forms.office.com
Open in
urlscan Pro
52.109.76.79
Public Scan
Effective URL: https://forms.office.com/Pages/ResponsePage.aspx?id=DQSIkWdsW0yxEjajBLZtrQAAAAAAAAAAAAa__QkcLxpUNlRNQVc4RTVZNlZBRkFTSjFXQ...
Submission: On September 18 via manual from US
Summary
TLS certificate: Issued by Microsoft IT TLS CA 4 on February 26th 2019. Valid for: 2 years.
This is the only time forms.office.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 195.216.243.155 195.216.243.155 | 29226 (MASTERTEL...) (MASTERTEL-AS Moscow) | |
5 | 52.109.76.79 52.109.76.79 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation) | |
1 | 2a02:6b8::1:119 2a02:6b8::1:119 | 13238 (YANDEX) (YANDEX) | |
1 2 | 88.212.196.72 88.212.196.72 | 39134 (UNITEDNET) (UNITEDNET) | |
5 | 2.16.186.106 2.16.186.106 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 152.199.19.160 152.199.19.160 | 15133 (EDGECAST) (EDGECAST - MCI Communications Services) | |
1 2 | 52.142.114.2 52.142.114.2 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation) | |
1 1 | 2620:1ec:c11:... 2620:1ec:c11::200 | 8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation) | |
2 | 40.77.226.250 40.77.226.250 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation) | |
1 | 52.109.88.14 52.109.88.14 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation) | |
1 | 52.114.74.45 52.114.74.45 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation) | |
19 | 10 |
ASN29226 (MASTERTEL-AS Moscow, Russia, RU)
PTR: s5.unet.com
u.to |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
forms.office.com |
ASN20940 (AKAMAI-ASN1, US)
PTR: a2-16-186-106.deploy.static.akamaitechnologies.com
cdn.forms.office.net |
ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)
az725175.vo.msecnd.net |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
c.office.com |
ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
c.bing.com |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
web.vortex.data.microsoft.com |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
lists.office.com |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
browser.pipe.aria.microsoft.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
office.com
1 redirects
forms.office.com c.office.com lists.office.com |
69 KB |
5 |
office.net
cdn.forms.office.net |
322 KB |
3 |
microsoft.com
web.vortex.data.microsoft.com browser.pipe.aria.microsoft.com |
1 KB |
2 |
yadro.ru
1 redirects
counter.yadro.ru |
918 B |
1 |
bing.com
1 redirects
c.bing.com |
528 B |
1 |
msecnd.net
az725175.vo.msecnd.net |
18 KB |
1 |
yandex.ru
mc.yandex.ru |
|
1 |
u.to
u.to |
1 KB |
19 | 8 |
Domain | Requested by | |
---|---|---|
5 | cdn.forms.office.net |
forms.office.com
cdn.forms.office.net |
5 | forms.office.com |
u.to
cdn.forms.office.net |
2 | web.vortex.data.microsoft.com |
az725175.vo.msecnd.net
|
2 | c.office.com |
1 redirects
forms.office.com
|
2 | counter.yadro.ru | 1 redirects |
1 | browser.pipe.aria.microsoft.com |
cdn.forms.office.net
|
1 | lists.office.com | |
1 | c.bing.com | 1 redirects |
1 | az725175.vo.msecnd.net |
forms.office.com
|
1 | mc.yandex.ru |
u.to
|
1 | u.to | |
19 | 11 |
This site contains links to these domains. Also see Links.
Domain |
---|
go.microsoft.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
u.to Sectigo RSA Domain Validation Secure Server CA |
2019-08-23 - 2021-08-22 |
2 years | crt.sh |
forms.office.com Microsoft IT TLS CA 4 |
2019-02-26 - 2021-02-26 |
2 years | crt.sh |
bs.yandex.ru Yandex CA |
2018-10-03 - 2019-10-03 |
a year | crt.sh |
counter.yadro.ru COMODO ECC Domain Validation Secure Server CA |
2018-04-09 - 2020-04-08 |
2 years | crt.sh |
cdn.forms.office.net Microsoft IT TLS CA 1 |
2019-07-29 - 2021-07-29 |
2 years | crt.sh |
*.vo.msecnd.net Microsoft IT TLS CA 2 |
2018-03-30 - 2020-03-30 |
2 years | crt.sh |
c.msn.com Microsoft IT TLS CA 1 |
2018-09-13 - 2020-09-13 |
2 years | crt.sh |
*.vortex.data.microsoft.com Microsoft IT TLS CA 5 |
2018-01-30 - 2020-01-30 |
2 years | crt.sh |
lists.office.com Microsoft IT TLS CA 4 |
2017-12-18 - 2019-12-18 |
2 years | crt.sh |
*.events.data.microsoft.com Microsoft IT TLS CA 1 |
2019-03-26 - 2021-03-26 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://forms.office.com/Pages/ResponsePage.aspx?id=DQSIkWdsW0yxEjajBLZtrQAAAAAAAAAAAAa__QkcLxpUNlRNQVc4RTVZNlZBRkFTSjFXQVI0RUpaUS4u
Frame ID: CD77BF2E6E55659171E54D48DD9F2B01
Requests: 19 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://u.to/RFxVFg Page URL
- https://forms.office.com/Pages/ResponsePage.aspx?id=DQSIkWdsW0yxEjajBLZtrQAAAAAAAAAAAAa__QkcLxpUNlRNQ... Page URL
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Title: Privacy and cookies
Search URL Search Domain Scan URL
Title: Terms of use
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://u.to/RFxVFg Page URL
- https://forms.office.com/Pages/ResponsePage.aspx?id=DQSIkWdsW0yxEjajBLZtrQAAAAAAAAAAAAa__QkcLxpUNlRNQVc4RTVZNlZBRkFTSjFXQVI0RUpaUS4u Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 2- https://counter.yadro.ru/hit;utostat?r;s1600*1200*24;uhttps%3A//u.to/RFxVFg;1568816163278 HTTP 302
- https://counter.yadro.ru/hit;utostat?q;r;s1600*1200*24;uhttps%3A//u.to/RFxVFg;1568816163278
- https://c.office.com/c.gif HTTP 302
- https://c.bing.com/c.gif?&CtsSyncId=A627F0A594944F699D78C9A519384CEE&RedC=c.office.com&MXFR=0AE564DC731667FA1701690777166CEB HTTP 302
- https://c.office.com/c.gif?&CtsSyncId=A627F0A594944F699D78C9A519384CEE&MUID=0AE564DC731667FA1701690777166CEB
19 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Cookie set
RFxVFg
u.to/ |
1 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
Cookie set
ResponsePage.aspx
forms.office.com/Pages/ |
17 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
tag.js
mc.yandex.ru/metrika/ |
315 KB 0 |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
hit;utostat
counter.yadro.ru/ Redirect Chain
|
43 B 421 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
response-page-customize-fabric-bootstrap.min.90b4e94.css
cdn.forms.office.net/forms/css/dist/ |
142 KB 21 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
basics.min.d9f547c.js
cdn.forms.office.net/forms/scripts/vendors/combinedmin/ |
353 KB 99 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
response-page.min.5463b97.js
cdn.forms.office.net/forms/scripts/dists/ |
956 KB 165 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jsll-4.js
az725175.vo.msecnd.net/scripts/ |
54 KB 18 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
runtimeForms('DQSIkWdsW0yxEjajBLZtrQAAAAAAAAAAAAa__QkcLxpUNlRNQVc4RTVZNlZBRkFTSjFXQVI0RUpaUS4u')
forms.office.com/formapi/api/9188040d-6c67-4c5b-b112-36a304b66dad/users/00000000-0000-0000-0006-bffd091c2f1a/light/ |
3 KB 2 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
GetResourceStrings
forms.office.com/Pages/ResponsePage.aspx/ |
183 KB 52 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
response.min.6275218.js
cdn.forms.office.net/forms/scripts/vendors/combinedmin/ |
88 KB 26 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
c.gif
c.office.com/ Redirect Chain
|
42 B 225 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
t.js
web.vortex.data.microsoft.com/collect/v1/ |
260 B 909 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
v1
web.vortex.data.microsoft.com/collect/ |
0 0 |
Other
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
GetThemes
forms.office.com/Pages/ResponsePage.aspx/ |
297 B 1 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
privacy
forms.office.com/formapi/api/ |
63 B 1 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
10edc004-fd5f-49f4-a28a-5a62aa0bff6c
lists.office.com/Images/9188040d-6c67-4c5b-b112-36a304b66dad/00000000-0000-0000-0006-bffd091c2f1a/T6TMAW8E5Y6VAFASJ1WAR4EJZQ/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fabricmdl2icons-2.68.subset.woff2
cdn.forms.office.net/forms/fonts/ |
11 KB 11 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
/
browser.pipe.aria.microsoft.com/Collector/3.0/ |
0 397 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
71 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate object| NavKeyPoints function| reloadNoCdn object| OfficeFormServerInfo function| init object| datas object| modules function| require object| Logging function| AuthenticationContext object| AWTPropertyType object| AWTPiiKind object| AWTEventPriority object| AWTEventsDroppedReason object| AWTEventsRejectedReason object| AWTCustomerContentKind object| AWTUserIdType object| AWTSessionState string| AWT_BEST_EFFORT string| AWT_NEAR_REAL_TIME string| AWT_REAL_TIME function| AWTEventProperties function| AWTLogger function| AWTLogManager function| AWTTransmissionManager function| AWTSerializer function| AWTSemanticContext string| AWT_COLLECTOR_URL_UNITED_STATES string| AWT_COLLECTOR_URL_GERMANY string| AWT_COLLECTOR_URL_JAPAN string| AWT_COLLECTOR_URL_AUSTRALIA string| AWT_COLLECTOR_URL_EUROPE string| AWT_COLLECTOR_URL_USGOV_DOD string| AWT_COLLECTOR_URL_USGOV_DOJ function| $ function| jQuery object| odatajs function| DomStore function| IndexedDBStore function| MemoryStore function| _ object| React object| ReactDOM function| makeDOMException function| getbyte64 function| decode function| getbyte function| encode function| escapeRegExp function| formatNumber function| extractDigits function| removeQuatos function| parseStringToDateLabels function| getTime function| __extends function| __assign object| NerveImplementation object| Nerve object| OfficeForm undefined| PADCHAR_1 undefined| ALPHA_1 object| stringDelimiter object| dateLabelsRegExp object| Forms object| FormsPro function| jsllloaded object| awa string| behaviorKey object| linkify function| Picker5 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.office.com/ | Name: MUID Value: 0AE564DC731667FA1701690777166CEB |
|
.forms.office.com/ | Name: AADNonce.forms Value: 43d1e2db-2a7c-4ff7-94b1-55c860538536.637044129634782146 |
|
forms.office.com/ | Name: __RequestVerificationToken Value: elKxKkEa-ZR_rJ-guaC2AjylyuxiZvD3qK-mGxW7kgBVd2wAOVMq9r-WFDMY93_iBLxn3kk3x9WjZxYmOAY9pJI6ZZ41 |
|
forms.office.com/ | Name: MSFPC Value: GUID=ec96c5fb4c544897bac58636315939bd&HASH=ec96&LV=201909&V=4&LU=1568816164000 |
|
forms.office.com/ | Name: DcLcid Value: ui=1033&data=1033 |
16 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
az725175.vo.msecnd.net
browser.pipe.aria.microsoft.com
c.bing.com
c.office.com
cdn.forms.office.net
counter.yadro.ru
forms.office.com
lists.office.com
mc.yandex.ru
u.to
web.vortex.data.microsoft.com
152.199.19.160
195.216.243.155
2.16.186.106
2620:1ec:c11::200
2a02:6b8::1:119
40.77.226.250
52.109.76.79
52.109.88.14
52.114.74.45
52.142.114.2
88.212.196.72
16e3ddcc2097e43bfc107f4420ff1e8fb27cea18d9f84e71497fe156bf188ef8
1cabf3c1e5e2178d9aea793263e0104b27ac2d8f9a99fa7a5ebc46d46cdb8a27
2b3de487841717411e136ce253f066629c77b04389188f53d72c3e918350599f
692886753b131d6ff615c17e0915eb104ed4610f578523a74222d80221f69fc1
76ff4733c2a26eb48ca910eac9496efa997964d90fbc34f5828a1a4be2e4366d
7b2e293f7b75f22b84ba651a1968b6819834cb8491f9e57ca7182b9b47fa5c63
7e81ee7c9fd31a790cc2d297433a0fe5fb39519a8cd2539a786f33016e8c4849
99274b8a75ca0ac46a7d512cada914a6610fd90ca1b047fe81293fee731480e4
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
b9b609c0a90368a3481662bff42a32151ed00cf7d5991756a2e0d6f61040126d
c28de49a775fca372784b9f662136f8ac438cb5a42614bbbb9786b566643c825
ce6db9d0a1eff317004092d72cc62d7e5fceb3220ae957937233bb4045c865f3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6bbfa4af18fb4f0e9c8a31d6654eac92d0f82dc895c6e5f49b54a8de51e5923
f3fb5447e1b13ce7ee31c1d21884e31e7c10a2aa29858c03c99f1af6240ea72c
fe36ba53d8cd843331dafd88e353602d982ad7c22ab1f2264972f72f1fa3610e