urlscan.io logo urlscan.io
SecurityTrails logo

designer.microsoft.com Open in urlscan Pro
2a02:26f0:3500:889::f6f  Public Scan

Go To Rescan Add Verdict Report
URL: https://designer.microsoft.com/home
Submission: On November 24 via manual from RU — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 4 countries across 4 domains to perform 13 HTTP transactions. The main IP is 2a02:26f0:3500:889::f6f, located in Frankfurt am Main, Germany and belongs to AKAMAI-ASN1, NL. The main domain is designer.microsoft.com. The Cisco Umbrella rank of the primary domain is 355432.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on April 13th 2023. Valid for: a year.
This is the only time designer.microsoft.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
5 2a02:26f0:350... 20940 (AKAMAI-ASN1)
1 52.109.89.99 8075 (MICROSOFT...)
1 2620:1ec:42::132 8068 (MICROSOFT...)
1 3 2603:1026:300... 8075 (MICROSOFT...)
2 20.190.159.0 8075 (MICROSOFT...)
2 52.178.17.234 8075 (MICROSOFT...)
13 6
5    2a02:26f0:3500:889::f6f (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
designer.microsoft.com
1    52.109.89.99 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
designerapp.officeapps.live.com
1    2620:1ec:42::132 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
ecs.office.com
3    2603:1026:3000:150::a (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
login.microsoftonline.com
2    20.190.159.0 (Dublin, Ireland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
login.live.com
2    52.178.17.234 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
browser.events.data.microsoft.com
Apex Domain
Subdomains		 Transfer
7 microsoft.com
designer.microsoft.com — Cisco Umbrella Rank: 355432
browser.events.data.microsoft.com — Cisco Umbrella Rank: 141
550 KB
3 microsoftonline.com
login.microsoftonline.com — Cisco Umbrella Rank: 19
7 KB
3 live.com
designerapp.officeapps.live.com — Cisco Umbrella Rank: 233256
login.live.com — Cisco Umbrella Rank: 77
6 KB
1 office.com
ecs.office.com — Cisco Umbrella Rank: 111
17 KB
13 4
Domain Requested by
5 designer.microsoft.com designer.microsoft.com
3 login.microsoftonline.com 1 redirects designer.microsoft.com
2 browser.events.data.microsoft.com designer.microsoft.com
2 login.live.com designer.microsoft.com
login.live.com
1 ecs.office.com designer.microsoft.com
1 designerapp.officeapps.live.com designer.microsoft.com
13 6

This site contains no links.

Subject Issuer Validity Valid
cdn.designerapp.osi.office.net
DigiCert SHA2 Secure Server CA		 2023-04-13 -
2024-04-13		 a year crt.sh
designerapp.officeapps.live.com
Microsoft Azure TLS Issuing CA 02		 2023-11-03 -
2024-06-27		 8 months crt.sh
ecs.office.com
Microsoft Azure TLS Issuing CA 05		 2023-11-08 -
2024-06-27		 8 months crt.sh
stamp2.login.microsoftonline.com
DigiCert SHA2 Secure Server CA		 2023-11-23 -
2024-11-23		 a year crt.sh
login.live.com
DigiCert SHA2 Secure Server CA		 2023-11-10 -
2024-11-10		 a year crt.sh
*.events.data.microsoft.com
Microsoft Azure RSA TLS Issuing CA 07		 2023-09-19 -
2024-09-13		 a year crt.sh

This page contains 2 frames:

Primary Page: https://designer.microsoft.com/home
Frame ID: 5C7A88AC57554F2D945802D40C831F37
Requests: 10 HTTP requests in this frame

Frame: https://login.live.com/oauth20_authorize.srf?client_id=598ab7bb-a59c-4d31-ba84-ded22c220dbd&scope=openid+profile+offline_access&redirect_uri=https%3a%2f%2fdesigner.microsoft.com%2fhome&response_type=code&state=eyJpZCI6IjVlZDM1Yzk0LTA4ODEtNDYwOS05ODUwLWVkM2RlODZiNTM5ZSIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoic2lsZW50In19&response_mode=fragment&nonce=ba31c16d-9c2c-4ec0-aec7-6c29165d9933&prompt=none&code_challenge=XO9FFdSonyMAk_AQmap9G-AN5ajBqkC1NBL_33aOeio&code_challenge_method=S256&x-client-SKU=msal.js.browser&x-client-Ver=2.33.0&uaid=601d55a9e1004da38fd348b1c9ab6b4e&msproxy=1&issuer=mso&tenant=consumers&ui_locales=de-DE&client_info=1&epct=PAQABAAEAAAAmoFfGtYxvRrNriQdPKIZ-To1pgmQoiuoc7TzdQZDUM6e20V_5Dxbbbzsboqw7Xgs1f7l8VlUblx-f3MgC-XMCgBPQtMOzldbZqTsJf2muEdKriYCtOfTJpmEu86bJfWD4sV6VOpSKVuic3PWD2kwr2Z1iSxkPdfhas0El-oZA_s129iyOsC9A4rah1UZJpyc-ZKCGA_Yq1YbY4U8drFIX9LOMYOncu7KF3Igl3_eA7CAA&jshs=0
Frame ID: 30671B18870DC418A81F60DAD5649671
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Microsoft Designer - Stunning designs in a flash

Page Statistics

13
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

6
Subdomains

6
IPs

4
Countries

578 kB
Transfer

2893 kB
Size

3
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 8
  • https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?client_id=598ab7bb-a59c-4d31-ba84-ded22c220dbd&scope=openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fdesigner.microsoft.com%2Fhome&client-request-id=601d55a9-e100-4da3-8fd3-48b1c9ab6b4e&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.33.0&client_info=1&code_challenge=BrwbCU4ZgioaRbYwPH52N_aCp0XKN78k21Mj98z6Ql4&code_challenge_method=S256&prompt=none&nonce=ba31c16d-9c2c-4ec0-aec7-6c29165d9933&state=eyJpZCI6IjVlZDM1Yzk0LTA4ODEtNDYwOS05ODUwLWVkM2RlODZiNTM5ZSIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoic2lsZW50In19 HTTP 302
  • https://login.live.com/oauth20_authorize.srf?client_id=598ab7bb-a59c-4d31-ba84-ded22c220dbd&scope=openid+profile+offline_access&redirect_uri=https%3a%2f%2fdesigner.microsoft.com%2fhome&response_type=code&state=eyJpZCI6IjVlZDM1Yzk0LTA4ODEtNDYwOS05ODUwLWVkM2RlODZiNTM5ZSIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoic2lsZW50In19&response_mode=fragment&nonce=ba31c16d-9c2c-4ec0-aec7-6c29165d9933&prompt=none&code_challenge=XO9FFdSonyMAk_AQmap9G-AN5ajBqkC1NBL_33aOeio&code_challenge_method=S256&x-client-SKU=msal.js.browser&x-client-Ver=2.33.0&uaid=601d55a9e1004da38fd348b1c9ab6b4e&msproxy=1&issuer=mso&tenant=consumers&ui_locales=de-DE&client_info=1&epct=PAQABAAEAAAAmoFfGtYxvRrNriQdPKIZ-To1pgmQoiuoc7TzdQZDUM6e20V_5Dxbbbzsboqw7Xgs1f7l8VlUblx-f3MgC-XMCgBPQtMOzldbZqTsJf2muEdKriYCtOfTJpmEu86bJfWD4sV6VOpSKVuic3PWD2kwr2Z1iSxkPdfhas0El-oZA_s129iyOsC9A4rah1UZJpyc-ZKCGA_Yq1YbY4U8drFIX9LOMYOncu7KF3Igl3_eA7CAA&jshs=0

13 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request home
designer.microsoft.com/ 		3 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://designer.microsoft.com/home
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:889::f6f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
8ddcb75559cb0c6f7a11f7b144756dd913bd20f2343cbabc220184c46aacdedd
Security Headers
Name Value
Content-Security-Policy object-src 'none'; base-uri 'none'; require-trusted-types-for 'script'; trusted-types default dompurify html2canvas;

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
content-encoding
gzip
content-length
1051
content-md5
NXzjWpXUMS0jRLzvxGATKg==
content-security-policy
object-src 'none'; base-uri 'none'; require-trusted-types-for 'script'; trusted-types default dompurify html2canvas;
content-type
text/html;
date
Fri, 24 Nov 2023 18:32:27 GMT
etag
0x8DBEB7EEB88CE7D
expires
Fri, 24 Nov 2023 18:32:27 GMT
last-modified
Wed, 22 Nov 2023 17:17:35 GMT
pragma
no-cache
vary
Accept-Encoding
x-ms-blob-type
BlockBlob
x-ms-lease-status
unlocked
x-ms-request-id
82b0ca3a-a01e-0074-7804-1fab1d000000
x-ms-version
2009-09-19
perfTimer.a0db7e62.js
designer.microsoft.com/static/js/ 		63 B
362 B 		Script
General
Check archive.org
Download Go to
Full URL
https://designer.microsoft.com/static/js/perfTimer.a0db7e62.js
Requested by
Host: designer.microsoft.com
URL: https://designer.microsoft.com/home
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:889::f6f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
20ec239a21551ed381d45cecb2b1c2042d3b7b7707ffca8e843b3d02eff28f4d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://designer.microsoft.com/home
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
date
Fri, 24 Nov 2023 18:32:27 GMT
content-encoding
gzip
last-modified
Wed, 22 Nov 2023 17:17:33 GMT
content-md5
XJUkEyirbaX+eNENlC24gA==
etag
0x8DBEB7EEAB9681D
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
ff98f451-101e-0003-516a-1d7e89000000
cache-control
max-age=331
x-ms-version
2009-09-19
content-length
83
main.4616cc05.js
designer.microsoft.com/static/js/ 		3 MB
544 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://designer.microsoft.com/static/js/main.4616cc05.js
Requested by
Host: designer.microsoft.com
URL: https://designer.microsoft.com/home
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:889::f6f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
fd93962a85ed0af0ac15b964c3b8171649c541f78c043ce73e2efb1e45de4d0b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://designer.microsoft.com/home
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
date
Fri, 24 Nov 2023 18:32:27 GMT
content-encoding
br
last-modified
Wed, 22 Nov 2023 17:19:28 GMT
content-md5
a98wev9MKcBBkS2bwlUrPA==
etag
0x8DBEB7EEB817C94
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
b46159d3-c01e-004d-5f67-1d5001000000
cache-control
max-age=427635
x-ms-version
2009-09-19
content-length
556935
main.6a88c3bb.css
designer.microsoft.com/static/css/ 		4 KB
1019 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://designer.microsoft.com/static/css/main.6a88c3bb.css
Requested by
Host: designer.microsoft.com
URL: https://designer.microsoft.com/home
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:889::f6f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
2a2f9b90c6a599b7292066ce4d2f61ca97a0a6ed507889b365c99cf24191616d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://designer.microsoft.com/home
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
date
Fri, 24 Nov 2023 18:32:27 GMT
content-encoding
br
last-modified
Thu, 23 Nov 2023 22:24:59 GMT
content-md5
Lx0RLloi+6cUA2sqFZMneA==
etag
0x8DBEB7EEA8F29FF
vary
Accept-Encoding
content-type
text/css;
access-control-allow-origin
*
x-ms-request-id
317d176d-901e-007f-5907-1e5076000000
cache-control
max-age=532400
x-ms-version
2009-09-19
content-length
748
RemoteUls.ashx
designerapp.officeapps.live.com/designerapp/ 		0
0 		Ping
General
Check archive.org
Download Go to
Full URL
https://designerapp.officeapps.live.com/designerapp/RemoteUls.ashx?usid=ca69e33a-70d5-4ec9-ad91-93164305e137&HostApp=DesignerApp&Platform=Web&ReleaseChannel=
Requested by
Host: designer.microsoft.com
URL: https://designer.microsoft.com/static/js/main.4616cc05.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.109.89.99 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://designer.microsoft.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers
1.0.0.0
ecs.office.com/config/v1/Designer/ 		51 KB
17 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ecs.office.com/config/v1/Designer/1.0.0.0?Ring=Production&Build=1.0.20231121.16&UserId=&ClientId=a6442ba2-69a1-4720-81f1-7ac3dd4e2184&platform=Web&host=DesignerApp
Requested by
Host: designer.microsoft.com
URL: https://designer.microsoft.com/static/js/main.4616cc05.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:42::132 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
2f36cf05617f08a9de3752e9b97f8deb8281a0cc67ec9ba5d5e5aaa29eb27709
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept
application/json
Referer
https://designer.microsoft.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
br
x-content-type-options
nosniff
date
Fri, 24 Nov 2023 18:32:27 GMT
nel
{"report_to":"NelEcsUpload1","max_age":604800,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
x-cache
CONFIG_NOCACHE
content-length
16534
x-msedge-ref
Ref A: 23779E0D29084AFD99782D8D8DCEA142 Ref B: FRAEDGE1909 Ref C: 2023-11-24T18:32:28Z
etag
"z6sm9/zsF4aWR7Azb+HyVhmk4egrxEDW6sfuvG+3NPU="
x-frame-options
DENY
report-to
{"group":"NelEcsUpload1","max_age":604800,"endpoints":[{"url":"https://ecs.nel.measure.office.net?TenantId=Designer&DestinationEndpoint=Edge-Prod-FRAr4c&FrontEnd=AFD"}],"include_subdomains":true}
content-type
application/json
access-control-allow-origin
https://designer.microsoft.com
access-control-expose-headers
ETag, Date
cache-control
no-cache,max-age=3600
timing-allow-origin
https://designer.microsoft.com
expires
Fri, 24 Nov 2023 19:32:28 GMT
3301.11f7ddec.chunk.js
designer.microsoft.com/static/js/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://designer.microsoft.com/static/js/3301.11f7ddec.chunk.js
Requested by
Host: designer.microsoft.com
URL: https://designer.microsoft.com/static/js/main.4616cc05.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:889::f6f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
9979f54259455065af1b56c6d1a0cb0ad8cd12c8e15fce4d34d07d292143b983

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://designer.microsoft.com/home
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
date
Fri, 24 Nov 2023 18:32:28 GMT
content-encoding
br
last-modified
Mon, 20 Nov 2023 18:39:14 GMT
content-md5
PZOaBx59fmSe3nCoaDtBeQ==
etag
0x8DBE9C46D5AA553
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
127200a7-701e-0077-71e0-1b4a79000000
cache-control
max-age=260151
x-ms-version
2009-09-19
content-length
2367
instance
login.microsoftonline.com/common/discovery/ 		953 B
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://login.microsoftonline.com/common/discovery/instance?api-version=1.1&authorization_endpoint=https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize
Requested by
Host: designer.microsoft.com
URL: https://designer.microsoft.com/static/js/main.4616cc05.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2603:1026:3000:150::a Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
96805d60b7382d6faeedb72780e658793affac76d568da8a8c91d34a4380de96
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://designer.microsoft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Fri, 24 Nov 2023 18:32:27 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
Access-Control-Allow-Methods
GET, OPTIONS
P3P
CP="DSP CUR OTPi IND OTRi ONL FIN"
Access-Control-Allow-Origin
*
x-ms-request-id
922def2a-0633-4db8-8d66-0dc479243e01
Content-Type
application/json; charset=utf-8
Cache-Control
max-age=86400, private
report-to
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+ams2"}]}
Content-Length
953
x-ms-ests-server
2.1.16790.7 - FRC ProdSlices
X-XSS-Protection
0
openid-configuration
login.microsoftonline.com/consumers/v2.0/.well-known/ 		2 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://login.microsoftonline.com/consumers/v2.0/.well-known/openid-configuration
Requested by
Host: designer.microsoft.com
URL: https://designer.microsoft.com/static/js/main.4616cc05.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2603:1026:3000:150::a Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
a2dff660b192a8dddc41d6e2a60e3ca410361acc1bc8c08b5d24dddc25de4e96
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://designer.microsoft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Fri, 24 Nov 2023 18:32:27 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
Access-Control-Allow-Methods
GET, OPTIONS
P3P
CP="DSP CUR OTPi IND OTRi ONL FIN"
Access-Control-Allow-Origin
*
x-ms-request-id
3f2ddffd-fb78-447f-82bc-b66a3cf06704
Content-Type
application/json; charset=utf-8
Cache-Control
max-age=86400, private
report-to
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+ams2"}]}
Content-Length
1591
x-ms-ests-server
2.1.16729.8 - WEULR1 ProdSlices
X-XSS-Protection
0
oauth20_authorize.srf
login.live.com/ Frame 3067
Redirect Chain
  • https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?client_id=598ab7bb-a59c-4d31-ba84-ded22c220dbd&scope=openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fdesigner.microsof...
  • https://login.live.com/oauth20_authorize.srf?client_id=598ab7bb-a59c-4d31-ba84-ded22c220dbd&scope=openid+profile+offline_access&redirect_uri=https%3a%2f%2fdesigner.microsoft.com%2fhome&response_typ...
4 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://login.live.com/oauth20_authorize.srf?client_id=598ab7bb-a59c-4d31-ba84-ded22c220dbd&scope=openid+profile+offline_access&redirect_uri=https%3a%2f%2fdesigner.microsoft.com%2fhome&response_type=code&state=eyJpZCI6IjVlZDM1Yzk0LTA4ODEtNDYwOS05ODUwLWVkM2RlODZiNTM5ZSIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoic2lsZW50In19&response_mode=fragment&nonce=ba31c16d-9c2c-4ec0-aec7-6c29165d9933&prompt=none&code_challenge=XO9FFdSonyMAk_AQmap9G-AN5ajBqkC1NBL_33aOeio&code_challenge_method=S256&x-client-SKU=msal.js.browser&x-client-Ver=2.33.0&uaid=601d55a9e1004da38fd348b1c9ab6b4e&msproxy=1&issuer=mso&tenant=consumers&ui_locales=de-DE&client_info=1&epct=PAQABAAEAAAAmoFfGtYxvRrNriQdPKIZ-To1pgmQoiuoc7TzdQZDUM6e20V_5Dxbbbzsboqw7Xgs1f7l8VlUblx-f3MgC-XMCgBPQtMOzldbZqTsJf2muEdKriYCtOfTJpmEu86bJfWD4sV6VOpSKVuic3PWD2kwr2Z1iSxkPdfhas0El-oZA_s129iyOsC9A4rah1UZJpyc-ZKCGA_Yq1YbY4U8drFIX9LOMYOncu7KF3Igl3_eA7CAA&jshs=0
Requested by
Host: designer.microsoft.com
URL: https://designer.microsoft.com/static/js/main.4616cc05.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.190.159.0 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
a2a2c41d92d14397dd5d500ac46ca594e6373120b7bc12829a93a43a0dfa38fb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://designer.microsoft.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Content-Encoding
gzip
Content-Length
2609
Content-Type
text/html; charset=utf-8
Date
Fri, 24 Nov 2023 18:32:28 GMT
PPServer
PPV: 30 H: SN1PEPF0001105B V: 0
Referrer-Policy
strict-origin-when-cross-origin
Strict-Transport-Security
max-age=31536000
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
x-ms-request-id
05fd4697-c40a-4b48-ab95-893ecaec8640
x-ms-route-info
C105_SN1

Redirect headers

Cache-Control
no-store, no-cache
Content-Encoding
gzip
Content-Length
804
Content-Type
text/html; charset=utf-8
Date
Fri, 24 Nov 2023 18:32:27 GMT
Expires
-1
Location
https://login.live.com/oauth20_authorize.srf?client_id=598ab7bb-a59c-4d31-ba84-ded22c220dbd&scope=openid+profile+offline_access&redirect_uri=https%3a%2f%2fdesigner.microsoft.com%2fhome&response_type=code&state=eyJpZCI6IjVlZDM1Yzk0LTA4ODEtNDYwOS05ODUwLWVkM2RlODZiNTM5ZSIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoic2lsZW50In19&response_mode=fragment&nonce=ba31c16d-9c2c-4ec0-aec7-6c29165d9933&prompt=none&code_challenge=XO9FFdSonyMAk_AQmap9G-AN5ajBqkC1NBL_33aOeio&code_challenge_method=S256&x-client-SKU=msal.js.browser&x-client-Ver=2.33.0&uaid=601d55a9e1004da38fd348b1c9ab6b4e&msproxy=1&issuer=mso&tenant=consumers&ui_locales=de-DE&client_info=1&epct=PAQABAAEAAAAmoFfGtYxvRrNriQdPKIZ-To1pgmQoiuoc7TzdQZDUM6e20V_5Dxbbbzsboqw7Xgs1f7l8VlUblx-f3MgC-XMCgBPQtMOzldbZqTsJf2muEdKriYCtOfTJpmEu86bJfWD4sV6VOpSKVuic3PWD2kwr2Z1iSxkPdfhas0El-oZA_s129iyOsC9A4rah1UZJpyc-ZKCGA_Yq1YbY4U8drFIX9LOMYOncu7KF3Igl3_eA7CAA&jshs=0#
P3P
CP="DSP CUR OTPi IND OTRi ONL FIN"
Pragma
no-cache
Referrer-Policy
strict-origin-when-cross-origin
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-XSS-Protection
0
nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
report-to
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+ams2"}]}
x-ms-clitelem
1,0,0,,
x-ms-ests-server
2.1.16729.8 - FRC ProdSlices
x-ms-request-id
11dde4b8-0512-45f3-bc87-a24246b52004
ms-logo-v2.jpg
login.live.com/images/ Frame 3067 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://login.live.com/images/ms-logo-v2.jpg
Requested by
Host: login.live.com
URL: https://login.live.com/oauth20_authorize.srf?client_id=598ab7bb-a59c-4d31-ba84-ded22c220dbd&scope=openid+profile+offline_access&redirect_uri=https%3a%2f%2fdesigner.microsoft.com%2fhome&response_type=code&state=eyJpZCI6IjVlZDM1Yzk0LTA4ODEtNDYwOS05ODUwLWVkM2RlODZiNTM5ZSIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoic2lsZW50In19&response_mode=fragment&nonce=ba31c16d-9c2c-4ec0-aec7-6c29165d9933&prompt=none&code_challenge=XO9FFdSonyMAk_AQmap9G-AN5ajBqkC1NBL_33aOeio&code_challenge_method=S256&x-client-SKU=msal.js.browser&x-client-Ver=2.33.0&uaid=601d55a9e1004da38fd348b1c9ab6b4e&msproxy=1&issuer=mso&tenant=consumers&ui_locales=de-DE&client_info=1&epct=PAQABAAEAAAAmoFfGtYxvRrNriQdPKIZ-To1pgmQoiuoc7TzdQZDUM6e20V_5Dxbbbzsboqw7Xgs1f7l8VlUblx-f3MgC-XMCgBPQtMOzldbZqTsJf2muEdKriYCtOfTJpmEu86bJfWD4sV6VOpSKVuic3PWD2kwr2Z1iSxkPdfhas0El-oZA_s129iyOsC9A4rah1UZJpyc-ZKCGA_Yq1YbY4U8drFIX9LOMYOncu7KF3Igl3_eA7CAA&jshs=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.190.159.0 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
bc2b16b51738b77d94ed7591ad1033fa804297ca9faaa35222aa65773f749164
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://login.live.com/oauth20_authorize.srf?client_id=598ab7bb-a59c-4d31-ba84-ded22c220dbd&scope=openid+profile+offline_access&redirect_uri=https%3a%2f%2fdesigner.microsoft.com%2fhome&response_type=code&state=eyJpZCI6IjVlZDM1Yzk0LTA4ODEtNDYwOS05ODUwLWVkM2RlODZiNTM5ZSIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoic2lsZW50In19&response_mode=fragment&nonce=ba31c16d-9c2c-4ec0-aec7-6c29165d9933&prompt=none&code_challenge=XO9FFdSonyMAk_AQmap9G-AN5ajBqkC1NBL_33aOeio&code_challenge_method=S256&x-client-SKU=msal.js.browser&x-client-Ver=2.33.0&uaid=601d55a9e1004da38fd348b1c9ab6b4e&msproxy=1&issuer=mso&tenant=consumers&ui_locales=de-DE&client_info=1&epct=PAQABAAEAAAAmoFfGtYxvRrNriQdPKIZ-To1pgmQoiuoc7TzdQZDUM6e20V_5Dxbbbzsboqw7Xgs1f7l8VlUblx-f3MgC-XMCgBPQtMOzldbZqTsJf2muEdKriYCtOfTJpmEu86bJfWD4sV6VOpSKVuic3PWD2kwr2Z1iSxkPdfhas0El-oZA_s129iyOsC9A4rah1UZJpyc-ZKCGA_Yq1YbY4U8drFIX9LOMYOncu7KF3Igl3_eA7CAA&jshs=0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000
Date
Fri, 24 Nov 2023 18:32:28 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 13 Oct 2023 12:43:48 GMT
PPServer
PPV: 30 H: SN1PEPF00010F41 V: 0
ETag
"09a1be9d2fdd91:0"
Content-Type
image/jpeg
x-ms-request-id
1875ff1c-4afd-4b61-af4a-24dd5c348a79
Cache-Control
max-age=31536000
Accept-Ranges
bytes
Content-Length
2797
X-XSS-Protection
1; mode=block
/
browser.events.data.microsoft.com/OneCollector/1.0/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.178.17.234 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Headers
apikey,cache-control,client-id,client-version,content-type,time-delta-to-apply-millis,upload-time
Access-Control-Request-Method
POST
Origin
https://designer.microsoft.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
AuthMsaDeviceTicket,AuthXToken,Content-Encoding,Content-Type,Cache-Control,Client-Id,SDK-Name,sdk-version,apikey,x-apikey,client-version,upload-time,time-delta-to-apply-millis,client-time-epoch-millis,persistence-mode,reliability-mode,NoResponseBody
access-control-allow-origin
https://designer.microsoft.com
access-control-max-age
3600
cache-control
public, 3600
content-length
0
date
Fri, 24 Nov 2023 18:32:29 GMT
server
Microsoft-HTTPAPI/2.0
strict-transport-security
max-age=31536000
/
browser.events.data.microsoft.com/OneCollector/1.0/ 		24 B
294 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=2
Requested by
Host: designer.microsoft.com
URL: https://designer.microsoft.com/static/js/main.4616cc05.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.178.17.234 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
51eb16447d65a8e85488cc5b300daa11092e03134afc7e587392a1563640ca8d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

upload-time
1700850750217
accept-language
de-DE,de;q=0.9
client-version
1DS-Web-JS-3.2.12
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
time-delta-to-apply-millis
use-collector-delta
content-type
application/x-json-stream
cache-control
no-cache, no-store
Referer
https://designer.microsoft.com/
apikey
983f1bcd0b894275ba7e558847b813f4-963f4458-da43-483a-91f1-d89a1a0f1e79-6909
Client-Id
NO_AUTH

Response headers

strict-transport-security
max-age=31536000
date
Fri, 24 Nov 2023 18:32:29 GMT
server
Microsoft-HTTPAPI/2.0
time-delta-millis
162
access-control-allow-methods
POST
content-type
application/json
access-control-allow-origin
https://designer.microsoft.com
access-control-expose-headers
time-delta-millis
access-control-allow-credentials
true
access-control-allow-headers
time-delta-millis
content-length
24

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| documentPictureInPicture number| startTime object| webpackChunkdesigner_app object| exposed object| __dynProto$Gbl object| __stylesheet__ object| __globalSettings__ object| __themeState__ object| __packages__ number| __currentId__

3 Cookies

Domain/Path Name / Value
login.microsoftonline.com/ Name: fpc
Value: AiYmfgGcv-dPtndEJw0ZiLY
login.microsoftonline.com/ Name: x-ms-gateway-slice
Value: estsfd
login.microsoftonline.com/ Name: stsservicecookie
Value: estsfd

3 Console Messages

Source Level URL
Text
security error (Line 6)
Message:
This document requires 'TrustedScript' assignment.
security warning URL: https://designer.microsoft.com/static/js/main.4616cc05.js(Line 1)
Message:
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
security error (Line 6)
Message:
This document requires 'TrustedScript' assignment.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy object-src 'none'; base-uri 'none'; require-trusted-types-for 'script'; trusted-types default dompurify html2canvas;