urlscan.io logo urlscan.io
SecurityTrails logo

friedmancovid.com Open in urlscan Pro
205.178.189.131  Public Scan

Go To Rescan Add Verdict Report
URL: http://friedmancovid.com/
Submission: On May 19 via api from ES
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 2 HTTP transactions. The main IP is 205.178.189.131, located in Jacksonville, United States and belongs to DEFENSE-NET, US. The main domain is friedmancovid.com.
This is the only time friedmancovid.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 205.178.189.131 55002 (DEFENSE-NET)
1 2 52.109.76.79 8075 (MICROSOFT...)
2 2
Apex Domain
Subdomains		 Transfer
2 office.com
forms.office.com
295 B
1 friedmancovid.com
friedmancovid.com
487 B
2 2
Domain Requested by
2 forms.office.com 1 redirects friedmancovid.com
1 friedmancovid.com
2 2

This site contains no links.

Subject Issuer Validity Valid
forms.office.com
Microsoft IT TLS CA 4		 2019-02-26 -
2021-02-26		 2 years crt.sh

This page contains 2 frames:

Primary Page: http://friedmancovid.com/
Frame ID: DE813A85BB3AD29C44A7BF5E4670D1AD
Requests: 1 HTTP requests in this frame

Frame: https://forms.office.com/FormsPro/Pages/ResponsePage.aspx?id=hsEw0oDlrEeUXCdVsY4YxhTvgA5VEyRNoFFasZtKuFtURVpLM0tXWEtBVFlLNjc1SkI5N0JJMzRVRi4u
Frame ID: 8978C377F0798B98789F7128DFE435EE
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Statistics

2
Requests

50 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

0 kB
Transfer

0 kB
Size

5
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://forms.office.com/FormsPro/Pages/ResponsePage.aspx?id=hsEw0oDlrEeUXCdVsY4YxhTvgA5VEyRNoFFasZtKuFtURVpLM0tXWEtBVFlLNjc1SkI5N0JJMzRVRi4u HTTP 301
  • https://forms.office.com/FormsPro/Pages/ResponsePage.aspx?id=hsEw0oDlrEeUXCdVsY4YxhTvgA5VEyRNoFFasZtKuFtURVpLM0tXWEtBVFlLNjc1SkI5N0JJMzRVRi4u

2 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
friedmancovid.com/ 		333 B
487 B 		Document
General
Check archive.org
Download Go to
Full URL
http://friedmancovid.com/
Protocol
HTTP/1.1
Server
205.178.189.131 Jacksonville, United States, ASN55002 (DEFENSE-NET, US),
Reverse DNS
wf.networksolutions.com
Software
Sun-ONE-Web-Server/6.1 /
Resource Hash
7307a09489f6a4a504996d74190e106adcbbd68f252ec3ad58cfd227abe3cb0e

Request headers

Host
friedmancovid.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Server
Sun-ONE-Web-Server/6.1
Date
Tue, 19 May 2020 05:39:07 GMT
Content-type
text/html
Transfer-encoding
chunked
ResponsePage.aspx
forms.office.com/FormsPro/Pages/ Frame 8978
Redirect Chain
  • http://forms.office.com/FormsPro/Pages/ResponsePage.aspx?id=hsEw0oDlrEeUXCdVsY4YxhTvgA5VEyRNoFFasZtKuFtURVpLM0tXWEtBVFlLNjc1SkI5N0JJMzRVRi4u
  • https://forms.office.com/FormsPro/Pages/ResponsePage.aspx?id=hsEw0oDlrEeUXCdVsY4YxhTvgA5VEyRNoFFasZtKuFtURVpLM0tXWEtBVFlLNjc1SkI5N0JJMzRVRi4u
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://forms.office.com/FormsPro/Pages/ResponsePage.aspx?id=hsEw0oDlrEeUXCdVsY4YxhTvgA5VEyRNoFFasZtKuFtURVpLM0tXWEtBVFlLNjc1SkI5N0JJMzRVRi4u
Requested by
Host: friedmancovid.com
URL: http://friedmancovid.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.109.76.79 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

:method
GET
:authority
forms.office.com
:scheme
https
:path
/FormsPro/Pages/ResponsePage.aspx?id=hsEw0oDlrEeUXCdVsY4YxhTvgA5VEyRNoFFasZtKuFtURVpLM0tXWEtBVFlLNjc1SkI5N0JJMzRVRi4u
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
frame
referer
http://friedmancovid.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://friedmancovid.com/

Response headers

status
200
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
content-length
10180
content-type
text/html; charset=utf-8
content-encoding
gzip
expires
0
vary
Accept-Encoding
server
x-routingofficecluster
neu-001.forms.office.com
x-routingofficefe
FormsSingleBox_IN_6
x-routingofficeversion
16.0.12914.36680
x-routingsessionid
86ad3d04-bd8e-44bf-ad7e-f14bb5304945
x-routingcorrelationid
fc873991-024b-4119-8919-e4f08da35cba
p3p
CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
set-cookie
DcLcid=ui=1033&data=1033; expires=Wed, 19-Aug-2020 05:39:07 GMT; path=/; samesite=none; secure; HttpOnly __RequestVerificationToken=Nr8zw-aqgvk985r_QlcM41HaJ3kKPxq7wfwku1o5kVNiMJ8GXm6-wYRmLMcol-wexBcVu_k5a6n3jzmeEUJbPYVbP_81; path=/; samesite=none; secure; HttpOnly AADNonce.forms=a9bd435c-62dc-4fb4-ac61-861daf55b030.637254635478995293; domain=forms.office.com; path=/; samesite=none; secure; HttpOnly
x-correlationid
fc873991-024b-4119-8919-e4f08da35cba
x-usersessionid
86ad3d04-bd8e-44bf-ad7e-f14bb5304945
x-officefe
FormsSingleBox_IN_9
x-officeversion
16.0.12914.33225
x-officecluster
weu-002.forms.office.com
x-failurereason
MissingCookieOrToken
link
<https://cdn.forms.office.net/forms>; rel=preconnect; crossorigin=anonymous
x-aspnet-version
x-powered-by
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
date
Tue, 19 May 2020 05:39:07 GMT

Redirect headers

Content-Type
text/html; charset=UTF-8
Location
https://forms.office.com/FormsPro/Pages/ResponsePage.aspx?id=hsEw0oDlrEeUXCdVsY4YxhTvgA5VEyRNoFFasZtKuFtURVpLM0tXWEtBVFlLNjc1SkI5N0JJMzRVRi4u
Server
Date
Tue, 19 May 2020 05:39:06 GMT
Content-Length
264

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

5 Cookies

Domain/Path Name / Value
.office.com/ Name: MUID
Value: 06A395FE818461B507129B31800F60C6
.forms.office.com/ Name: AADNonce.forms
Value: a9bd435c-62dc-4fb4-ac61-861daf55b030.637254635478995293
forms.office.com/ Name: MSFPC
Value: GUID=2da911570c6442499f32209addd28aa7&HASH=2da9&LV=202005&V=4&LU=1589866748759
forms.office.com/ Name: __RequestVerificationToken
Value: Nr8zw-aqgvk985r_QlcM41HaJ3kKPxq7wfwku1o5kVNiMJ8GXm6-wYRmLMcol-wexBcVu_k5a6n3jzmeEUJbPYVbP_81
forms.office.com/ Name: DcLcid
Value: ui=1033&data=1033

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

forms.office.com
friedmancovid.com
205.178.189.131
52.109.76.79
7307a09489f6a4a504996d74190e106adcbbd68f252ec3ad58cfd227abe3cb0e