sway.office.com - urlscan.io

Summary

This website contacted 2 IPs in 3 countries across 3 domains to perform 5 HTTP transactions. The main IP is 52.109.89.45, located in Amsterdam, Netherlands and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is sway.office.com. The Cisco Umbrella rank of the primary domain is 43632.
TLS certificate: Issued by Microsoft Azure TLS Issuing CA 06 on February 2nd 2023. Valid for: a year.

This is the only time sway.office.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2600:9000:223... 2600:9000:223d:ea00:16:ad5f:7f80:93a1	16509 (AMAZON-02) (AMAZON-02)
1	52.109.89.45 52.109.89.45	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
4	104.102.35.28 104.102.35.28	16625 (AKAMAI-AS) (AKAMAI-AS)
5	2

1 2600:9000:223d:ea00:16:ad5f:7f80:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

protection.greathorn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.109.89.45 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

sway.office.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.102.35.28 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-102-35-28.deploy.static.akamaitechnologies.com

weu-www.sway-cdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	sway-cdn.com weu-www.sway-cdn.com — Cisco Umbrella Rank: 694177	144 KB
1	office.com sway.office.com — Cisco Umbrella Rank: 43632	340 KB
1	greathorn.com 1 redirects protection.greathorn.com — Cisco Umbrella Rank: 367548	661 B
5	3

	Domain	Requested by
4	weu-www.sway-cdn.com	sway.office.com
1	sway.office.com
1	protection.greathorn.com	1 redirects
5	3

This site contains no links.

Subject Issuer	Validity	Valid
sway.office.com Microsoft Azure TLS Issuing CA 06	`2023-02-02` - `2024-01-28`	a year	crt.sh
www.sway-cdn.com Microsoft RSA TLS CA 02	`2022-09-09` - `2023-09-09`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://sway.office.com/UAv4Uf5Rmnker7z2?ref=Link
Frame ID: 01DC67A5562AE9AFD7D29FD3EEEA965D
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sway – Fehler

Page URL History Show full URLs

https://protection.greathorn.com/services/v2/lookupUrl/02c17060-99fd-4216-afdc-33958c50e78d/1189/4d80f9d24404... HTTP 302
https://sway.office.com/UAv4Uf5Rmnker7z2?ref=Link Page URL

Page Statistics

5
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

2
IPs

3
Countries

484 kB
Transfer

480 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://protection.greathorn.com/services/v2/lookupUrl/02c17060-99fd-4216-afdc-33958c50e78d/1189/4d80f9d24404a376c75c2a2e4bd9ab8ddf26859c?domain=sway.office.com&path=/UAv4Uf5Rmnker7z2 HTTP 302
https://sway.office.com/UAv4Uf5Rmnker7z2?ref=Link Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

404

Primary Request UAv4Uf5Rmnker7z2 Show response
sway.office.com/
Redirect Chain

https://protection.greathorn.com/services/v2/lookupUrl/02c17060-99fd-4216-afdc-33958c50e78d/1189/4d80f9d24404a376c75c2a2e4bd9ab8ddf26859c?domain=sway.office.com&path=/UAv4Uf5Rmnker7z2
https://sway.office.com/UAv4Uf5Rmnker7z2?ref=Link

338 KB
340 KB

520ms
448ms

Document
text/html

52.109.89.45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://sway.office.com/UAv4Uf5Rmnker7z2?ref=Link

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.109.89.45 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

/ ARR/3.0

Resource Hash

b33dab42a9fcd4c4bb15d86e0eb2a39b4006062c682b688ca0e4d41c5bd3da25

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Content-Length: 346537
Content-Type: text/html; charset=utf-8
Date: Thu, 01 Jun 2023 14:27:13 GMT
Expires: -1
P3P: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
Pragma: no-cache
X-Powered-By: ARR/3.0
anonuserid: f762a1b3-457f-413e-a770-fad3dda6d7a6
strict-transport-security: max-age=15724800; includeSubDomains; preload
timing-allow-origin: *
x-content-type-options: nosniff
x-correlationid: c3e8a2a4-5230-4ee5-a142-d9f5b45d92d3
x-frame-options: SAMEORIGIN
x-key: bM4AoYZL4yswzqkLrHnzF2ig46pkKXX/HN+Lw5MrcwQ=,638212264338538610
x-officecluster: weu-001.www.sway.com
x-officefe: SwayFrontEnd_IN_8
x-officeversion: 16.0.16523.40102
x-requestid: 75112335-720b-4835-b7d2-8cdc7a3242ff
x-trackingid: f4bb5757-d748-4c01-8734-fdc260e57506
x-usersessionid: c3e8a2a4-5230-4ee5-a142-d9f5b45d92d3

Redirect headers

content-length: 17
content-security-policy: default-src 'none'; script-src 'self' apis.google.com static.zdassets.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.googleapis.com; img-src 'self' *.amazonaws.com; connect-src 'self' greathorn.statuscast.com; frame-src accounts.google.com
content-type: application/json
date: Thu, 01 Jun 2023 14:27:13 GMT
location: https://sway.office.com/UAv4Uf5Rmnker7z2?ref=Link
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=15724800; includeSubDomains
vary: Origin
via: 1.1 bafea69ec4368ee11760779ffcfbd4fc.cloudfront.net (CloudFront)
x-amz-cf-id: cLRTynDIjJqmdcNYelC2tpullkVWn_Oow3K1pFZG1VB_VAB5Q4afgw==
x-amz-cf-pop: FRA56-P3
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: deny
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK story.png
weu-www.sway-cdn.com/161652340102_Content/ 10 KB
11 KB 266ms
7ms Image
image/png 104.102.35.28
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://weu-www.sway-cdn.com/161652340102_Content/story.png

Requested by

Host: sway.office.com
URL: https://sway.office.com/UAv4Uf5Rmnker7z2?ref=Link

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.102.35.28 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-102-35-28.deploy.static.akamaitechnologies.com

Software

/ ARR/3.0

Resource Hash

d46375075d66174f88ad9834c0695792c9afdd0f20456231fa4a873280a2c434

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sway.office.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains; preload
Date: Thu, 01 Jun 2023 14:27:14 GMT
x-content-type-options: nosniff
x-requestid: 5f320a5b-07ed-41ef-ab3a-124f0204ce88
x-officeversion: 16.0.16518.40100
X-Powered-By: ARR/3.0
x-officefe: SwayFrontEnd_IN_7
P3P: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
Connection: keep-alive
Content-Length: 10721
x-trackingid: 31d7011d-952e-4ac5-9d2c-10e454afbd7c
Last-Modified: Tue, 23 May 2023 06:40:08 GMT
x-correlationid: 430f1a1c-84dc-4118-a635-aa87dead92d9
x-usersessionid: 430f1a1c-84dc-4118-a635-aa87dead92d9
x-officecluster: weu-000.www.sway.com
ETag: "0944d6a418dd91:0"
Content-Type: image/png
Accept-Ranges: bytes
anonuserid: b9d328ce-b4d8-46b4-8af0-cf5b8951fa52
timing-allow-origin: *

GET
H/1.1 200
OK segoeuilight.woff
weu-www.sway-cdn.com/Content/ 27 KB
27 KB 34ms
16ms Font
application/font-woff 104.102.35.28
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://weu-www.sway-cdn.com/Content/segoeuilight.woff

Requested by

Host: sway.office.com
URL: https://sway.office.com/UAv4Uf5Rmnker7z2?ref=Link

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.102.35.28 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-102-35-28.deploy.static.akamaitechnologies.com

Software

/ ARR/3.0

Resource Hash

6103756591a0902515ab10671ed7dcab4100573121ec704e75433abb453f5cb9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://sway.office.com/
Origin: https://sway.office.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains; preload
Date: Thu, 01 Jun 2023 14:27:14 GMT
x-content-type-options: nosniff
X-Powered-By: ARR/3.0
Content-Type: application/font-woff
Access-Control-Allow-Origin: *
P3P: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
Cache-Control: public, max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
timing-allow-origin: *
Content-Length: 27544

GET
H/1.1 200
OK segoeui.woff
weu-www.sway-cdn.com/Content/ 74 KB
74 KB 26ms
7ms Font
application/font-woff 104.102.35.28
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://weu-www.sway-cdn.com/Content/segoeui.woff

Requested by

Host: sway.office.com
URL: https://sway.office.com/UAv4Uf5Rmnker7z2?ref=Link

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.102.35.28 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-102-35-28.deploy.static.akamaitechnologies.com

Software

/ ARR/3.0

Resource Hash

5b6231040840aed34ffe299d3f352814c3e24c517eb687cec06293e7eacecb1f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://sway.office.com/
Origin: https://sway.office.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains; preload
Date: Thu, 01 Jun 2023 14:27:14 GMT
x-content-type-options: nosniff
X-Powered-By: ARR/3.0
Content-Type: application/font-woff
Access-Control-Allow-Origin: *
P3P: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
Cache-Control: public, max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
timing-allow-origin: *
Content-Length: 75464

GET
H/1.1 200
OK segoeuisb.woff
weu-www.sway-cdn.com/Content/ 31 KB
31 KB 26ms
7ms Font
application/font-woff 104.102.35.28
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://weu-www.sway-cdn.com/Content/segoeuisb.woff

Requested by

Host: sway.office.com
URL: https://sway.office.com/UAv4Uf5Rmnker7z2?ref=Link

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.102.35.28 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-102-35-28.deploy.static.akamaitechnologies.com

Software

/ ARR/3.0

Resource Hash

3711ba98ca34a5bc5ce6b79de62a1a2eee453f413d2123e912d1ae6b0b0c8b33

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://sway.office.com/
Origin: https://sway.office.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains; preload
Date: Thu, 01 Jun 2023 14:27:14 GMT
x-content-type-options: nosniff
X-Powered-By: ARR/3.0
Content-Type: application/font-woff
Access-Control-Allow-Origin: *
P3P: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
Cache-Control: public, max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
timing-allow-origin: *
Content-Length: 31712

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.sway.office.com/	1969-12-31 23:59:59	Name: AuthSess Value: 3f292c4a-5818-4f65-abb3-92edf9a8a205
			.office.com/	1969-12-31 23:59:59	Name: AADNonce Value: 2ba67bbc-11a2-4e0c-b0a6-aaba326faa3f.638212264340569862

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://sway.office.com/UAv4Uf5Rmnker7z2?ref=Link Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

protection.greathorn.com
sway.office.com
weu-www.sway-cdn.com
104.102.35.28
2600:9000:223d:ea00:16:ad5f:7f80:93a1
52.109.89.45
3711ba98ca34a5bc5ce6b79de62a1a2eee453f413d2123e912d1ae6b0b0c8b33
5b6231040840aed34ffe299d3f352814c3e24c517eb687cec06293e7eacecb1f
6103756591a0902515ab10671ed7dcab4100573121ec704e75433abb453f5cb9
b33dab42a9fcd4c4bb15d86e0eb2a39b4006062c682b688ca0e4d41c5bd3da25
d46375075d66174f88ad9834c0695792c9afdd0f20456231fa4a873280a2c434

sway.office.com Open in urlscan Pro 52.109.89.45 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

5 Requests

100 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

2 IPs

3 Countries

484 kBTransfer

480 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

2 Cookies

1 Console Messages

Security Headers

Indicators

sway.office.com Open in urlscan Pro
52.109.89.45 Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

2
IPs

3
Countries

484 kB
Transfer

480 kB
Size

2
Cookies

5 HTTP transactions
0 data transactions