urlscan.io logo urlscan.io
SecurityTrails logo

forms.office.com Open in urlscan Pro
2620:1ec:a92::194  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://d2qxzp04.na1.hubspotlinksfree.com/Ctc/UB+113/d2qxZP04/VW_8cS1ZDlBbW6Kx9Mr2wm3LkW5j5c_V4YKF6NN8wLL5w3lSbNV1-WJV7CgL3wW8cF_PL3T32TlV...
Effective URL: https://forms.office.com/pages/responsepage.aspx?id=3AalCiCOekOvNmMpMX8XcTG9C9qI9HhOnsadQnYGIuRUOVNGNUJTT1BBTlBURTRZT1JXM...
Submission Tags: falconsandbox
Submission: On March 29 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 11 HTTP transactions. The main IP is 2620:1ec:a92::194, located in United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is forms.office.com. The Cisco Umbrella rank of the primary domain is 6969.
TLS certificate: Issued by Microsoft Azure TLS Issuing CA 02 on March 23rd 2023. Valid for: a year.
This is the only time forms.office.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2 2606:4700:440... 13335 (CLOUDFLAR...)
1 2 2620:1ec:a92:... 8068 (MICROSOFT...)
8 2a02:26f0:f3:... 20940 (AKAMAI-ASN1)
11 4
Apex Domain
Subdomains		 Transfer
8 office.net
cdn.forms.office.net — Cisco Umbrella Rank: 10307
243 KB
2 office.com
forms.office.com — Cisco Umbrella Rank: 6969
19 KB
2 hubspotlinksfree.com
d2qxzp04.na1.hubspotlinksfree.com
3 KB
11 3
Domain Requested by
8 cdn.forms.office.net forms.office.com
cdn.forms.office.net
2 forms.office.com 1 redirects d2qxzp04.na1.hubspotlinksfree.com
forms.office.com
2 d2qxzp04.na1.hubspotlinksfree.com 1 redirects
11 3

This site contains no links.

Subject Issuer Validity Valid
hubspotlinksfree.com
Cloudflare Inc ECC CA-3		 2022-05-17 -
2023-05-17		 a year crt.sh
forms.office.com
Microsoft Azure TLS Issuing CA 02		 2023-03-23 -
2024-03-17		 a year crt.sh
cdn.forms.office.net
Microsoft Azure TLS Issuing CA 06		 2022-09-28 -
2023-09-23		 a year crt.sh

This page contains 1 frames:

Primary Page: https://forms.office.com/pages/responsepage.aspx?id=3AalCiCOekOvNmMpMX8XcTG9C9qI9HhOnsadQnYGIuRUOVNGNUJTT1BBTlBURTRZT1JXMU9FT0FVUi4u&utm_medium=email&_hsmi=252161451&_hsenc=p2ANqtz-9NvO_FH3MDDl-x1sZH4fiIjs0HoH33FYRI4LocXly3JLkXrCnUg84hMLwax18pGEJJH3rS21pISn8G-AUlqd1jE7eqpQ&utm_content=252161451&utm_source=hs_email
Frame ID: 01DD827417E3A5A558DB78567B5E7443
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Microsoft Forms

Page URL History Show full URLs

  1. https://d2qxzp04.na1.hubspotlinksfree.com/Ctc/UB+113/d2qxZP04/VW_8cS1ZDlBbW6Kx9Mr2wm3LkW5j5c_V4YKF6NN8wLL5w3lSbNV1-WJV... Page URL
  2. https://d2qxzp04.na1.hubspotlinksfree.com/events/public/v1/encoded/track/tc/UB+113/d2qxZP04/VW_8cS1ZDlBbW6Kx9Mr2wm3LkW... HTTP 307
    https://forms.office.com/r/4gwxxPTDfw?utm_medium=email&_hsmi=252161451&_hsenc=p2ANqtz-9NvO_FH3MDDl-x1... HTTP 301
    https://forms.office.com/pages/responsepage.aspx?id=3AalCiCOekOvNmMpMX8XcTG9C9qI9HhOnsadQnYGIuRUOVNGN... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.aspx?(?:$|\?)

Page Statistics

11
Requests

91 %
HTTPS

100 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

264 kB
Transfer

563 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://d2qxzp04.na1.hubspotlinksfree.com/Ctc/UB+113/d2qxZP04/VW_8cS1ZDlBbW6Kx9Mr2wm3LkW5j5c_V4YKF6NN8wLL5w3lSbNV1-WJV7CgL3wW8cF_PL3T32TlVdXsDH4CtynKW5Xbjvc71QRFPW2WfZFS4S-vRNVZLC7Q97MS7bW5yJ6vb2rmx4JW5M24j44lQl3rW8SQx_J6Z66vwW7G9BCm2MV_QpVxgkMH8xlmQdW6B813B49hGzKW3DnDsQ2p38GtV5QKYP3HKWxYW2ys9H84lSDw6W5KrTX15JDs6LW8G1whJ2ZfG9KW5pvN1W7CMXZTW5wkzhh6gqCcXW71QT644WMNbQW2NSJF23hfTltW8qf0--3_YKBDW8kQ6276ZMTHY321f1 Page URL
  2. https://d2qxzp04.na1.hubspotlinksfree.com/events/public/v1/encoded/track/tc/UB+113/d2qxZP04/VW_8cS1ZDlBbW6Kx9Mr2wm3LkW5j5c_V4YKF6NN8wLL5w3lSbNV1-WJV7CgL3wW8cF_PL3T32TlVdXsDH4CtynKW5Xbjvc71QRFPW2WfZFS4S-vRNVZLC7Q97MS7bW5yJ6vb2rmx4JW5M24j44lQl3rW8SQx_J6Z66vwW7G9BCm2MV_QpVxgkMH8xlmQdW6B813B49hGzKW3DnDsQ2p38GtV5QKYP3HKWxYW2ys9H84lSDw6W5KrTX15JDs6LW8G1whJ2ZfG9KW5pvN1W7CMXZTW5wkzhh6gqCcXW71QT644WMNbQW2NSJF23hfTltW8qf0--3_YKBDW8kQ6276ZMTHY321f1?_ud=c8e6a998-d923-4392-a336-2aa155e204f1&_jss=1&_fl=8&_pl=3&_hc=4&_lg=en-US,en&_plt=Win32&_scr=1600,1200 HTTP 307
    https://forms.office.com/r/4gwxxPTDfw?utm_medium=email&_hsmi=252161451&_hsenc=p2ANqtz-9NvO_FH3MDDl-x1sZH4fiIjs0HoH33FYRI4LocXly3JLkXrCnUg84hMLwax18pGEJJH3rS21pISn8G-AUlqd1jE7eqpQ&utm_content=252161451&utm_source=hs_email HTTP 301
    https://forms.office.com/pages/responsepage.aspx?id=3AalCiCOekOvNmMpMX8XcTG9C9qI9HhOnsadQnYGIuRUOVNGNUJTT1BBTlBURTRZT1JXMU9FT0FVUi4u&utm_medium=email&_hsmi=252161451&_hsenc=p2ANqtz-9NvO_FH3MDDl-x1sZH4fiIjs0HoH33FYRI4LocXly3JLkXrCnUg84hMLwax18pGEJJH3rS21pISn8G-AUlqd1jE7eqpQ&utm_content=252161451&utm_source=hs_email Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
VW_8cS1ZDlBbW6Kx9Mr2wm3LkW5j5c_V4YKF6NN8wLL5w3lSbNV1-WJV7CgL3wW8cF_PL3T32TlVdXsDH4CtynKW5Xbjvc71QRFPW2WfZFS4S-vRNVZLC7Q97MS7bW5yJ6vb2rmx4JW5M24j44lQl3rW8SQx_J6Z66vwW7G9BCm2MV_QpVxgkMH8xlmQdW6B813B4...
d2qxzp04.na1.hubspotlinksfree.com/Ctc/UB+113/d2qxZP04/ 		8 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://d2qxzp04.na1.hubspotlinksfree.com/Ctc/UB+113/d2qxZP04/VW_8cS1ZDlBbW6Kx9Mr2wm3LkW5j5c_V4YKF6NN8wLL5w3lSbNV1-WJV7CgL3wW8cF_PL3T32TlVdXsDH4CtynKW5Xbjvc71QRFPW2WfZFS4S-vRNVZLC7Q97MS7bW5yJ6vb2rmx4JW5M24j44lQl3rW8SQx_J6Z66vwW7G9BCm2MV_QpVxgkMH8xlmQdW6B813B49hGzKW3DnDsQ2p38GtV5QKYP3HKWxYW2ys9H84lSDw6W5KrTX15JDs6LW8G1whJ2ZfG9KW5pvN1W7CMXZTW5wkzhh6gqCcXW71QT644WMNbQW2NSJF23hfTltW8qf0--3_YKBDW8kQ6276ZMTHY321f1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2ab1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
false
cf-cache-status
DYNAMIC
cf-ray
7af84102da399152-FRA
content-encoding
br
content-type
text/html;charset=utf-8
date
Wed, 29 Mar 2023 12:53:08 GMT
referrer-policy
no-referrer
server
cloudflare
vary
origin
x-hubspot-correlation-id
7af27e5d-bfce-46a8-8821-b773a2be2c3c
x-robots-tag
none
Primary Request responsepage.aspx
forms.office.com/pages/
Redirect Chain
  • https://d2qxzp04.na1.hubspotlinksfree.com/events/public/v1/encoded/track/tc/UB+113/d2qxZP04/VW_8cS1ZDlBbW6Kx9Mr2wm3LkW5j5c_V4YKF6NN8wLL5w3lSbNV1-WJV7CgL3wW8cF_PL3T32TlVdXsDH4CtynKW5Xbjvc71QRFPW2WfZ...
  • https://forms.office.com/r/4gwxxPTDfw?utm_medium=email&_hsmi=252161451&_hsenc=p2ANqtz-9NvO_FH3MDDl-x1sZH4fiIjs0HoH33FYRI4LocXly3JLkXrCnUg84hMLwax18pGEJJH3rS21pISn8G-AUlqd1jE7eqpQ&utm_content=252161...
  • https://forms.office.com/pages/responsepage.aspx?id=3AalCiCOekOvNmMpMX8XcTG9C9qI9HhOnsadQnYGIuRUOVNGNUJTT1BBTlBURTRZT1JXMU9FT0FVUi4u&utm_medium=email&_hsmi=252161451&_hsenc=p2ANqtz-9NvO_FH3MDDl-x1s...
59 KB
18 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://forms.office.com/pages/responsepage.aspx?id=3AalCiCOekOvNmMpMX8XcTG9C9qI9HhOnsadQnYGIuRUOVNGNUJTT1BBTlBURTRZT1JXMU9FT0FVUi4u&utm_medium=email&_hsmi=252161451&_hsenc=p2ANqtz-9NvO_FH3MDDl-x1sZH4fiIjs0HoH33FYRI4LocXly3JLkXrCnUg84hMLwax18pGEJJH3rS21pISn8G-AUlqd1jE7eqpQ&utm_content=252161451&utm_source=hs_email
Requested by
Host: d2qxzp04.na1.hubspotlinksfree.com
URL: https://d2qxzp04.na1.hubspotlinksfree.com/Ctc/UB+113/d2qxZP04/VW_8cS1ZDlBbW6Kx9Mr2wm3LkW5j5c_V4YKF6NN8wLL5w3lSbNV1-WJV7CgL3wW8cF_PL3T32TlVdXsDH4CtynKW5Xbjvc71QRFPW2WfZFS4S-vRNVZLC7Q97MS7bW5yJ6vb2rmx4JW5M24j44lQl3rW8SQx_J6Z66vwW7G9BCm2MV_QpVxgkMH8xlmQdW6B813B49hGzKW3DnDsQ2p38GtV5QKYP3HKWxYW2ys9H84lSDw6W5KrTX15JDs6LW8G1whJ2ZfG9KW5pvN1W7CMXZTW5wkzhh6gqCcXW71QT644WMNbQW2NSJF23hfTltW8qf0--3_YKBDW8kQ6276ZMTHY321f1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:a92::194 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
3db6bb740280edaf88d32af2fa5ae6d34b87dc59961be389acff47494e27c196
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

Referer
https://d2qxzp04.na1.hubspotlinksfree.com/Ctc/UB+113/d2qxZP04/VW_8cS1ZDlBbW6Kx9Mr2wm3LkW5j5c_V4YKF6NN8wLL5w3lSbNV1-WJV7CgL3wW8cF_PL3T32TlVdXsDH4CtynKW5Xbjvc71QRFPW2WfZFS4S-vRNVZLC7Q97MS7bW5yJ6vb2rmx4JW5M24j44lQl3rW8SQx_J6Z66vwW7G9BCm2MV_QpVxgkMH8xlmQdW6B813B49hGzKW3DnDsQ2p38GtV5QKYP3HKWxYW2ys9H84lSDw6W5KrTX15JDs6LW8G1whJ2ZfG9KW5pvN1W7CMXZTW5wkzhh6gqCcXW71QT644WMNbQW2NSJF23hfTltW8qf0--3_YKBDW8kQ6276ZMTHY321f1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, no-store, must-revalidate
content-encoding
br
content-type
text/html; charset=utf-8
date
Wed, 29 Mar 2023 12:53:11 GMT
expires
0
link
<https://cdn.forms.office.net/forms>; rel=preconnect; crossorigin=anonymous
pragma
no-cache
strict-transport-security
max-age=2592000; includeSubDomains
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
x-correlationid
6b697181-6025-4d68-8fcd-81869f7a2149
x-msedge-ref
Ref A: D1A74D45E69946B28118EDB7359C34B4 Ref B: AMS231032602029 Ref C: 2023-03-29T12:53:08Z
x-officecluster
neu-100.forms.office.com
x-officefe
FormsSingleBox_IN_12
x-officeversion
16.0.16322.42053
x-robots-tag
noindex, nofollow
x-routingcorrelationid
6b697181-6025-4d68-8fcd-81869f7a2149
x-routingofficecluster
neu-100.forms.office.com
x-routingofficefe
FormsSingleBox_IN_12
x-routingofficeversion
16.0.16322.42053
x-routingsessionid
3edb4595-2613-47b0-8c9e-b55cd7f28154
x-usersessionid
3edb4595-2613-47b0-8c9e-b55cd7f28154

Redirect headers

cache-control
no-cache
content-length
0
date
Wed, 29 Mar 2023 12:53:08 GMT
expires
-1
location
https://forms.office.com/pages/responsepage.aspx?id=3AalCiCOekOvNmMpMX8XcTG9C9qI9HhOnsadQnYGIuRUOVNGNUJTT1BBTlBURTRZT1JXMU9FT0FVUi4u&utm_medium=email&_hsmi=252161451&_hsenc=p2ANqtz-9NvO_FH3MDDl-x1sZH4fiIjs0HoH33FYRI4LocXly3JLkXrCnUg84hMLwax18pGEJJH3rS21pISn8G-AUlqd1jE7eqpQ&utm_content=252161451&utm_source=hs_email
p3p
CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
pragma
no-cache
x-cache
CONFIG_NOCACHE
x-content-type-options
nosniff
x-correlationid
287ff33a-bd55-44e0-8310-23bbc6ff694e
x-msedge-ref
Ref A: BFB3671C40194DFEAA7ABF07BE932CE1 Ref B: AMS231032602029 Ref C: 2023-03-29T12:53:08Z
x-officecluster
eus2-101.forms.office.com
x-officefe
FormIntelligenceService_IN_4
x-officeversion
16.0.16322.42053
x-usersessionid
287ff33a-bd55-44e0-8310-23bbc6ff694e
ls-response.de.796d1a076.js
cdn.forms.office.net/forms/scripts/dists/ 		34 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.forms.office.net/forms/scripts/dists/ls-response.de.796d1a076.js
Requested by
Host: forms.office.com
URL: https://forms.office.com/pages/responsepage.aspx?id=3AalCiCOekOvNmMpMX8XcTG9C9qI9HhOnsadQnYGIuRUOVNGNUJTT1BBTlBURTRZT1JXMU9FT0FVUi4u&utm_medium=email&_hsmi=252161451&_hsenc=p2ANqtz-9NvO_FH3MDDl-x1sZH4fiIjs0HoH33FYRI4LocXly3JLkXrCnUg84hMLwax18pGEJJH3rS21pISn8G-AUlqd1jE7eqpQ&utm_content=252161451&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:f3::5043:52d1 Glattbrugg, Switzerland, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
69e23ecbbdcbf47171d660c978122ebc3904a55a8256f391a9783b693c8bb819

Request headers

Referer
https://forms.office.com/
Origin
https://forms.office.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 29 Mar 2023 12:53:12 GMT
content-encoding
br
content-md5
v67UmsBN/MoioFXumuqgJQ==
content-length
10698
x-ms-lease-status
unlocked
last-modified
Mon, 27 Mar 2023 04:49:51 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8DB2E7EB36B7805
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
67f99e3f-301e-000e-1f82-6045f2000000
access-control-expose-headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
cache-control
max-age=31536000
x-ms-version
2009-09-19
timing-allow-origin
*
expires
Thu, 28 Mar 2024 12:53:12 GMT
light-response-page.min.4fec861.css
cdn.forms.office.net/forms/css/dist/ 		100 KB
18 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.forms.office.net/forms/css/dist/light-response-page.min.4fec861.css
Requested by
Host: forms.office.com
URL: https://forms.office.com/pages/responsepage.aspx?id=3AalCiCOekOvNmMpMX8XcTG9C9qI9HhOnsadQnYGIuRUOVNGNUJTT1BBTlBURTRZT1JXMU9FT0FVUi4u&utm_medium=email&_hsmi=252161451&_hsenc=p2ANqtz-9NvO_FH3MDDl-x1sZH4fiIjs0HoH33FYRI4LocXly3JLkXrCnUg84hMLwax18pGEJJH3rS21pISn8G-AUlqd1jE7eqpQ&utm_content=252161451&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:f3::5043:52d1 Glattbrugg, Switzerland, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
d093c11793b57f171120cc0301d8e1a59c7a8166b83a70de9cea1f19cc19bca4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://forms.office.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 29 Mar 2023 12:53:12 GMT
content-encoding
br
content-md5
q5Y1IvqHNkv1K4ujdPfLgA==
content-length
18147
x-ms-lease-status
unlocked
last-modified
Thu, 16 Mar 2023 05:55:04 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8DB25E2FD35D1C6
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
2f1eb335-001e-006b-30d6-57f4af000000
access-control-expose-headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
cache-control
max-age=31536000
x-ms-version
2009-09-19
timing-allow-origin
*
expires
Thu, 28 Mar 2024 12:53:12 GMT
light-response-page.min.2bef7ea.js
cdn.forms.office.net/forms/scripts/dists/ 		363 KB
101 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.forms.office.net/forms/scripts/dists/light-response-page.min.2bef7ea.js
Requested by
Host: forms.office.com
URL: https://forms.office.com/pages/responsepage.aspx?id=3AalCiCOekOvNmMpMX8XcTG9C9qI9HhOnsadQnYGIuRUOVNGNUJTT1BBTlBURTRZT1JXMU9FT0FVUi4u&utm_medium=email&_hsmi=252161451&_hsenc=p2ANqtz-9NvO_FH3MDDl-x1sZH4fiIjs0HoH33FYRI4LocXly3JLkXrCnUg84hMLwax18pGEJJH3rS21pISn8G-AUlqd1jE7eqpQ&utm_content=252161451&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:f3::5043:52d1 Glattbrugg, Switzerland, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
400f11389c3eb24c227181027f2083b0f695abf4a6b37a2cfc964e38bb7eac32

Request headers

Referer
https://forms.office.com/
Origin
https://forms.office.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 29 Mar 2023 12:53:12 GMT
content-encoding
br
content-md5
hOgLb9GogoAmaHvRzqqZsg==
content-length
102933
x-ms-lease-status
unlocked
last-modified
Mon, 27 Mar 2023 04:49:45 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8DB2E7EB00C9E01
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
b3a2e37b-601e-0016-2182-606867000000
access-control-expose-headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
cache-control
max-age=31536000
x-ms-version
2009-09-19
timing-allow-origin
*
expires
Thu, 28 Mar 2024 12:53:12 GMT
runtimeFormsWithResponses('3AalCiCOekOvNmMpMX8XcTG9C9qI9HhOnsadQnYGIuRUOVNGNUJTT1BBTlBURTRZT1JXMU9FT0FVUi4u')
forms.office.com/formapi/api/0aa506dc-8e20-437a-af36-6329317f1771/users/da0bbd31-f488-4e78-9ec6-9d42760622e4/light/ 		0
0
light-response-page.chunk.lrp_ext.1afcd8d.js
cdn.forms.office.net/forms/scripts/dists/ 		0
72 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://cdn.forms.office.net/forms/scripts/dists/light-response-page.chunk.lrp_ext.1afcd8d.js
Requested by
Host: cdn.forms.office.net
URL: https://cdn.forms.office.net/forms/scripts/dists/light-response-page.min.2bef7ea.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:f3::5043:52d1 Glattbrugg, Switzerland, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://forms.office.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 29 Mar 2023 12:53:12 GMT
content-encoding
br
content-md5
TyDjeu7ER/dJ4UlRgo8VjA==
content-length
73183
x-ms-lease-status
unlocked
last-modified
Mon, 27 Mar 2023 04:49:45 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8DB2E7EAFBDED38
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
90658b84-201e-0011-2d82-609ee2000000
access-control-expose-headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
cache-control
max-age=31536000
x-ms-version
2009-09-19
timing-allow-origin
*
expires
Thu, 28 Mar 2024 12:53:12 GMT
light-response-page.chunk.lrp_cover.760f298.js
cdn.forms.office.net/forms/scripts/dists/ 		0
28 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://cdn.forms.office.net/forms/scripts/dists/light-response-page.chunk.lrp_cover.760f298.js
Requested by
Host: cdn.forms.office.net
URL: https://cdn.forms.office.net/forms/scripts/dists/light-response-page.min.2bef7ea.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:f3::5043:52d1 Glattbrugg, Switzerland, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://forms.office.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 29 Mar 2023 12:53:12 GMT
content-encoding
br
content-md5
hXEG8lPY+7YgCil6uSMjeA==
content-length
28351
x-ms-lease-status
unlocked
last-modified
Mon, 27 Mar 2023 04:49:45 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8DB2E7EAFB144EB
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
f92dbffe-801e-0053-0782-60b5f6000000
access-control-expose-headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
cache-control
max-age=31536000
x-ms-version
2009-09-19
timing-allow-origin
*
expires
Thu, 28 Mar 2024 12:53:12 GMT
light-response-page.chunk.lrp_phishing.f793829.js
cdn.forms.office.net/forms/scripts/dists/ 		0
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://cdn.forms.office.net/forms/scripts/dists/light-response-page.chunk.lrp_phishing.f793829.js
Requested by
Host: cdn.forms.office.net
URL: https://cdn.forms.office.net/forms/scripts/dists/light-response-page.min.2bef7ea.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:f3::5043:52d1 Glattbrugg, Switzerland, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://forms.office.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 29 Mar 2023 12:53:12 GMT
content-encoding
br
content-md5
aaw686hKGGqC+8Ak95j+ig==
content-length
1960
x-ms-lease-status
unlocked
last-modified
Mon, 27 Mar 2023 04:49:45 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8DB2E7EAFBC18BE
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
a2150a97-501e-005a-4f82-60af78000000
access-control-expose-headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
cache-control
max-age=31536000
x-ms-version
2009-09-19
timing-allow-origin
*
expires
Thu, 28 Mar 2024 12:53:12 GMT
light-response-page.chunk.lrp_saveresponse.ae7a7f0.js
cdn.forms.office.net/forms/scripts/dists/ 		0
5 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://cdn.forms.office.net/forms/scripts/dists/light-response-page.chunk.lrp_saveresponse.ae7a7f0.js
Requested by
Host: cdn.forms.office.net
URL: https://cdn.forms.office.net/forms/scripts/dists/light-response-page.min.2bef7ea.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:f3::5043:52d1 Glattbrugg, Switzerland, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://forms.office.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 29 Mar 2023 12:53:12 GMT
content-encoding
br
content-md5
jeWTZYZ1bwH2jFwkQ7MvCw==
content-length
4647
x-ms-lease-status
unlocked
last-modified
Mon, 27 Mar 2023 04:49:45 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8DB2E7EB007BCBC
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
030731bd-401e-000a-4582-60b070000000
access-control-expose-headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
cache-control
max-age=31536000
x-ms-version
2009-09-19
timing-allow-origin
*
expires
Thu, 28 Mar 2024 12:53:12 GMT
light-response-page.chunk.lrp_post.boot.eb61a09.js
cdn.forms.office.net/forms/scripts/dists/ 		0
6 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://cdn.forms.office.net/forms/scripts/dists/light-response-page.chunk.lrp_post.boot.eb61a09.js
Requested by
Host: cdn.forms.office.net
URL: https://cdn.forms.office.net/forms/scripts/dists/light-response-page.min.2bef7ea.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:f3::5043:52d1 Glattbrugg, Switzerland, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://forms.office.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 29 Mar 2023 12:53:12 GMT
content-encoding
br
content-md5
uN7vww/oyKBPzd/GJCwlHQ==
content-length
5233
x-ms-lease-status
unlocked
last-modified
Mon, 27 Mar 2023 04:49:45 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8DB2E7EAFBAE069
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
ff3d9e80-f01e-0031-1c82-60f22e000000
access-control-expose-headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
cache-control
max-age=31536000
x-ms-version
2009-09-19
timing-allow-origin
*
expires
Thu, 28 Mar 2024 12:53:12 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
forms.office.com
URL
https://forms.office.com/formapi/api/0aa506dc-8e20-437a-af36-6329317f1771/users/da0bbd31-f488-4e78-9ec6-9d42760622e4/light/runtimeFormsWithResponses('3AalCiCOekOvNmMpMX8XcTG9C9qI9HhOnsadQnYGIuRUOVNGNUJTT1BBTlBURTRZT1JXMU9FT0FVUi4u')?$expand=questions($expand=choices)

Verdicts & Comments Add Verdict or Comment

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless string| formsInitialVisibility object| NavKeyPoints function| reloadNoCdn object| OfficeFormServerInfo object| FormPrefetchCache object| FormsLsMap function| setPublicPath function| replaceChunkSrc object| webpackChunk object| __stylesheet__ function| formsModuleResolveErrorCallback object| formClientApi object| formsLsPromiseMap

3 Cookies

Domain/Path Name / Value
forms.office.com/ Name: RpsAuthNonce
Value: 2f26314e-e0e1-49d8-9bdf-b2451618dbaf
.forms.office.com/ Name: RpsAuthNonce
Value: 2f26314e-e0e1-49d8-9bdf-b2451618dbaf
forms.office.com/ Name: __RequestVerificationToken
Value: 5I_mPkibRrCePxKJaaWVGMuurvQKMHoxAg2j3KTHpiEmtHyxF3MfR8hCGcmWulSSi0d3n4mmC3N9HTQgLIkf1PChYgwMT-0YPcZ1NNsxXwQ1