 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://site-cdn.onenote.net/161450740452_Scripts/CommonDiagnostics.js
Requested by
Host: www.onenote.com
URL: https://www.onenote.com/signin?wdorigin=ondcnotebooks&showHrd=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.197.254.169 London, United Kingdom, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-197-254-169.deploy.static.akamaitechnologies.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
8bf04921d322b16a02a671e95f640120cb1b4522a5b71df3d2a840119714eb65
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.onenote.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 08 Sep 2021 22:38:47 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-OfficeCluster
uks-000.site.onenote.com
X-Powered-By
ASP.NET
X-OfficeFE
SiteFrontEnd_IN_2
P3P
CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
Connection
keep-alive
Content-Length
12077
Cache-Control
public, max-age=31486618
Last-Modified
Tue, 07 Sep 2021 12:01:18 GMT
Server
Microsoft-IIS/10.0
X-UserSessionId
b09e52c5-64cc-428e-80e7-4cf1d0e9ede8
ETag
"0fbc310e0a3d71:0"
Vary
Accept-Encoding
Content-Type
application/javascript
X-CorrelationId
b09e52c5-64cc-428e-80e7-4cf1d0e9ede8
Accept-Ranges
bytes
X-OfficeVersion
16.0.14422.40450
Common.js
site-cdn.onenote.net/161450740452_Scripts/ 		46 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://site-cdn.onenote.net/161450740452_Scripts/Common.js
Requested by
Host: www.onenote.com
URL: https://www.onenote.com/signin?wdorigin=ondcnotebooks&showHrd=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.197.254.169 London, United Kingdom, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-197-254-169.deploy.static.akamaitechnologies.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
4ff052fdc4c74ae0d533d76000c3288bda0d53cb398b8b9fb172237d5fd2f853
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.onenote.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 08 Sep 2021 22:38:47 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-OfficeCluster
uks-000.site.onenote.com
X-Powered-By
ASP.NET
X-OfficeFE
SiteFrontEnd_IN_1
P3P
CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
Connection
keep-alive
Content-Length
10030
Cache-Control
public, max-age=31486618
Last-Modified
Tue, 07 Sep 2021 12:01:18 GMT
Server
Microsoft-IIS/10.0
X-UserSessionId
c864ca39-347d-4ad5-bebf-4ecf19688f14
ETag
"0fbc310e0a3d71:0"
Vary
Accept-Encoding
Content-Type
application/javascript
X-CorrelationId
c864ca39-347d-4ad5-bebf-4ecf19688f14
Accept-Ranges
bytes
X-OfficeVersion
16.0.14422.40450
DefaultSignIn.min.js
site-cdn.onenote.net/161450740452_Scripts/ 		16 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://site-cdn.onenote.net/161450740452_Scripts/DefaultSignIn.min.js
Requested by
Host: www.onenote.com
URL: https://www.onenote.com/signin?wdorigin=ondcnotebooks&showHrd=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.197.254.169 London, United Kingdom, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-197-254-169.deploy.static.akamaitechnologies.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
107f056a45cb04eb4410c30e9f81c6ba58fa18d2f55a4564509175f3690d79f6
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.onenote.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 08 Sep 2021 22:38:47 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-OfficeCluster
uks-000.site.onenote.com
X-Powered-By
ASP.NET
X-OfficeFE
SiteFrontEnd_IN_1
P3P
CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
Connection
keep-alive
Content-Length
3461
Cache-Control
public, max-age=31486618
Last-Modified
Tue, 07 Sep 2021 12:01:18 GMT
Server
Microsoft-IIS/10.0
X-UserSessionId
888e953c-e78e-4e12-b2f3-f5871b35c360
ETag
"0fbc310e0a3d71:0"
Vary
Accept-Encoding
Content-Type
application/javascript
X-CorrelationId
888e953c-e78e-4e12-b2f3-f5871b35c360
Accept-Ranges
bytes
X-OfficeVersion
16.0.14422.40450
Default2SignIn.js
site-cdn.onenote.net/161450740452_Scripts/ 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://site-cdn.onenote.net/161450740452_Scripts/Default2SignIn.js
Requested by
Host: www.onenote.com
URL: https://www.onenote.com/signin?wdorigin=ondcnotebooks&showHrd=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.197.254.169 London, United Kingdom, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-197-254-169.deploy.static.akamaitechnologies.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
9c5b5d4688fe4303ea57ec9a6f260ab69cd7c2710652c2db62d6e82aa063ac34
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.onenote.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 08 Sep 2021 22:38:47 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-OfficeCluster
uks-000.site.onenote.com
X-Powered-By
ASP.NET
X-OfficeFE
SiteFrontEnd_IN_2
P3P
CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
Connection
keep-alive
Content-Length
4466
Cache-Control
public, max-age=31486618
Last-Modified
Tue, 07 Sep 2021 12:01:18 GMT
Server
Microsoft-IIS/10.0
X-UserSessionId
3daddcbb-de27-4a11-9657-c67692b8f155
ETag
"0fbc310e0a3d71:0"
Vary
Accept-Encoding
Content-Type
application/javascript
X-CorrelationId
3daddcbb-de27-4a11-9657-c67692b8f155
Accept-Ranges
bytes
X-OfficeVersion
16.0.14422.40450
RemoteUls.ashx
www.onenote.com/ 		0
319 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.onenote.com/RemoteUls.ashx
Requested by
Host: site-cdn.onenote.net
URL: https://site-cdn.onenote.net/161450740452_Scripts/CommonDiagnostics.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.109.76.2 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ ASP.NET
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff nosniff

Request headers

sec-fetch-mode
cors
origin
https://www.onenote.com
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
sec-fetch-dest
empty
cookie
UserTrackerKey=AnonymousId=91eaa537-db99-4289-9b5e-7314f24464f8&FirstVisit=09/08/2021 22:38:47&LastVisit=09/08/2021 22:38:47; ONSessionKey=SessionId=6d393a54-2e08-441c-930b-1d8117d531fa&StartTime=09/08/2021 22:38:47&LastActivityTime=09/08/2021 22:38:47; TreatmentGroups=SiteShowPlatformsAboveInfoPanels=Disabled&SiteShowInfoPanels=Disabled&NotebookIntroPageExperiment=Treatment2&UpgradePageDownloadButtonExperiment=Treatment1&FreBeforeAfterSigninExperiment=Control; OneNoteMvcUserIdentifier=0c3acc4d-eaeb-40b9-9bef-6ac442840a02; PageVisitKey=PublicSiteHomepage=1; AuthSess=6a6ae2d8-acba-4016-89f2-28172bcb7a95; AADNonce=89149baf-30ab-4110-8e19-e92d5b1c9d31.637667375273660240
content-length
168
:path
/RemoteUls.ashx
pragma
no-cache
x-usersessionid
d8e26bbb-63d8-4b3e-a332-5b4f708c97e3
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
content-type
application/json
accept
*/*
cache-control
no-cache
:authority
www.onenote.com
referer
https://www.onenote.com/signin?wdorigin=ondcnotebooks&showHrd=true
:scheme
https
sec-fetch-site
same-origin
:method
POST
Referer
https://www.onenote.com/signin?wdorigin=ondcnotebooks&showHrd=true
X-UserSessionId
d8e26bbb-63d8-4b3e-a332-5b4f708c97e3
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 08 Sep 2021 22:38:47 GMT
x-content-type-options
nosniff nosniff
x-aspnet-version
4.0.30319
x-officeversion
16.0.14507.40452
x-officefe
SiteFrontEnd_IN_4
p3p
CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
x-buls-suppressionetag
N/A
content-disposition
attachment
x-buls-suppressedtags
content-length
0
x-routingofficefe
ReverseProxyFrontEnd_IN_7
x-routingofficeversion
16.0.14501.40454
x-correlationid
3419e6a8-a291-447c-9081-d9b238df0570
x-officecluster
weu-000.site.onenote.com
x-usersessionid
d8e26bbb-63d8-4b3e-a332-5b4f708c97e3
x-powered-by
ASP.NET
x-download-options
noopen
content-type
text/plain
x-routingcorrelationid
3419e6a8-a291-447c-9081-d9b238df0570
cache-control
private
x-routingsessionid
d8e26bbb-63d8-4b3e-a332-5b4f708c97e3
x-routingofficecluster
neu-000.reverseproxy.onenote.com
RemoteUls.ashx
www.onenote.com/ 		0
189 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.onenote.com/RemoteUls.ashx
Requested by
Host: site-cdn.onenote.net
URL: https://site-cdn.onenote.net/161450740452_Scripts/CommonDiagnostics.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.109.76.2 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ ASP.NET
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff nosniff

Request headers

sec-fetch-mode
cors
origin
https://www.onenote.com
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
sec-fetch-dest
empty
cookie
UserTrackerKey=AnonymousId=91eaa537-db99-4289-9b5e-7314f24464f8&FirstVisit=09/08/2021 22:38:47&LastVisit=09/08/2021 22:38:47; ONSessionKey=SessionId=6d393a54-2e08-441c-930b-1d8117d531fa&StartTime=09/08/2021 22:38:47&LastActivityTime=09/08/2021 22:38:47; TreatmentGroups=SiteShowPlatformsAboveInfoPanels=Disabled&SiteShowInfoPanels=Disabled&NotebookIntroPageExperiment=Treatment2&UpgradePageDownloadButtonExperiment=Treatment1&FreBeforeAfterSigninExperiment=Control; OneNoteMvcUserIdentifier=0c3acc4d-eaeb-40b9-9bef-6ac442840a02; PageVisitKey=PublicSiteHomepage=1; AuthSess=6a6ae2d8-acba-4016-89f2-28172bcb7a95; AADNonce=89149baf-30ab-4110-8e19-e92d5b1c9d31.637667375273660240
content-length
168
:path
/RemoteUls.ashx
pragma
no-cache
x-usersessionid
d8e26bbb-63d8-4b3e-a332-5b4f708c97e3
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
content-type
application/json
accept
*/*
cache-control
no-cache
:authority
www.onenote.com
referer
https://www.onenote.com/signin?wdorigin=ondcnotebooks&showHrd=true
:scheme
https
sec-fetch-site
same-origin
:method
POST
Referer
https://www.onenote.com/signin?wdorigin=ondcnotebooks&showHrd=true
X-UserSessionId
d8e26bbb-63d8-4b3e-a332-5b4f708c97e3
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 08 Sep 2021 22:38:47 GMT
x-content-type-options
nosniff nosniff
x-aspnet-version
4.0.30319
x-officeversion
16.0.14507.40452
x-officefe
SiteFrontEnd_IN_0
p3p
CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
x-buls-suppressionetag
N/A
content-disposition
attachment
x-buls-suppressedtags
content-length
0
x-routingofficefe
ReverseProxyFrontEnd_IN_7
x-routingofficeversion
16.0.14501.40454
x-correlationid
7a359c5a-128e-47f7-9172-70f323f09fe6
x-officecluster
neu-000.site.onenote.com
x-usersessionid
d8e26bbb-63d8-4b3e-a332-5b4f708c97e3
x-powered-by
ASP.NET
x-download-options
noopen
content-type
text/plain
x-routingcorrelationid
7a359c5a-128e-47f7-9172-70f323f09fe6
cache-control
private
x-routingsessionid
d8e26bbb-63d8-4b3e-a332-5b4f708c97e3
x-routingofficecluster
neu-000.reverseproxy.onenote.com
Cookie set Me.srf
login.live.com/ Frame 814A 		11 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://login.live.com/Me.srf?wa=wsignin1.0&wreply=https://www.onenote.com/notebooks?wdoriginondcnotebooks&auth=1&nf=1
Requested by
Host: site-cdn.onenote.net
URL: https://site-cdn.onenote.net/161450740452_Scripts/DefaultSignIn.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.190.160.129 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
f6d4c6fca7a6c2755b161d2695d5d60f5a25e1e848c31d1ab43ed0abdd107f7f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Host
login.live.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://www.onenote.com/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.onenote.com/

Response headers

Cache-Control
no-store, no-cache
Pragma
no-cache
Content-Type
text/html; charset=utf-8
Content-Encoding
deflate
Expires
Wed, 08 Sep 2021 22:37:47 GMT
Vary
Accept-Encoding
P3P
CP="DSP CUR OTPi IND OTRi ONL FIN"
Set-Cookie
uaid=b7bc333e6b29400a9d4445daba38ae46; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly MSPRequ=id=N&lt=1631140727&co=1; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly
X-DNS-Prefetch-Control
on
Link
<https://acctcdn.msauth.net>; rel=preconnect; crossorigin <https://logincdn.msauth.net>; rel=preconnect; crossorigin <https://acctcdn.msauth.net/>; rel=dns-prefetch <https://acctcdn.msftauth.net/>; rel=dns-prefetch <https://acctcdnmsftuswe2.azureedge.net/>; rel=dns-prefetch <https://acctcdnvzeuno.azureedge.net/>; rel=dns-prefetch <https://logincdn.msauth.net/>; rel=dns-prefetch <https://lgincdnvzeuno.azureedge.net/>; rel=dns-prefetch <https://lgincdnmsftuswe2.azureedge.net/>; rel=dns-prefetch
Referrer-Policy
strict-origin-when-cross-origin
x-ms-route-info
R3_BL2
x-ms-request-id
38fe4d54-9cf2-4f84-9549-e93cd656af15
PPServer
PPV: 30 H: BL02PF07EF267A3 V: 0
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000
X-XSS-Protection
1; mode=block
Date
Wed, 08 Sep 2021 22:38:47 GMT
Content-Length
4462
savedusers
login.microsoftonline.com/ Frame AB2F 		0
0
MeControl_qpzIZY_EP1sDna_p2TbPiQ2.js
logincdn.msauth.net/16.000/content/js/ Frame 814A 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://logincdn.msauth.net/16.000/content/js/MeControl_qpzIZY_EP1sDna_p2TbPiQ2.js
Requested by
Host: login.live.com
URL: https://login.live.com/Me.srf?wa=wsignin1.0&wreply=https://www.onenote.com/notebooks?wdoriginondcnotebooks&auth=1&nf=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.185 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8F40) /
Resource Hash
d6f274edc7ef5d743bc7290eca6e6f97b3a3b6a8dd2639178ff5bb5d2a4755a9

Request headers

Referer
https://login.live.com/
Origin
https://login.live.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 08 Sep 2021 22:38:47 GMT
content-encoding
gzip
content-md5
ho/yQJVVHIYAX4q7HqqKmQ==
age
930763
x-cache
HIT
content-length
6036
x-ms-lease-status
unlocked
last-modified
Thu, 12 Aug 2021 05:04:26 GMT
server
ECAcc (frc/8F40)
etag
0x8D95D4EA866F684
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
d1f4fa6c-001e-000d-7a8b-9cec0b000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
login.microsoftonline.com
URL
https://login.microsoftonline.com/savedusers?wreply=https://www.onenote.com/notebooks?wdoriginondcnotebooks&auth=2&nf=1&appid=2d4d3d8e-2be3-4bef-9f87-7875a61c29de

Verdicts & Comments Add Verdict or Comment

91 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onbeforexrselect boolean| originAgentCluster function| $ function| jQuery string| g_msaReturnUrl string| g_orgIdReturnUrl string| g_signupUrl string| g_msaPasswordResetUrl string| g_msaLoginUrl string| g_hrdIframeUrl string| g_orgIdLoginUrl string| g_authType string| g_fullScreenHrd object| g_hrdOverride boolean| g_useNewRedirectUrlOverride number| g_preferredIdpForDefaultSignIn string| g_appId boolean| g_defaultSignInEnabled boolean| g_defaultSignInFixEnabled string| g_defaultSignInAadHost boolean| DefaultSignInEnabled number| DefaultSignInTimeout string| HomePageUrl string| RedirectUrl string| SessionId object| bodymovin function| Type function| $5 object| Sys object| Diag object| OfficeBrowserFeedback function| GetOSPlatform function| InitializeUls function| InstrumentLinks function| LogUserViewPortInfo function| UpdateFurthestScrollDepth function| LogElapsedTimeOnPage function| InsertAdditionalBeforeUnloadFunction function| OnUnloadingPage function| FlushBrowserUls function| FlushUlsAsynchronous function| GenerateInstrumentationLink function| GenerateContextMenuInstrumentationLink function| GenerateDragInstrumentationLink object| Utils object| OSPlatform string| _osPlatform undefined| ClipperIndexURL undefined| NotebooksIndexURL undefined| OrigRefCookieName undefined| OrigRefCookieValue undefined| ShowSignInControl undefined| onSignInDialogKeyUp object| Common function| __extends string| TelemetryClickableClass object| TheUlsHost number| furthestScrollDepthPercentage function| RecordPageLoadTime number| PageStartLoadTime undefined| ulsCategoryStringSetInCshtml object| additionalBeforeUnloadFunctions undefined| _onBeforePageUnloadCalled object| Feedback object| jQuery1120032062667732573313 object| AuthType object| Operation object| ErrorCode object| TimerUtils object| IframeUtils object| Constants object| LoggingUtils function| IdpUserResult function| DefaultSignInOptions function| getDefaultAadUser function| getDefaultMsaUser function| findDefaultSignedInUser function| convertAadUserData function| convertMsaUserData function| getAadData function| getMsaData function| getAadMsaData boolean| enableConsoleLog undefined| msaFedEnabled function| getAccount function| ExtractHostnameFromUrl function| HandleRedirectIfNoDefaultSignIn function| HandleDefaultSignInResult function| AttemptDefaultSignIn object| animationData

9 Cookies

Domain/Path Name / Value
www.onenote.com/ Name: UserTrackerKey
Value: AnonymousId=91eaa537-db99-4289-9b5e-7314f24464f8&FirstVisit=09/08/2021 22:38:47&LastVisit=09/08/2021 22:38:47
www.onenote.com/ Name: ONSessionKey
Value: SessionId=6d393a54-2e08-441c-930b-1d8117d531fa&StartTime=09/08/2021 22:38:47&LastActivityTime=09/08/2021 22:38:47
www.onenote.com/ Name: TreatmentGroups
Value: SiteShowPlatformsAboveInfoPanels=Disabled&SiteShowInfoPanels=Disabled&NotebookIntroPageExperiment=Treatment2&UpgradePageDownloadButtonExperiment=Treatment1&FreBeforeAfterSigninExperiment=Control
www.onenote.com/ Name: OneNoteMvcUserIdentifier
Value: 0c3acc4d-eaeb-40b9-9bef-6ac442840a02
www.onenote.com/ Name: PageVisitKey
Value: PublicSiteHomepage=1
.www.onenote.com/ Name: AuthSess
Value: 6a6ae2d8-acba-4016-89f2-28172bcb7a95
.onenote.com/ Name: AADNonce
Value: 89149baf-30ab-4110-8e19-e92d5b1c9d31.637667375273660240
.login.live.com/ Name: uaid
Value: b7bc333e6b29400a9d4445daba38ae46
.login.live.com/ Name: MSPRequ
Value: id=N&lt=1631140727&co=1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com *.teams.microsoft.us teams.microsoft.us *.teams.office.com *.skype.com outlook.office.com outlook-sdf.office.com outlook.office365.com outlook-sdf.office365.com outlook.live.com outlook-sdf.live.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff nosniff
X-Xss-Protection 1; mode=block