onedrive.live.com Open in urlscan Pro
131.253.33.217 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://onedrive.live.com/embed?cid=3871B7BAD2D4FC0D&resid=3871B7BAD2D4FC0D%21131&authkey=ALIQU7HmYjAkkLs&em=2
Submission: On November 05 via manual (November 5th 2018, 7:13:10 pm UTC) from US

Summary HTTP 37 Redirects Behaviour Indicators

Summary

This website contacted 9 IPs in 3 countries across 6 domains to perform 37 HTTP transactions. The main IP is 131.253.33.217, located in United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US. The main domain is onedrive.live.com.
TLS certificate: Issued by Microsoft IT TLS CA 1 on August 2nd 2017. Valid for: 2 years.

This is the only time onedrive.live.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	131.253.33.217 131.253.33.217	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation)
8	2.16.186.40 2.16.186.40	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
11	2620:1ec:a92:... 2620:1ec:a92::171	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation)
2	2a02:26f0:f1:... 2a02:26f0:f1:296::356e	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
7	2a02:26f0:f1:... 2a02:26f0:f1:28f::1c24	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
6	2a02:26f0:f1:... 2a02:26f0:f1:29f::1c24	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a02:26f0:f1:... 2a02:26f0:f1:298::2b57	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	104.109.84.135 104.109.84.135	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
37	9

1 131.253.33.217 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)

onedrive.live.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2.16.186.40 (European Union)

ASN20940 (AKAMAI-ASN1, US)
PTR: a2-16-186-40.deploy.static.akamaitechnologies.com

spoprod-a.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2620:1ec:a92::171 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)

word-view.officeapps.live.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:f1:296::356e (European Union)

ASN20940 (AKAMAI-ASN1, US)

c.s-microsoft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a02:26f0:f1:28f::1c24 (European Union)

ASN20940 (AKAMAI-ASN1, US)

c1-word-view-15.cdn.office.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a02:26f0:f1:29f::1c24 (European Union)

ASN20940 (AKAMAI-ASN1, US)

c1-officeapps-15.cdn.office.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:f1:298::2b57 (European Union)

ASN20940 (AKAMAI-ASN1, US)

uhf.microsoft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.109.84.135 (Amsterdam, Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a104-109-84-135.deploy.static.akamaitechnologies.com

js.live.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	office.net c1-word-view-15.cdn.office.net c1-officeapps-15.cdn.office.net	501 KB
12	live.com onedrive.live.com word-view.officeapps.live.com	199 KB
8	akamaihd.net spoprod-a.akamaihd.net	394 KB
2	s-microsoft.com c.s-microsoft.com	3 KB
1	live.net js.live.net	16 KB
1	microsoft.com uhf.microsoft.com	128 B
37	6

	Domain	Requested by
11	word-view.officeapps.live.com	onedrive.live.com word-view.officeapps.live.com c1-officeapps-15.cdn.office.net
8	spoprod-a.akamaihd.net	onedrive.live.com
7	c1-word-view-15.cdn.office.net	word-view.officeapps.live.com c1-officeapps-15.cdn.office.net c1-word-view-15.cdn.office.net
6	c1-officeapps-15.cdn.office.net	word-view.officeapps.live.com c1-word-view-15.cdn.office.net
2	c.s-microsoft.com	word-view.officeapps.live.com
1	js.live.net	c1-word-view-15.cdn.office.net
1	uhf.microsoft.com	word-view.officeapps.live.com
1	onedrive.live.com
37	8

This site contains no links.

Subject Issuer	Validity	Valid
onedrive.com Microsoft IT TLS CA 1	`2017-08-02` - `2019-08-02`	2 years	crt.sh
a248.e.akamai.net DigiCert ECC Secure Server CA	`2018-01-23` - `2019-01-19`	a year	crt.sh
officeapps.live.com Microsoft IT TLS CA 5	`2018-03-07` - `2019-09-07`	2 years	crt.sh
www.microsoft.com Microsoft IT TLS CA 4	`2018-01-16` - `2020-01-16`	2 years	crt.sh
*.cdn.office.net Microsoft IT TLS CA 5	`2017-11-13` - `2019-11-13`	2 years	crt.sh
unistore.www.microsoft.com Microsoft IT TLS CA 5	`2018-01-25` - `2020-01-25`	2 years	crt.sh
p.sfx.ms Microsoft IT TLS CA 2	`2018-03-30` - `2020-03-30`	2 years	crt.sh

This page contains 2 frames:

Primary Page: https://onedrive.live.com/embed?cid=3871B7BAD2D4FC0D&resid=3871B7BAD2D4FC0D%21131&authkey=ALIQU7HmYjAkkLs&em=2
Frame ID: 29355694371C0F48C6424E0FBC5FD9F0
Requests: 10 HTTP requests in this frame

Frame: https://word-view.officeapps.live.com/wv/wordviewerframe.aspx?embed=1&PdfMode=1&ui=en-US&rs=en-US&hid=MXS12+rww0aHCE8tdw/MYw.0&WOPISrc=https%3A%2F%2Fwopi.onedrive.com%2Fwopi%2Ffiles%2F3871B7BAD2D4FC0D%21131&sc=host%3D%26qt%3DFolders%26pt%3Dem
Frame ID: EA4ACE2E28766B51C58A280CB1B29359
Requests: 31 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

RequireJS (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

env /^requirejs$/i

Twitter Flight (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

env /^flight$/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

env /^jQuery$/i
env /^flight$/i

Page Statistics

37
Requests

100 %
HTTPS

63 %
IPv6

6
Domains

8
Subdomains

9
IPs

3
Countries

1114 kB
Transfer

3331 kB
Size

4
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

37 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request embed Show response
onedrive.live.com/ 57 KB
20 KB 864ms
800ms Document
text/html 131.253.33.217
Microsoft Corpora...

General

Check archive.org

Show headers Download Go to

Full URL

https://onedrive.live.com/embed?cid=3871B7BAD2D4FC0D&resid=3871B7BAD2D4FC0D%21131&authkey=ALIQU7HmYjAkkLs&em=2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

131.253.33.217 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),

Reverse DNS

Software

Resource Hash

02ac77e49184b66a97ebff3620306aafcc3fe12069fd34d3afac9da2681c0d02

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

:method: GET
:authority: onedrive.live.com
:scheme: https
:path: /embed?cid=3871B7BAD2D4FC0D&resid=3871B7BAD2D4FC0D%21131&authkey=ALIQU7HmYjAkkLs&em=2
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status: 200
cache-control: no-cache, no-store
pragma: no-cache
content-type: text/html; charset=utf-8
content-encoding: gzip
expires: -1
vary: Accept-Encoding
set-cookie: E=P:FOAhs1JD1og=:vpB65rT+N9J/I/L5beffpoK1KG05YHJnFsBzVx2vXEo=:F; domain=.live.com; path=/ xid=cd8d569c-6169-47ed-b805-883d5313264f&&RD00155D9966BC&357; domain=.live.com; path=/ xidseq=1; domain=.live.com; path=/ LD=; domain=.live.com; expires=Mon, 05-Nov-2018 17:32:59 GMT; path=/ wla42=; domain=live.com; expires=Mon, 12-Nov-2018 19:12:59 GMT; path=/
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
x-msnserver: RD00155D9966BC
x-odwebserver: eastus0-ODWebpl
x-msedge-ref: Ref A: 4DB82D9AB75A4D86A420A29D53724FB7 Ref B: AM3EDGE0906 Ref C: 2018-11-05T19:12:59Z
date: Mon, 05 Nov 2018 19:12:59 GMT

GET
S 200 filescss1-11eb1969.css
spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20180514.001// 85 KB
16 KB 45ms
6ms Stylesheet
text/css 2.16.186.40
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20180514.001//filescss1-11eb1969.css
Requested by: Host: onedrive.live.com
URL: https://onedrive.live.com/embed?cid=3871B7BAD2D4FC0D&resid=3871B7BAD2D4FC0D%21131&authkey=ALIQU7HmYjAkkLs&em=2
Protocol: SPDY
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2.16.186.40 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-16-186-40.deploy.static.akamaitechnologies.com
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: bd88d1e741693ab877b020059b46be7cf4ef62b46017b2489a8cd1bf9ce5b9fc

Request headers

Referer: https://onedrive.live.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 05 Nov 2018 19:12:59 GMT
content-encoding: gzip
content-md5: EesZadmsnx78d9ZWIKfswQ==
status: 200
content-length: 15784
x-ms-lease-status: unlocked
last-modified: Mon, 14 May 2018 21:54:14 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag: 0x8D5B9E53BE6E430
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 6d2753fc-501e-00e6-0ad5-eb0c22000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type
cache-control: public, max-age=16189840
x-ms-version: 2009-09-19

GET
S 200 filescss2-a303a402.css
spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20180514.001// 169 KB
30 KB 44ms
6ms Stylesheet
text/css 2.16.186.40
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20180514.001//filescss2-a303a402.css
Requested by: Host: onedrive.live.com
URL: https://onedrive.live.com/embed?cid=3871B7BAD2D4FC0D&resid=3871B7BAD2D4FC0D%21131&authkey=ALIQU7HmYjAkkLs&em=2
Protocol: SPDY
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2.16.186.40 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-16-186-40.deploy.static.akamaitechnologies.com
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 1394b1c43663fa167060186091800d4cae0696af7b64c14f2848b44124074c7e

Request headers

Referer: https://onedrive.live.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 05 Nov 2018 19:12:59 GMT
content-encoding: gzip
content-md5: owOkAskXvYo3Ps40fhU7TQ==
status: 200
content-length: 30548
x-ms-lease-status: unlocked
last-modified: Mon, 14 May 2018 21:54:15 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag: 0x8D5B9E53C3A1C6F
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 45647edb-101e-00c8-61d5-eb8ce5000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type
cache-control: public, max-age=16189859
x-ms-version: 2009-09-19

GET
S 200 wlx_fonts-c7993ded.css
spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20180514.001// 123 KB
93 KB 53ms
17ms Stylesheet
text/css 2.16.186.40
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20180514.001//wlx_fonts-c7993ded.css
Requested by: Host: onedrive.live.com
URL: https://onedrive.live.com/embed?cid=3871B7BAD2D4FC0D&resid=3871B7BAD2D4FC0D%21131&authkey=ALIQU7HmYjAkkLs&em=2
Protocol: SPDY
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2.16.186.40 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-16-186-40.deploy.static.akamaitechnologies.com
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 455be57e5ca76be462428c7b127d03d0245952b7e00ca14e8bcb3bfe7584c758

Request headers

Referer: https://onedrive.live.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 05 Nov 2018 19:12:59 GMT
content-encoding: gzip
content-md5: x5k97ZNOTA+fsPCUPRp4Qw==
status: 200
content-length: 94644
x-ms-lease-status: unlocked
last-modified: Mon, 14 May 2018 21:54:23 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag: 0x8D5B9E5410A12E4
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: f3dbb10f-301e-011c-1ed8-eb8390000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type
cache-control: public, max-age=16190780
x-ms-version: 2009-09-19

POST
H2 200 wordviewerframe.aspx Show response
word-view.officeapps.live.com/wv/ Frame EA4A 52 KB
53 KB 129ms
67ms Document
text/html 2620:1ec:a92::171
Microsoft Corpora...

General

Check archive.org

Show headers Download Go to

Full URL

https://word-view.officeapps.live.com/wv/wordviewerframe.aspx?embed=1&PdfMode=1&ui=en-US&rs=en-US&hid=MXS12+rww0aHCE8tdw/MYw.0&WOPISrc=https%3A%2F%2Fwopi.onedrive.com%2Fwopi%2Ffiles%2F3871B7BAD2D4FC0D%21131&sc=host%3D%26qt%3DFolders%26pt%3Dem

Requested by

Host: onedrive.live.com
URL: https://onedrive.live.com/embed?cid=3871B7BAD2D4FC0D&resid=3871B7BAD2D4FC0D%21131&authkey=ALIQU7HmYjAkkLs&em=2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:1ec:a92::171 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),

Reverse DNS

Software

Resource Hash

44e067736927c5791d657d6215a3e90fb4e2bd8cc9e2b642f3f8ffa955239109

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

:method: POST
:authority: word-view.officeapps.live.com
:scheme: https
:path: /wv/wordviewerframe.aspx?embed=1&PdfMode=1&ui=en-US&rs=en-US&hid=MXS12+rww0aHCE8tdw/MYw.0&WOPISrc=https%3A%2F%2Fwopi.onedrive.com%2Fwopi%2Ffiles%2F3871B7BAD2D4FC0D%21131&sc=host%3D%26qt%3DFolders%26pt%3Dem
content-length: 231
pragma: no-cache
cache-control: no-cache
origin: https://onedrive.live.com
upgrade-insecure-requests: 1
content-type: application/x-www-form-urlencoded
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer: https://onedrive.live.com/
accept-encoding: gzip, deflate
cookie: E=P:FOAhs1JD1og=:vpB65rT+N9J/I/L5beffpoK1KG05YHJnFsBzVx2vXEo=:F; xid=cd8d569c-6169-47ed-b805-883d5313264f&&RD00155D9966BC&357; xidseq=1; wla42=
Origin: https://onedrive.live.com
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://onedrive.live.com/

Response headers

status: 200
cache-control: no-cache, no-store
pragma: no-cache
content-type: text/html; charset=utf-8
expires: -1
p3p: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
set-cookie: DcLcid=ui=1033&data=1033; expires=Tue, 05-Feb-2019 19:13:00 GMT; path=/; secure; HttpOnly BIGipCookie=000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000; path=/
x-correlationid: 29b67006-2184-44e0-a63b-2be38f1de6ec
x-usersessionid: 29b67006-2184-44e0-a63b-2be38f1de6ec
strict-transport-security: max-age=31536000
timing-allow-origin: *
x-ccr: true
x-officefe: a9143d33bb52
x-officeversion: 16.0.11030.32653
x-officecluster: NL2
x-content-type-options: nosniff
content-security-policy-report-only: font-src data: c1-word-view-15.cdn.office.net *.skype.com *.skypeassets.com *.msocdn.com sway.com *.sway-cdn.com sway-cdn.com *.sharepointonline.com https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' c1-word-view-15.cdn.office.net c1-officeapps-15.cdn.office.net *.skype.com *.skypeassets.com *.msocdn.com js.live.net appsforoffice.microsoft.com c.s-microsoft.com https:; style-src 'self' 'unsafe-inline' 'unsafe-eval' c1-word-view-15.cdn.office.net c1-officeapps-15.cdn.office.net *.skype.com *.skypeassets.com *.msocdn.com js.live.net sway.com *.sway-cdn.com sway-cdn.com c.s-microsoft.com https:; media-src *.skype.com *.skypeassets.com https:; object-src 'self' https:; child-src * https:; img-src * data: blob: https:; report-uri /reportcsp.ashx
x-officefd: 7272918c75b0
x-msedge-ref: Ref A: 1A722FB153CB41CDA299B651B5688336 Ref B: VIEEDGE0709 Ref C: 2018-11-05T19:13:00Z
date: Mon, 05 Nov 2018 19:12:59 GMT

GET
S 200 jquery-1.7.2-39eeb07e.js Show response
spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20180514.001/ 92 KB
33 KB 8ms
6ms Script
application/javascript 2.16.186.40
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20180514.001/jquery-1.7.2-39eeb07e.js
Requested by: Host: onedrive.live.com
URL: https://onedrive.live.com/embed?cid=3871B7BAD2D4FC0D&resid=3871B7BAD2D4FC0D%21131&authkey=ALIQU7HmYjAkkLs&em=2
Protocol: SPDY
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2.16.186.40 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-16-186-40.deploy.static.akamaitechnologies.com
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: d6c15974b6181a68e9b74e4f38fbac81d640569ef0fbbaa3381cc59683a9763f

Request headers

Referer: https://onedrive.live.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 05 Nov 2018 19:12:59 GMT
content-encoding: gzip
content-md5: Oe6wfmgC4rV/XhCprZvKJA==
status: 200
content-length: 33335
x-ms-lease-status: unlocked
last-modified: Mon, 14 May 2018 21:54:17 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag: 0x8D5B9E53DB4CCFD
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 456481ad-101e-00c8-56d5-eb8ce5000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type
cache-control: public, max-age=16189817
x-ms-version: 2009-09-19

GET
S 200 embed_s_embed-212fe29f.js Show response
spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20180514.001/ 483 KB
133 KB 15ms
14ms Script
application/javascript 2.16.186.40
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20180514.001/embed_s_embed-212fe29f.js
Requested by: Host: onedrive.live.com
URL: https://onedrive.live.com/embed?cid=3871B7BAD2D4FC0D&resid=3871B7BAD2D4FC0D%21131&authkey=ALIQU7HmYjAkkLs&em=2
Protocol: SPDY
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2.16.186.40 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-16-186-40.deploy.static.akamaitechnologies.com
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 5c15c38a2b7554cab332dfb9e87398220fcb9a285e18905a20a50b439cba7ccb

Request headers

Referer: https://onedrive.live.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 05 Nov 2018 19:12:59 GMT
content-encoding: gzip
content-md5: IS/in/g30QB+g7MVI79lXQ==
status: 200
content-length: 135707
x-ms-lease-status: unlocked
last-modified: Mon, 14 May 2018 21:54:01 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag: 0x8D5B9E533D8DD7F
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 6d2755cd-501e-00e6-20d5-eb0c22000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type
cache-control: public, max-age=16189843
x-ms-version: 2009-09-19

GET
DATA 200
OK truncated
/ 34 KB
0 Font
font/woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 07ec698b1036cdfbb8892f02d9510f5f671284fca9fa003b883996da040a444b

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Origin: https://onedrive.live.com

Response headers

Access-Control-Allow-Origin: *
Content-Type: font/woff;charset=utf-8

GET
S 200 embed1-0986a9b4.js Show response
spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20180514.001/ 47 KB
14 KB 7ms
6ms Script
application/javascript 2.16.186.40
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20180514.001/embed1-0986a9b4.js
Requested by: Host: onedrive.live.com
URL: https://onedrive.live.com/embed?cid=3871B7BAD2D4FC0D&resid=3871B7BAD2D4FC0D%21131&authkey=ALIQU7HmYjAkkLs&em=2
Protocol: SPDY
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2.16.186.40 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-16-186-40.deploy.static.akamaitechnologies.com
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: b7ab99f404e84cb71d274c9dca01c0b4a68b7adb20309c5f04387cb809cc0547

Request headers

Referer: https://onedrive.live.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 05 Nov 2018 19:13:00 GMT
content-encoding: gzip
content-md5: CYaptDz18cVXSIKt0vWKWA==
status: 200
content-length: 14119
x-ms-lease-status: unlocked
last-modified: Mon, 14 May 2018 21:54:00 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag: 0x8D5B9E5332E9B80
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 45648324-101e-00c8-0cd5-eb8ce5000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type
cache-control: public, max-age=16189756
x-ms-version: 2009-09-19

GET
S 200 embed2-8c600200.js Show response
spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20180514.001/ 203 KB
68 KB 17ms
17ms Script
application/javascript 2.16.186.40
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20180514.001/embed2-8c600200.js
Requested by: Host: onedrive.live.com
URL: https://onedrive.live.com/embed?cid=3871B7BAD2D4FC0D&resid=3871B7BAD2D4FC0D%21131&authkey=ALIQU7HmYjAkkLs&em=2
Protocol: SPDY
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2.16.186.40 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-16-186-40.deploy.static.akamaitechnologies.com
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 4d54a5f9a58647882e3ecda9c1c0ef87af16911d42ad51b4e8b718f84443c553

Request headers

Referer: https://onedrive.live.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 05 Nov 2018 19:13:00 GMT
content-encoding: gzip
content-md5: jGACACXYYkvx7qKc5FskXg==
status: 200
content-length: 69276
x-ms-lease-status: unlocked
last-modified: Mon, 14 May 2018 21:54:00 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag: 0x8D5B9E5337DDB83
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 6d2756be-501e-00e6-6fd5-eb0c22000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type
cache-control: public, max-age=16189960
x-ms-version: 2009-09-19

GET
S 200 embed0-54f3ec81.js Show response
spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20180514.001/ 15 KB
6 KB 7ms
7ms Script
application/javascript 2.16.186.40
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20180514.001/embed0-54f3ec81.js
Requested by: Host: onedrive.live.com
URL: https://onedrive.live.com/embed?cid=3871B7BAD2D4FC0D&resid=3871B7BAD2D4FC0D%21131&authkey=ALIQU7HmYjAkkLs&em=2
Protocol: SPDY
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2.16.186.40 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-16-186-40.deploy.static.akamaitechnologies.com
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: c0153afba2ee2258329d951763cc14531c98cdecfc22d55be2597cfad0cc6e54

Request headers

Referer: https://onedrive.live.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 05 Nov 2018 19:13:00 GMT
content-encoding: gzip
content-md5: VPPsgWGZk5RDzVgXZtU7Yg==
status: 200
content-length: 6057
x-ms-lease-status: unlocked
last-modified: Mon, 14 May 2018 21:53:59 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag: 0x8D5B9E532CDCC12
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: b96f33ba-101e-0122-1fd5-eb35b1000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type
cache-control: public, max-age=16189895
x-ms-version: 2009-09-19

GET
S 200 mscc-0.4.1.min.css
c.s-microsoft.com/mscc/statics/ Frame EA4A 1 KB
934 B 130ms
36ms Stylesheet
text/css 2a02:26f0:f1:296::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.s-microsoft.com/mscc/statics/mscc-0.4.1.min.css
Requested by: Host: word-view.officeapps.live.com
URL: https://word-view.officeapps.live.com/wv/wordviewerframe.aspx?embed=1&PdfMode=1&ui=en-US&rs=en-US&hid=MXS12+rww0aHCE8tdw/MYw.0&WOPISrc=https%3A%2F%2Fwopi.onedrive.com%2Fwopi%2Ffiles%2F3871B7BAD2D4FC0D%21131&sc=host%3D%26qt%3DFolders%26pt%3Dem
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:f1:296::356e , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: /
Resource Hash: 35211f76c4c35c17f2649b96868c0d691f1d78b107f7635d22619948d0ee6880

Request headers

Referer: https://word-view.officeapps.live.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Mon, 05 Nov 2018 19:13:00 GMT
content-encoding: gzip
last-modified: Mon, 10 Sep 2018 17:42:23 GMT
content-md5: 2MKxgMQLzH/8vixotX2Pog==
status: 200
etag: 0x8D61744C3ED0073
vary: Accept-Encoding
access-control-allow-methods: GET,POST
content-type: text/css;charset=utf-8
access-control-allow-origin: *
x-ms-request-id: 41f924a0-901e-0090-04fe-4986d4000000
x-ms-version: 2009-09-19
content-length: 627

GET
H/1.1 200
OK WordViewer.css
c1-word-view-15.cdn.office.net/wv/s/161103032653_resources/1033/ Frame EA4A 192 KB
29 KB 60ms
7ms Stylesheet
text/css 2a02:26f0:f1:28f::1c24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://c1-word-view-15.cdn.office.net/wv/s/161103032653_resources/1033/WordViewer.css

Requested by

Host: word-view.officeapps.live.com
URL: https://word-view.officeapps.live.com/wv/wordviewerframe.aspx?embed=1&PdfMode=1&ui=en-US&rs=en-US&hid=MXS12+rww0aHCE8tdw/MYw.0&WOPISrc=https%3A%2F%2Fwopi.onedrive.com%2Fwopi%2Ffiles%2F3871B7BAD2D4FC0D%21131&sc=host%3D%26qt%3DFolders%26pt%3Dem

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:f1:28f::1c24 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

afbdc2a273404bb86568f631449b294923cdd3a81e662435bd88af85fcf28ef1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://word-view.officeapps.live.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
ETag: W/"0cfd2fbb972d41:0"
X-OfficeCluster: NL2
X-CCR: true
X-OfficeVersion: 16.0.11025.37775
X-OfficeFE: 30edd69fbfd7
P3P: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
Connection: keep-alive
Content-Length: 28915
Cache-Control: public,max-age=31536000
Last-Modified: Fri, 02 Nov 2018 14:40:22 GMT
X-OFFICEFD: f5c2c766d413
X-MSEdge-Ref: Ref A: B18ED9424DC44335810523B0BD07313E Ref B: AMS04EDGE0720 Ref C: 2018-11-02T14:40:21Z
X-UserSessionId: f52a03a0-a977-46fd-b61a-9c3c217d04ba
Date: Mon, 05 Nov 2018 19:13:00 GMT
Vary: Accept-Encoding
Content-Type: text/css
Access-Control-Allow-Origin: *
X-CorrelationId: f52a03a0-a977-46fd-b61a-9c3c217d04ba
Accept-Ranges: bytes
Timing-Allow-Origin: *

GET
H/1.1 200
OK MicrosoftAjax.js Show response
c1-officeapps-15.cdn.office.net/wv/s/161103032653_App_Scripts/ Frame EA4A 105 KB
27 KB 60ms
8ms Script
application/javascript 2a02:26f0:f1:29f::1c24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://c1-officeapps-15.cdn.office.net/wv/s/161103032653_App_Scripts/MicrosoftAjax.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:f1:29f::1c24 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

0472d2a94ae07ca63c9b7b6b7ed95419bb2da6ad34d01075b43f0f9287b30984

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://word-view.officeapps.live.com/
Origin: https://word-view.officeapps.live.com

Response headers

Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
ETag: W/"80383afbb972d41:0"
X-OfficeCluster: NL2
X-CCR: true
X-OfficeVersion: 16.0.11025.37775
X-OfficeFE: d2319df7460d
P3P: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
Connection: keep-alive
Content-Length: 26964
Cache-Control: public,max-age=31536000
Last-Modified: Fri, 02 Nov 2018 14:40:21 GMT
X-OFFICEFD: 1e13da00479e
X-MSEdge-Ref: Ref A: F403B19308E84B20BFC5CBD199E7207A Ref B: AM3EDGE0811 Ref C: 2018-11-02T14:40:21Z
X-UserSessionId: ade7573b-ca96-49e1-ad5e-b24064dac331
Date: Mon, 05 Nov 2018 19:13:00 GMT
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
X-CorrelationId: ade7573b-ca96-49e1-ad5e-b24064dac331
Accept-Ranges: bytes
Timing-Allow-Origin: *

GET
S 200 mscc-0.4.1.min.js Show response
c.s-microsoft.com/mscc/statics/ Frame EA4A 3 KB
2 KB 99ms
27ms Script
text/javascript 2a02:26f0:f1:296::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.s-microsoft.com/mscc/statics/mscc-0.4.1.min.js
Requested by: Host: word-view.officeapps.live.com
URL: https://word-view.officeapps.live.com/wv/wordviewerframe.aspx?embed=1&PdfMode=1&ui=en-US&rs=en-US&hid=MXS12+rww0aHCE8tdw/MYw.0&WOPISrc=https%3A%2F%2Fwopi.onedrive.com%2Fwopi%2Ffiles%2F3871B7BAD2D4FC0D%21131&sc=host%3D%26qt%3DFolders%26pt%3Dem
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:f1:296::356e , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: /
Resource Hash: c87516d7dd7077edd467f5b7b085b035cd4803ecf049670ab19de004e270aba8

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://word-view.officeapps.live.com/
Origin: https://word-view.officeapps.live.com

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Mon, 05 Nov 2018 19:13:00 GMT
content-encoding: gzip
last-modified: Mon, 10 Sep 2018 17:42:12 GMT
content-md5: XpofSqMdSqYPb4maLkXO+A==
status: 200
etag: 0x8D61744BD6EA9B6
vary: Accept-Encoding
access-control-allow-methods: GET,POST
content-type: text/javascript;charset=utf-8
access-control-allow-origin: *
x-ms-request-id: 9fc6c4bd-001e-003f-1afe-49a444000000
x-ms-version: 2009-09-19
content-length: 1588

GET
H/1.1 200
OK cookiecompliance.js Show response
c1-officeapps-15.cdn.office.net/wv/s/161103032653_App_Scripts/ Frame EA4A 9 KB
3 KB 60ms
14ms Script
application/javascript 2a02:26f0:f1:29f::1c24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://c1-officeapps-15.cdn.office.net/wv/s/161103032653_App_Scripts/cookiecompliance.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:f1:29f::1c24 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

910f1f3ce687cfde1a12415fe73a4465e7a2f851177c33ca8e9f3b5c5f93c41c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://word-view.officeapps.live.com/
Origin: https://word-view.officeapps.live.com

Response headers

Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
ETag: W/"80a7eda0ba72d41:0"
X-OfficeCluster: NL2
X-CCR: true
X-OfficeVersion: 16.0.11025.37775
X-OfficeFE: 7cb65046c4c2
P3P: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
Connection: keep-alive
Content-Length: 1945
Cache-Control: public,max-age=31536000
Last-Modified: Fri, 02 Nov 2018 14:44:59 GMT
X-OFFICEFD: 38198d8c31de
X-MSEdge-Ref: Ref A: CE601E13CDDA471FAE6003B45E5DC23F Ref B: AM3EDGE0811 Ref C: 2018-11-02T14:44:59Z
X-UserSessionId: b8a016d6-c226-4019-a312-6e86660e82c1
Date: Mon, 05 Nov 2018 19:13:00 GMT
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
X-CorrelationId: b8a016d6-c226-4019-a312-6e86660e82c1
Accept-Ranges: bytes
Timing-Allow-Origin: *

GET
H/1.1 200
OK CommonIntl.js Show response
c1-officeapps-15.cdn.office.net/wv/s/161103032653_App_Scripts/1033/ Frame EA4A 59 KB
19 KB 55ms
9ms Script
application/javascript 2a02:26f0:f1:29f::1c24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://c1-officeapps-15.cdn.office.net/wv/s/161103032653_App_Scripts/1033/CommonIntl.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:f1:29f::1c24 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

5beb6b937f09a99d28e08863c0afa5f6011df0f017253a9789aefd2110f825fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://word-view.officeapps.live.com/
Origin: https://word-view.officeapps.live.com

Response headers

Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
ETag: W/"80383afbb972d41:0"
X-OfficeCluster: NL2
X-CCR: true
X-OfficeVersion: 16.0.11025.37775
X-OfficeFE: 5ff2c27c8b22
P3P: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
Connection: keep-alive
Content-Length: 18087
Cache-Control: public,max-age=31536000
Last-Modified: Fri, 02 Nov 2018 14:40:21 GMT
X-OFFICEFD: 52bcd85898e1
X-MSEdge-Ref: Ref A: 20506288E9924ED5BD6B2BF4BFD15051 Ref B: AMS04EDGE0107 Ref C: 2018-11-02T14:40:21Z
X-UserSessionId: a5ea8917-fb05-4453-aef9-fb3cee00b9cb
Date: Mon, 05 Nov 2018 19:13:00 GMT
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
X-CorrelationId: a5ea8917-fb05-4453-aef9-fb3cee00b9cb
Accept-Ranges: bytes
Timing-Allow-Origin: *

GET
H/1.1 200
OK Compat.js Show response
c1-word-view-15.cdn.office.net/wv/s/161103032653_App_Scripts/ Frame EA4A 6 KB
2 KB 55ms
9ms Script
application/javascript 2a02:26f0:f1:28f::1c24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://c1-word-view-15.cdn.office.net/wv/s/161103032653_App_Scripts/Compat.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:f1:28f::1c24 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

06fe78141d1f3a435441a17ec8f9f46af7000af35aa0133c699c537d663607d0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://word-view.officeapps.live.com/
Origin: https://word-view.officeapps.live.com

Response headers

Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
ETag: W/"8054889ba72d41:0"
X-OfficeCluster: NL2
X-CCR: true
X-OfficeVersion: 16.0.11025.37775
X-OfficeFE: 94c21aebf23c
P3P: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
Connection: keep-alive
Content-Length: 1618
Cache-Control: public,max-age=31536000
Last-Modified: Fri, 02 Nov 2018 14:40:45 GMT
X-OFFICEFD: d5dc29600d67
X-MSEdge-Ref: Ref A: 4A10815560C14C2E892C97EA7ADCAFC9 Ref B: AMS04EDGE0720 Ref C: 2018-11-02T14:40:46Z
X-UserSessionId: e7bec3ae-a720-4a31-a416-2c051f8c9605
Date: Mon, 05 Nov 2018 19:13:00 GMT
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
X-CorrelationId: e7bec3ae-a720-4a31-a416-2c051f8c9605
Accept-Ranges: bytes
Timing-Allow-Origin: *

GET
H/1.1 200
OK WordViewerIntl.js Show response
c1-word-view-15.cdn.office.net/wv/s/161103032653_App_Scripts/1033/ Frame EA4A 18 KB
5 KB 62ms
16ms Script
application/javascript 2a02:26f0:f1:28f::1c24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://c1-word-view-15.cdn.office.net/wv/s/161103032653_App_Scripts/1033/WordViewerIntl.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:f1:28f::1c24 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

668b05a31c3a0eeef02775404ede2782cda127f92569ae938f80601b44d011cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://word-view.officeapps.live.com/
Origin: https://word-view.officeapps.live.com

Response headers

Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
ETag: W/"80383afbb972d41:0"
X-OfficeCluster: NL2
X-CCR: true
X-OfficeVersion: 16.0.11025.37775
X-OfficeFE: 30edd69fbfd7
P3P: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
Connection: keep-alive
Content-Length: 3962
Cache-Control: public,max-age=31536000
Last-Modified: Fri, 02 Nov 2018 14:40:21 GMT
X-OFFICEFD: 4789d38c70cb
X-MSEdge-Ref: Ref A: 74611BFBAA2247919395A4BB07E2259C Ref B: AMS04EDGE0110 Ref C: 2018-11-02T14:40:21Z
X-UserSessionId: 7d4ce8a0-1243-4915-bf51-e6e4d67129ac
Date: Mon, 05 Nov 2018 19:13:00 GMT
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
X-CorrelationId: 7d4ce8a0-1243-4915-bf51-e6e4d67129ac
Accept-Ranges: bytes
Timing-Allow-Origin: *

GET
H/1.1 200
OK WordViewer.js Show response
c1-word-view-15.cdn.office.net/wv/s/161103032653_App_Scripts/ Frame EA4A 906 KB
244 KB 59ms
13ms Script
application/javascript 2a02:26f0:f1:28f::1c24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://c1-word-view-15.cdn.office.net/wv/s/161103032653_App_Scripts/WordViewer.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:f1:28f::1c24 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

705747018d8907af8ecdb97a445cb5e4d7827f44212730a1e7a26e926efb4706

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://word-view.officeapps.live.com/
Origin: https://word-view.officeapps.live.com

Response headers

Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
ETag: W/"0cfd2fbb972d41:0"
X-OfficeCluster: NL2
X-CCR: true
X-OfficeVersion: 16.0.11025.37775
X-OfficeFE: 449038f76df8
P3P: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
Connection: keep-alive
Content-Length: 248553
Cache-Control: public,max-age=31536000
Last-Modified: Fri, 02 Nov 2018 14:40:22 GMT
X-OFFICEFD: 38198d8c31de
X-MSEdge-Ref: Ref A: F95859705017461799DBE4688743ECD6 Ref B: AMS04EDGE0110 Ref C: 2018-11-02T14:40:22Z
X-UserSessionId: de2ace7e-9d3e-4a20-86ec-0f089a5d1d20
Date: Mon, 05 Nov 2018 19:13:00 GMT
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
X-CorrelationId: de2ace7e-9d3e-4a20-86ec-0f089a5d1d20
Accept-Ranges: bytes
Timing-Allow-Origin: *

POST
H2 200 RemoteUls.ashx Show response
word-view.officeapps.live.com/wv/ Frame EA4A 0
292 B 43ms
40ms XHR
text/plain 2620:1ec:a92::171
Microsoft Corpora...

General

Check archive.org

Show headers Download Go to

Full URL

https://word-view.officeapps.live.com/wv/RemoteUls.ashx?build=16.0.11030.32653&waccluster=NL2

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:1ec:a92::171 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

:path: /wv/RemoteUls.ashx?build=16.0.11030.32653&waccluster=NL2
pragma: no-cache
cookie: E=P:FOAhs1JD1og=:vpB65rT+N9J/I/L5beffpoK1KG05YHJnFsBzVx2vXEo=:F; xid=cd8d569c-6169-47ed-b805-883d5313264f&&RD00155D9966BC&357; xidseq=1; wla42=; DcLcid=ui=1033&data=1033; BIGipCookie=000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
origin: https://word-view.officeapps.live.com
accept-encoding: gzip, deflate
x-usersessionid: 29b67006-2184-44e0-a63b-2be38f1de6ec
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
x-browserulsbeacon: [{"Index":0,"MsSinceStart":0,"Value":"SessionStarted","Type":"SessionBoundary"}]
accept: */*
cache-control: no-cache
:authority: word-view.officeapps.live.com
referer: https://word-view.officeapps.live.com/wv/wordviewerframe.aspx?embed=1&PdfMode=1&ui=en-US&rs=en-US&hid=MXS12+rww0aHCE8tdw/MYw.0&WOPISrc=https%3A%2F%2Fwopi.onedrive.com%2Fwopi%2Ffiles%2F3871B7BAD2D4FC0D%21131&sc=host%3D%26qt%3DFolders%26pt%3Dem
:scheme: https
content-length: 0
:method: POST
Referer: https://word-view.officeapps.live.com/wv/wordviewerframe.aspx?embed=1&PdfMode=1&ui=en-US&rs=en-US&hid=MXS12+rww0aHCE8tdw/MYw.0&WOPISrc=https%3A%2F%2Fwopi.onedrive.com%2Fwopi%2Ffiles%2F3871B7BAD2D4FC0D%21131&sc=host%3D%26qt%3DFolders%26pt%3Dem
Origin: https://word-view.officeapps.live.com
X-UserSessionId: 29b67006-2184-44e0-a63b-2be38f1de6ec
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-BrowserUlsBeacon: [{"Index":0,"MsSinceStart":0,"Value":"SessionStarted","Type":"SessionBoundary"}]

Response headers

strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-officecluster: NL2
x-officeversion: 16.0.11030.32653
x-officefe: 92416f6ad8d2
p3p: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
status: 200
content-disposition: attachment
content-length: 0
x-correlationid: 6785e8d7-8f7d-4c7f-aae1-bc91f53cfeda
x-officefd: c0ba7aa6c698
x-ccr: true
x-usersessionid: 29b67006-2184-44e0-a63b-2be38f1de6ec
date: Mon, 05 Nov 2018 19:12:59 GMT
x-download-options: noopen
content-type: text/plain
access-control-allow-origin: https://word-view.officeapps.live.com
access-control-expose-headers: X-EndSession, X-CorrelationId, X-OfficeFE, X-NewKey
cache-control: private
set-cookie
x-msedge-ref: Ref A: B8CCA4C0119F4BFFA82923DB7792EFB2 Ref B: VIEEDGE0709 Ref C: 2018-11-05T19:13:00Z
timing-allow-origin: *

GET
DATA 200
OK truncated
/ Frame EA4A 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 223f620d31252cab8d99fba428b123b3ccc9fa705bfe3a43417e1d976c4a6221

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/png

POST
H2 200 RemoteUls.ashx Show response
word-view.officeapps.live.com/wv/ Frame EA4A 0
159 B 39ms
39ms XHR
text/plain 2620:1ec:a92::171
Microsoft Corpora...

General

Check archive.org

Show headers Download Go to

Full URL

https://word-view.officeapps.live.com/wv/RemoteUls.ashx?build=16.0.11030.32653&waccluster=NL2

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:1ec:a92::171 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

:path: /wv/RemoteUls.ashx?build=16.0.11030.32653&waccluster=NL2
pragma: no-cache
cookie: E=P:FOAhs1JD1og=:vpB65rT+N9J/I/L5beffpoK1KG05YHJnFsBzVx2vXEo=:F; xid=cd8d569c-6169-47ed-b805-883d5313264f&&RD00155D9966BC&357; xidseq=1; wla42=; DcLcid=ui=1033&data=1033; BIGipCookie=000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
origin: https://word-view.officeapps.live.com
accept-encoding: gzip, deflate
x-usersessionid: 29b67006-2184-44e0-a63b-2be38f1de6ec
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
x-browserulsbeacon: [{"Index":1,"MsSinceStart":112,"Value":"https://c1-word-view-15.cdn.office.net:443/wv/s/161103032653_resources/1033/WordViewer.css","Type":"ResourceDownloadSuccess"}]
accept: */*
cache-control: no-cache
:authority: word-view.officeapps.live.com
referer: https://word-view.officeapps.live.com/wv/wordviewerframe.aspx?embed=1&PdfMode=1&ui=en-US&rs=en-US&hid=MXS12+rww0aHCE8tdw/MYw.0&WOPISrc=https%3A%2F%2Fwopi.onedrive.com%2Fwopi%2Ffiles%2F3871B7BAD2D4FC0D%21131&sc=host%3D%26qt%3DFolders%26pt%3Dem
:scheme: https
content-length: 0
:method: POST
Referer: https://word-view.officeapps.live.com/wv/wordviewerframe.aspx?embed=1&PdfMode=1&ui=en-US&rs=en-US&hid=MXS12+rww0aHCE8tdw/MYw.0&WOPISrc=https%3A%2F%2Fwopi.onedrive.com%2Fwopi%2Ffiles%2F3871B7BAD2D4FC0D%21131&sc=host%3D%26qt%3DFolders%26pt%3Dem
Origin: https://word-view.officeapps.live.com
X-UserSessionId: 29b67006-2184-44e0-a63b-2be38f1de6ec
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-BrowserUlsBeacon: [{"Index":1,"MsSinceStart":112,"Value":"https://c1-word-view-15.cdn.office.net:443/wv/s/161103032653_resources/1033/WordViewer.css","Type":"ResourceDownloadSuccess"}]

Response headers

strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-officecluster: NL2
x-officeversion: 16.0.11030.32653
x-officefe: 9217e78740ce
p3p: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
status: 200
content-disposition: attachment
content-length: 0
x-correlationid: 7dafd4b6-93ec-4f5c-afe4-43d928a15af5
x-officefd: 3e25b8bcb34a
x-ccr: true
x-usersessionid: 29b67006-2184-44e0-a63b-2be38f1de6ec
date: Mon, 05 Nov 2018 19:12:59 GMT
x-download-options: noopen
content-type: text/plain
access-control-allow-origin: https://word-view.officeapps.live.com
access-control-expose-headers: X-EndSession, X-CorrelationId, X-OfficeFE, X-NewKey
cache-control: private
set-cookie
x-msedge-ref: Ref A: D5F2A7F6F3D54CDFBA625424CF93AE6F Ref B: VIEEDGE0709 Ref C: 2018-11-05T19:13:00Z
timing-allow-origin: *

GET
DATA 200
OK truncated
/ Frame EA4A 60 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 83f8c8c200f72e996a99b719fa97f1e588904baa0602a9347bf6ea342b909ac7

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/gif

GET
DATA 200
OK truncated
/ Frame EA4A 60 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 36f5a64c706e1ae129419a67790b4a99a8f8f0ba20210a9920e7b474914442b6

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/gif

GET
H2 200 ResReader.ashx
word-view.officeapps.live.com/wv/ Frame EA4A 61 KB
61 KB 1404ms
1404ms Image
image/jpeg 2620:1ec:a92::171
Microsoft Corpora...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://word-view.officeapps.live.com/wv/ResReader.ashx?n=p1.img&WOPIsrc=https%3A%2F%2Fwopi%2Eonedrive%2Ecom%2Fwopi%2Ffiles%2F3871B7BAD2D4FC0D%21131&access_token=4wX2xpz9Cf99IAnZjpXaDDvSYLT8eMRzRxI4MKqENKmMv3YOxnFg5i%5F7PH0AE4ZfWJHstFXRMr%2Duwyr2%5FPgsnHUZ6w%5FB6uPZZZ%5F1wBOEErdLYEULBixIBhsuQNel85D6cOqByWK1m1JAWO2gvkgwjicw&access_token_ttl=1543259579766&z=aMzg3MUI3QkFEMkQ0RkMwRCExMzEuNw&v=00000000-0000-0000-0000-000000000802&usid=29b67006-2184-44e0-a63b-2be38f1de6ec&splashscreen=1&build=16.0.11030.32653&PdfMode=1&waccluster=NL2

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:1ec:a92::171 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),

Reverse DNS

Software

Resource Hash

3b2d75e97905c1d80049839f252c3e9828f375677860c538aa47ea51da3af539

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

:path: /wv/ResReader.ashx?n=p1.img&WOPIsrc=https%3A%2F%2Fwopi%2Eonedrive%2Ecom%2Fwopi%2Ffiles%2F3871B7BAD2D4FC0D%21131&access_token=4wX2xpz9Cf99IAnZjpXaDDvSYLT8eMRzRxI4MKqENKmMv3YOxnFg5i%5F7PH0AE4ZfWJHstFXRMr%2Duwyr2%5FPgsnHUZ6w%5FB6uPZZZ%5F1wBOEErdLYEULBixIBhsuQNel85D6cOqByWK1m1JAWO2gvkgwjicw&access_token_ttl=1543259579766&z=aMzg3MUI3QkFEMkQ0RkMwRCExMzEuNw&v=00000000-0000-0000-0000-000000000802&usid=29b67006-2184-44e0-a63b-2be38f1de6ec&splashscreen=1&build=16.0.11030.32653&PdfMode=1&waccluster=NL2
pragma: no-cache
cookie: E=P:FOAhs1JD1og=:vpB65rT+N9J/I/L5beffpoK1KG05YHJnFsBzVx2vXEo=:F; xid=cd8d569c-6169-47ed-b805-883d5313264f&&RD00155D9966BC&357; xidseq=1; wla42=; DcLcid=ui=1033&data=1033; BIGipCookie=000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: word-view.officeapps.live.com
referer: https://word-view.officeapps.live.com/wv/wordviewerframe.aspx?embed=1&PdfMode=1&ui=en-US&rs=en-US&hid=MXS12+rww0aHCE8tdw/MYw.0&WOPISrc=https%3A%2F%2Fwopi.onedrive.com%2Fwopi%2Ffiles%2F3871B7BAD2D4FC0D%21131&sc=host%3D%26qt%3DFolders%26pt%3Dem
:scheme: https
:method: GET
Referer: https://word-view.officeapps.live.com/wv/wordviewerframe.aspx?embed=1&PdfMode=1&ui=en-US&rs=en-US&hid=MXS12+rww0aHCE8tdw/MYw.0&WOPISrc=https%3A%2F%2Fwopi.onedrive.com%2Fwopi%2Ffiles%2F3871B7BAD2D4FC0D%21131&sc=host%3D%26qt%3DFolders%26pt%3Dem
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-officecluster: NL2
x-officeversion: 16.0.11030.32653
x-officefe: 6e3df3b8f039
p3p: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
status: 200
content-disposition: attachment
content-length: 62454
etag: "WOPIsrc=https%3A%2F%2Fwopi%2Eonedrive%2Ecom%2Fwopi%2Ffiles%2F3871B7BAD2D4FC0D%21131&access_token=4wX2xpz9Cf99IAnZjpXaDDvSYLT8eMRzRxI4MKqENKmMv3YOxnFg5i%5F7PH0AE4ZfWJHstFXRMr%2Duwyr2%5FPgsnHUZ6w%5FB6uPZZZ%5F1wBOEErdLYEULBixIBhsuQNel85D6cOqByWK1m1JAWO2gvkgwjicw&access_token_ttl=1543259579766&z=aMzg3MUI3QkFEMkQ0RkMwRCExMzEuNw00000000-0000-0000-0000-000000000802p1.img"
x-correlationid: d8e0461f-0fd6-4cff-a397-8f275bdb089f
x-officefd: dde2dc781c9b
x-ccr: true
x-usersessionid: 29b67006-2184-44e0-a63b-2be38f1de6ec
date: Mon, 05 Nov 2018 19:13:01 GMT
x-download-options: noopen
content-type: image/jpeg
cache-control: private
set-cookie
x-msedge-ref: Ref A: C3F19E5C3BAF49F0968CE51F1BB56BAE Ref B: VIEEDGE0709 Ref C: 2018-11-05T19:13:01Z
timing-allow-origin: *
expires: Tue, 05 Nov 2019 19:13:01 GMT

POST
H2 200 RemoteUls.ashx Show response
word-view.officeapps.live.com/wv/ Frame EA4A 0
158 B 40ms
40ms XHR
text/plain 2620:1ec:a92::171
Microsoft Corpora...

General

Check archive.org

Show headers Download Go to

Full URL

https://word-view.officeapps.live.com/wv/RemoteUls.ashx?build=16.0.11030.32653&waccluster=NL2

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:1ec:a92::171 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

:path: /wv/RemoteUls.ashx?build=16.0.11030.32653&waccluster=NL2
pragma: no-cache
cookie: E=P:FOAhs1JD1og=:vpB65rT+N9J/I/L5beffpoK1KG05YHJnFsBzVx2vXEo=:F; xid=cd8d569c-6169-47ed-b805-883d5313264f&&RD00155D9966BC&357; xidseq=1; wla42=; DcLcid=ui=1033&data=1033; BIGipCookie=000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
origin: https://word-view.officeapps.live.com
accept-encoding: gzip, deflate
x-usersessionid: 29b67006-2184-44e0-a63b-2be38f1de6ec
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
x-browserulsbeacon: [{"Index":2,"MsSinceStart":378,"Value":"SplashScreenShown","Type":"BootPhaseCompleted"}]
accept: */*
cache-control: no-cache
:authority: word-view.officeapps.live.com
referer: https://word-view.officeapps.live.com/wv/wordviewerframe.aspx?embed=1&PdfMode=1&ui=en-US&rs=en-US&hid=MXS12+rww0aHCE8tdw/MYw.0&WOPISrc=https%3A%2F%2Fwopi.onedrive.com%2Fwopi%2Ffiles%2F3871B7BAD2D4FC0D%21131&sc=host%3D%26qt%3DFolders%26pt%3Dem
:scheme: https
content-length: 0
:method: POST
Referer: https://word-view.officeapps.live.com/wv/wordviewerframe.aspx?embed=1&PdfMode=1&ui=en-US&rs=en-US&hid=MXS12+rww0aHCE8tdw/MYw.0&WOPISrc=https%3A%2F%2Fwopi.onedrive.com%2Fwopi%2Ffiles%2F3871B7BAD2D4FC0D%21131&sc=host%3D%26qt%3DFolders%26pt%3Dem
Origin: https://word-view.officeapps.live.com
X-UserSessionId: 29b67006-2184-44e0-a63b-2be38f1de6ec
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-BrowserUlsBeacon: [{"Index":2,"MsSinceStart":378,"Value":"SplashScreenShown","Type":"BootPhaseCompleted"}]

Response headers

strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-officecluster: NL2
x-officeversion: 16.0.11030.32653
x-officefe: c9499e30d84e
p3p: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
status: 200
content-disposition: attachment
content-length: 0
x-correlationid: ac30d403-1a9d-4766-977a-6e6b00237a4c
x-officefd: f5c2c766d413
x-ccr: true
x-usersessionid: 29b67006-2184-44e0-a63b-2be38f1de6ec
date: Mon, 05 Nov 2018 19:12:59 GMT
x-download-options: noopen
content-type: text/plain
access-control-allow-origin: https://word-view.officeapps.live.com
access-control-expose-headers: X-EndSession, X-CorrelationId, X-OfficeFE, X-NewKey
cache-control: private
set-cookie
x-msedge-ref: Ref A: 1D8ABD2B41974D10B146D169BE465149 Ref B: VIEEDGE0709 Ref C: 2018-11-05T19:13:00Z
timing-allow-origin: *

GET
H/1.1 200
OK segoeui.woff
c1-word-view-15.cdn.office.net/wv/s/161103032653_resources/1033/ Frame EA4A 22 KB
23 KB 59ms
59ms Font
font/x-woff 2a02:26f0:f1:28f::1c24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://c1-word-view-15.cdn.office.net/wv/s/161103032653_resources/1033/segoeui.woff

Requested by

Host: c1-officeapps-15.cdn.office.net
URL: https://c1-officeapps-15.cdn.office.net/wv/s/161103032653_App_Scripts/MicrosoftAjax.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:f1:28f::1c24 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

3d785eb0a0168e5c79e66aa0085a932d5fe2ad04f3577547e2267fa589df677d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://c1-word-view-15.cdn.office.net/wv/s/161103032653_resources/1033/WordViewer.css
Origin: https://word-view.officeapps.live.com

Response headers

Strict-Transport-Security: max-age=31536000
ETag: W/"1f81caccba72d41:0"
X-OfficeCluster: NL2
X-CCR: true
X-OfficeVersion: 16.0.11025.37775
X-OfficeFE: 30da44a6b236
P3P: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
Connection: keep-alive
Content-Length: 22720
Cache-Control: public,max-age=31536000
Last-Modified: Fri, 02 Nov 2018 14:46:12 GMT
X-OFFICEFD: 9dd6b92c2371
X-MSEdge-Ref: Ref A: E0FD9F609185441AB1D08FC77E6F2201 Ref B: AM3EDGE0811 Ref C: 2018-11-02T14:46:12Z
X-UserSessionId: 6c93073b-0492-4f7f-9289-b16b525962dd
Date: Mon, 05 Nov 2018 19:13:00 GMT
Content-Type: font/x-woff
Access-Control-Allow-Origin: *
X-CorrelationId: 6c93073b-0492-4f7f-9289-b16b525962dd
Accept-Ranges: bytes
Timing-Allow-Origin: *

GET
H2 200 docdatahandler.ashx Show response
word-view.officeapps.live.com/wv/ Frame EA4A 356 B
604 B 265ms
264ms XHR
text/xml 2620:1ec:a92::171
Microsoft Corpora...

General

Check archive.org

Show headers Download Go to

Full URL

https://word-view.officeapps.live.com/wv/docdatahandler.ashx?WOPIsrc=https%3A%2F%2Fwopi%2Eonedrive%2Ecom%2Fwopi%2Ffiles%2F3871B7BAD2D4FC0D%21131&access_token=4wX2xpz9Cf99IAnZjpXaDDvSYLT8eMRzRxI4MKqENKmMv3YOxnFg5i%5F7PH0AE4ZfWJHstFXRMr%2Duwyr2%5FPgsnHUZ6w%5FB6uPZZZ%5F1wBOEErdLYEULBixIBhsuQNel85D6cOqByWK1m1JAWO2gvkgwjicw&access_token_ttl=1543259579766&z=aMzg3MUI3QkFEMkQ0RkMwRCExMzEuNw&type=png&o15=1&ui=en-US&PdfMode=1

Requested by

Host: c1-officeapps-15.cdn.office.net
URL: https://c1-officeapps-15.cdn.office.net/wv/s/161103032653_App_Scripts/MicrosoftAjax.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:1ec:a92::171 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),

Reverse DNS

Software

Resource Hash

abc5ceb6474b2747197b9c9e7e15398b3d1f15c6c0ed9f4d424e463698a09b09

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

cookie: E=P:FOAhs1JD1og=:vpB65rT+N9J/I/L5beffpoK1KG05YHJnFsBzVx2vXEo=:F; xid=cd8d569c-6169-47ed-b805-883d5313264f&&RD00155D9966BC&357; xidseq=1; wla42=; DcLcid=ui=1033&data=1033; BIGipCookie=000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
accept-encoding: gzip, deflate
x-officeversion: 16.0.11030.32653
x-key: 4IDV1ceBAtLj255kPe82qUmnWx5rkarMvehLCdyyFxk=,636770419800271292
x-requested-with: XMLHttpRequest
x-xhr: 1
:path: /wv/docdatahandler.ashx?WOPIsrc=https%3A%2F%2Fwopi%2Eonedrive%2Ecom%2Fwopi%2Ffiles%2F3871B7BAD2D4FC0D%21131&access_token=4wX2xpz9Cf99IAnZjpXaDDvSYLT8eMRzRxI4MKqENKmMv3YOxnFg5i%5F7PH0AE4ZfWJHstFXRMr%2Duwyr2%5FPgsnHUZ6w%5FB6uPZZZ%5F1wBOEErdLYEULBixIBhsuQNel85D6cOqByWK1m1JAWO2gvkgwjicw&access_token_ttl=1543259579766&z=aMzg3MUI3QkFEMkQ0RkMwRCExMzEuNw&type=png&o15=1&ui=en-US&PdfMode=1
pragma: no-cache
x-usersessionid: 29b67006-2184-44e0-a63b-2be38f1de6ec
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: word-view.officeapps.live.com
referer: https://word-view.officeapps.live.com/wv/wordviewerframe.aspx?embed=1&PdfMode=1&ui=en-US&rs=en-US&hid=MXS12+rww0aHCE8tdw/MYw.0&WOPISrc=https%3A%2F%2Fwopi.onedrive.com%2Fwopi%2Ffiles%2F3871B7BAD2D4FC0D%21131&sc=host%3D%26qt%3DFolders%26pt%3Dem
:scheme: https
x-usertype: WOPI
x-waccluster: NL2
:method: GET
X-UserSessionId: 29b67006-2184-44e0-a63b-2be38f1de6ec
X-OfficeVersion: 16.0.11030.32653
X-Key: 4IDV1ceBAtLj255kPe82qUmnWx5rkarMvehLCdyyFxk=,636770419800271292
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://word-view.officeapps.live.com/wv/wordviewerframe.aspx?embed=1&PdfMode=1&ui=en-US&rs=en-US&hid=MXS12+rww0aHCE8tdw/MYw.0&WOPISrc=https%3A%2F%2Fwopi.onedrive.com%2Fwopi%2Ffiles%2F3871B7BAD2D4FC0D%21131&sc=host%3D%26qt%3DFolders%26pt%3Dem
X-Requested-With: XMLHttpRequest
X-UserType: WOPI
X-xhr: 1
X-WacCluster: NL2

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
x-officecluster: NL2
x-officeversion: 16.0.11030.32653
x-officefe: 523445bd7b7f
p3p: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
status: 200
content-disposition: attachment
content-length: 352
x-correlationid: 17b4850c-ccbf-4b2e-a99a-edbe33b937d2
x-officefd: 089c1558573a
x-ccr: true
x-usersessionid: 29b67006-2184-44e0-a63b-2be38f1de6ec
date: Mon, 05 Nov 2018 19:13:00 GMT
x-download-options: noopen
vary: Accept-Encoding
content-type: text/xml; charset=utf-8
cache-control: private
set-cookie
x-msedge-ref: Ref A: FFC216731A64416F8E106479544CB16A Ref B: VIEEDGE0709 Ref C: 2018-11-05T19:13:00Z
timing-allow-origin: *
expires: Tue, 05 Nov 2019 19:13:00 GMT

GET
H/1.1 200
OK wacairspaceanimationlibrary.js Show response
c1-officeapps-15.cdn.office.net/wv/s/161103032653_App_Scripts/ Frame EA4A 40 KB
7 KB 7ms
6ms Script
application/javascript 2a02:26f0:f1:29f::1c24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://c1-officeapps-15.cdn.office.net/wv/s/161103032653_App_Scripts/wacairspaceanimationlibrary.js

Requested by

Host: c1-word-view-15.cdn.office.net
URL: https://c1-word-view-15.cdn.office.net/wv/s/161103032653_App_Scripts/WordViewer.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:f1:29f::1c24 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

458d704b9bfcd0c284aa3a76db26dfce870f7537f2913937aec2a6b9d0c969ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://word-view.officeapps.live.com/
Origin: https://word-view.officeapps.live.com

Response headers

Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
ETag: W/"80383afbb972d41:0"
X-OfficeCluster: NL2
X-CCR: true
X-OfficeVersion: 16.0.11025.37775
X-OfficeFE: e8a60f8e3e37
P3P: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
Connection: keep-alive
Content-Length: 6728
Cache-Control: public,max-age=31536000
Last-Modified: Fri, 02 Nov 2018 14:40:21 GMT
X-OFFICEFD: 4789d38c70cb
X-MSEdge-Ref: Ref A: F6FA21B6A6E449FB9507CFEAA2D3483A Ref B: AMS04EDGE0318 Ref C: 2018-11-02T14:40:22Z
X-UserSessionId: 24911f37-a888-4875-8c40-ab506902e854
Date: Mon, 05 Nov 2018 19:13:00 GMT
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
X-CorrelationId: 24911f37-a888-4875-8c40-ab506902e854
Accept-Ranges: bytes
Timing-Allow-Origin: *

GET
H/1.1 200
OK wapsw.png
c1-officeapps-15.cdn.office.net/wv/s/161103032653_resources/1033/ Frame EA4A 6 KB
7 KB 27ms
7ms Image
image/png 2a02:26f0:f1:29f::1c24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c1-officeapps-15.cdn.office.net/wv/s/161103032653_resources/1033/wapsw.png?b=1601103032653

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:f1:29f::1c24 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

390577d35c959ffe7dd2af4519c04410a04fdc4a433b151e27b049fc4a1ab3e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://word-view.officeapps.live.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
ETag: W/"347a35abc72d41:0"
X-OfficeCluster: NL2
X-CCR: true
X-OfficeVersion: 16.0.11025.37775
X-OfficeFE: 90d2162fc192
P3P: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
Connection: keep-alive
Content-Length: 5884
Cache-Control: public,max-age=31536000
Last-Modified: Fri, 02 Nov 2018 14:57:20 GMT
X-OFFICEFD: 7272918c75b0
X-MSEdge-Ref: Ref A: 5FDD23887E9F48DAAA1574363AEE15E3 Ref B: AMS04EDGE0913 Ref C: 2018-11-02T14:57:20Z
X-UserSessionId: 77b59032-4d50-450c-8ad1-4957ac9db2e4
Date: Mon, 05 Nov 2018 19:13:00 GMT
Content-Type: image/png
Access-Control-Allow-Origin: *
X-CorrelationId: 77b59032-4d50-450c-8ad1-4957ac9db2e4
Accept-Ranges: bytes
Timing-Allow-Origin: *

GET
H/1.1 200
OK wv.png
c1-word-view-15.cdn.office.net/wv/s/161103032653_resources/1033/ Frame EA4A 33 KB
34 KB 13ms
13ms Image
image/png 2a02:26f0:f1:28f::1c24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c1-word-view-15.cdn.office.net/wv/s/161103032653_resources/1033/wv.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:f1:28f::1c24 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

7e3a4bd4ad002fdadef0d886c9d238ae093e371b61b8a40c64a37c2b8c9a8e56

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://word-view.officeapps.live.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
ETag: W/"388ebbfbb972d41:0"
X-OfficeCluster: NL2
X-CCR: true
X-OfficeVersion: 16.0.11025.37775
X-OfficeFE: 16f97a03a4b4
P3P: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
Connection: keep-alive
Content-Length: 33586
Cache-Control: public,max-age=31536000
Last-Modified: Fri, 02 Nov 2018 14:40:21 GMT
X-OFFICEFD: b7e7b175ea1b
X-MSEdge-Ref: Ref A: F316389C33D346D8A9B895584F1E8D41 Ref B: AMS04EDGE0107 Ref C: 2018-11-02T14:40:21Z
X-UserSessionId: 1646048d-06be-4a3c-b5d2-3961a60ebf07
Date: Mon, 05 Nov 2018 19:13:00 GMT
Content-Type: image/png
Access-Control-Allow-Origin: *
X-CorrelationId: 1646048d-06be-4a3c-b5d2-3961a60ebf07
Accept-Ranges: bytes
Timing-Allow-Origin: *

GET
S 204 _log
uhf.microsoft.com/ Frame EA4A 0
128 B 72ms
8ms Image
text/html 2a02:26f0:f1:298::2b57
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uhf.microsoft.com/_log?o=mscc&s=officeapps.live.com&m=show&nv=aspnet-3.1.4&sv=0.1.2
Requested by: Host: word-view.officeapps.live.com
URL: https://word-view.officeapps.live.com/wv/wordviewerframe.aspx?embed=1&PdfMode=1&ui=en-US&rs=en-US&hid=MXS12+rww0aHCE8tdw/MYw.0&WOPISrc=https%3A%2F%2Fwopi.onedrive.com%2Fwopi%2Ffiles%2F3871B7BAD2D4FC0D%21131&sc=host%3D%26qt%3DFolders%26pt%3Dem
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:f1:298::2b57 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://word-view.officeapps.live.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Nov 2018 19:13:00 GMT
status: 204
content-type: text/html
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 0
expires: Mon, 05 Nov 2018 19:13:00 GMT

POST
H2 200 RemoteUls.ashx Show response
word-view.officeapps.live.com/wv/ Frame EA4A 0
243 B 41ms
41ms XHR
text/plain 2620:1ec:a92::171
Microsoft Corpora...

General

Check archive.org

Show headers Download Go to

Full URL

https://word-view.officeapps.live.com/wv/RemoteUls.ashx?build=16.0.11030.32653&waccluster=NL2

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:1ec:a92::171 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

:path: /wv/RemoteUls.ashx?build=16.0.11030.32653&waccluster=NL2
pragma: no-cache
cookie: E=P:FOAhs1JD1og=:vpB65rT+N9J/I/L5beffpoK1KG05YHJnFsBzVx2vXEo=:F; xid=cd8d569c-6169-47ed-b805-883d5313264f&&RD00155D9966BC&357; xidseq=1; wla42=; DcLcid=ui=1033&data=1033; BIGipCookie=000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
origin: https://word-view.officeapps.live.com
accept-encoding: gzip, deflate
x-usersessionid: 29b67006-2184-44e0-a63b-2be38f1de6ec
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
x-browserulsbeacon: [{"Index":3,"MsSinceStart":704,"Value":"RecordAppInteractive","Type":"BootPhaseCompleted"}]
accept: */*
cache-control: no-cache
:authority: word-view.officeapps.live.com
referer: https://word-view.officeapps.live.com/wv/wordviewerframe.aspx?embed=1&PdfMode=1&ui=en-US&rs=en-US&hid=MXS12+rww0aHCE8tdw/MYw.0&WOPISrc=https%3A%2F%2Fwopi.onedrive.com%2Fwopi%2Ffiles%2F3871B7BAD2D4FC0D%21131&sc=host%3D%26qt%3DFolders%26pt%3Dem
:scheme: https
content-length: 0
:method: POST
Referer: https://word-view.officeapps.live.com/wv/wordviewerframe.aspx?embed=1&PdfMode=1&ui=en-US&rs=en-US&hid=MXS12+rww0aHCE8tdw/MYw.0&WOPISrc=https%3A%2F%2Fwopi.onedrive.com%2Fwopi%2Ffiles%2F3871B7BAD2D4FC0D%21131&sc=host%3D%26qt%3DFolders%26pt%3Dem
Origin: https://word-view.officeapps.live.com
X-UserSessionId: 29b67006-2184-44e0-a63b-2be38f1de6ec
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-BrowserUlsBeacon: [{"Index":3,"MsSinceStart":704,"Value":"RecordAppInteractive","Type":"BootPhaseCompleted"}]

Response headers

strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-officecluster: NL2
x-officeversion: 16.0.11030.32653
x-officefe: 0601bc8334ad
p3p: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
status: 200
content-disposition: attachment
content-length: 0
x-correlationid: 0664a596-59ae-4399-84cd-db5b1825880a
x-officefd: 089c1558573a
x-ccr: true
x-usersessionid: 29b67006-2184-44e0-a63b-2be38f1de6ec
date: Mon, 05 Nov 2018 19:13:00 GMT
x-download-options: noopen
content-type: text/plain
access-control-allow-origin: https://word-view.officeapps.live.com
access-control-expose-headers: X-EndSession, X-CorrelationId, X-OfficeFE, X-NewKey
cache-control: private
set-cookie
x-msedge-ref: Ref A: F54D6A6725874F61A79FA30D5CF1C7BA Ref B: VIEEDGE0709 Ref C: 2018-11-05T19:13:00Z
timing-allow-origin: *

GET
H/1.1 200
OK WordViewer.dll1.js Show response
c1-word-view-15.cdn.office.net/wv/s/161103032653_App_Scripts/ Frame EA4A 403 KB
101 KB 45ms
45ms Script
application/javascript 2a02:26f0:f1:28f::1c24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://c1-word-view-15.cdn.office.net/wv/s/161103032653_App_Scripts/WordViewer.dll1.js

Requested by

Host: c1-word-view-15.cdn.office.net
URL: https://c1-word-view-15.cdn.office.net/wv/s/161103032653_App_Scripts/WordViewer.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:f1:28f::1c24 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

16d08a5b8596420a9537aae4111835abbbd38512bd4aebd51b0915e478080c8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://word-view.officeapps.live.com/
Origin: https://word-view.officeapps.live.com

Response headers

Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
ETag: W/"8081b9aba72d41:0"
X-OfficeCluster: NL2
X-CCR: true
X-OfficeVersion: 16.0.11025.37775
X-OfficeFE: 4917c5f189fa
P3P: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
Connection: keep-alive
Content-Length: 102404
Cache-Control: public,max-age=31536000
Last-Modified: Fri, 02 Nov 2018 14:40:47 GMT
X-OFFICEFD: 7deb6bcfc7e8
X-MSEdge-Ref: Ref A: 13FB2235EEAA49169CF6CA709DF55770 Ref B: AMS04EDGE0810 Ref C: 2018-11-02T14:40:47Z
X-UserSessionId: e0618d06-0a69-48f1-9ad3-e52dfb88c8f3
Date: Mon, 05 Nov 2018 19:13:00 GMT
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
X-CorrelationId: e0618d06-0a69-48f1-9ad3-e52dfb88c8f3
Accept-Ranges: bytes
Timing-Allow-Origin: *

GET
H/1.1 200
OK progress.gif
c1-officeapps-15.cdn.office.net/wv/s/161103032653_resources/1033/ Frame EA4A 695 B
1 KB 11ms
10ms Image
image/gif 2a02:26f0:f1:29f::1c24
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c1-officeapps-15.cdn.office.net/wv/s/161103032653_resources/1033/progress.gif

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:f1:29f::1c24 , European Union, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

a3596c17dad9a003d0bfbe0b7ba6765f51391b5c3943660316f01c8e77b323db

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://word-view.officeapps.live.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
ETag: W/"ed4a58fbb972d41:0"
X-OfficeCluster: NL2
X-CCR: true
X-OfficeVersion: 16.0.11025.37775
X-OfficeFE: 59c80032179a
P3P: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
Connection: keep-alive
Content-Length: 695
Cache-Control: public,max-age=31536000
Last-Modified: Fri, 02 Nov 2018 14:40:21 GMT
X-OFFICEFD: 65e6940e8a46
X-MSEdge-Ref: Ref A: 6A9B60DFF82248868769F126C59EB946 Ref B: AMS04EDGE0814 Ref C: 2018-11-02T14:40:21Z
X-UserSessionId: 1f3c4b39-e02a-4cba-8b66-80d8802df9ef
Date: Mon, 05 Nov 2018 19:13:00 GMT
Content-Type: image/gif
Access-Control-Allow-Origin: *
X-CorrelationId: 1f3c4b39-e02a-4cba-8b66-80d8802df9ef
Accept-Ranges: bytes
Timing-Allow-Origin: *

GET
H2 200 ResReader.ashx
word-view.officeapps.live.com/wv/ Frame EA4A 61 KB
62 KB 283ms
283ms Image
image/jpeg 2620:1ec:a92::171
Microsoft Corpora...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://word-view.officeapps.live.com/wv/ResReader.ashx?n=p1.img&v=00000000-0000-0000-0000-000000000802&usid=29b67006-2184-44e0-a63b-2be38f1de6ec&build=16.0.11030.32653&WOPIsrc=https%3A%2F%2Fwopi%2Eonedrive%2Ecom%2Fwopi%2Ffiles%2F3871B7BAD2D4FC0D%21131&access_token=4wX2xpz9Cf99IAnZjpXaDDvSYLT8eMRzRxI4MKqENKmMv3YOxnFg5i%5F7PH0AE4ZfWJHstFXRMr%2Duwyr2%5FPgsnHUZ6w%5FB6uPZZZ%5F1wBOEErdLYEULBixIBhsuQNel85D6cOqByWK1m1JAWO2gvkgwjicw&access_token_ttl=1543259579766&z=aMzg3MUI3QkFEMkQ0RkMwRCExMzEuNw&waccluster=NL2&PdfMode=1

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:1ec:a92::171 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),

Reverse DNS

Software

Resource Hash

3b2d75e97905c1d80049839f252c3e9828f375677860c538aa47ea51da3af539

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

:path: /wv/ResReader.ashx?n=p1.img&v=00000000-0000-0000-0000-000000000802&usid=29b67006-2184-44e0-a63b-2be38f1de6ec&build=16.0.11030.32653&WOPIsrc=https%3A%2F%2Fwopi%2Eonedrive%2Ecom%2Fwopi%2Ffiles%2F3871B7BAD2D4FC0D%21131&access_token=4wX2xpz9Cf99IAnZjpXaDDvSYLT8eMRzRxI4MKqENKmMv3YOxnFg5i%5F7PH0AE4ZfWJHstFXRMr%2Duwyr2%5FPgsnHUZ6w%5FB6uPZZZ%5F1wBOEErdLYEULBixIBhsuQNel85D6cOqByWK1m1JAWO2gvkgwjicw&access_token_ttl=1543259579766&z=aMzg3MUI3QkFEMkQ0RkMwRCExMzEuNw&waccluster=NL2&PdfMode=1
pragma: no-cache
cookie: E=P:FOAhs1JD1og=:vpB65rT+N9J/I/L5beffpoK1KG05YHJnFsBzVx2vXEo=:F; xid=cd8d569c-6169-47ed-b805-883d5313264f&&RD00155D9966BC&357; xidseq=1; wla42=; DcLcid=ui=1033&data=1033; BIGipCookie=000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: word-view.officeapps.live.com
referer: https://word-view.officeapps.live.com/wv/wordviewerframe.aspx?embed=1&PdfMode=1&ui=en-US&rs=en-US&hid=MXS12+rww0aHCE8tdw/MYw.0&WOPISrc=https%3A%2F%2Fwopi.onedrive.com%2Fwopi%2Ffiles%2F3871B7BAD2D4FC0D%21131&sc=host%3D%26qt%3DFolders%26pt%3Dem
:scheme: https
:method: GET
Referer: https://word-view.officeapps.live.com/wv/wordviewerframe.aspx?embed=1&PdfMode=1&ui=en-US&rs=en-US&hid=MXS12+rww0aHCE8tdw/MYw.0&WOPISrc=https%3A%2F%2Fwopi.onedrive.com%2Fwopi%2Ffiles%2F3871B7BAD2D4FC0D%21131&sc=host%3D%26qt%3DFolders%26pt%3Dem
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-officecluster: NL2
x-officeversion: 16.0.11030.32653
x-officefe: 06c7a51d2965
p3p: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
status: 200
content-disposition: attachment
content-length: 62454
etag: "WOPIsrc=https%3A%2F%2Fwopi%2Eonedrive%2Ecom%2Fwopi%2Ffiles%2F3871B7BAD2D4FC0D%21131&access_token=4wX2xpz9Cf99IAnZjpXaDDvSYLT8eMRzRxI4MKqENKmMv3YOxnFg5i%5F7PH0AE4ZfWJHstFXRMr%2Duwyr2%5FPgsnHUZ6w%5FB6uPZZZ%5F1wBOEErdLYEULBixIBhsuQNel85D6cOqByWK1m1JAWO2gvkgwjicw&access_token_ttl=1543259579766&z=aMzg3MUI3QkFEMkQ0RkMwRCExMzEuNw00000000-0000-0000-0000-000000000802p1.img"
x-correlationid: 6b9b2468-53a6-4463-9441-ad834305e93a
x-officefd: c0ba7aa6c698
x-ccr: true
x-usersessionid: 29b67006-2184-44e0-a63b-2be38f1de6ec
date: Mon, 05 Nov 2018 19:13:00 GMT
x-download-options: noopen
content-type: image/jpeg
cache-control: private
set-cookie
x-msedge-ref: Ref A: C0F66E7859BE48A98968FFA8E25CCB3E Ref B: VIEEDGE0709 Ref C: 2018-11-05T19:13:01Z
timing-allow-origin: *
expires: Tue, 05 Nov 2019 19:13:00 GMT

GET
H2 200 ResReader.ashx Show response
word-view.officeapps.live.com/wv/ Frame EA4A 848 B
1 KB 271ms
270ms XHR
text/xml 2620:1ec:a92::171
Microsoft Corpora...

General

Check archive.org

Show headers Download Go to

Full URL

https://word-view.officeapps.live.com/wv/ResReader.ashx?n=p_1_10.xml&v=00000000-0000-0000-0000-000000000802&usid=29b67006-2184-44e0-a63b-2be38f1de6ec&build=16.0.11030.32653&WOPIsrc=https%3A%2F%2Fwopi%2Eonedrive%2Ecom%2Fwopi%2Ffiles%2F3871B7BAD2D4FC0D%21131&access_token=4wX2xpz9Cf99IAnZjpXaDDvSYLT8eMRzRxI4MKqENKmMv3YOxnFg5i%5F7PH0AE4ZfWJHstFXRMr%2Duwyr2%5FPgsnHUZ6w%5FB6uPZZZ%5F1wBOEErdLYEULBixIBhsuQNel85D6cOqByWK1m1JAWO2gvkgwjicw&access_token_ttl=1543259579766&z=aMzg3MUI3QkFEMkQ0RkMwRCExMzEuNw&waccluster=NL2&PdfMode=1

Requested by

Host: c1-officeapps-15.cdn.office.net
URL: https://c1-officeapps-15.cdn.office.net/wv/s/161103032653_App_Scripts/MicrosoftAjax.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:1ec:a92::171 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),

Reverse DNS

Software

Resource Hash

a901ab0c626ea22c4a1c1cbc26359120cc713ab238d39d899d453b38dc00fa53

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

cookie: E=P:FOAhs1JD1og=:vpB65rT+N9J/I/L5beffpoK1KG05YHJnFsBzVx2vXEo=:F; xid=cd8d569c-6169-47ed-b805-883d5313264f&&RD00155D9966BC&357; xidseq=1; wla42=; DcLcid=ui=1033&data=1033; BIGipCookie=000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
accept-encoding: gzip, deflate
x-officeversion: 16.0.11030.32653
x-key: 4IDV1ceBAtLj255kPe82qUmnWx5rkarMvehLCdyyFxk=,636770419800271292
x-requested-with: XMLHttpRequest
x-xhr: 1
:path: /wv/ResReader.ashx?n=p_1_10.xml&v=00000000-0000-0000-0000-000000000802&usid=29b67006-2184-44e0-a63b-2be38f1de6ec&build=16.0.11030.32653&WOPIsrc=https%3A%2F%2Fwopi%2Eonedrive%2Ecom%2Fwopi%2Ffiles%2F3871B7BAD2D4FC0D%21131&access_token=4wX2xpz9Cf99IAnZjpXaDDvSYLT8eMRzRxI4MKqENKmMv3YOxnFg5i%5F7PH0AE4ZfWJHstFXRMr%2Duwyr2%5FPgsnHUZ6w%5FB6uPZZZ%5F1wBOEErdLYEULBixIBhsuQNel85D6cOqByWK1m1JAWO2gvkgwjicw&access_token_ttl=1543259579766&z=aMzg3MUI3QkFEMkQ0RkMwRCExMzEuNw&waccluster=NL2&PdfMode=1
pragma: no-cache
x-usersessionid: 29b67006-2184-44e0-a63b-2be38f1de6ec
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: word-view.officeapps.live.com
referer: https://word-view.officeapps.live.com/wv/wordviewerframe.aspx?embed=1&PdfMode=1&ui=en-US&rs=en-US&hid=MXS12+rww0aHCE8tdw/MYw.0&WOPISrc=https%3A%2F%2Fwopi.onedrive.com%2Fwopi%2Ffiles%2F3871B7BAD2D4FC0D%21131&sc=host%3D%26qt%3DFolders%26pt%3Dem
:scheme: https
x-usertype: WOPI
x-waccluster: NL2
:method: GET
X-UserSessionId: 29b67006-2184-44e0-a63b-2be38f1de6ec
X-OfficeVersion: 16.0.11030.32653
X-Key: 4IDV1ceBAtLj255kPe82qUmnWx5rkarMvehLCdyyFxk=,636770419800271292
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://word-view.officeapps.live.com/wv/wordviewerframe.aspx?embed=1&PdfMode=1&ui=en-US&rs=en-US&hid=MXS12+rww0aHCE8tdw/MYw.0&WOPISrc=https%3A%2F%2Fwopi.onedrive.com%2Fwopi%2Ffiles%2F3871B7BAD2D4FC0D%21131&sc=host%3D%26qt%3DFolders%26pt%3Dem
X-Requested-With: XMLHttpRequest
X-UserType: WOPI
X-xhr: 1
X-WacCluster: NL2

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
x-officecluster: NL2
x-officeversion: 16.0.11030.32653
x-officefe: 803741fa74ee
p3p: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
status: 200
content-disposition: attachment
content-length: 526
etag: "WOPIsrc=https%3A%2F%2Fwopi%2Eonedrive%2Ecom%2Fwopi%2Ffiles%2F3871B7BAD2D4FC0D%21131&access_token=4wX2xpz9Cf99IAnZjpXaDDvSYLT8eMRzRxI4MKqENKmMv3YOxnFg5i%5F7PH0AE4ZfWJHstFXRMr%2Duwyr2%5FPgsnHUZ6w%5FB6uPZZZ%5F1wBOEErdLYEULBixIBhsuQNel85D6cOqByWK1m1JAWO2gvkgwjicw&access_token_ttl=1543259579766&z=aMzg3MUI3QkFEMkQ0RkMwRCExMzEuNw00000000-0000-0000-0000-000000000802p_1_10.xml"
x-correlationid: 384db772-9e4d-44f5-b858-39156bfcb963
x-officefd: 76ed676f90f1
x-ccr: true
x-usersessionid: 29b67006-2184-44e0-a63b-2be38f1de6ec
date: Mon, 05 Nov 2018 19:13:00 GMT
x-download-options: noopen
vary: Accept-Encoding
content-type: text/xml; charset=utf-8
cache-control: private
set-cookie
x-msedge-ref: Ref A: A6723BBC38944A0CB856DCDADF45CA30 Ref B: VIEEDGE0709 Ref C: 2018-11-05T19:13:01Z
timing-allow-origin: *
expires: Tue, 05 Nov 2019 19:13:01 GMT

GET
H/1.1 200
OK wl.ms.js Show response
js.live.net/v5.0/ Frame EA4A 42 KB
16 KB 58ms
6ms Script
application/javascript 104.109.84.135
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://js.live.net/v5.0/wl.ms.js
Requested by: Host: c1-word-view-15.cdn.office.net
URL: https://c1-word-view-15.cdn.office.net/wv/s/161103032653_App_Scripts/WordViewer.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_CBC
Server: 104.109.84.135 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a104-109-84-135.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/10.0 /
Resource Hash: d4c9bd86a5465d8414b7a10438d28110836126b387990d492fe545a5e701904a

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://word-view.officeapps.live.com/
Origin: https://word-view.officeapps.live.com

Response headers

Date: Mon, 05 Nov 2018 19:13:01 GMT
X-MSNServer: RD0003FF1D9677
Last-Modified: Mon, 13 Aug 2018 18:19:14 GMT
Server: Microsoft-IIS/10.0
ETag: "03da5233233d41:0"
Vary: Accept-Encoding
Connection: keep-alive
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=58892
X-ODWebServer: westeurope0-ODWebp
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 16199

POST
H2 200 RemoteUls.ashx Show response
word-view.officeapps.live.com/wv/ Frame EA4A 0
292 B 41ms
40ms XHR
text/plain 2620:1ec:a92::171
Microsoft Corpora...

General

Check archive.org

Show headers Download Go to

Full URL

https://word-view.officeapps.live.com/wv/RemoteUls.ashx?build=16.0.11030.32653&waccluster=NL2

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:1ec:a92::171 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

:path: /wv/RemoteUls.ashx?build=16.0.11030.32653&waccluster=NL2
pragma: no-cache
cookie
origin: https://word-view.officeapps.live.com
accept-encoding: gzip, deflate
x-usersessionid: 29b67006-2184-44e0-a63b-2be38f1de6ec
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
x-browserulsbeacon: [{"Index":4,"MsSinceStart":1010,"Value":"RecordContentDisplayed","Type":"BootPhaseCompleted"}]
accept: */*
cache-control: no-cache
:authority: word-view.officeapps.live.com
referer: https://word-view.officeapps.live.com/wv/wordviewerframe.aspx?embed=1&PdfMode=1&ui=en-US&rs=en-US&hid=MXS12+rww0aHCE8tdw/MYw.0&WOPISrc=https%3A%2F%2Fwopi.onedrive.com%2Fwopi%2Ffiles%2F3871B7BAD2D4FC0D%21131&sc=host%3D%26qt%3DFolders%26pt%3Dem
:scheme: https
content-length: 0
:method: POST
Referer: https://word-view.officeapps.live.com/wv/wordviewerframe.aspx?embed=1&PdfMode=1&ui=en-US&rs=en-US&hid=MXS12+rww0aHCE8tdw/MYw.0&WOPISrc=https%3A%2F%2Fwopi.onedrive.com%2Fwopi%2Ffiles%2F3871B7BAD2D4FC0D%21131&sc=host%3D%26qt%3DFolders%26pt%3Dem
Origin: https://word-view.officeapps.live.com
X-UserSessionId: 29b67006-2184-44e0-a63b-2be38f1de6ec
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-BrowserUlsBeacon: [{"Index":4,"MsSinceStart":1010,"Value":"RecordContentDisplayed","Type":"BootPhaseCompleted"}]

Response headers

strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-officecluster: NL2
x-officeversion: 16.0.11030.32653
x-officefe: 108758907c88
p3p: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
status: 200
content-disposition: attachment
content-length: 0
x-correlationid: f2eda687-8be4-4c9b-94d5-32af1a933f6e
x-officefd: c9c26f94c5a8
x-ccr: true
x-usersessionid: 29b67006-2184-44e0-a63b-2be38f1de6ec
date: Mon, 05 Nov 2018 19:13:00 GMT
x-download-options: noopen
content-type: text/plain
access-control-allow-origin: https://word-view.officeapps.live.com
access-control-expose-headers: X-EndSession, X-CorrelationId, X-OfficeFE, X-NewKey
cache-control: private
set-cookie
x-msedge-ref: Ref A: E34B2BFA26024C9F99575C63E28708AA Ref B: VIEEDGE0709 Ref C: 2018-11-05T19:13:01Z
timing-allow-origin: *

POST
H2 200 RemoteUls.ashx Show response
word-view.officeapps.live.com/wv/ Frame EA4A 0
158 B 42ms
41ms XHR
text/plain 2620:1ec:a92::171
Microsoft Corpora...

General

Check archive.org

Show headers Download Go to

Full URL

https://word-view.officeapps.live.com/wv/RemoteUls.ashx?build=16.0.11030.32653&waccluster=NL2

Requested by

Host: c1-officeapps-15.cdn.office.net
URL: https://c1-officeapps-15.cdn.office.net/wv/s/161103032653_App_Scripts/MicrosoftAjax.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:1ec:a92::171 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

cookie
origin: https://word-view.officeapps.live.com
accept-encoding: gzip, deflate
x-officeversion: 16.0.11030.32653
x-key: 4IDV1ceBAtLj255kPe82qUmnWx5rkarMvehLCdyyFxk=,636770419800271292
x-accesstokenttl: 1543259579766
x-requested-with: XMLHttpRequest
content-length: 4911
:path: /wv/RemoteUls.ashx?build=16.0.11030.32653&waccluster=NL2
pragma: no-cache
x-accesstoken: 4wX2xpz9Cf99IAnZjpXaDDvSYLT8eMRzRxI4MKqENKmMv3YOxnFg5i_7PH0AE4ZfWJHstFXRMr-uwyr2_PgsnHUZ6w_B6uPZZZ_1wBOEErdLYEULBixIBhsuQNel85D6cOqByWK1m1JAWO2gvkgwjicw
x-usersessionid: 29b67006-2184-44e0-a63b-2be38f1de6ec
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
content-type: application/x-www-form-urlencoded; charset=UTF-8
accept: */*
cache-control: no-cache
:authority: word-view.officeapps.live.com
referer: https://word-view.officeapps.live.com/wv/wordviewerframe.aspx?embed=1&PdfMode=1&ui=en-US&rs=en-US&hid=MXS12+rww0aHCE8tdw/MYw.0&WOPISrc=https%3A%2F%2Fwopi.onedrive.com%2Fwopi%2Ffiles%2F3871B7BAD2D4FC0D%21131&sc=host%3D%26qt%3DFolders%26pt%3Dem
:scheme: https
x-usertype: WOPI
x-xhr: 1
x-waccluster: NL2
:method: POST
Origin: https://word-view.officeapps.live.com
X-AccessToken: 4wX2xpz9Cf99IAnZjpXaDDvSYLT8eMRzRxI4MKqENKmMv3YOxnFg5i_7PH0AE4ZfWJHstFXRMr-uwyr2_PgsnHUZ6w_B6uPZZZ_1wBOEErdLYEULBixIBhsuQNel85D6cOqByWK1m1JAWO2gvkgwjicw
X-UserSessionId: 29b67006-2184-44e0-a63b-2be38f1de6ec
X-OfficeVersion: 16.0.11030.32653
X-Key: 4IDV1ceBAtLj255kPe82qUmnWx5rkarMvehLCdyyFxk=,636770419800271292
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://word-view.officeapps.live.com/wv/wordviewerframe.aspx?embed=1&PdfMode=1&ui=en-US&rs=en-US&hid=MXS12+rww0aHCE8tdw/MYw.0&WOPISrc=https%3A%2F%2Fwopi.onedrive.com%2Fwopi%2Ffiles%2F3871B7BAD2D4FC0D%21131&sc=host%3D%26qt%3DFolders%26pt%3Dem
X-Requested-With: XMLHttpRequest
X-UserType: WOPI
X-xhr: 1
X-AccessTokenTtl: 1543259579766
X-WacCluster: NL2

Response headers

strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-officecluster: NL2
x-officeversion: 16.0.11030.32653
x-officefe: 0c7627997c26
p3p: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
status: 200
content-disposition: attachment
content-length: 0
x-correlationid: 341519b9-023c-442a-afa6-8ac824c8e284
x-officefd: c0ba7aa6c698
x-ccr: true
x-usersessionid: 29b67006-2184-44e0-a63b-2be38f1de6ec
date: Mon, 05 Nov 2018 19:13:00 GMT
x-download-options: noopen
content-type: text/plain
access-control-allow-origin: https://word-view.officeapps.live.com
access-control-expose-headers: X-EndSession, X-CorrelationId, X-OfficeFE, X-NewKey
cache-control: private
set-cookie
x-msedge-ref: Ref A: 2945BA9BB28F4D65ADE653E8EA77F211 Ref B: VIEEDGE0709 Ref C: 2018-11-05T19:13:01Z
timing-allow-origin: *

Verdicts & Comments Add Verdict or Comment

146 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.live.com/	1970-01-18 20:20:49	Name: wla42 Value:
.live.com/	1969-12-31 23:59:59	Name: xidseq Value: 1
.live.com/	1969-12-31 23:59:59	Name: xid Value: cd8d569c-6169-47ed-b805-883d5313264f&&RD00155D9966BC&357
.live.com/	1969-12-31 23:59:59	Name: E Value: P:FOAhs1JD1og=:vpB65rT+N9J/I/L5beffpoK1KG05YHJnFsBzVx2vXEo=:F

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

c.s-microsoft.com
c1-officeapps-15.cdn.office.net
c1-word-view-15.cdn.office.net
js.live.net
onedrive.live.com
spoprod-a.akamaihd.net
uhf.microsoft.com
word-view.officeapps.live.com
104.109.84.135
131.253.33.217
2.16.186.40
2620:1ec:a92::171
2a02:26f0:f1:28f::1c24
2a02:26f0:f1:296::356e
2a02:26f0:f1:298::2b57
2a02:26f0:f1:29f::1c24
02ac77e49184b66a97ebff3620306aafcc3fe12069fd34d3afac9da2681c0d02
0472d2a94ae07ca63c9b7b6b7ed95419bb2da6ad34d01075b43f0f9287b30984
06fe78141d1f3a435441a17ec8f9f46af7000af35aa0133c699c537d663607d0
07ec698b1036cdfbb8892f02d9510f5f671284fca9fa003b883996da040a444b
1394b1c43663fa167060186091800d4cae0696af7b64c14f2848b44124074c7e
16d08a5b8596420a9537aae4111835abbbd38512bd4aebd51b0915e478080c8f
223f620d31252cab8d99fba428b123b3ccc9fa705bfe3a43417e1d976c4a6221
35211f76c4c35c17f2649b96868c0d691f1d78b107f7635d22619948d0ee6880
36f5a64c706e1ae129419a67790b4a99a8f8f0ba20210a9920e7b474914442b6
390577d35c959ffe7dd2af4519c04410a04fdc4a433b151e27b049fc4a1ab3e9
3b2d75e97905c1d80049839f252c3e9828f375677860c538aa47ea51da3af539
3d785eb0a0168e5c79e66aa0085a932d5fe2ad04f3577547e2267fa589df677d
44e067736927c5791d657d6215a3e90fb4e2bd8cc9e2b642f3f8ffa955239109
455be57e5ca76be462428c7b127d03d0245952b7e00ca14e8bcb3bfe7584c758
458d704b9bfcd0c284aa3a76db26dfce870f7537f2913937aec2a6b9d0c969ca
4d54a5f9a58647882e3ecda9c1c0ef87af16911d42ad51b4e8b718f84443c553
5beb6b937f09a99d28e08863c0afa5f6011df0f017253a9789aefd2110f825fa
5c15c38a2b7554cab332dfb9e87398220fcb9a285e18905a20a50b439cba7ccb
668b05a31c3a0eeef02775404ede2782cda127f92569ae938f80601b44d011cb
705747018d8907af8ecdb97a445cb5e4d7827f44212730a1e7a26e926efb4706
7e3a4bd4ad002fdadef0d886c9d238ae093e371b61b8a40c64a37c2b8c9a8e56
83f8c8c200f72e996a99b719fa97f1e588904baa0602a9347bf6ea342b909ac7
910f1f3ce687cfde1a12415fe73a4465e7a2f851177c33ca8e9f3b5c5f93c41c
a3596c17dad9a003d0bfbe0b7ba6765f51391b5c3943660316f01c8e77b323db
a901ab0c626ea22c4a1c1cbc26359120cc713ab238d39d899d453b38dc00fa53
abc5ceb6474b2747197b9c9e7e15398b3d1f15c6c0ed9f4d424e463698a09b09
afbdc2a273404bb86568f631449b294923cdd3a81e662435bd88af85fcf28ef1
b7ab99f404e84cb71d274c9dca01c0b4a68b7adb20309c5f04387cb809cc0547
bd88d1e741693ab877b020059b46be7cf4ef62b46017b2489a8cd1bf9ce5b9fc
c0153afba2ee2258329d951763cc14531c98cdecfc22d55be2597cfad0cc6e54
c87516d7dd7077edd467f5b7b085b035cd4803ecf049670ab19de004e270aba8
d4c9bd86a5465d8414b7a10438d28110836126b387990d492fe545a5e701904a
d6c15974b6181a68e9b74e4f38fbac81d640569ef0fbbaa3381cc59683a9763f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

onedrive.live.com Open in urlscan Pro 131.253.33.217 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

37 Requests

100 %HTTPS

63 %IPv6

6 Domains

8 Subdomains

9 IPs

3 Countries

1114 kBTransfer

3331 kBSize

4 Cookies

0 Outgoing links

Redirected requests

37 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

onedrive.live.com Open in urlscan Pro
131.253.33.217 Public Scan

Screenshot
Live screenshot

Full Image

37
Requests

100 %
HTTPS

63 %
IPv6

6
Domains

8
Subdomains

9
IPs

3
Countries

1114 kB
Transfer

3331 kB
Size

4
Cookies

37 HTTP transactions
4 data transactions