view.officeapps.live.com

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 3 HTTP transactions. The main IP is 2603:1063:2000:1::12, located in United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is view.officeapps.live.com. The Cisco Umbrella rank of the primary domain is 21865.
TLS certificate: Issued by Microsoft Azure RSA TLS Issuing CA 07 on January 24th 2024. Valid for: a year.

This is the only time view.officeapps.live.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	2603:1063:200... 2603:1063:2000:1::12	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a02:26f0:350... 2a02:26f0:3500:586::4b36	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	3

2 2603:1063:2000:1::12 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

view.officeapps.live.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pnl1-excel.officeapps.live.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:586::4b36 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

c1-view-15.cdn.office.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	live.com view.officeapps.live.com — Cisco Umbrella Rank: 21865 pnl1-excel.officeapps.live.com — Cisco Umbrella Rank: 157006	3 KB
1	office.net c1-view-15.cdn.office.net — Cisco Umbrella Rank: 42007	8 KB
3	2

	Domain	Requested by
1	c1-view-15.cdn.office.net
1	pnl1-excel.officeapps.live.com
1	view.officeapps.live.com
3	3

This site contains no links.

Subject Issuer	Validity	Valid
officeapps.live.com Microsoft Azure RSA TLS Issuing CA 07	`2024-01-24` - `2025-01-18`	a year	crt.sh
*.cdn.office.net Microsoft Azure RSA TLS Issuing CA 03	`2023-10-03` - `2024-09-27`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://view.officeapps.live.com/op/view.aspx?src=https%3A%2F%2Fwww.natca.org%2Fwp-content%2Fuploads%2F2021%2F07%2FData-Challenge-Survey-BUEs.xlsx&wdOrigin=BROWSELINK
Frame ID: 2AE970D2FE51DB064653D07D7D234ECB
Requests: 3 HTTP requests in this frame

Frame: https://pnl1-excel.officeapps.live.com/x/_layouts/xlviewerinternal.aspx?ui=de%2DDE&rs=de%2DDE&WOPISrc=http%3A%2F%2Fpnl1%2Dview%2Dwopi%2Ewopi%2Eonline%2Eoffice%2Enet%3A808%2Foh%2Fwopi%2Ffiles%2F%40%2FwFileId%3FwFileId%3Dhttps%253A%252F%252Fwww%252Enatca%252Eorg%253A443%252Fwp%252Dcontent%252Fuploads%252F2021%252F07%252FData%252DChallenge%252DSurvey%252DBUEs%252Exlsx&access_token_ttl=0&wdOrigin=BROWSELINK&hid=6bacb2f3-bc39-4a54-be4f-e8359c6c805f
Frame ID: 8AD9876658A0C609EB73EC396B2CDEE5
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Data-Challenge-Survey-BUEs.xlsx

Detected technologies

Microsoft ASP.NET (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

\.aspx?(?:$|\?)
<input[^>]+name="__VIEWSTATE

Page Statistics

3
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

3
Subdomains

3
IPs

2
Countries

11 kB
Transfer

13 kB
Size

9
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request view.aspx Show response
view.officeapps.live.com/op/ 4 KB
3 KB 73ms
25ms Document
text/html 2603:1063:2000:1::12
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://view.officeapps.live.com/op/view.aspx?src=https%3A%2F%2Fwww.natca.org%2Fwp-content%2Fuploads%2F2021%2F07%2FData-Challenge-Survey-BUEs.xlsx&wdOrigin=BROWSELINK

Protocol

H2

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2603:1063:2000:1::12 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

/

Resource Hash

a2f5290fcc89d6d1cca21c403d7d6ad872997fa2b65766f5ba32302d3a81dd8d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

cache-control: private
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Tue, 07 May 2024 18:50:43 GMT
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
x-content-type-options: nosniff
x-correlationid: 6bacb2f3-bc39-4a54-be4f-e8359c6c805f
x-msedge-features: afd_waccluster,afd_pptcapacity,afd_wacinfra4,afd_wacinfra5,afd_excelslicetest
x-msedge-flight: 2i49=afd_wacinfra4,2i4a=afd_wacinfra5,5e4w=afd_excelslicetest
x-msedge-ref: Ref A: 0CCD501DF78E451A89068E6311C520D5 Ref B: FRA231050414009 Ref C: 2024-05-07T18:50:43Z
x-officecluster: PNL1
x-officefd: AM4PEPF0002D4EE
x-officefe: AM4PEPF0002D761
x-officeversion: 16.0.17626.41001

GET
DATA 200
OK truncated
/ 695 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a3596c17dad9a003d0bfbe0b7ba6765f51391b5c3943660316f01c8e77b323db

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/gif

POST
H2 200 xlviewerinternal.aspx
pnl1-excel.officeapps.live.com/x/_layouts/ Frame 8AD9 0
0 90ms
36ms Document
text/html 2603:1063:2000:1::12
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://pnl1-excel.officeapps.live.com/x/_layouts/xlviewerinternal.aspx?ui=de%2DDE&rs=de%2DDE&WOPISrc=http%3A%2F%2Fpnl1%2Dview%2Dwopi%2Ewopi%2Eonline%2Eoffice%2Enet%3A808%2Foh%2Fwopi%2Ffiles%2F%40%2FwFileId%3FwFileId%3Dhttps%253A%252F%252Fwww%252Enatca%252Eorg%253A443%252Fwp%252Dcontent%252Fuploads%252F2021%252F07%252FData%252DChallenge%252DSurvey%252DBUEs%252Exlsx&access_token_ttl=0&wdOrigin=BROWSELINK&hid=6bacb2f3-bc39-4a54-be4f-e8359c6c805f

Protocol

H2

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2603:1063:2000:1::12 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

/

Resource Hash

Security Headers

Name

Value

Content-Security-Policy

font-src data: 'self' res-1.cdn.office.net *.cdn.office.net res-cn.cdn.partner.office365.cn res-4.cdn.partner.office365.cn res-3.cdn.partner.office365.cn res-1-cdn.azureedge.microsoft.scloud res-1-cdn.azureedge.eaglex.ic.gov res-dev.cdn.officeppe.net *.skype.com *.skypeassets.com *.msocdn.com sway.com *.sway-cdn.com sway-cdn.com *.sharepointonline.com spoprod-a.akamaihd.net *.azureedge.net fs.microsoft.com *.officeapps.live.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' res-1.cdn.office.net *.officeapps.live.com *.msftauth.net js.monitor.azure.com *.skype.com *.skypeassets.com *.msocdn.com js.live.net appsforoffice.microsoft.com contentstorage.osi.office.net *.growth.office.net *.rt.microsoft.com res-prod.cdn.office.net res.cdn.office.net messaging.office.com messaging.growth.office.com messaging.action.office.com messaging.engagement.office.com content.lifecycle.office.net www.microsoft.com pmservices.cp.microsoft.com paymentinstruments.mp.microsoft.com paymentinstruments-int.mp.microsoft.com edge.payments.microsoft.com *.cdn.office.net res-cn.cdn.partner.office365.cn res-4.cdn.partner.office365.cn res-3.cdn.partner.office365.cn res-1-cdn.azureedge.microsoft.scloud res-1-cdn.azureedge.eaglex.ic.gov res-dev.cdn.officeppe.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' res-1.cdn.office.net *.skype.com *.skypeassets.com *.msocdn.com js.live.net sway.com *.sway-cdn.com sway-cdn.com *.cdn.office.net res-cn.cdn.partner.office365.cn res-4.cdn.partner.office365.cn res-3.cdn.partner.office365.cn res-1-cdn.azureedge.microsoft.scloud res-1-cdn.azureedge.eaglex.ic.gov res-dev.cdn.officeppe.net; media-src blob: *.skype.com *.skypeassets.com *.officeapps.live.com; object-src 'self'; child-src blob: * ms-excel:; worker-src blob: 'self'; img-src * data: blob:; report-uri /x/reportcsp.ashx

X-Content-Type-Options

nosniff

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Content-Type: application/x-www-form-urlencoded
Origin: https://view.officeapps.live.com
Referer: https://view.officeapps.live.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

cache-control: no-cache, no-store
content-encoding: gzip
content-security-policy: font-src data: 'self' res-1.cdn.office.net *.cdn.office.net res-cn.cdn.partner.office365.cn res-4.cdn.partner.office365.cn res-3.cdn.partner.office365.cn res-1-cdn.azureedge.microsoft.scloud res-1-cdn.azureedge.eaglex.ic.gov res-dev.cdn.officeppe.net *.skype.com *.skypeassets.com *.msocdn.com sway.com *.sway-cdn.com sway-cdn.com *.sharepointonline.com spoprod-a.akamaihd.net *.azureedge.net fs.microsoft.com *.officeapps.live.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' res-1.cdn.office.net *.officeapps.live.com *.msftauth.net js.monitor.azure.com *.skype.com *.skypeassets.com *.msocdn.com js.live.net appsforoffice.microsoft.com contentstorage.osi.office.net *.growth.office.net *.rt.microsoft.com res-prod.cdn.office.net res.cdn.office.net messaging.office.com messaging.growth.office.com messaging.action.office.com messaging.engagement.office.com content.lifecycle.office.net www.microsoft.com pmservices.cp.microsoft.com paymentinstruments.mp.microsoft.com paymentinstruments-int.mp.microsoft.com edge.payments.microsoft.com *.cdn.office.net res-cn.cdn.partner.office365.cn res-4.cdn.partner.office365.cn res-3.cdn.partner.office365.cn res-1-cdn.azureedge.microsoft.scloud res-1-cdn.azureedge.eaglex.ic.gov res-dev.cdn.officeppe.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' res-1.cdn.office.net *.skype.com *.skypeassets.com *.msocdn.com js.live.net sway.com *.sway-cdn.com sway-cdn.com *.cdn.office.net res-cn.cdn.partner.office365.cn res-4.cdn.partner.office365.cn res-3.cdn.partner.office365.cn res-1-cdn.azureedge.microsoft.scloud res-1-cdn.azureedge.eaglex.ic.gov res-dev.cdn.officeppe.net; media-src blob: *.skype.com *.skypeassets.com *.officeapps.live.com; object-src 'self'; child-src blob: * ms-excel:; worker-src blob: 'self'; img-src * data: blob:; report-uri /x/reportcsp.ashx
content-type: text/html; charset=utf-8
cross-origin-resource-policy: cross-origin
date: Tue, 07 May 2024 18:50:43 GMT
document-policy: js-profiling
expires: -1
nel: {"report_to":"network-errors","max_age":604800,"include_subdomains":true,"success_fraction":0.01,"failure_fraction":1.0}
origin-agent-cluster: ?1
origin-trial: AtFKAQdG+ydQM/bvbc5Qxv930XARVdP6iEmsQLrizs1HYDZnXMf7/f8oOaknwmnnXoTmlFWim3Ptj/bW7MfeElEAAABteyJvcmlnaW4iOiJodHRwczovL29mZmljZWFwcHMubGl2ZS5jb206NDQzIiwiaXNTdWJkb21haW4iOnRydWUsImZlYXR1cmUiOiJIYXB0aWNzRGV2aWNlIiwiZXhwaXJ5IjoxNzQ0MzA5NDUyfQ== AhQJUzE5LCv5KHvmQov3fZhTT0W3oRbJWD7uk+pw4EemPcV5dWZzr8wiGtZj/dh81uDAw0I9lZ30j8otVRSRQwYAAABkeyJvcmlnaW4iOiJodHRwczovL29mZmljZWFwcHMubGl2ZS5jb206NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTksImlzU3ViZG9tYWluIjp0cnVlfQ==
p3p: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
pragma: no-cache
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://excelonline.nel.measure.office.net/api/report?FrontEnd=AFD&DestinationEndpoint=Edge-Prod-FRA23r5b&DC=PNL1&FileSource="}]}
reporting-endpoints: default="https://pnl1-excel.officeapps.live.com/x/BrowserReportingHandler.ashx"
timing-allow-origin: *
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
x-content-type-options: nosniff
x-correlationid: bcc0d324-4810-47a6-8ea6-d07ea5a444ee
x-msedge-features: afd_waccluster,afd_wacinfra4,afd_wacinfra5,afd_excelslicetest_control
x-msedge-flight: 2i49=afd_wacinfra4,2i4a=afd_wacinfra5,5e4w=afd_excelslicetest_control
x-msedge-ref: Ref A: D0DBC74B25724F0FAB1AC5A59C4CFF5E Ref B: FRA231050414009 Ref C: 2024-05-07T18:50:44Z
x-officecluster: PNL1
x-officefe: AM4PEPF0002D618
x-officeversion: 16.0.17630.42301
x-partitioning-enabled: true
x-usersessionid: bcc0d324-4810-47a6-8ea6-d07ea5a444ee
x-yarp-fe: AM4PEPF0002D64A

GET
H/1.1 200
OK FavIcon_Excel.ico
c1-view-15.cdn.office.net/op/s/161762641001_Resources/ 8 KB
8 KB 119ms
16ms Other
image/x-icon 2a02:26f0:3500:586::4b36
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c1-view-15.cdn.office.net/op/s/161762641001_Resources/FavIcon_Excel.ico
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:586::4b36 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: / ASP.NET
Resource Hash: 63bd80475830aa6933dc637e25a7a13f3773b1feef1feeb34f3c882344b088bb

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://view.officeapps.live.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 07 May 2024 18:50:44 GMT
X-OfficeVersion: 16.0.17626.41001
X-Powered-By: ASP.NET
X-OfficeFE: AM4PEPF0002D75C
Connection: keep-alive
X-MSEdge-Flight: 2i49=afd_wacinfra4,2i4a=afd_wacinfra5,5e4w=afd_excelslicetest_control
Content-Length: 7886
X-MSEdge-Features: afd_waccluster,afd_wordslice,afd_wacinfra4,afd_wacinfra5,afd_excelslicetest_control
Last-Modified: Thu, 02 May 2024 23:01:41 GMT
X-CorrelationId: fd99b6db-86c3-4312-a176-7d508e676b77
X-OfficeCluster: PNL1
X-MSEdge-Ref: Ref A: FEE9E40087C04EBD8C94FCDDA4F7D0D4 Ref B: FRA231050413047 Ref C: 2024-05-02T23:20:25Z
X-OFFICEFD: AM4PEPF0002DDBC
ETag: "4a54f3b1e49cda1:0"
Content-Type: image/x-icon
Cache-Control: public,max-age=31536000
Accept-Ranges: bytes

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

9 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.view.officeapps.live.com/	1969-12-31 23:59:59	Name: PNL1-ARRAffinity Value: 2b8be525e8ce02f9938f3cf8751a1c8a11b10ca9511a1082f6597fe84c7f2ba7
pnl1-excel.officeapps.live.com/	1969-12-31 23:59:59	Name: PNL1-Excel-ARRAffinity Value: 453a899ca21b5152caa09f1965954718f0d9be38c56850501af7abf34b0b4047
.pnl1-excel.officeapps.live.com/	1969-12-31 23:59:59	Name: PNL1-Excel-ARRAffinity Value: 453a899ca21b5152caa09f1965954718f0d9be38c56850501af7abf34b0b4047
pnl1-excel.officeapps.live.com/	1969-12-31 23:59:59	Name: ShCLSessionID Value: 1715107845851_0.23953109937667594
.login.live.com/	1969-12-31 23:59:59	Name: uaid Value: 8ee583fbdf7c4268a1334e0eb34c2870
.login.live.com/	1969-12-31 23:59:59	Name: MSPRequ Value: id=63539&lt=1715107846&co=1
.login.live.com/	1970-01-21 05:46:43	Name: MSCC Value: 81.95.5.44-DE
.login.live.com/	1969-12-31 23:59:59	Name: MSPOK Value: $uuid-1cae2c8f-383c-4b58-a50b-dcbb6f5cd7af
.login.live.com/	1969-12-31 23:59:59	Name: OParams Value: 11O.DvpD5CxZn38Ip2FsaHHNHKuoqnVbz3yEqB4NgpQYQAJY56Qm2EaRCzJU4RF4HFKHTyQABr1Lh4KkAjBXHcjUlYLKxmewXEoLXc2gRcUi5X!NS8o8pWFcQOTF2s9E4cXkGJALpbbFrWnD3S32bE!iCFcUxO*QWw5jx8h86jff2ya8fL7aZ97f1U4M!tLg6rgVNcHJVJ4VsHVxh2gw!o6vvWK7dC43Spl1oCsRmDABpo!NLJp4uwuEiP85J8rzE4CayC!c6yZa4SPDnSkjnVlnAvboy2gxEDKevkmJZKbgAxkc48uaN8K559oxSVIDUqreUXtkUozVVtCZR6zp3Pt6mDgz4ay6MIdj2Pg1brhhiYJ9GcaDyIVV7IVmQOTWeUYCnwPxL0iT7XMtfD!Bp7wIOjUOv2ujT23Ydi1lBdAs

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

c1-view-15.cdn.office.net
pnl1-excel.officeapps.live.com
view.officeapps.live.com
2603:1063:2000:1::12
2a02:26f0:3500:586::4b36
63bd80475830aa6933dc637e25a7a13f3773b1feef1feeb34f3c882344b088bb
a2f5290fcc89d6d1cca21c403d7d6ad872997fa2b65766f5ba32302d3a81dd8d
a3596c17dad9a003d0bfbe0b7ba6765f51391b5c3943660316f01c8e77b323db

view.officeapps.live.com Open in urlscan Pro 2603:1063:2000:1::12 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

3 Requests

100 %HTTPS

100 %IPv6

2 Domains

3 Subdomains

3 IPs

2 Countries

11 kBTransfer

13 kBSize

9 Cookies

0 Outgoing links

Redirected requests

3 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

9 Cookies

Security Headers

Indicators

view.officeapps.live.com Open in urlscan Pro
2603:1063:2000:1::12 Public Scan

Screenshot
Live screenshot

Full Image

3
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

3
Subdomains

3
IPs

2
Countries

11 kB
Transfer

13 kB
Size

9
Cookies

3 HTTP transactions
1 data transactions