urlscan.io logo urlscan.io
SecurityTrails logo

forms.office.com Open in urlscan Pro
52.109.76.79  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://bea-factory.com//modules/zcan.php?email=helen.wu@sgs.com
Effective URL: https://forms.office.com/Pages/ResponsePage.aspx?id=CEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWN...
Submission: On June 13 via manual from HK
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 5 countries across 6 domains to perform 18 HTTP transactions. The main IP is 52.109.76.79, located in Dublin, Ireland and belongs to MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US. The main domain is forms.office.com.
TLS certificate: Issued by Microsoft IT TLS CA 4 on February 26th 2019. Valid for: 2 years.
This is the only time forms.office.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 213.186.33.97 16276 (OVH)
10 52.109.76.79 8075 (MICROSOFT...)
1 152.199.19.160 15133 (EDGECAST)
2 51.141.13.164 8075 (MICROSOFT...)
1 2 52.142.114.2 8075 (MICROSOFT...)
1 1 2620:1ec:c11:... 8068 (MICROSOFT...)
1 52.109.88.14 8075 (MICROSOFT...)
1 104.103.74.164 16625 (AKAMAI-AS)
18 8
1    213.186.33.97 (France)

ASN16276 (OVH, FR)
PTR: full-cdn-01.cluster006.ovh.net
bea-factory.com
10    52.109.76.79 (Dublin, Ireland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
forms.office.com
1    152.199.19.160 (United States)

ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)
az725175.vo.msecnd.net
2    51.141.13.164 (Cardiff, United Kingdom)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
web.vortex.data.microsoft.com
2    52.142.114.2 (Dublin, Ireland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
c.office.com
1    2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
c.bing.com
1    52.109.88.14 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
lists.office.com
1    104.103.74.164 (Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-103-74-164.deploy.static.akamaitechnologies.com
static2.sharepointonline.com
Domain Requested by
10 forms.office.com forms.office.com
2 c.office.com 1 redirects forms.office.com
2 web.vortex.data.microsoft.com az725175.vo.msecnd.net
1 static2.sharepointonline.com forms.office.com
1 lists.office.com forms.office.com
1 c.bing.com 1 redirects
1 az725175.vo.msecnd.net forms.office.com
1 bea-factory.com
0 browser.pipe.aria.microsoft.com Failed forms.office.com
18 9

This site contains links to these domains. Also see Links.

Domain
go.microsoft.com
Subject Issuer Validity Valid
forms.office.com
Microsoft IT TLS CA 4		 2019-02-26 -
2021-02-26		 2 years crt.sh
*.vo.msecnd.net
Microsoft IT TLS CA 2		 2018-03-30 -
2020-03-30		 2 years crt.sh
*.vortex.data.microsoft.com
Microsoft IT TLS CA 5		 2018-01-30 -
2020-01-30		 2 years crt.sh
c.msn.com
Microsoft IT TLS CA 1		 2018-09-13 -
2020-09-13		 2 years crt.sh
lists.office.com
Microsoft IT TLS CA 4		 2017-12-18 -
2019-12-18		 2 years crt.sh
*.sharepointonline.com
Microsoft IT TLS CA 2		 2017-11-03 -
2019-11-03		 2 years crt.sh

This page contains 1 frames:

Primary Page: https://forms.office.com/Pages/ResponsePage.aspx?id=CEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWNzJZTDZPSS4u=helen.wu@sgs.com
Frame ID: 31163F1E11320829D09B050D7AADE6A9
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://bea-factory.com//modules/zcan.php?email=helen.wu@sgs.com Page URL
  2. https://forms.office.com/Pages/ResponsePage.aspx?id=CEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMT... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i
Overall confidence: 100%
Detected patterns
  • env /^React$/i
Overall confidence: 100%
Detected patterns
  • env /^jQuery$/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]+?href="[^"]+bootstrap(?:\.min)?\.css/i

Page Statistics

18
Requests

89 %
HTTPS

13 %
IPv6

6
Domains

9
Subdomains

8
IPs

5
Countries

682 kB
Transfer

2277 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://bea-factory.com//modules/zcan.php?email=helen.wu@sgs.com Page URL
  2. https://forms.office.com/Pages/ResponsePage.aspx?id=CEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWNzJZTDZPSS4u=helen.wu@sgs.com Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 10
  • https://c.office.com/c.gif HTTP 302
  • https://c.bing.com/c.gif?&CtsSyncId=14FE9A964C8E46A7BDAA45715906BCC7&RedC=c.office.com&MXFR=27D4C4AF515F6A1B1B3CC9D5555F6146 HTTP 302
  • https://c.office.com/c.gif?&CtsSyncId=14FE9A964C8E46A7BDAA45715906BCC7&MUID=27D4C4AF515F6A1B1B3CC9D5555F6146

18 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Cookie set zcan.php
bea-factory.com//modules/ 		190 B
613 B 		Document
General
Check archive.org
Download Go to
Full URL
http://bea-factory.com//modules/zcan.php?email=helen.wu@sgs.com
Protocol
HTTP/1.1
Server
213.186.33.97 , France, ASN16276 (OVH, FR),
Reverse DNS
full-cdn-01.cluster006.ovh.net
Software
/
Resource Hash
a35419b3a3256b60e9642a397d459c0dd42a8944d4e29bb12c671ff7a5f5858b

Request headers

Host
bea-factory.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 13 Jun 2019 13:32:23 GMT
Content-Type
text/html; charset=UTF-8
Content-Length
191
Set-Cookie
mediaplanBAK=R129293007; path=/; expires=Thu, 13-Jun-2019 14:39:25 GMT mediaplanD=R3151227007; path=/; max-age=900
Vary
Accept-Encoding
Content-Encoding
gzip
X-CDN-Pop
sbg
X-CDN-Pop-IP
137.74.120.32/27
X-Cacheable
Cacheable
Accept-Ranges
bytes
X-IPLB-Instance
4864
Primary Request Cookie set ResponsePage.aspx
forms.office.com/Pages/ 		11 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://forms.office.com/Pages/ResponsePage.aspx?id=CEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWNzJZTDZPSS4u=helen.wu@sgs.com
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
52.109.76.79 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
4b947b83dbeae7170327418a55326bb9afbd80b216e963b30b902b53c45de66d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Host
forms.office.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer
http://bea-factory.com//modules/zcan.php?email=helen.wu@sgs.com
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://bea-factory.com//modules/zcan.php?email=helen.wu@sgs.com

Response headers

Cache-Control
no-cache, no-store, must-revalidate
Pragma
no-cache
Content-Length
4879
Content-Type
text/html; charset=utf-8
Content-Encoding
gzip
Expires
0
Vary
Accept-Encoding
Server
Microsoft-IIS/8.5
X-RoutingOfficeCluster
neu-001.forms.office.com
X-RoutingOfficeFE
FormsSingleBox_IN_2
X-RoutingOfficeVersion
16.0.11723.36680
X-RoutingSessionId
774e1887-2267-4b68-a28c-150156b05658
X-RoutingCorrelationId
8354a3dd-6ccb-4882-a509-4f516ff0792e
P3P
CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
Set-Cookie
DcLcid=ui=1033&data=1033; expires=Fri, 13-Sep-2019 13:32:23 GMT; path=/; secure; HttpOnly __RequestVerificationToken=ENzj_OxmC6qxR7Zsm1N5fA9wP48vGOmzyVKfngo_5Aq6vw1GPaXwVYjRwz5BQLXwr_banYzufnY_w1VVKQ3LP7m4_ho1; path=/; secure; HttpOnly AADNonce.forms=06044730-2be5-440e-b97f-6abf4e1b0ee1.636960295433752892; domain=forms.office.com; path=/; secure; HttpOnly
X-CorrelationId
8354a3dd-6ccb-4882-a509-4f516ff0792e
X-UserSessionId
774e1887-2267-4b68-a28c-150156b05658
X-OfficeFE
FormsSingleBox_IN_2
X-OfficeVersion
16.0.11723.36680
X-OfficeCluster
neu-001.forms.office.com
X-FailureReason
MissingCookieOrToken
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000
Date
Thu, 13 Jun 2019 13:32:22 GMT
bootstrap.min.css
forms.office.com/css/vendors/bootstrap/3.3.5/ 		120 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://forms.office.com/css/vendors/bootstrap/3.3.5/bootstrap.min.css
Requested by
Host: forms.office.com
URL: https://forms.office.com/Pages/ResponsePage.aspx?id=CEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWNzJZTDZPSS4u=helen.wu@sgs.com
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
52.109.76.79 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
7ced8587d3adc7516df82cbaf8f8330937968f87d1fb227b1bd06b62040d33d9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://forms.office.com/Pages/ResponsePage.aspx?id=CEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWNzJZTDZPSS4u=helen.wu@sgs.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Powered-By
ASP.NET
Date
Thu, 13 Jun 2019 13:32:23 GMT
Content-Length
19742
X-RoutingOfficeFE
FormsSingleBox_IN_2
X-RoutingOfficeVersion
16.0.11723.36680
Last-Modified
Thu, 23 May 2019 05:18:26 GMT
Server
Microsoft-IIS/8.5
ETag
"0fdf6f22611d51:0"
Vary
Accept-Encoding
Content-Type
text/css
X-RoutingCorrelationId
9302345c-bce6-456d-a735-5a596d1c0e42
Cache-Control
max-age=63072000
X-RoutingSessionId
78735ed6-17d9-458d-b509-7465ac5f19f1
Accept-Ranges
bytes
X-RoutingOfficeCluster
neu-001.forms.office.com
response-page.min.css
forms.office.com/css/dist/ 		364 KB
44 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://forms.office.com/css/dist/response-page.min.css?v=b67cabd925
Requested by
Host: forms.office.com
URL: https://forms.office.com/Pages/ResponsePage.aspx?id=CEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWNzJZTDZPSS4u=helen.wu@sgs.com
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
52.109.76.79 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
6351e23fdddd9b4fbcec67e151730195813791320667b1d375112a03fb3527cc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://forms.office.com/Pages/ResponsePage.aspx?id=CEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWNzJZTDZPSS4u=helen.wu@sgs.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Powered-By
ASP.NET
Date
Thu, 13 Jun 2019 13:32:23 GMT
Content-Length
44442
X-RoutingOfficeFE
FormsSingleBox_IN_2
X-RoutingOfficeVersion
16.0.11723.36680
Last-Modified
Thu, 23 May 2019 05:18:26 GMT
Server
Microsoft-IIS/8.5
ETag
"0fdf6f22611d51:0"
Vary
Accept-Encoding
Content-Type
text/css
X-RoutingCorrelationId
e4c7ba82-cfdf-4bb3-b020-d4e841f0081f
Cache-Control
max-age=63072000
X-RoutingSessionId
4e00ce26-9cfc-425b-8ece-60aee9cf2f71
Accept-Ranges
bytes
X-RoutingOfficeCluster
neu-001.forms.office.com
basics_8f1b3df.js
forms.office.com/Scripts/Vendors/combined/ 		351 KB
113 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://forms.office.com/Scripts/Vendors/combined/basics_8f1b3df.js
Requested by
Host: forms.office.com
URL: https://forms.office.com/Pages/ResponsePage.aspx?id=CEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWNzJZTDZPSS4u=helen.wu@sgs.com
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
52.109.76.79 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
596dcea5238fc58bdb77a261bd0e0f88dfa18133f14bf3aaef9b1171391070c1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://forms.office.com/Pages/ResponsePage.aspx?id=CEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWNzJZTDZPSS4u=helen.wu@sgs.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Powered-By
ASP.NET
Date
Thu, 13 Jun 2019 13:32:23 GMT
Content-Length
114631
X-RoutingOfficeFE
FormsSingleBox_IN_2
X-RoutingOfficeVersion
16.0.11723.36680
Last-Modified
Thu, 23 May 2019 05:18:26 GMT
Server
Microsoft-IIS/8.5
ETag
"0fdf6f22611d51:0"
Vary
Accept-Encoding
Content-Type
application/javascript
X-RoutingCorrelationId
1dd78080-d3a1-418f-89a3-abb761eb73c4
Cache-Control
max-age=63072000
X-RoutingSessionId
7e173619-79dd-4b86-b89e-cb4e4c3455be
Accept-Ranges
bytes
X-RoutingOfficeCluster
neu-001.forms.office.com
jsll-4.js
az725175.vo.msecnd.net/scripts/ 		54 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://az725175.vo.msecnd.net/scripts/jsll-4.js
Requested by
Host: forms.office.com
URL: https://forms.office.com/Pages/ResponsePage.aspx?id=CEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWNzJZTDZPSS4u=helen.wu@sgs.com
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.19.160 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECAcc (frc/8F78) /
Resource Hash
e6bbfa4af18fb4f0e9c8a31d6654eac92d0f82dc895c6e5f49b54a8de51e5923

Request headers

Referer
https://forms.office.com/Pages/ResponsePage.aspx?id=CEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWNzJZTDZPSS4u=helen.wu@sgs.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 13 Jun 2019 13:32:23 GMT
content-encoding
gzip
content-md5
Dy7dMa7nsOSUbofNz/X23A==
x-cache
HIT
status
200
content-length
18058
x-ms-lease-status
unlocked
last-modified
Thu, 14 Mar 2019 00:43:49 GMT
server
ECAcc (frc/8F78)
etag
0x8D6A8161FD3B925
vary
Accept-Encoding
content-type
text/javascript; charset="utf-8"
x-ms-request-id
bd041817-001e-0061-52eb-218bf4000000
cache-control
public, max-age=1800, immutable
x-ms-version
2009-09-19
response-page.min.js
forms.office.com/Scripts/dists/ 		911 KB
197 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://forms.office.com/Scripts/dists/response-page.min.js?v=b67cabd925
Requested by
Host: forms.office.com
URL: https://forms.office.com/Pages/ResponsePage.aspx?id=CEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWNzJZTDZPSS4u=helen.wu@sgs.com
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
52.109.76.79 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
9f61ec09347eb1f51ea619504740f084175e04fc64b0a3b719a2968299906edc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://forms.office.com/Pages/ResponsePage.aspx?id=CEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWNzJZTDZPSS4u=helen.wu@sgs.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Powered-By
ASP.NET
Date
Thu, 13 Jun 2019 13:32:23 GMT
Content-Length
201222
X-RoutingOfficeFE
FormsSingleBox_IN_2
X-RoutingOfficeVersion
16.0.11723.36680
Last-Modified
Thu, 23 May 2019 05:18:26 GMT
Server
Microsoft-IIS/8.5
ETag
"0fdf6f22611d51:0"
Vary
Accept-Encoding
Content-Type
application/javascript
X-RoutingCorrelationId
9c61d870-3979-4b00-86cf-1a73d67d398e
Cache-Control
max-age=63072000
X-RoutingSessionId
7d95ab46-ff0d-4b5c-af9d-8e40a266eb70
Accept-Ranges
bytes
X-RoutingOfficeCluster
neu-001.forms.office.com
t.js
web.vortex.data.microsoft.com/collect/v1/ 		260 B
715 B 		Script
General
Check archive.org
Download Go to
Full URL
https://web.vortex.data.microsoft.com/collect/v1/t.js?ver=%272.1%27&name=%27Ms.Webi.PageView%27&time=%272019-06-13T13%3A32%3A24.204Z%27&os=%27MacOS%27&appId=%27JS%3Aforms.office.com%27&-ver=%271.0%27&-impressionGuid=%27b8a70a92-dde0-4c48-98db-88468412fb93%27&-pageName=%27ResponsePage.aspx%27&-uri=%27https%3A%2F%2Fforms.office.com%2FPages%2FResponsePage.aspx%3Fid%3DCEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWNzJZTDZPSS4u%3Dhelen.wu%40sgs.com%27&-referrerUri=%27http%3A%2F%2Fbea-factory.com%2F%2Fmodules%2Fzcan.php%3Femail%3Dhelen.wu%40sgs.com%27&-resHeight=1200&-resWidth=1600&-pageTags=%27%7B%22metaTags%22%3A%7B%7D%7D%27&-behavior=0&*baseType=%27Ms.Content.PageView%27&*cookieEnabled=true&*isJs=true&*title=%27Microsoft%20Forms%27&*isLoggedIn=false&*flashInstalled=false&ext-javascript-ver=%271.1%27&ext-javascript-libVer=%274.2.14%27&ext-javascript-domain=%27forms.office.com%27&ext-javascript-userConsent=false&$mscomCookies=false
Requested by
Host: az725175.vo.msecnd.net
URL: https://az725175.vo.msecnd.net/scripts/jsll-4.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
51.141.13.164 Cardiff, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
/
Resource Hash
4bc09cde0cc0e719c9c0b78471aba90d334bb75fadc00379f6ca95fb4a83cd0c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://forms.office.com/Pages/ResponsePage.aspx?id=CEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWNzJZTDZPSS4u=helen.wu@sgs.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 13 Jun 2019 13:32:23 GMT
x-content-type-options
nosniff
p3p
CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
status
200
cache-control
no-cache, no-store
ms-cv
f8AEBPw1006pWLKnXCFGKw.0
content-type
application/javascript
content-length
260
expires
0
runtimeForms('CEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWNzJZTDZPSS4u')
forms.office.com/formapi/api/d2ca4308-0e66-4319-b1fb-5129c297ad64/users/fe7d129b-6c83-4748-8994-73e4eaed990c/light/ 		4 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://forms.office.com/formapi/api/d2ca4308-0e66-4319-b1fb-5129c297ad64/users/fe7d129b-6c83-4748-8994-73e4eaed990c/light/runtimeForms('CEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWNzJZTDZPSS4u')?$select=id,title,modifiedDate,description,settings,background,otherInfo,questions,descriptiveQuestions,logo,category,predefinedResponses,thankYouMessage,emailReceiptEnabled,DataClassificationLabel,type,defaultLanguage,localeList,onlineSafetyLevel&$expand=questions($expand=choices)
Requested by
Host: forms.office.com
URL: https://forms.office.com/Scripts/Vendors/combined/basics_8f1b3df.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
52.109.76.79 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
177642b2dbe4e42aaec41937625066c2fe397ff24302f681939bcff57d614cd5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

x-ms-form-request-source
ms-formweb
X-CorrelationId
a6980862-3519-4374-9fd5-396655483870
x-ms-form-request-ring
business
Authorization
Accept
application/json
Referer
https://forms.office.com/Pages/ResponsePage.aspx?id=CEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWNzJZTDZPSS4u=helen.wu@sgs.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
__RequestVerificationToken
3T3vfH1src7cHeZyZ8-qIFyECl-izAjI__TFHV37NzllBh4deIx6EsezT1eR4c-m5ZW5axPsd8pozbDzDaUdQgwHPjk1
OData-MaxVersion
4.0

Response headers

Strict-Transport-Security
max-age=31536000
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-OfficeVersion
16.0.11723.36680
X-OfficeFE
FormsSingleBox_IN_2
P3P
CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
Server
Microsoft-IIS/8.5
Content-Length
1292
X-RoutingOfficeFE
FormsSingleBox_IN_2
Pragma
no-cache
X-RoutingOfficeVersion
16.0.11723.36680
X-CorrelationId
a6980862-3519-4374-9fd5-396655483870
X-OfficeCluster
neu-001.forms.office.com
X-UserSessionId
79d46198-6fe7-444f-b274-83b12c419f08
X-Powered-By
ASP.NET
Date
Thu, 13 Jun 2019 13:32:24 GMT
Vary
Accept-Encoding
Content-Type
application/json; charset=utf-8
X-RoutingCorrelationId
a6980862-3519-4374-9fd5-396655483870
Cache-Control
no-cache
X-FailureReason
MissingCookieOrToken
X-RoutingSessionId
79d46198-6fe7-444f-b274-83b12c419f08
X-RoutingOfficeCluster
neu-001.forms.office.com
Expires
-1
GetResourceStrings
forms.office.com/Pages/ResponsePage.aspx/ 		166 KB
47 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://forms.office.com/Pages/ResponsePage.aspx/GetResourceStrings
Requested by
Host: forms.office.com
URL: https://forms.office.com/Scripts/Vendors/combined/basics_8f1b3df.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
52.109.76.79 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
b07b1de3ec85115585bdef67c5026532cc97450ce843c68cd45519928ca7d8e8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://forms.office.com/Pages/ResponsePage.aspx?id=CEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWNzJZTDZPSS4u=helen.wu@sgs.com
Origin
https://forms.office.com
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
application/json; charset=UTF-8

Response headers

Strict-Transport-Security
max-age=31536000
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-OfficeVersion
16.0.11723.36680
X-OfficeFE
FormsSingleBox_IN_1
P3P
CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
Server
Microsoft-IIS/8.5
Content-Length
46667
X-RoutingOfficeFE
FormsSingleBox_IN_1
X-RoutingOfficeVersion
16.0.11723.36680
X-CorrelationId
f1a589e2-dbb6-46eb-bd05-59e3d772a61f
X-OfficeCluster
neu-001.forms.office.com
X-UserSessionId
5c4831c5-8374-4874-a2c3-22fc9fe0ff4a
X-Powered-By
ASP.NET
Date
Thu, 13 Jun 2019 13:32:24 GMT
Vary
Accept-Encoding
Content-Type
application/json; charset=utf-8
X-RoutingCorrelationId
f1a589e2-dbb6-46eb-bd05-59e3d772a61f
Cache-Control
private, max-age=0
X-FailureReason
MissingCookieOrToken
X-RoutingSessionId
5c4831c5-8374-4874-a2c3-22fc9fe0ff4a
X-RoutingOfficeCluster
neu-001.forms.office.com
response_2e6ed61.js
forms.office.com/Scripts/Vendors/combined/ 		92 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://forms.office.com/Scripts/Vendors/combined/response_2e6ed61.js
Requested by
Host: forms.office.com
URL: https://forms.office.com/Scripts/dists/response-page.min.js?v=b67cabd925
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
52.109.76.79 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
d899f022aedbd23a58d9a9daaf3d1d6882f29a116ec64159c3bdcb86c011c55b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://forms.office.com/Pages/ResponsePage.aspx?id=CEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWNzJZTDZPSS4u=helen.wu@sgs.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Powered-By
ASP.NET
Date
Thu, 13 Jun 2019 13:32:24 GMT
Content-Length
28020
X-RoutingOfficeFE
FormsSingleBox_IN_1
X-RoutingOfficeVersion
16.0.11723.36680
Last-Modified
Thu, 23 May 2019 05:18:26 GMT
Server
Microsoft-IIS/8.5
ETag
"0fdf6f22611d51:0"
Vary
Accept-Encoding
Content-Type
application/javascript
X-RoutingCorrelationId
f8d68104-e95c-4b90-b366-5f54cef99c7a
Cache-Control
max-age=63072000
X-RoutingSessionId
0570f775-95c2-4f9e-886d-166f8cf4ec53
Accept-Ranges
bytes
X-RoutingOfficeCluster
neu-001.forms.office.com
c.gif
c.office.com/
Redirect Chain
  • https://c.office.com/c.gif
  • https://c.bing.com/c.gif?&CtsSyncId=14FE9A964C8E46A7BDAA45715906BCC7&RedC=c.office.com&MXFR=27D4C4AF515F6A1B1B3CC9D5555F6146
  • https://c.office.com/c.gif?&CtsSyncId=14FE9A964C8E46A7BDAA45715906BCC7&MUID=27D4C4AF515F6A1B1B3CC9D5555F6146
42 B
225 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.office.com/c.gif?&CtsSyncId=14FE9A964C8E46A7BDAA45715906BCC7&MUID=27D4C4AF515F6A1B1B3CC9D5555F6146
Requested by
Host: forms.office.com
URL: https://forms.office.com/Pages/ResponsePage.aspx?id=CEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWNzJZTDZPSS4u=helen.wu@sgs.com
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.142.114.2 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Referer
https://forms.office.com/Pages/ResponsePage.aspx?id=CEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWNzJZTDZPSS4u=helen.wu@sgs.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 13 Jun 2019 13:32:31 GMT
last-modified
Fri, 29 Mar 2019 20:38:48 GMT
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
etag
"e71593696fe6d41:0"
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
status
200
cache-control
private, no-cache, proxy-revalidate, no-store
accept-ranges
bytes
content-type
image/gif
content-length
42

Redirect headers

pragma
no-cache
date
Thu, 13 Jun 2019 13:32:31 GMT
x-msedge-ref
Ref A: A1197114CEDE40A2968AEFA0DCE686C4 Ref B: VIEEDGE0421 Ref C: 2019-06-13T13:32:32Z
x-powered-by
ASP.NET
location
https://c.office.com/c.gif?&CtsSyncId=14FE9A964C8E46A7BDAA45715906BCC7&MUID=27D4C4AF515F6A1B1B3CC9D5555F6146
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
status
302
cache-control
private, no-cache, proxy-revalidate, no-store
content-length
0
privacy
forms.office.com/formapi/api/ 		65 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://forms.office.com/formapi/api/privacy?ownerTenantId=d2ca4308-0e66-4319-b1fb-5129c297ad64
Requested by
Host: forms.office.com
URL: https://forms.office.com/Scripts/Vendors/combined/basics_8f1b3df.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
52.109.76.79 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
32d23f94f3d92cb1820c08bfcbda62c0991723146dd154d08620f1071f60235d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

x-ms-form-request-source
ms-formweb
X-CorrelationId
739adb86-81fb-4349-b207-eba1c2bd1ffa
x-ms-form-request-ring
business
Authorization
Accept
application/json
Referer
https://forms.office.com/Pages/ResponsePage.aspx?id=CEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWNzJZTDZPSS4u=helen.wu@sgs.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
__RequestVerificationToken
3T3vfH1src7cHeZyZ8-qIFyECl-izAjI__TFHV37NzllBh4deIx6EsezT1eR4c-m5ZW5axPsd8pozbDzDaUdQgwHPjk1
OData-MaxVersion
4.0

Response headers

Strict-Transport-Security
max-age=31536000
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-OfficeVersion
16.0.11723.36680
X-OfficeFE
FormsSingleBox_IN_2
P3P
CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
Server
Microsoft-IIS/8.5
Content-Length
90
X-RoutingOfficeFE
FormsSingleBox_IN_2
Pragma
no-cache
X-RoutingOfficeVersion
16.0.11723.36680
X-CorrelationId
739adb86-81fb-4349-b207-eba1c2bd1ffa
X-OfficeCluster
neu-001.forms.office.com
X-UserSessionId
6c013200-69a2-4042-8206-9542ae82ab1f
X-Powered-By
ASP.NET
Date
Thu, 13 Jun 2019 13:32:24 GMT
Vary
Accept-Encoding
Content-Type
application/json; charset=utf-8
X-RoutingCorrelationId
739adb86-81fb-4349-b207-eba1c2bd1ffa
Cache-Control
no-cache
X-FailureReason
MissingCookieOrToken
X-RoutingSessionId
6c013200-69a2-4042-8206-9542ae82ab1f
X-RoutingOfficeCluster
neu-001.forms.office.com
Expires
-1
0f899226-fe2b-4b42-85c6-b54c389a3b54
lists.office.com/Images/d2ca4308-0e66-4319-b1fb-5129c297ad64/fe7d129b-6c83-4748-8994-73e4eaed990c/TCVLMR3XAU3PQM7KH1V72YL6OI/ 		31 KB
31 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lists.office.com/Images/d2ca4308-0e66-4319-b1fb-5129c297ad64/fe7d129b-6c83-4748-8994-73e4eaed990c/TCVLMR3XAU3PQM7KH1V72YL6OI/0f899226-fe2b-4b42-85c6-b54c389a3b54
Requested by
Host: forms.office.com
URL: https://forms.office.com/Pages/ResponsePage.aspx?id=CEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWNzJZTDZPSS4u=helen.wu@sgs.com
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.109.88.14 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
/ ASP.NET
Resource Hash
56e059f70bc7fb4e13964ccbf546a940809c3218cdb0f0c5e15efc8481915528

Request headers

Referer
https://forms.office.com/Pages/ResponsePage.aspx?id=CEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWNzJZTDZPSS4u=helen.wu@sgs.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 13 Jun 2019 13:32:24 GMT
x-routingofficeversion
16.0.11721.36251
x-aspnet-version
4.0.30319
x-hivering
3
x-powered-by
ASP.NET
content-type
image/png
status
200
cache-control
no-cache
x-routingsessionid
9fd37892-cb04-45c5-9685-1ade8784ef26
x-routingcorrelationid
9051bae9-3360-433a-a3a9-a76757405088
content-length
31574
x-routingofficecluster
weu-001.lists.office.com
x-routingofficefe
CollabDBReverseProxyWithMappingService_IN_2
expires
-1
meeting.png
forms.office.com/Images/Theme/ 		57 KB
57 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://forms.office.com/Images/Theme/meeting.png
Requested by
Host: forms.office.com
URL: https://forms.office.com/Pages/ResponsePage.aspx?id=CEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWNzJZTDZPSS4u=helen.wu@sgs.com
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
52.109.76.79 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
fb2d8eb6cd4e3740f7945d2c5119cf3535f36d80414649d3e970cbaeb7046b7d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://forms.office.com/Pages/ResponsePage.aspx?id=CEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWNzJZTDZPSS4u=helen.wu@sgs.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
X-Powered-By
ASP.NET
Date
Thu, 13 Jun 2019 13:32:24 GMT
Content-Length
58177
X-RoutingOfficeFE
FormsSingleBox_IN_1
X-RoutingOfficeVersion
16.0.11723.36680
Last-Modified
Thu, 23 May 2019 05:18:26 GMT
Server
Microsoft-IIS/8.5
ETag
"0fdf6f22611d51:0"
Content-Type
image/png
X-RoutingCorrelationId
04c5d479-966e-4c8d-8c06-18c64ac97d61
Cache-Control
max-age=63072000
X-RoutingSessionId
02994667-e47b-4464-9c5e-e8dbe2d821f1
Accept-Ranges
bytes
X-RoutingOfficeCluster
neu-001.forms.office.com
fabricmdl2icons-2.68.woff2
static2.sharepointonline.com/files/fabric/assets/icons/ 		115 KB
116 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://static2.sharepointonline.com/files/fabric/assets/icons/fabricmdl2icons-2.68.woff2
Requested by
Host: forms.office.com
URL: https://forms.office.com/Pages/ResponsePage.aspx?id=CEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWNzJZTDZPSS4u=helen.wu@sgs.com
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.103.74.164 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-103-74-164.deploy.static.akamaitechnologies.com
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
81bd9c6953694abf461e6f47173b09535424d58f3764515d2d1a9f409594559a

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://forms.office.com/css/dist/response-page.min.css?v=b67cabd925
Origin
https://forms.office.com

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
date
Thu, 13 Jun 2019 13:32:25 GMT
last-modified
Fri, 11 May 2018 22:37:13 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
content-md5
DKIKl/aIxVCwcxzAlDbLZA==
access-control-allow-origin
*
etag
0x8D5B78FBE13CF53
content-type
font/woff2
status
200
x-ms-request-id
e34ac81e-301e-00df-5f15-024c86000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type
cache-control
public, max-age=27815625
x-ms-version
2009-09-19
content-length
118232
/
browser.pipe.aria.microsoft.com/Collector/3.0/ 		0
0
t.js
web.vortex.data.microsoft.com/collect/v1/ 		260 B
535 B 		Script
General
Check archive.org
Download Go to
Full URL
https://web.vortex.data.microsoft.com/collect/v1/t.js?ver=%272.1%27&name=%27Ms.Webi.ContentUpdate%27&time=%272019-06-13T13%3A32%3A32.226Z%27&os=%27MacOS%27&appId=%27JS%3Aforms.office.com%27&-ver=%271.0%27&-impressionGuid=%27b8a70a92-dde0-4c48-98db-88468412fb93%27&-pageName=%27ResponsePage.aspx%27&-uri=%27https%3A%2F%2Fforms.office.com%2FPages%2FResponsePage.aspx%3Fid%3DCEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWNzJZTDZPSS4u%3Dhelen.wu%40sgs.com%27&-pageTags=%27%7B%22metaTags%22%3A%7B%7D%2C%22timing%22%3A%22%7B%5C%22first-paint%5C%22%3A1062.729999423027%2C%5C%22first-contentful-paint%5C%22%3A1062.7350062131882%2C%5C%22navigationStart%5C%22%3A1560432743135%2C%5C%22unloadEventStart%5C%22%3A0%2C%5C%22unloadEventEnd%5C%22%3A0%2C%5C%22redirectStart%5C%22%3A0%2C%5C%22redirectEnd%5C%22%3A0%2C%5C%22fetchStart%5C%22%3A1560432743137%2C%5C%22domainLookupStart%5C%22%3A1560432743139%2C%5C%22domainLookupEnd%5C%22%3A1560432743157%2C%5C%22connectStart%5C%22%3A1560432743157%2C%5C%22connectEnd%5C%22%3A1560432743291%2C%5C%22secureConnectionStart%5C%22%3A1560432743188%2C%5C%22requestStart%5C%22%3A1560432743292%2C%5C%22responseStart%5C%22%3A1560432743390%2C%5C%22responseEnd%5C%22%3A1560432743391%2C%5C%22domLoading%5C%22%3A1560432743838%2C%5C%22domInteractive%5C%22%3A1560432744396%2C%5C%22domContentLoadedEventStart%5C%22%3A1560432744396%2C%5C%22domContentLoadedEventEnd%5C%22%3A1560432744411%2C%5C%22domComplete%5C%22%3A1560432752202%2C%5C%22loadEventStart%5C%22%3A1560432752202%2C%5C%22loadEventEnd%5C%22%3A1560432752204%7D%22%7D%27&-pageHeight=1200&-vpHeight=1200&-vpWidth=1600&-behavior=0&-vScrollOffset=0&-hScrollOffset=0&-contentVer=%272.0%27&-content=%27%5B%5D%27&*baseType=%27Ms.Content.ContentUpdate%27&*title=%27Account%20Verification%27&*cookieEnabled=true&*isJs=true&*isDomComplete=true&*isLoggedIn=false&*pageLoadTime=9067&ext-javascript-ver=%271.1%27&ext-javascript-libVer=%274.2.14%27&ext-javascript-domain=%27forms.office.com%27&ext-javascript-userConsent=false&ext-user-localId=%27t%3A27D4C4AF515F6A1B1B3CC9D5555F6146%27&$mscomCookies=false
Requested by
Host: az725175.vo.msecnd.net
URL: https://az725175.vo.msecnd.net/scripts/jsll-4.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
51.141.13.164 Cardiff, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
/
Resource Hash
7a9a34cec8e42003e787c2bde3099b05cfa52ccd0b0b964a361d165ca80f8e24
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://forms.office.com/Pages/ResponsePage.aspx?id=CEPK0mYOGUOx-1EpwpetZJsSff6DbEhHiZRz5OrtmQxUQ1ZMTVIzWEFVM1BRTTdLSDFWNzJZTDZPSS4u=helen.wu@sgs.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 13 Jun 2019 13:32:32 GMT
x-content-type-options
nosniff
p3p
CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
status
200
cache-control
no-cache, no-store
ms-cv
dswkegvHEEi02o2j9bahLw.0
content-type
application/javascript
content-length
260
expires
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
browser.pipe.aria.microsoft.com
URL
https://browser.pipe.aria.microsoft.com/Collector/3.0/?qsp=true&content-type=application%2Fbond-compact-binary&client-id=NO_AUTH&sdk-version=AWT-Web-JS-1.6.0&x-apikey=2ddc7e5f54754fc68f3ae1c5b7f3eb20-1883aa8c-4c7b-42d1-b3d6-c9cdb5956783-7092&client-time-epoch-millis=1560432746417&time-delta-to-apply-millis=use-collector-delta

Verdicts & Comments Add Verdict or Comment

70 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask object| OfficeFormServerInfo number| FormsPageStartTime function| init object| datas object| modules function| require object| Logging function| AuthenticationContext object| AWTPropertyType object| AWTPiiKind object| AWTEventPriority object| AWTEventsDroppedReason object| AWTEventsRejectedReason object| AWTCustomerContentKind object| AWTUserIdType object| AWTSessionState string| AWT_BEST_EFFORT string| AWT_NEAR_REAL_TIME string| AWT_REAL_TIME function| AWTEventProperties function| AWTLogger function| AWTLogManager function| AWTTransmissionManager function| AWTSerializer function| AWTSemanticContext string| AWT_COLLECTOR_URL_UNITED_STATES string| AWT_COLLECTOR_URL_GERMANY string| AWT_COLLECTOR_URL_JAPAN string| AWT_COLLECTOR_URL_AUSTRALIA string| AWT_COLLECTOR_URL_EUROPE string| AWT_COLLECTOR_URL_USGOV_DOD string| AWT_COLLECTOR_URL_USGOV_DOJ function| $ function| jQuery object| odatajs function| DomStore function| IndexedDBStore function| MemoryStore function| _ object| React object| ReactDOM object| awa string| behaviorKey function| escapeRegExp function| formatNumber function| extractDigits function| removeQuatos function| parseStringToDateLabels function| getTime function| makeDOMException function| getbyte64 function| decode function| getbyte function| encode function| __extends function| __assign object| NerveImplementation object| Nerve object| OfficeForm object| stringDelimiter object| dateLabelsRegExp undefined| PADCHAR_1 undefined| ALPHA_1 object| Forms object| linkify function| linkifyElement function| Picker

1 Cookies

Domain/Path Name / Value
.office.com/ Name: MUID
Value: 27D4C4AF515F6A1B1B3CC9D5555F6146

16 Console Messages

Source Level URL
Text
console-api log URL: https://forms.office.com/Scripts/Vendors/combined/basics_8f1b3df.js(Line 64)
Message:
deferred
console-api log URL: https://forms.office.com/Scripts/Vendors/combined/basics_8f1b3df.js(Line 64)
Message:
utils
console-api log URL: https://forms.office.com/Scripts/Vendors/combined/basics_8f1b3df.js(Line 64)
Message:
xml
console-api log URL: https://forms.office.com/Scripts/Vendors/combined/basics_8f1b3df.js(Line 64)
Message:
odata
console-api log URL: https://forms.office.com/Scripts/Vendors/combined/basics_8f1b3df.js(Line 64)
Message:
odatautils
console-api log URL: https://forms.office.com/Scripts/Vendors/combined/basics_8f1b3df.js(Line 64)
Message:
handler
console-api log URL: https://forms.office.com/Scripts/Vendors/combined/basics_8f1b3df.js(Line 64)
Message:
metadata
console-api log URL: https://forms.office.com/Scripts/Vendors/combined/basics_8f1b3df.js(Line 64)
Message:
net
console-api log URL: https://forms.office.com/Scripts/Vendors/combined/basics_8f1b3df.js(Line 64)
Message:
json
console-api log URL: https://forms.office.com/Scripts/Vendors/combined/basics_8f1b3df.js(Line 64)
Message:
batch
console-api log URL: https://forms.office.com/Scripts/Vendors/combined/basics_8f1b3df.js(Line 64)
Message:
store
console-api log URL: https://forms.office.com/Scripts/Vendors/combined/basics_8f1b3df.js(Line 64)
Message:
dom
console-api log URL: https://forms.office.com/Scripts/Vendors/combined/basics_8f1b3df.js(Line 64)
Message:
indexeddb
console-api log URL: https://forms.office.com/Scripts/Vendors/combined/basics_8f1b3df.js(Line 64)
Message:
memory
console-api log URL: https://forms.office.com/Scripts/Vendors/combined/basics_8f1b3df.js(Line 64)
Message:
cache
console-api log URL: https://forms.office.com/Scripts/Vendors/combined/basics_8f1b3df.js(Line 64)
Message:
source

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

az725175.vo.msecnd.net
bea-factory.com
browser.pipe.aria.microsoft.com
c.bing.com
c.office.com
forms.office.com
lists.office.com
static2.sharepointonline.com
web.vortex.data.microsoft.com
browser.pipe.aria.microsoft.com
104.103.74.164
152.199.19.160
213.186.33.97
2620:1ec:c11::200
51.141.13.164
52.109.76.79
52.109.88.14
52.142.114.2
177642b2dbe4e42aaec41937625066c2fe397ff24302f681939bcff57d614cd5
32d23f94f3d92cb1820c08bfcbda62c0991723146dd154d08620f1071f60235d
4b947b83dbeae7170327418a55326bb9afbd80b216e963b30b902b53c45de66d
4bc09cde0cc0e719c9c0b78471aba90d334bb75fadc00379f6ca95fb4a83cd0c
56e059f70bc7fb4e13964ccbf546a940809c3218cdb0f0c5e15efc8481915528
596dcea5238fc58bdb77a261bd0e0f88dfa18133f14bf3aaef9b1171391070c1
6351e23fdddd9b4fbcec67e151730195813791320667b1d375112a03fb3527cc
7a9a34cec8e42003e787c2bde3099b05cfa52ccd0b0b964a361d165ca80f8e24
7ced8587d3adc7516df82cbaf8f8330937968f87d1fb227b1bd06b62040d33d9
81bd9c6953694abf461e6f47173b09535424d58f3764515d2d1a9f409594559a
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9f61ec09347eb1f51ea619504740f084175e04fc64b0a3b719a2968299906edc
a35419b3a3256b60e9642a397d459c0dd42a8944d4e29bb12c671ff7a5f5858b
b07b1de3ec85115585bdef67c5026532cc97450ce843c68cd45519928ca7d8e8
d899f022aedbd23a58d9a9daaf3d1d6882f29a116ec64159c3bdcb86c011c55b
e6bbfa4af18fb4f0e9c8a31d6654eac92d0f82dc895c6e5f49b54a8de51e5923
fb2d8eb6cd4e3740f7945d2c5119cf3535f36d80414649d3e970cbaeb7046b7d