urlscan.io logo urlscan.io
SecurityTrails logo

forms.office.com Open in urlscan Pro
13.107.6.194  Public Scan

Go To Rescan Add Verdict Report
URL: https://forms.office.com/?redirecturl=https%3a%2f%2fforms.office.com%2fPages%2fAdminPhishingReviewPage.aspx%3fid%3dmPkHlE...
Submission: On April 11 via manual from IN — Scanned from SG
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 3 countries across 4 domains to perform 14 HTTP transactions. The main IP is 13.107.6.194, located in United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is forms.office.com. The Cisco Umbrella rank of the primary domain is 2419.
TLS certificate: Issued by Microsoft Azure RSA TLS Issuing CA 04 on April 1st 2024. Valid for: a year.
This is the only time forms.office.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
10 13.107.6.194 8068 (MICROSOFT...)
1 23.10.2.209 20940 (AKAMAI-ASN1)
14 3
Apex Domain
Subdomains		 Transfer
10 office.com
forms.office.com — Cisco Umbrella Rank: 2419
278 KB
1 sharepointonline.com
static2.sharepointonline.com — Cisco Umbrella Rank: 1946
36 KB
0 microsoftonline.com Failed
login.microsoftonline.com Failed
0 bing.com Failed
c.bing.com Failed
14 4
Domain Requested by
10 forms.office.com forms.office.com
1 static2.sharepointonline.com forms.office.com
0 login.microsoftonline.com Failed forms.office.com
0 c.bing.com Failed forms.office.com
14 4

This site contains no links.

Subject Issuer Validity Valid
forms.cloud.microsoft
Microsoft Azure RSA TLS Issuing CA 04		 2024-04-01 -
2025-03-27		 a year crt.sh
privatecdn.sharepointonline.com
DigiCert SHA2 Secure Server CA		 2023-09-05 -
2024-09-05		 a year crt.sh

This page contains 3 frames:

Primary Page: https://forms.office.com/?redirecturl=https%3a%2f%2fforms.office.com%2fPages%2fAdminPhishingReviewPage.aspx%3fid%3dmPkHlEzf4Um7SLGB6eP43IFqtF9HhQBBtIv4yyZV2vNUQjlaUjJSS0dVME0yR0E2ME5BWDFZS0k0NCQlQCN0PWcu%26source%3dUnifiedAlertPage
Frame ID: 598B30FAA44B14257EBD3EFA12A392B2
Requests: 12 HTTP requests in this frame

Frame: https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize?client_id=c9a559d2-7aab-4f13-a6ed-e7e9c52aec87&redirect_uri=https%3A%2F%2Fforms.office.com%2Flanding&state=eyJ2ZXJzaW9uIjoxLCJkYXRhIjp7IklkZW50aXR5UHJvdmlkZXIiOiJBZGlfSmJFamlsNTNrMFVXUEt2SFZxdF95MTdvVkxEN1pxQnFqbnFlRVhDZ0VpeG9pOWxIa0xLVjA2RjhSWjJOeFowSlFZd2plbTFidHBQV2dxdnJjMUkiLCJwcm9tcHQiOiJBVFBiV0ExUmpKdEtBQ3ktMWFydjUxZzFVQ0VJOVBOV1VXVzRZMHRpbE1tdC1CMnlSRVgtZFdKNWlMdmZfN0hYMlNPWlBTekRUcmh6SmdPLWpmWmx0eFUiLCIucmVkaXJlY3QiOiIvUGFnZXMvU2lsZW50U2lnbkluQ29tcGxldGUuYXNweCIsIi54c3JmIjoiQWVpMzVwY3RkNUpNZHd4QnBqM2xYQU5uR3NtZ2doQnhVcFpXTmFXalM5a0t1ZnpwM2xOTDNxRi1EdWFiLTlKbG9UZVQwa1BUOWZyQzA5NERINjBhRWJHeTd1dFkxdGRBVndsZFlhYU5STmFvd1NZS0ozVDhjc0kyTnBhdGVFdEE4dyIsIk9wZW5JZENvbm5lY3QuQ29kZS5SZWRpcmVjdFVyaSI6IkFjeFRkb2JPNDF4eUd2SzhXbHZqOVlwaENJQWROY0hXeFNpZnBxaHByRGZOX01BVFFwQUJNak0yQmZYWm9kR3llNkpvM240S003UG1xWVZJQk95Z0pMcmg1QnFUWm10LXE1UXFla05INldHMzhaU1NadkNlSEhudDNRT3lWeUI0QXcifX0&response_type=code%20id_token&scope=openid%20profile&response_mode=form_post&nonce=638484416055255680.MDgwZGFiODAtMzc5Ni00OTljLWFkNzUtODY5M2U4MTA4OWRlYjY0YTMwYWYtNzhiNC00YWVmLTk0YWQtYTU4N2Q5ZGY3MGNm&msafed=0&prompt=none&x-client-SKU=ID_NET8_0&x-client-ver=7.2.0.0
Frame ID: 54ED1BAA9FE05E9A2A68D5A160D2A98F
Requests: 1 HTTP requests in this frame

Frame: https://forms.office.com/oidcLogin?IdentityProvider=msa&ru=%2FPages%2FSilentSignInComplete.aspx&prompt=none&TenantId=9188040d-6c67-4c5b-b112-36a304b66dad
Frame ID: 9A783735FAD50AD3F8E07F33677C3E1F
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Microsoft Forms - Free tool to create online surveys, forms, polls, and quizzes

Detected technologies

Overall confidence: 100%
Detected patterns
  • underscore.*\.js(?:\?ver=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

14
Requests

79 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

3
IPs

3
Countries

314 kB
Transfer

1176 kB
Size

5
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 10
  • https://c.office.com/c.gif HTTP 302
  • https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=F19E024E8A2B4919BC77A656FBBF6132&RedC=c.office.com&MXFR=145CDDF6B0086AE03D2BC9A8B4086186
Request Chain 11
  • https://forms.office.com/oidcLogin?IdentityProvider=aad&ru=%2FPages%2FSilentSignInComplete.aspx&prompt=none HTTP 302
  • https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize?client_id=c9a559d2-7aab-4f13-a6ed-e7e9c52aec87&redirect_uri=https%3A%2F%2Fforms.office.com%2Flanding&state=eyJ2ZXJzaW9uIjoxLCJkYXRhIjp7IklkZW50aXR5UHJvdmlkZXIiOiJBZGlfSmJFamlsNTNrMFVXUEt2SFZxdF95MTdvVkxEN1pxQnFqbnFlRVhDZ0VpeG9pOWxIa0xLVjA2RjhSWjJOeFowSlFZd2plbTFidHBQV2dxdnJjMUkiLCJwcm9tcHQiOiJBVFBiV0ExUmpKdEtBQ3ktMWFydjUxZzFVQ0VJOVBOV1VXVzRZMHRpbE1tdC1CMnlSRVgtZFdKNWlMdmZfN0hYMlNPWlBTekRUcmh6SmdPLWpmWmx0eFUiLCIucmVkaXJlY3QiOiIvUGFnZXMvU2lsZW50U2lnbkluQ29tcGxldGUuYXNweCIsIi54c3JmIjoiQWVpMzVwY3RkNUpNZHd4QnBqM2xYQU5uR3NtZ2doQnhVcFpXTmFXalM5a0t1ZnpwM2xOTDNxRi1EdWFiLTlKbG9UZVQwa1BUOWZyQzA5NERINjBhRWJHeTd1dFkxdGRBVndsZFlhYU5STmFvd1NZS0ozVDhjc0kyTnBhdGVFdEE4dyIsIk9wZW5JZENvbm5lY3QuQ29kZS5SZWRpcmVjdFVyaSI6IkFjeFRkb2JPNDF4eUd2SzhXbHZqOVlwaENJQWROY0hXeFNpZnBxaHByRGZOX01BVFFwQUJNak0yQmZYWm9kR3llNkpvM240S003UG1xWVZJQk95Z0pMcmg1QnFUWm10LXE1UXFla05INldHMzhaU1NadkNlSEhudDNRT3lWeUI0QXcifX0&response_type=code%20id_token&scope=openid%20profile&response_mode=form_post&nonce=638484416055255680.MDgwZGFiODAtMzc5Ni00OTljLWFkNzUtODY5M2U4MTA4OWRlYjY0YTMwYWYtNzhiNC00YWVmLTk0YWQtYTU4N2Q5ZGY3MGNm&msafed=0&prompt=none&x-client-SKU=ID_NET8_0&x-client-ver=7.2.0.0

14 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
forms.office.com/ 		43 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://forms.office.com/?redirecturl=https%3a%2f%2fforms.office.com%2fPages%2fAdminPhishingReviewPage.aspx%3fid%3dmPkHlEzf4Um7SLGB6eP43IFqtF9HhQBBtIv4yyZV2vNUQjlaUjJSS0dVME0yR0E2ME5BWDFZS0k0NCQlQCN0PWcu%26source%3dUnifiedAlertPage
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.107.6.194 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
9bfb5fc398d51a12f1d1f5a43b49aa94d7e1be38c9d211dce9da065f980331f4
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

Accept-Language
zh-SG,zh;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

cache-control
no-cache, no-store, must-revalidate
content-encoding
br
content-type
text/html; charset=utf-8
date
Thu, 11 Apr 2024 14:13:17 GMT
expires
0
link
<https://forms.office.com/cdn>; rel=preconnect; crossorigin=anonymous
pragma
no-cache
strict-transport-security
max-age=2592000; includeSubDomains
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
x-correlationid
05638a1b-fd24-4b7d-b730-749bc124611a
x-msedge-ref
Ref A: F1FBEC2BD3A24A51B168A020D7CD971F Ref B: SG2EDGE2405 Ref C: 2024-04-11T14:13:18Z
x-officecluster
sea-102.forms.office.com
x-officefe
FormsSingleBox_IN_10
x-officeversion
16.0.17605.42050
x-routingcorrelationid
05638a1b-fd24-4b7d-b730-749bc124611a
x-routingofficecluster
sea-102.forms.office.com
x-routingofficefe
FormsSingleBox_IN_10
x-routingofficeversion
16.0.17605.42050
x-routingsessionid
9aaf3f5c-f34f-4e43-9f61-22ebedbf141e
x-usersessionid
9aaf3f5c-f34f-4e43-9f61-22ebedbf141e
default-page.min.5112b27.css
forms.office.com/cdn/css/dist/ 		364 KB
35 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://forms.office.com/cdn/css/dist/default-page.min.5112b27.css
Requested by
Host: forms.office.com
URL: https://forms.office.com/?redirecturl=https%3a%2f%2fforms.office.com%2fPages%2fAdminPhishingReviewPage.aspx%3fid%3dmPkHlEzf4Um7SLGB6eP43IFqtF9HhQBBtIv4yyZV2vNUQjlaUjJSS0dVME0yR0E2ME5BWDFZS0k0NCQlQCN0PWcu%26source%3dUnifiedAlertPage
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.107.6.194 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
1016d0b9bf41f4fcefa7e9b7de510107def3e64bbeaa39aac00f7b164f642ba9

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://forms.office.com/?redirecturl=https%3a%2f%2fforms.office.com%2fPages%2fAdminPhishingReviewPage.aspx%3fid%3dmPkHlEzf4Um7SLGB6eP43IFqtF9HhQBBtIv4yyZV2vNUQjlaUjJSS0dVME0yR0E2ME5BWDFZS0k0NCQlQCN0PWcu%26source%3dUnifiedAlertPage
Accept-Language
zh-SG,zh;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
date
Thu, 11 Apr 2024 14:13:18 GMT
content-encoding
br
last-modified
Tue, 09 Apr 2024 04:50:25 GMT
x-msedge-ref
Ref A: 3177264BA5C74593B857A473E2827F09 Ref B: SG2EDGE2405 Ref C: 2024-04-11T14:13:19Z
etag
0x8DC585092153027
x-cache
TCP_HIT
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
23dfe403-201e-0011-02e3-8a9ee2000000
access-control-expose-headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
cache-control
max-age=31536000
x-ms-version
2009-09-19
x-cid
7
dll-react.min.14aaf62.js
forms.office.com/cdn/scripts/dists/ 		127 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://forms.office.com/cdn/scripts/dists/dll-react.min.14aaf62.js
Requested by
Host: forms.office.com
URL: https://forms.office.com/?redirecturl=https%3a%2f%2fforms.office.com%2fPages%2fAdminPhishingReviewPage.aspx%3fid%3dmPkHlEzf4Um7SLGB6eP43IFqtF9HhQBBtIv4yyZV2vNUQjlaUjJSS0dVME0yR0E2ME5BWDFZS0k0NCQlQCN0PWcu%26source%3dUnifiedAlertPage
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.107.6.194 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
3f3d0c15a2bcac443fc6dfa81ed5770423fbb273e5e1a16441593fc65c0060fd

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://forms.office.com/?redirecturl=https%3a%2f%2fforms.office.com%2fPages%2fAdminPhishingReviewPage.aspx%3fid%3dmPkHlEzf4Um7SLGB6eP43IFqtF9HhQBBtIv4yyZV2vNUQjlaUjJSS0dVME0yR0E2ME5BWDFZS0k0NCQlQCN0PWcu%26source%3dUnifiedAlertPage
Origin
https://forms.office.com
Accept-Language
zh-SG,zh;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
date
Thu, 11 Apr 2024 14:13:19 GMT
content-encoding
br
last-modified
Wed, 10 Apr 2024 06:04:02 GMT
x-msedge-ref
Ref A: 1AE3BC1A467242E0A16C349F78FFEDA3 Ref B: SG2EDGE2405 Ref C: 2024-04-11T14:13:19Z
etag
0x8DC592405954484
x-cache
TCP_HIT
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
0f28d192-a01e-0025-14e2-8b3966000000
access-control-expose-headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
cache-control
max-age=31536000
x-ms-version
2009-09-19
x-cid
7
dll-dompurify.min.bcf1a85.js
forms.office.com/cdn/scripts/dists/ 		37 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://forms.office.com/cdn/scripts/dists/dll-dompurify.min.bcf1a85.js
Requested by
Host: forms.office.com
URL: https://forms.office.com/?redirecturl=https%3a%2f%2fforms.office.com%2fPages%2fAdminPhishingReviewPage.aspx%3fid%3dmPkHlEzf4Um7SLGB6eP43IFqtF9HhQBBtIv4yyZV2vNUQjlaUjJSS0dVME0yR0E2ME5BWDFZS0k0NCQlQCN0PWcu%26source%3dUnifiedAlertPage
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.107.6.194 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
5bea34a1b8999fb53f5b3b8541be6a2c6f8c75a8932bcb7a05e3fd5b91d78608

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://forms.office.com/?redirecturl=https%3a%2f%2fforms.office.com%2fPages%2fAdminPhishingReviewPage.aspx%3fid%3dmPkHlEzf4Um7SLGB6eP43IFqtF9HhQBBtIv4yyZV2vNUQjlaUjJSS0dVME0yR0E2ME5BWDFZS0k0NCQlQCN0PWcu%26source%3dUnifiedAlertPage
Origin
https://forms.office.com
Accept-Language
zh-SG,zh;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
date
Thu, 11 Apr 2024 14:13:19 GMT
content-encoding
br
last-modified
Tue, 09 Apr 2024 04:52:54 GMT
x-msedge-ref
Ref A: F77D1FD8CF6449D4B8FC109D4A897630 Ref B: SG2EDGE2405 Ref C: 2024-04-11T14:13:19Z
etag
0x8DC5850EB30218E
x-cache
TCP_HIT
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
752d09a1-c01e-0033-4542-8acfb1000000
access-control-expose-headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
cache-control
max-age=31536000
x-ms-version
2009-09-19
x-cid
7
dll-jquery.min.4bb4739.js
forms.office.com/cdn/scripts/dists/ 		89 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://forms.office.com/cdn/scripts/dists/dll-jquery.min.4bb4739.js
Requested by
Host: forms.office.com
URL: https://forms.office.com/?redirecturl=https%3a%2f%2fforms.office.com%2fPages%2fAdminPhishingReviewPage.aspx%3fid%3dmPkHlEzf4Um7SLGB6eP43IFqtF9HhQBBtIv4yyZV2vNUQjlaUjJSS0dVME0yR0E2ME5BWDFZS0k0NCQlQCN0PWcu%26source%3dUnifiedAlertPage
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.107.6.194 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
3f104f62dc124fb0aa6c4c7f43e8e14aae24150329fc876e71968bfebaee956b

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://forms.office.com/?redirecturl=https%3a%2f%2fforms.office.com%2fPages%2fAdminPhishingReviewPage.aspx%3fid%3dmPkHlEzf4Um7SLGB6eP43IFqtF9HhQBBtIv4yyZV2vNUQjlaUjJSS0dVME0yR0E2ME5BWDFZS0k0NCQlQCN0PWcu%26source%3dUnifiedAlertPage
Origin
https://forms.office.com
Accept-Language
zh-SG,zh;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
date
Thu, 11 Apr 2024 14:13:19 GMT
content-encoding
br
last-modified
Tue, 09 Apr 2024 04:52:54 GMT
x-msedge-ref
Ref A: B72478A49F1C4EDC944A371956CF4B00 Ref B: SG2EDGE2405 Ref C: 2024-04-11T14:13:19Z
etag
0x8DC5850EB31CD66
x-cache
TCP_HIT
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
d9edf649-701e-006b-48c8-8a17ee000000
access-control-expose-headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
cache-control
max-age=31536000
x-ms-version
2009-09-19
x-cid
7
dll-underscore.min.44ec7e4.js
forms.office.com/cdn/scripts/dists/ 		22 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://forms.office.com/cdn/scripts/dists/dll-underscore.min.44ec7e4.js
Requested by
Host: forms.office.com
URL: https://forms.office.com/?redirecturl=https%3a%2f%2fforms.office.com%2fPages%2fAdminPhishingReviewPage.aspx%3fid%3dmPkHlEzf4Um7SLGB6eP43IFqtF9HhQBBtIv4yyZV2vNUQjlaUjJSS0dVME0yR0E2ME5BWDFZS0k0NCQlQCN0PWcu%26source%3dUnifiedAlertPage
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.107.6.194 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
0013853aa36583d66b1938d11db36513c5492444612fa2a149dc02530cbb217d

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://forms.office.com/?redirecturl=https%3a%2f%2fforms.office.com%2fPages%2fAdminPhishingReviewPage.aspx%3fid%3dmPkHlEzf4Um7SLGB6eP43IFqtF9HhQBBtIv4yyZV2vNUQjlaUjJSS0dVME0yR0E2ME5BWDFZS0k0NCQlQCN0PWcu%26source%3dUnifiedAlertPage
Origin
https://forms.office.com
Accept-Language
zh-SG,zh;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
date
Thu, 11 Apr 2024 14:13:19 GMT
content-encoding
br
last-modified
Mon, 08 Apr 2024 05:17:20 GMT
x-msedge-ref
Ref A: 98A11026CC974E3786EE338242592A6E Ref B: SG2EDGE2405 Ref C: 2024-04-11T14:13:19Z
etag
0x8DC578B2A51A370
x-cache
TCP_HIT
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
118137fb-401e-005f-5711-8a2426000000
access-control-expose-headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
cache-control
max-age=31536000
x-ms-version
2009-09-19
x-cid
7
dll-aria.min.af3e4b5.js
forms.office.com/cdn/scripts/dists/ 		160 KB
48 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://forms.office.com/cdn/scripts/dists/dll-aria.min.af3e4b5.js
Requested by
Host: forms.office.com
URL: https://forms.office.com/?redirecturl=https%3a%2f%2fforms.office.com%2fPages%2fAdminPhishingReviewPage.aspx%3fid%3dmPkHlEzf4Um7SLGB6eP43IFqtF9HhQBBtIv4yyZV2vNUQjlaUjJSS0dVME0yR0E2ME5BWDFZS0k0NCQlQCN0PWcu%26source%3dUnifiedAlertPage
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.107.6.194 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
08a7136735dd21df65ddf5d103c300e34c894a06adbfe1f39c56efc8fc77de4a

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://forms.office.com/?redirecturl=https%3a%2f%2fforms.office.com%2fPages%2fAdminPhishingReviewPage.aspx%3fid%3dmPkHlEzf4Um7SLGB6eP43IFqtF9HhQBBtIv4yyZV2vNUQjlaUjJSS0dVME0yR0E2ME5BWDFZS0k0NCQlQCN0PWcu%26source%3dUnifiedAlertPage
Origin
https://forms.office.com
Accept-Language
zh-SG,zh;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
date
Thu, 11 Apr 2024 14:13:19 GMT
content-encoding
br
last-modified
Wed, 10 Apr 2024 06:02:11 GMT
x-msedge-ref
Ref A: A973CB8678734D648F34B8D34DA37EAD Ref B: SG2EDGE2405 Ref C: 2024-04-11T14:13:19Z
etag
0x8DC5923C330ABB9
x-cache
TCP_HIT
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
a2ad4a90-e01e-002e-6612-8b293e000000
access-control-expose-headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
cache-control
max-age=31536000
x-ms-version
2009-09-19
x-cid
7
default-page.min.2b0fd8c.js
forms.office.com/cdn/scripts/dists/ 		157 KB
48 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://forms.office.com/cdn/scripts/dists/default-page.min.2b0fd8c.js
Requested by
Host: forms.office.com
URL: https://forms.office.com/?redirecturl=https%3a%2f%2fforms.office.com%2fPages%2fAdminPhishingReviewPage.aspx%3fid%3dmPkHlEzf4Um7SLGB6eP43IFqtF9HhQBBtIv4yyZV2vNUQjlaUjJSS0dVME0yR0E2ME5BWDFZS0k0NCQlQCN0PWcu%26source%3dUnifiedAlertPage
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.107.6.194 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
5de25cdd2442230fe829dadc3070eeee636a3fb48ab3d3310d1017bdc1bf1d67

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://forms.office.com/?redirecturl=https%3a%2f%2fforms.office.com%2fPages%2fAdminPhishingReviewPage.aspx%3fid%3dmPkHlEzf4Um7SLGB6eP43IFqtF9HhQBBtIv4yyZV2vNUQjlaUjJSS0dVME0yR0E2ME5BWDFZS0k0NCQlQCN0PWcu%26source%3dUnifiedAlertPage
Origin
https://forms.office.com
Accept-Language
zh-SG,zh;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
date
Thu, 11 Apr 2024 14:13:19 GMT
content-encoding
br
last-modified
Tue, 09 Apr 2024 04:52:51 GMT
x-msedge-ref
Ref A: 5A738CADC1E4405B8B4E2330DD57E1A6 Ref B: SG2EDGE2405 Ref C: 2024-04-11T14:13:19Z
etag
0x8DC5850E990C7B7
x-cache
TCP_HIT
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
d90039bb-201e-0049-80ea-8bd2f1000000
access-control-expose-headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
cache-control
max-age=31536000
x-ms-version
2009-09-19
x-cid
7
segoeui-regular.woff2
static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/ 		35 KB
36 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-regular.woff2
Requested by
Host: forms.office.com
URL: https://forms.office.com/cdn/css/dist/default-page.min.5112b27.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.10.2.209 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-10-2-209.deploy.static.akamaitechnologies.com
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
94ef87ee295c67526205d67124f404e246226105e939e14c435a20c29a956f49

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://forms.office.com/
Origin
https://forms.office.com
Accept-Language
zh-SG,zh;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
date
Thu, 11 Apr 2024 14:13:26 GMT
last-modified
Thu, 14 Jun 2018 15:58:38 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
content-md5
hl8dtlRfyUovRETdYOe7xg==
etag
0x8D5D20FB145CFD1
content-type
font/woff2
access-control-allow-origin
*
x-ms-request-id
c1e0d1ce-b01e-005a-27be-ffe6fc000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=27264216
x-ms-version
2009-09-19
content-length
36344
default-page.chunk.1ds.e2e276c.js
forms.office.com/cdn/scripts/dists/ 		108 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://forms.office.com/cdn/scripts/dists/default-page.chunk.1ds.e2e276c.js
Requested by
Host: forms.office.com
URL: https://forms.office.com/cdn/scripts/dists/default-page.min.2b0fd8c.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.107.6.194 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
04aaa36219d9b75abef8d8d7b579543f024ae2f9f7217d747d7ee590b165d97c

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://forms.office.com/?redirecturl=https%3a%2f%2fforms.office.com%2fPages%2fAdminPhishingReviewPage.aspx%3fid%3dmPkHlEzf4Um7SLGB6eP43IFqtF9HhQBBtIv4yyZV2vNUQjlaUjJSS0dVME0yR0E2ME5BWDFZS0k0NCQlQCN0PWcu%26source%3dUnifiedAlertPage
Accept-Language
zh-SG,zh;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
date
Thu, 11 Apr 2024 14:13:24 GMT
content-encoding
br
last-modified
Wed, 10 Apr 2024 06:03:59 GMT
x-msedge-ref
Ref A: E9447AD2CF3B4E71BB0DE26433BDF770 Ref B: SG2EDGE2405 Ref C: 2024-04-11T14:13:24Z
etag
0x8DC592403CE8ED3
x-cache
TCP_HIT
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
cf4ee611-101e-001f-761a-8b231e000000
access-control-expose-headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
cache-control
max-age=31536000
x-ms-version
2009-09-19
x-cid
7
default-page.chunk.utel.b28552b.js
forms.office.com/cdn/scripts/dists/ 		33 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://forms.office.com/cdn/scripts/dists/default-page.chunk.utel.b28552b.js
Requested by
Host: forms.office.com
URL: https://forms.office.com/cdn/scripts/dists/default-page.min.2b0fd8c.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.107.6.194 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e54b67ec27eb524a85e9ff1ba94fd97af5d1a39410a54676d3c6ebaf744fb34c

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://forms.office.com/?redirecturl=https%3a%2f%2fforms.office.com%2fPages%2fAdminPhishingReviewPage.aspx%3fid%3dmPkHlEzf4Um7SLGB6eP43IFqtF9HhQBBtIv4yyZV2vNUQjlaUjJSS0dVME0yR0E2ME5BWDFZS0k0NCQlQCN0PWcu%26source%3dUnifiedAlertPage
Accept-Language
zh-SG,zh;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
date
Thu, 11 Apr 2024 14:13:24 GMT
content-encoding
br
last-modified
Wed, 10 Apr 2024 05:18:56 GMT
x-msedge-ref
Ref A: A128E0872F4E4028A9B6100501E82198 Ref B: SG2EDGE2405 Ref C: 2024-04-11T14:13:25Z
etag
0x8DC591DB861E33A
x-cache
TCP_HIT
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
d2243354-001e-0003-5239-8b717e000000
access-control-expose-headers
x-ms-request-id,x-ms-version,x-ms-lease-status,x-ms-blob-type
cache-control
max-age=31536000
x-ms-version
2009-09-19
x-cid
7
c.gif
c.bing.com/
Redirect Chain
  • https://c.office.com/c.gif
  • https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=F19E024E8A2B4919BC77A656FBBF6132&RedC=c.office.com&MXFR=145CDDF6B0086AE03D2BC9A8B4086186
0
0
authorize
login.microsoftonline.com/organizations/oauth2/v2.0/ Frame 54ED
Redirect Chain
  • https://forms.office.com/oidcLogin?IdentityProvider=aad&ru=%2FPages%2FSilentSignInComplete.aspx&prompt=none
  • https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize?client_id=c9a559d2-7aab-4f13-a6ed-e7e9c52aec87&redirect_uri=https%3A%2F%2Fforms.office.com%2Flanding&state=eyJ2ZXJzaW9uIjoxLCJk...
0
0
oidcLogin
forms.office.com/ Frame 9A78 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
c.bing.com
URL
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=F19E024E8A2B4919BC77A656FBBF6132&RedC=c.office.com&MXFR=145CDDF6B0086AE03D2BC9A8B4086186
Domain
login.microsoftonline.com
URL
https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize?client_id=c9a559d2-7aab-4f13-a6ed-e7e9c52aec87&redirect_uri=https%3A%2F%2Fforms.office.com%2Flanding&state=eyJ2ZXJzaW9uIjoxLCJkYXRhIjp7IklkZW50aXR5UHJvdmlkZXIiOiJBZGlfSmJFamlsNTNrMFVXUEt2SFZxdF95MTdvVkxEN1pxQnFqbnFlRVhDZ0VpeG9pOWxIa0xLVjA2RjhSWjJOeFowSlFZd2plbTFidHBQV2dxdnJjMUkiLCJwcm9tcHQiOiJBVFBiV0ExUmpKdEtBQ3ktMWFydjUxZzFVQ0VJOVBOV1VXVzRZMHRpbE1tdC1CMnlSRVgtZFdKNWlMdmZfN0hYMlNPWlBTekRUcmh6SmdPLWpmWmx0eFUiLCIucmVkaXJlY3QiOiIvUGFnZXMvU2lsZW50U2lnbkluQ29tcGxldGUuYXNweCIsIi54c3JmIjoiQWVpMzVwY3RkNUpNZHd4QnBqM2xYQU5uR3NtZ2doQnhVcFpXTmFXalM5a0t1ZnpwM2xOTDNxRi1EdWFiLTlKbG9UZVQwa1BUOWZyQzA5NERINjBhRWJHeTd1dFkxdGRBVndsZFlhYU5STmFvd1NZS0ozVDhjc0kyTnBhdGVFdEE4dyIsIk9wZW5JZENvbm5lY3QuQ29kZS5SZWRpcmVjdFVyaSI6IkFjeFRkb2JPNDF4eUd2SzhXbHZqOVlwaENJQWROY0hXeFNpZnBxaHByRGZOX01BVFFwQUJNak0yQmZYWm9kR3llNkpvM240S003UG1xWVZJQk95Z0pMcmg1QnFUWm10LXE1UXFla05INldHMzhaU1NadkNlSEhudDNRT3lWeUI0QXcifX0&response_type=code%20id_token&scope=openid%20profile&response_mode=form_post&nonce=638484416055255680.MDgwZGFiODAtMzc5Ni00OTljLWFkNzUtODY5M2U4MTA4OWRlYjY0YTMwYWYtNzhiNC00YWVmLTk0YWQtYTU4N2Q5ZGY3MGNm&msafed=0&prompt=none&x-client-SKU=ID_NET8_0&x-client-ver=7.2.0.0
Domain
forms.office.com
URL
https://forms.office.com/oidcLogin?IdentityProvider=msa&ru=%2FPages%2FSilentSignInComplete.aspx&prompt=none&TenantId=9188040d-6c67-4c5b-b112-36a304b66dad

Verdicts & Comments Add Verdict or Comment

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 function| reloadNoCdn object| OfficeFormServerInfo object| NavKeyPoints object| formsInlineScriptSyntaxCheck function| _dll_react_17a9a9b4233a36660118 function| _dll_dompurify_e7d452d73246f470bc6d function| _dll_jquery_cdd163d00dce42731da5 function| _dll_underscore_05eb817c0cd755523d09 function| _dll_aria_2aea5d46efb066980c49 object| webpackChunk function| getChunkPath function| replaceChunkSrc object| Forms object| FormsPro function| formsModuleResolveErrorCallback function| jQuery function| $ function| formsDetectUserLoggedInCallback object| __dynProto$Gbl

5 Cookies

Domain/Path Name / Value
forms.office.com/ Name: FormsWebSessionId
Value: 4138568b-8ae1-4745-9b29-5f1c8b956486
forms.office.com/ Name: .AspNetCore.OpenIdConnect.Nonce.ASh8PO0KWQuDinjORqqtZKGzSkQhUhzRjoTJC1Mhi4oP5b0PvkyVcrL0ILNhMMPRhFoPDUu4l25e___t68yTjIigDZOcoqt7jUapd3P_YVCvQt9AiWvHw-YSnaArec5z75U3cRTUTeJN05KpoOyEVQr06s0LAEBQnaF4PhgqG9hmaVlyBkcwSo_71eF3mTRty3FqzVbfwxIe12QLnSx1q1I0_FpNtQayBClMTAutt8o5
Value: N
forms.office.com/ Name: .AspNetCore.Correlation.8eaekFMAd5NPapo8nZDzGZGqWTO0UoNDjqvjDXaHq-c
Value: N
.c.office.com/ Name: SM
Value: T
.office.com/ Name: MUID
Value: 145CDDF6B0086AE03D2BC9A8B4086186

1 Console Messages

Source Level URL
Text
intervention info URL: https://forms.office.com/?redirecturl=https%3a%2f%2fforms.office.com%2fPages%2fAdminPhishingReviewPage.aspx%3fid%3dmPkHlEzf4Um7SLGB6eP43IFqtF9HhQBBtIv4yyZV2vNUQjlaUjJSS0dVME0yR0E2ME5BWDFZS0k0NCQlQCN0PWcu%26source%3dUnifiedAlertPage
Message:
Slow network is detected. See https://www.chromestatus.com/feature/5636954674692096 for more details. Fallback font will be used while loading: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-regular.woff2

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=2592000; includeSubDomains