forms.office.com
Open in
urlscan Pro
2620:1ec:a92::194
Public Scan
Effective URL: https://forms.office.com/pages/responsepage.aspx?id=RrAU68QkGUWPJricIVmCjNxYIR37dixGohNympYb-BNURU5VRFZKSjBZSjFVUk9DNzZUQ...
Submission Tags: phishing
Submission: On November 01 via api from US — Scanned from DE
Summary
TLS certificate: Issued by Microsoft Azure RSA TLS Issuing CA 07 on September 29th 2024. Valid for: a year.
This is the only time forms.office.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2a02:26f0:ab0... 2a02:26f0:ab00::214:8e4a | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
18 | 2620:1ec:a92:... 2620:1ec:a92::194 | 8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 | 2001:489a:220... 2001:489a:2206:20::2a | 8070 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 2 | 13.74.129.1 13.74.129.1 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 1 | 2620:1ec:c11:... 2620:1ec:c11::237 | 8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
4 | 52.178.17.234 52.178.17.234 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
24 | 4 |
ASN20940 (AKAMAI-ASN1, NL)
links-2.govdelivery.com |
ASN8070 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
lists.gcc.osi.office365.us |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
browser.events.data.microsoft.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
20 |
office.com
1 redirects
forms.office.com — Cisco Umbrella Rank: 2081 c.office.com — Cisco Umbrella Rank: 18286 |
442 KB |
4 |
microsoft.com
browser.events.data.microsoft.com — Cisco Umbrella Rank: 76 |
869 B |
1 |
bing.com
1 redirects
c.bing.com — Cisco Umbrella Rank: 190 |
767 B |
1 |
office365.us
lists.gcc.osi.office365.us — Cisco Umbrella Rank: 85146 |
113 KB |
1 |
govdelivery.com
1 redirects
links-2.govdelivery.com — Cisco Umbrella Rank: 22617 |
255 B |
24 | 5 |
Domain | Requested by | |
---|---|---|
18 | forms.office.com |
forms.office.com
|
4 | browser.events.data.microsoft.com |
forms.office.com
|
2 | c.office.com | 1 redirects |
1 | c.bing.com | 1 redirects |
1 | lists.gcc.osi.office365.us | |
1 | links-2.govdelivery.com | 1 redirects |
24 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
go.microsoft.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
forms.cloud.microsoft Microsoft Azure RSA TLS Issuing CA 07 |
2024-09-29 - 2025-09-24 |
a year | crt.sh |
lists.gcc.osi.office365.us DigiCert SHA2 Secure Server CA |
2024-09-05 - 2025-09-05 |
a year | crt.sh |
*.events.data.microsoft.com Microsoft Azure RSA TLS Issuing CA 07 |
2024-09-14 - 2025-09-09 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://forms.office.com/pages/responsepage.aspx?id=RrAU68QkGUWPJricIVmCjNxYIR37dixGohNympYb-BNURU5VRFZKSjBZSjFVUk9DNzZUQ0xGQU85Wi4u&route=shorturl
Frame ID: 3DCE46FF33B248EE44934172BEFED96D
Requests: 22 HTTP requests in this frame
Screenshot
Page Title
Oral Health in All PoliciesPage URL History Show full URLs
-
https://links-2.govdelivery.com/CL0/https:%2F%2Fforms.office.com%2Fpages%2Fresponsepage.aspx%3Fid=RrAU68QkGU...
HTTP 302
https://forms.office.com/pages/responsepage.aspx?id=RrAU68QkGUWPJricIVmCjNxYIR37dixGohNympYb-BNURU5VR... Page URL
Detected technologies
Microsoft ASP.NET (Web Frameworks) ExpandDetected patterns
- \.aspx?(?:$|\?)
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: Nutzungsbedingungen
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://links-2.govdelivery.com/CL0/https:%2F%2Fforms.office.com%2Fpages%2Fresponsepage.aspx%3Fid=RrAU68QkGUWPJricIVmCjNxYIR37dixGohNympYb-BNURU5VRFZKSjBZSjFVUk9DNzZUQ0xGQU85Wi4u%26route=shorturl/1/01010192e8fce04b-71c62785-5c7f-4d25-ba68-fddee993dfb8-000000/x6CDOsjDoXC20GDmEo6_Zc0wiePQ-H2IX21vyOGDEPQ=377
HTTP 302
https://forms.office.com/pages/responsepage.aspx?id=RrAU68QkGUWPJricIVmCjNxYIR37dixGohNympYb-BNURU5VRFZKSjBZSjFVUk9DNzZUQ0xGQU85Wi4u&route=shorturl Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 17- https://c.office.com/c.gif HTTP 302
- https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=748FDEE85C0841EC87CF53A570CF85B1&RedC=c.office.com&MXFR=176E157A1D146A35201A0050191461E8 HTTP 302
- https://c.office.com/c.gif?ctsa=mr&CtsSyncId=748FDEE85C0841EC87CF53A570CF85B1&MUID=176E157A1D146A35201A0050191461E8
24 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
responsepage.aspx
forms.office.com/pages/ Redirect Chain
|
54 KB 16 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ls-response.de.3508566c2.js
forms.office.com/gcc/cdn/scripts/dists/ |
42 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dll-dompurify.min.11aa374.js
forms.office.com/gcc/cdn/scripts/dists/ |
44 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
light-response-page.min.634dd1d.js
forms.office.com/gcc/cdn/scripts/dists/ |
479 KB 140 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
runtimeFormsWithResponses('RrAU68QkGUWPJricIVmCjNxYIR37dixGohNympYb-BNURU5VRFZKSjBZSjFVUk9DNzZUQ0xGQU85Wi4u')
forms.office.com/formapi/api/eb14b046-24c4-4519-8f26-b89c2159828c/users/1d2158dc-76fb-462c-a213-729a961bf813/light/ |
15 KB 4 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
light-response-page.chunk.lrp_ext.9763998.js
forms.office.com/gcc/cdn/scripts/dists/ |
0 127 KB |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
light-response-page.chunk.lrp_saveresponse.130cef2.js
forms.office.com/gcc/cdn/scripts/dists/ |
0 10 KB |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
light-response-page.chunk.lrp_cover.83edd23.js
forms.office.com/gcc/cdn/scripts/dists/ |
0 19 KB |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
light-response-page.chunk.lrp_post.boot.158f1c1.js
forms.office.com/gcc/cdn/scripts/dists/ |
0 6 KB |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
forms.office.com/gcc/cdn/images/ |
8 KB 8 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
light-response-page.chunk.lrp_ext.9763998.js
forms.office.com/gcc/cdn/scripts/dists/ |
420 KB 0 |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
light-response-page.chunk.lrp_saveresponse.130cef2.js
forms.office.com/gcc/cdn/scripts/dists/ |
32 KB 0 |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
light-response-page.chunk.lrp_post.boot.158f1c1.js
forms.office.com/gcc/cdn/scripts/dists/ |
15 KB 0 |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
d7499c06-25e7-43d1-bda1-62e6e2c8afee
lists.gcc.osi.office365.us/Images/eb14b046-24c4-4519-8f26-b89c2159828c/1d2158dc-76fb-462c-a213-729a961bf813/TENUDVJJ0YJ1UROC76TCLFAO9Z/ |
112 KB 113 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
light-response-page.chunk.sw.9c1bfed.js
forms.office.com/gcc/cdn/scripts/dists/ |
1 KB 1018 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
microsoft365logo_v1.png
forms.office.com/gcc/cdn/images/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
light-response-page.chunk.1ds.4815435.js
forms.office.com/gcc/cdn/scripts/dists/ |
108 KB 37 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
light-response-page.chunk.utel.5faea0a.js
forms.office.com/gcc/cdn/scripts/dists/ |
139 KB 40 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
c.gif
c.office.com/ Redirect Chain
|
42 B 333 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
'de'
forms.office.com/formapi/api/eb14b046-24c4-4519-8f26-b89c2159828c/users/1d2158dc-76fb-462c-a213-729a961bf813/forms('RrAU68QkGUWPJricIVmCjNxYIR37dixGohNympYb-BNURU5VRFZKSjBZSjFVUk9DNzZUQ0xGQU85Wi4u'... |
2 B 262 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
/
browser.events.data.microsoft.com/OneCollector/1.0/ |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
/
browser.events.data.microsoft.com/OneCollector/1.0/ |
25 B 292 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
/
browser.events.data.microsoft.com/OneCollector/1.0/ |
154 B 577 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
/
browser.events.data.microsoft.com/OneCollector/1.0/ |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
19 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| NavKeyPoints function| reloadNoCdn object| MathJax object| OfficeFormServerInfo object| FormPrefetchCache object| FormsLsMap object| formsInlineScriptSyntaxCheck function| _dll_dompurify_c3d1d8ca9cfb419112b9 object| webpackChunk function| getChunkPath function| replaceChunkSrc object| __stylesheet__ function| formsModuleResolveErrorCallback object| formClientApi object| formsLsPromiseMap object| __globalSettings__ object| __themeState__ object| __packages__ object| __dynProto$Gbl11 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
forms.office.com/ | Name: FormsWebSessionId Value: 1a64e5dc-c596-46c9-8168-279eed68560d |
|
forms.office.com/ | Name: __RequestVerificationToken Value: zsyZGetKxNcPxIYMMH5f7GDYQ27VJ_9xZoWqAKElsefHQCxr1ygWX1cDjvRGrPnFy9uRCcq1sWnUVErEOSjz32E9SEpW7jtlXCTibPg0uMY1 |
|
.office.com/ | Name: MUID Value: 176E157A1D146A35201A0050191461E8 |
|
.bing.com/ | Name: MUID Value: 176E157A1D146A35201A0050191461E8 |
|
.c.bing.com/ | Name: MR Value: 0 |
|
.c.bing.com/ | Name: SRM_B Value: 176E157A1D146A35201A0050191461E8 |
|
.c.office.com/ | Name: SM Value: C |
|
.c.office.com/ | Name: MR Value: 0 |
|
.c.office.com/ | Name: ANONCHK Value: 0 |
|
.microsoft.com/ | Name: MC1 Value: GUID=5404aed2c65d4f6280c0178f1d6bac52&HASH=5404&LV=202411&V=4&LU=1730487671643 |
|
.microsoft.com/ | Name: MS0 Value: 29cc701f6a9548cd9abcc12d4d697a59 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | object-src 'none';script-src 'nonce-1b7a22d0-bf1c-4060-bca4-106e3d022cf2' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:;base-uri 'none';require-trusted-types-for 'script';report-to endpoint-1; |
Strict-Transport-Security | max-age=2592000; includeSubDomains |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
browser.events.data.microsoft.com
c.bing.com
c.office.com
forms.office.com
links-2.govdelivery.com
lists.gcc.osi.office365.us
13.74.129.1
2001:489a:2206:20::2a
2620:1ec:a92::194
2620:1ec:c11::237
2a02:26f0:ab00::214:8e4a
52.178.17.234
32859a35e0c0f3bc47ccaf2a01830bf7a8c41702c026d0b74ff7e50bc7e6cd51
37d099733e4901725976e46366372584c0bb88ea5b32d288bab5f996736725c4
44d94c65118236b49ceada980fc1e1be9cb3b90ebc343db335eb39d80dbc7070
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
51a3577ab31333059d20312cfbc72129588be63a6fd4f45111d631309ce3e8b6
52c294c0743f5261072eb6d021b1b082ba7c32b670c5f6de9a024ab081ba26b1
7624ee3e0fabb742dc96f7d2025a0a8faee4a667126bb3f5805a5caa6371ad09
891e1b89410a3c1b4cfb9089b060a8bcccc646a20c101308d840f7e36cd8f0c0
931239a6873ede7c93fe6c3cb436e0b0598ae87967efb850f50e8165b13e00ca
985dafdaf1f37a6ce2c573d631d0def73c36d5d8737e50ee2085a1e51c4e843f
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
bc3c029408dab6b5cb676b990b2e21bdd474e4b2e45daf87e70210539390bf49
ce51070fd47203fdc4528d82b89da78d8ce674a378740815919588a371827d98
d2ba9a155caea1fdd384effe29553a83493620e6e5b0aa4bbdfdb325a4659f6e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eddf3761f5034de513c312265cd4177c97b49e1e31655d3cffd017a51cdf9cc6
f2a1abcf12ebd0f329e5b66b811b0bd76c8e954cb283ce3b61e72fbf459ef6f1
f8cc8a30ea4d642a1f36689b9e458e92c3d5b7bdae82253d709f2ba6193afb8a
f9ec4b44827e1211e5da1ddce231052f2488904c48de5b6a05e5d8ca96764509