www.microsoft.com Open in urlscan Pro
2a02:26f0:7100:8a6::356e Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.microsoft.com/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protect...
Effective URL:
https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-p...
Submission: On April 17 via api (April 17th 2023, 6:04:40 pm UTC) from SA — Scanned from DE

Summary HTTP 52 Redirects Links 76 Behaviour Indicators

Summary

This website contacted 11 IPs in 5 countries across 8 domains to perform 52 HTTP transactions. The main IP is 2a02:26f0:7100:8a6::356e, located in Frankfurt am Main, Germany and belongs to AKAMAI-ASN1, NL. The main domain is www.microsoft.com. The Cisco Umbrella rank of the primary domain is 254.
TLS certificate: Issued by Microsoft Azure TLS Issuing CA 06 on October 4th 2022. Valid for: a year.

This is the only time www.microsoft.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 27	2a02:26f0:710... 2a02:26f0:7100:8a6::356e	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	2a02:26f0:910... 2a02:26f0:9100:7a2::2957	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2620:1ec:4e:1... 2620:1ec:4e:1::45	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
6	2620:1ec:4f:1... 2620:1ec:4f:1::45	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	95.101.54.137 95.101.54.137	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a02:26f0:780... 2a02:26f0:780::210:ca7a	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
5	2a02:26f0:480... 2a02:26f0:480:79d::356e	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
6	51.105.71.137 51.105.71.137	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2603:1027:1:d... 2603:1027:1:d8::9	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	192.229.221.185 192.229.221.185	() ()
52	11

27 2a02:26f0:7100:8a6::356e (Frankfurt am Main, Germany) 1 redirects

ASN20940 (AKAMAI-ASN1, NL)

www.microsoft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:26f0:9100:7a2::2957 (Paris, France)

ASN20940 (AKAMAI-ASN1, NL)

assets.onestore.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:4e:1::45 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

wcpstatic.microsoft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2620:1ec:4f:1::45 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

js.monitor.azure.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mem.gfx.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 95.101.54.137 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a95-101-54-137.deploy.static.akamaitechnologies.com

statics-marketingsites-eus-ms-com.akamaized.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:780::210:ca7a (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

img-prod-cms-rt-microsoft-com.akamaized.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a02:26f0:480:79d::356e (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

c.s-microsoft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 51.105.71.137 (London, United Kingdom)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

browser.events.data.microsoft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2603:1027:1:d8::9 (Dublin, Ireland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

login.live.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.229.221.185 (None, )

ASN- ()

logincdn.msauth.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
34	microsoft.com 1 redirects www.microsoft.com — Cisco Umbrella Rank: 254 wcpstatic.microsoft.com — Cisco Umbrella Rank: 4473 browser.events.data.microsoft.com — Cisco Umbrella Rank: 178	37 MB
5	s-microsoft.com c.s-microsoft.com — Cisco Umbrella Rank: 5668	147 KB
4	gfx.ms mem.gfx.ms — Cisco Umbrella Rank: 2189	60 KB
3	akamaized.net statics-marketingsites-eus-ms-com.akamaized.net — Cisco Umbrella Rank: 13032 img-prod-cms-rt-microsoft-com.akamaized.net — Cisco Umbrella Rank: 1250	8 KB
3	onestore.ms assets.onestore.ms — Cisco Umbrella Rank: 13692	211 KB
2	azure.com js.monitor.azure.com — Cisco Umbrella Rank: 1581	84 KB
1	msauth.net logincdn.msauth.net	6 KB
1	live.com login.live.com — Cisco Umbrella Rank: 77	7 KB
52	8

	Domain	Requested by
27	www.microsoft.com	1 redirects www.microsoft.com
6	browser.events.data.microsoft.com	js.monitor.azure.com
5	c.s-microsoft.com	assets.onestore.ms
4	mem.gfx.ms	www.microsoft.com mem.gfx.ms
3	assets.onestore.ms	www.microsoft.com
2	img-prod-cms-rt-microsoft-com.akamaized.net	www.microsoft.com
2	js.monitor.azure.com	www.microsoft.com mem.gfx.ms
1	logincdn.msauth.net	login.live.com
1	login.live.com	mem.gfx.ms
1	statics-marketingsites-eus-ms-com.akamaized.net	www.microsoft.com
1	wcpstatic.microsoft.com	www.microsoft.com
52	11

This site contains links to these domains. Also see Links.

Domain
go.microsoft.com
aka.ms
www.bing.com
azure.microsoft.com
github.com
customers.microsoft.com
events.microsoft.com
techcommunity.microsoft.com
docs.microsoft.com
servicetrust.microsoft.com
dynamics.microsoft.com
partner.microsoft.com
about.ads.microsoft.com
azuremarketplace.microsoft.com
appsource.microsoft.com
blogs.microsoft.com
developer.microsoft.com
learn.microsoft.com
twitter.com
www.linkedin.com
facebook.com
attack.mitre.org
en.wikipedia.org
account.microsoft.com
education.microsoft.com
powerplatform.microsoft.com
visualstudio.microsoft.com
careers.microsoft.com
news.microsoft.com
privacy.microsoft.com
support.microsoft.com
choice.microsoft.com

Subject Issuer	Validity	Valid
www.microsoft.com Microsoft Azure TLS Issuing CA 06	`2022-10-04` - `2023-09-29`	a year	crt.sh
wildcard.onestore.ms Microsoft Azure TLS Issuing CA 05	`2022-09-22` - `2023-09-17`	a year	crt.sh
wcpstatic.microsoft.com DigiCert TLS RSA SHA256 2020 CA1	`2022-12-06` - `2023-12-06`	a year	crt.sh
js.monitor.azure.com Microsoft Azure TLS Issuing CA 01	`2023-03-23` - `2024-03-17`	a year	crt.sh
a248.e.akamai.net DigiCert TLS RSA SHA256 2020 CA1	`2022-06-28` - `2023-06-30`	a year	crt.sh
identitycdn.msauth.net Microsoft Azure TLS Issuing CA 06	`2023-03-31` - `2024-03-25`	a year	crt.sh
*.events.data.microsoft.com Microsoft Azure TLS Issuing CA 01	`2023-03-08` - `2024-03-02`	a year	crt.sh
login.live.com DigiCert SHA2 Secure Server CA	`2023-03-30` - `2024-03-30`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/
Frame ID: 62466B58B2D8A23EB6A76FC62C7D7584
Requests: 49 HTTP requests in this frame

Frame: https://login.live.com/me.srf?wa=wsignin1.0&wreply=https%3A%2F%2Fwww.microsoft.com&uaid=1c1db284-d53a-4be7-cc3d-4f2a946453e0&partnerId=mssecurity
Frame ID: 10CEB640785493EF833CCC4207267C01
Requests: 2 HTTP requests in this frame

Frame: https://mem.gfx.ms/me/mecache?partner=mssecurity&wreply=https%3A%2F%2Fwww.microsoft.com
Frame ID: F6FCB4146DE0E760E1C3B91870704587
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Dismantling a fileless campaign: Microsoft Defender ATP's Antivirus exposes Astaroth attack - Microsoft Security BlogtwitterCalifornia Consumer Privacy Act (CCPA) Opt-Out Icon

Page URL History Show full URLs

https://www.microsoft.com/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-... HTTP 301
https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-def... Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

52
Requests

100 %
HTTPS

70 %
IPv6

8
Domains

11
Subdomains

11
IPs

5
Countries

38723 kB
Transfer

40881 kB
Size

8
Cookies

76 Outgoing links

These are links going to different origins than the main page.

URL: https://go.microsoft.com/fwlink/?LinkId=521839
Title: Privacy Statement

Search URL Search Domain Scan URL

URL: https://aka.ms/3rdpartycookies
Title: Third-Party Cookies

Search URL Search Domain Scan URL

URL: https://www.bing.com/new?form=MI13IO&OCID=MI13IO&pc=U710
Title: Learn more

Search URL Search Domain Scan URL

URL: https://azure.microsoft.com/en-us/services/key-vault/
Title: Azure Key Vault

Search URL Search Domain Scan URL

URL: https://azure.microsoft.com/en-us/services/azure-firewall/
Title: Azure Firewall

Search URL Search Domain Scan URL

URL: https://azure.microsoft.com/en-us/services/web-application-firewall/
Title: Azure Web App Firewall

Search URL Search Domain Scan URL

URL: https://azure.microsoft.com/en-us/services/ddos-protection/
Title: Azure DDoS Protection

Search URL Search Domain Scan URL

URL: https://github.com/features/security
Title: GitHub Advanced Security

Search URL Search Domain Scan URL

URL: https://customers.microsoft.com/en-us/search?sq=Microsoft%20Security&ff=&p=0&so=story_publish_date%20desc
Title: Customer stories

Search URL Search Domain Scan URL

URL: https://events.microsoft.com/en-us/allevents/?language=English&clientTimeZone=1&search=security
Title: Microsoft Security Events

Search URL Search Domain Scan URL

URL: https://techcommunity.microsoft.com/t5/security-compliance-and-identity/ct-p/MicrosoftSecurityandCompliance
Title: Microsoft Tech Community

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/security/
Title: Documentation

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/learn/topics/sci?wt.mc_id=techcom_header-webpage-m365
Title: Training & certifications

Search URL Search Domain Scan URL

URL: https://aka.ms/underattack
Title: Under attack?

Search URL Search Domain Scan URL

URL: https://servicetrust.microsoft.com/
Title: Service Trust Portal

Search URL Search Domain Scan URL

URL: https://azure.microsoft.com/en-us/
Title: Azure

Search URL Search Domain Scan URL

URL: https://dynamics.microsoft.com/en-us/
Title: Dynamics 365

Search URL Search Domain Scan URL

URL: https://azure.microsoft.com/en-us/solutions/space/
Title: Azure Space

Search URL Search Domain Scan URL

URL: https://azure.microsoft.com/en-us/solutions/quantum-computing/
Title: Quantum computing

Search URL Search Domain Scan URL

URL: https://partner.microsoft.com/en-US/
Title: Find a partner

Search URL Search Domain Scan URL

URL: https://partner.microsoft.com/en-US/membership/cloud-solution-provider
Title: Become a partner

Search URL Search Domain Scan URL

URL: https://partner.microsoft.com/en-us/membership
Title: Partner Network

Search URL Search Domain Scan URL

URL: https://about.ads.microsoft.com/en-us/resources/microsoft-advertising-partner-program/microsoft-advertising-partner-program
Title: Find an advertising partner

Search URL Search Domain Scan URL

URL: https://about.ads.microsoft.com/en-us/partners/welcome?s_cid=en-us-gct-web-src_ext-sub_0-flx_uhfcombepartner
Title: Become an advertising partner

Search URL Search Domain Scan URL

URL: https://azuremarketplace.microsoft.com/en-us/
Title: Azure Marketplace

Search URL Search Domain Scan URL

URL: https://appsource.microsoft.com/en-us/
Title: AppSource

Search URL Search Domain Scan URL

URL: https://blogs.microsoft.com/
Title: Blog

Search URL Search Domain Scan URL

URL: https://about.ads.microsoft.com/en-us?s_cid=dig-src_uhfcomm
Title: Microsoft Advertising

Search URL Search Domain Scan URL

URL: https://developer.microsoft.com/en-us/
Title: Developer Center

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/docs/
Title: Documentation

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/
Title: Microsoft Learn

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet/?text=Dismantling%20a%20fileless%20campaign%3A%20Microsoft%20Defender%20ATP%26%238217%3Bs%20Antivirus%20exposes%20Astaroth%20attack&url=https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fsecurity%2Fblog%2F2019%2F07%2F08%2Fdismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack%2F
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fsecurity%2Fblog%2F2019%2F07%2F08%2Fdismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack%2F&title=Dismantling%20a%20fileless%20campaign%3A%20Microsoft%20Defender%20ATP%26%238217%3Bs%20Antivirus%20exposes%20Astaroth%20attack&source=https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fsecurity%2Fblog%2F2019%2F07%2F08%2Fdismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack%2F
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fsecurity%2Fblog%2F2019%2F07%2F08%2Fdismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack%2F
Title: Facebook

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/windows/security/threat-protection/intelligence/fileless-threats
Title: comprehensive definition for fileless malware

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/software/S0373/
Title: Astaroth

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1220/
Title: XSL Script Processing

Search URL Search Domain Scan URL

URL: https://github.com/LOLBAS-Project/LOLBAS/blob/master/README.md
Title: living off the land

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/tactics/TA0001/
Title: Initial Access

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/pre/
Title: MITRE technique ID

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1192/
Title: T1192

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1023/
Title: T1023

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1047/
Title: T1047

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1064/
Title: T1064

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1027/
Title: T1027

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Base64
Title: Base64-encoded

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1197/
Title: T1197

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1105/
Title: T1105

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1140/
Title: T1140

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1117/
Title: T1117

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1129/
Title: T1129

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response
Title: endpoint detection and response

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/threat-analytics
Title: threat analytics

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/office365/securitycompliance/office-365-atp
Title: Office 365 ATP

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/The_Invisible_Man
Title: The Invisible Man

Search URL Search Domain Scan URL

URL: https://techcommunity.microsoft.com/t5/Windows-Defender-Advanced-Threat/ct-p/WindowsDefenderAdvanced
Title: Microsoft Defender ATP community

Search URL Search Domain Scan URL

URL: https://twitter.com/MsftSecIntel
Title: @MsftSecIntel

Search URL Search Domain Scan URL

URL: https://twitter.com/@MSFTSecurity
Title: @MSFTSecurity

Search URL Search Domain Scan URL

URL: https://account.microsoft.com/
Title: Account profile

Search URL Search Domain Scan URL

URL: https://go.microsoft.com/fwlink/?linkid=2139749
Title: Microsoft Store support

Search URL Search Domain Scan URL

URL: https://go.microsoft.com/fwlink/p/?LinkID=824764&clcid=0x409
Title: Returns

Search URL Search Domain Scan URL

URL: https://account.microsoft.com/orders
Title: Order tracking

Search URL Search Domain Scan URL

URL: https://education.microsoft.com/
Title: Educator training and development

Search URL Search Domain Scan URL

URL: https://azure.microsoft.com/en-us/free/students/
Title: Azure for students

Search URL Search Domain Scan URL

URL: https://powerplatform.microsoft.com/en-us/
Title: Microsoft Power Platform

Search URL Search Domain Scan URL

URL: https://techcommunity.microsoft.com/
Title: Microsoft Tech Community

Search URL Search Domain Scan URL

URL: https://visualstudio.microsoft.com/
Title: Visual Studio

Search URL Search Domain Scan URL

URL: https://careers.microsoft.com/
Title: Careers

Search URL Search Domain Scan URL

URL: https://news.microsoft.com/
Title: Company news

Search URL Search Domain Scan URL

URL: https://privacy.microsoft.com/en-us
Title: Privacy at Microsoft

Search URL Search Domain Scan URL

URL: https://aka.ms/yourcaliforniaprivacychoices
Title: California Consumer Privacy Act (CCPA) Opt-Out Icon Your California Privacy Choices

Search URL Search Domain Scan URL

URL: https://support.microsoft.com/contactus
Title: Contact Microsoft

Search URL Search Domain Scan URL

URL: https://go.microsoft.com/fwlink/?LinkID=206977
Title: Terms of use

Search URL Search Domain Scan URL

URL: https://go.microsoft.com/fwlink/?linkid=2196228
Title: Trademarks

Search URL Search Domain Scan URL

URL: https://go.microsoft.com/fwlink/?linkid=2196227
Title: Safety & eco

Search URL Search Domain Scan URL

URL: https://choice.microsoft.com/
Title: About our ads

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.microsoft.com/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/ HTTP 301
https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

52 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/
Redirect Chain

https://www.microsoft.com/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/
https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/

204 KB
37 KB

739ms
739ms

Document
text/html

2a02:26f0:7100:8a6::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100:8a6::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

461ed9d0d13a5810a89ee9b591508e9a1ffe49205cd71e0df3214c7f18ad8eb1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=600
content-encoding: gzip
content-length: 36885
content-type: text/html; charset=utf-8
date: Mon, 17 Apr 2023 18:04:32 GMT
expires: Mon, 17 Apr 2023 18:14:31 GMT
link: <https://www.microsoft.com/en-us/security/blog/wp-json/>; rel="https://api.w.org/" <https://www.microsoft.com/en-us/security/blog/wp-json/wp/v2/posts/89592>; rel="alternate"; type="application/json" <https://www.microsoft.com/en-us/security/blog/?p=89592>; rel=shortlink
ms-cv: CASMicrosoftCV48f36a65.0
ms-cv-esi: CASMicrosoftCV48f36a65.0
strict-transport-security: max-age=31536000
tls_version: tls1.3
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-rtag: RT

Redirect headers

cache-control: max-age=0, no-cache, no-store
content-length: 0
date: Mon, 17 Apr 2023 18:04:31 GMT
expires: Mon, 17 Apr 2023 18:04:31 GMT
location: https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/
ms-cv: CASMicrosoftCV48f369ec.0
ms-cv-esi: CASMicrosoftCV48f369ec.0
pragma: no-cache
strict-transport-security: max-age=31536000
tls_version: tls1.3
x-rtag: RT

GET
H2 200 wp-emoji-release.min.js Show response
www.microsoft.com/en-us/security/blog/wp-includes/js/ 18 KB
5 KB 717ms
716ms Script
application/javascript 2a02:26f0:7100:8a6::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/en-us/security/blog/wp-includes/js/wp-emoji-release.min.js?ver=6.2

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100:8a6::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Mon, 17 Apr 2023 18:04:32 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Thu, 02 Feb 2023 00:53:25 GMT
x-rtag: RT
etag: "4904-5f3acfe01ab40-gzip"
vary: Accept-Encoding
content-type: application/javascript
tls_version: tls1.3
cache-control: max-age=2592000
ms-cv-esi: CASMicrosoftCV48f37338.0
accept-ranges: bytes
ms-cv: CASMicrosoftCV48f37338.0
content-length: 5039
expires: Wed, 17 May 2023 18:04:32 GMT

GET
H2 200 style.min.css
www.microsoft.com/en-us/security/blog/wp-includes/css/dist/block-library/ 95 KB
13 KB 953ms
953ms Stylesheet
text/css 2a02:26f0:7100:8a6::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/en-us/security/blog/wp-includes/css/dist/block-library/style.min.css?ver=6.2

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100:8a6::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

aca566587618e75fa291a419c7c430be02e03fc72f6105658c1bc8e7d59a65e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Mon, 17 Apr 2023 18:04:33 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Fri, 10 Mar 2023 00:22:37 GMT
x-rtag: RT
etag: "17ced-5f680c224ed40-gzip"
vary: Accept-Encoding
content-type: text/css
tls_version: tls1.3
cache-control: max-age=2592000
ms-cv-esi: CASMicrosoftCV48f37339.0
accept-ranges: bytes
ms-cv: CASMicrosoftCV48f37339.0
content-length: 12736
expires: Wed, 17 May 2023 18:04:32 GMT

GET
H2 200 classic-themes.min.css
www.microsoft.com/en-us/security/blog/wp-includes/css/ 291 B
487 B 954ms
954ms Stylesheet
text/css 2a02:26f0:7100:8a6::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/en-us/security/blog/wp-includes/css/classic-themes.min.css?ver=6.2

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100:8a6::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

dcd9f488bd62ba0ee403b07a97e40b9ffd63a0eff61091588c913b16d5153d48

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Mon, 17 Apr 2023 18:04:33 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Mon, 13 Feb 2023 20:50:19 GMT
x-rtag: RT
etag: "123-5f49afeb578c0-gzip"
vary: Accept-Encoding
content-type: text/css
tls_version: tls1.3
cache-control: max-age=2592000
ms-cv-esi: CASMicrosoftCV48f3733a.0
accept-ranges: bytes
ms-cv: CASMicrosoftCV48f3733a.0
content-length: 210
expires: Wed, 17 May 2023 18:04:32 GMT

GET
H2 200 styles.css
www.microsoft.com/en-us/security/blog/wp-content/plugins/wds-ms-inline-interruption-styles-officeblogs/css/ 10 KB
4 KB 997ms
996ms Stylesheet
text/css 2a02:26f0:7100:8a6::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/en-us/security/blog/wp-content/plugins/wds-ms-inline-interruption-styles-officeblogs/css/styles.css?ver=1681754671

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100:8a6::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

b201ab52de2c92539f7a276b6cf170b1bdf0f3705f1b6ab9597517d030afefe4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Mon, 17 Apr 2023 18:04:33 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Tue, 11 Apr 2023 17:23:30 GMT
x-rtag: RT
etag: "29a7-5f912c0078880-gzip"
vary: Accept-Encoding
content-type: text/css
tls_version: tls1.3
cache-control: max-age=2592000
ms-cv-esi: CASMicrosoftCV48f3733b.0
accept-ranges: bytes
ms-cv: CASMicrosoftCV48f3733b.0
content-length: 3910
expires: Wed, 17 May 2023 18:04:33 GMT

GET
H2 200 mwf-west-european-default.min.css
assets.onestore.ms/cdnfiles/external/mwf/short/v1/latest/css/ 581 KB
71 KB 116ms
24ms Stylesheet
text/css 2a02:26f0:9100:7a2::2957
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.onestore.ms/cdnfiles/external/mwf/short/v1/latest/css/mwf-west-european-default.min.css?ver=6.2

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:9100:7a2::2957 Paris, France, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /

Resource Hash

4919e80f038d2b93f1184d1733ac35009643481735c7bc7aa31d8b56e118fc04

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff, nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Mon, 17 Apr 2023 18:04:32 GMT
content-encoding: gzip
x-content-type-options: nosniff, nosniff, nosniff
last-modified: Thu, 01 Feb 2018 02:22:19 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
content-md5: QshXRY8/Osc4oVEHlL0Pbw==
etag: "0x8D5691A9EA468B4"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-lease-state,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
cache-control: max-age=900
accept-ranges: bytes
content-length: 71704
x-ms-lease-state: available

GET
H2 200 style.css
www.microsoft.com/en-us/security/blog/wp-content/themes/ms_s/ 342 B
516 B 977ms
977ms Stylesheet
text/css 2a02:26f0:7100:8a6::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/en-us/security/blog/wp-content/themes/ms_s/style.css?ver=1681233905

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100:8a6::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

f174b3ce00dc0ef25fe0867dae1da92a595c50f730dbe2cd1fd7f29546034e81

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Mon, 17 Apr 2023 18:04:33 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Tue, 11 Apr 2023 17:23:30 GMT
x-rtag: RT
etag: "156-5f912c0078880-gzip"
vary: Accept-Encoding
content-type: text/css
tls_version: tls1.3
cache-control: max-age=2592000
ms-cv-esi: CASMicrosoftCV48f3733c.0
accept-ranges: bytes
ms-cv: CASMicrosoftCV48f3733c.0
content-length: 238
expires: Wed, 17 May 2023 18:04:32 GMT

GET
H2 200 style.min.css
www.microsoft.com/en-us/security/blog/wp-content/themes/ms-security/ 69 KB
14 KB 1041ms
1041ms Stylesheet
text/css 2a02:26f0:7100:8a6::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/en-us/security/blog/wp-content/themes/ms-security/style.min.css?ver=1681233905

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100:8a6::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

3f9133661081aceb9b5e1e10aa17a87e4b7db93609497be50b677477fb5a050c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Mon, 17 Apr 2023 18:04:33 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Tue, 11 Apr 2023 17:25:05 GMT
x-rtag: RT
etag: "113bd-5f912c5b11e40-gzip"
vary: Accept-Encoding
content-type: text/css
tls_version: tls1.3
cache-control: max-age=2592000
ms-cv-esi: CASMicrosoftCV48f3733d.0
accept-ranges: bytes
ms-cv: CASMicrosoftCV48f3733d.0
content-length: 13558
expires: Wed, 17 May 2023 18:04:33 GMT

GET
H2 200 wcp-consent.js Show response
wcpstatic.microsoft.com/mscc/lib/v2/ 273 KB
80 KB 72ms
12ms Script
application/javascript 2620:1ec:4e:1::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js
Requested by: Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:4e:1::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: c688d3f2135b6b51617a306a0b1a665324402a00a6bceba475881af281503ad9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 17 Apr 2023 18:04:31 GMT
content-encoding: gzip
content-md5: X1JOIM5h9UISVFS6+GfEew==
age: 18895
x-cache: CONFIG_NOCACHE
content-length: 81726
x-ms-lease-status: unlocked
last-modified: Wed, 24 Aug 2022 17:34:36 GMT
etag: 0x8DA85F6EA62BF74
vary: Accept-Encoding
x-azure-ref: 0MIo9ZAAAAABbnbPRqt2DTr/B7plu09zERlJBMzFFREdFMDQxMAAzOWI0NjE1Ny1jYjllLTQ5YjctYTY1YS04NzIyYTNmODI0ZTQ=
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 9a1c735a-f01e-0004-312b-719b7b000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control: max-age=43200
x-ms-version: 2009-09-19

GET
H2 200 jquery.min.js Show response
www.microsoft.com/en-us/security/blog/wp-includes/js/jquery/ 88 KB
31 KB 1041ms
1040ms Script
application/javascript 2a02:26f0:7100:8a6::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/en-us/security/blog/wp-includes/js/jquery/jquery.min.js?ver=3.6.3

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100:8a6::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

afacce23cb4feaaaef37997f8439819d8f827df4951f3ff02704c9f16fb7f53a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Mon, 17 Apr 2023 18:04:33 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Wed, 08 Mar 2023 18:37:33 GMT
x-rtag: RT
etag: "15ed7-5f667d23f9540-gzip"
vary: Accept-Encoding
content-type: application/javascript
tls_version: tls1.3
cache-control: max-age=2592000
ms-cv-esi: CASMicrosoftCV48f3733e.0
accept-ranges: bytes
ms-cv: CASMicrosoftCV48f3733e.0
content-length: 31049
expires: Wed, 17 May 2023 18:04:33 GMT

GET
H2 200 jquery-migrate.min.js Show response
www.microsoft.com/en-us/security/blog/wp-includes/js/jquery/ 13 KB
5 KB 994ms
993ms Script
application/javascript 2a02:26f0:7100:8a6::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/en-us/security/blog/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.0

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100:8a6::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

9810aee7e6d57d8cceaa96322b88e6df46710194689ae12b284149148cabc2f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Mon, 17 Apr 2023 18:04:33 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Mon, 06 Feb 2023 20:59:15 GMT
x-rtag: RT
etag: "3470-5f40e4dc48ec0-gzip"
vary: Accept-Encoding
content-type: application/javascript
tls_version: tls1.3
cache-control: max-age=2592000
ms-cv-esi: CASMicrosoftCV48f37340.0
accept-ranges: bytes
ms-cv: CASMicrosoftCV48f37340.0
content-length: 4795
expires: Wed, 17 May 2023 18:04:33 GMT

GET
H2 200 mwf-main.var.min.js Show response
assets.onestore.ms/cdnfiles/external/mwf/short/v1/latest/scripts/ 302 KB
70 KB 236ms
145ms Script
application/x-javascript 2a02:26f0:9100:7a2::2957
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.onestore.ms/cdnfiles/external/mwf/short/v1/latest/scripts/mwf-main.var.min.js?ver=v1.23.2+5182151

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:9100:7a2::2957 Paris, France, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /

Resource Hash

b1d83c2d49c49ea38d578afa752aaec44a86d069d6ce2d54460e2612fc31a102

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Mon, 17 Apr 2023 18:04:32 GMT
content-encoding: gzip
x-content-type-options: nosniff, nosniff
last-modified: Thu, 01 Feb 2018 02:22:29 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
content-md5: FuF99EJdzMvbQQjP24cb+Q==
etag: "0x8D5691AA4A90431"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-lease-state,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
cache-control: max-age=900
accept-ranges: bytes
content-length: 71185
x-ms-lease-state: available

GET
H2 200 ms.analytics-web-3.min.js Show response
js.monitor.azure.com/scripts/c/ 136 KB
50 KB 125ms
10ms Script
text/javascript 2620:1ec:4f:1::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://js.monitor.azure.com/scripts/c/ms.analytics-web-3.min.js
Requested by: Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:4f:1::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 8a13eda4650628c3b24edd6b407cfedf1821188701430545bc17ccf7fe0083ac

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Mon, 17 Apr 2023 18:04:31 GMT
content-encoding: br
x-azure-ref-originshield: 0IYU9ZAAAAADYQXybE+dyQY3BlxSoVmplRlJBMjMxMDUwNDE3MDIxAGYxY2E3M2Q0LTg4ODMtNGNhZi1hYmRjLWZlMmQ1NjdhZmI5Ng==
content-md5: aluZD4aW63pn7P5rWzyrCw==
x-cache: TCP_HIT
x-ms-meta-jssdkver: 3.2.9
last-modified: Tue, 21 Feb 2023 18:31:48 GMT
x-ms-meta-jssdksrc: [cdn]/scripts/c/ms.analytics-web-3.2.9.min.js
etag: 0x8DB1439E4C632FC
x-azure-ref: 0MIo9ZAAAAACFTfZo3ygqTav1HQ1/nDxERlJBMzFFREdFMDkxOABmMWNhNzNkNC04ODgzLTRjYWYtYWJkYy1mZTJkNTY3YWZiOTY=
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
x-ms-request-id: 5dfe4657-701e-0095-7c52-71f8f6000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,x-ms-meta-jssdkver,x-ms-meta-lastmodified,x-ms-meta-jssdksrc,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=1800, immutable, no-transform
x-ms-version: 2009-09-19

GET
H2 200 74-888e54
www.microsoft.com/onerfstatics/marketingsites-eus-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/79-4cdd0a/33-ae3d41/a5-4bf7a2/13-8e1ceb/81-32f0c0/5c-b7b685/51-0a6e40/ 167 KB
23 KB 354ms
353ms Stylesheet
text/css 2a02:26f0:7100:8a6::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/onerfstatics/marketingsites-eus-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/79-4cdd0a/33-ae3d41/a5-4bf7a2/13-8e1ceb/81-32f0c0/5c-b7b685/51-0a6e40/74-888e54?ver=2.0&_cf=02242021_3231

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100:8a6::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

a9f24da628989ece81a468b5a98977c64c8d914e9d139aad578bccde73bcc2da

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

ms-operation-id: 021905d1c6bf9c43a286d8fa43954286
date: Mon, 17 Apr 2023 18:04:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
x-rtag: RT
x-s2: 2023-04-06T15:03:21
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-activity-id: dda29ca8-b599-41d4-a09c-c3510233d8aa
tls_version: tls1.3
ms-cv-esi: CASMicrosoftCV48f3733f.0
ms-cv: CASMicrosoftCV48f3733f.0
content-length: 22742
x-xss-protection: 1; mode=block
last-modified: Thu, 06 Apr 2023 15:03:21 GMT
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2023-03-28T02:42:34.0000000Z}
x-s1: 2023-04-06T15:03:21
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30574744
vary: Accept-Encoding
timing-allow-origin: *
x-appversion: 1.0.8486.33677
expires: Fri, 05 Apr 2024 15:03:36 GMT

GET
H/1.1 200
OK override.css
statics-marketingsites-eus-ms-com.akamaized.net/statics/ 1 KB
907 B 42ms
7ms Stylesheet
text/css 95.101.54.137
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://statics-marketingsites-eus-ms-com.akamaized.net/statics/override.css
Requested by: Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 95.101.54.137 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a95-101-54-137.deploy.static.akamaitechnologies.com
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 0bd288d5397a69ead391875b422bf2cbdcc4f795d64aa2f780aff45768d78248

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 17 Apr 2023 18:04:32 GMT
Content-Encoding: gzip
Last-Modified: Tue, 11 Jun 2019 23:22:13 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
ETag: 0x8D6EEC3A2D67C35
Vary: Accept-Encoding
Content-Type: text/css
x-ms-request-id: 003c9b00-001e-000b-644e-d0127e000000
x-ms-version: 2009-09-19
Connection: keep-alive
Content-Length: 473

GET
H2 200 a2-598841 Show response
www.microsoft.com/onerfstatics/marketingsites-eus-prod/shell/_scrf/js/themes=default/8e-e88b64/82-2a4f02/49-a00ab0/92-02e55d/7c-dcea75/75-fca72d/ed-e77ee7/d5-bf34c0/a9-078595/7a-7ea8cc/2d-40bdad/23... 134 KB
36 KB 356ms
355ms Script
text/javascript 2a02:26f0:7100:8a6::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/onerfstatics/marketingsites-eus-prod/shell/_scrf/js/themes=default/8e-e88b64/82-2a4f02/49-a00ab0/92-02e55d/7c-dcea75/75-fca72d/ed-e77ee7/d5-bf34c0/a9-078595/7a-7ea8cc/2d-40bdad/23-e8cd2b/96-eb5423/e6-6b0cce/d1-98d78a/c6-082272/a7-f7a340/1e-addbef/2e-ca165a/fc-169dd8/8e-60935c/87-fecbed/96-6ed6eb/c3-eb62e0/ad-ffd6bf/35-621acc/3b-84517a/b0-07f293/1e-9d9d16/52-f0367f/94-1dce2c/bf-517249/e1-ed258e/20-0b10e2/6b-0f1117/fb-5e9831/a2-598841?ver=2.0&_cf=02242021_3231&iife=1

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100:8a6::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

f972ffc4af215a60ab0d70a63535cfcd23a951766c9903c6770bfc431e88852e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

ms-operation-id: 0b71d0b70434cc48afeedf440663be21
date: Mon, 17 Apr 2023 18:04:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
x-rtag: RT
x-s2: 2023-04-04T20:02:47
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-activity-id: 5c6fd958-4a48-4830-8b5a-7e72637ef22f
tls_version: tls1.3
ms-cv-esi: CASMicrosoftCV48f37341.0
ms-cv: CASMicrosoftCV48f37341.0
content-length: 35909
x-xss-protection: 1; mode=block
last-modified: Tue, 04 Apr 2023 20:02:47 GMT
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2023-03-28T02:42:34.0000000Z}
x-s1: 2023-04-04T20:02:47
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30419945
vary: Accept-Encoding
timing-allow-origin: *
x-appversion: 1.0.8486.33677
expires: Wed, 03 Apr 2024 20:03:37 GMT

GET
H2 200 meversion Show response
mem.gfx.ms/ 29 KB
10 KB 133ms
12ms Script
application/javascript 2620:1ec:4f:1::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://mem.gfx.ms/meversion?partner=MSSecurity&market=en-us&uhf=1

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:4f:1::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e0c4a17058f3b70c5a894f92c8e4fffb1c17a88fd8e1741da61caa966ea0ddda

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

x-ua-compatible: IE=edge
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: br
x-content-type-options: nosniff
date: Mon, 17 Apr 2023 18:04:32 GMT
x-azure-ref-originshield: 06Vg9ZAAAAAAjoe4e9sRFRbtCadbxRs2pRlJBMjMxMDUwNDE4MDUzAGVhYzVmNDlmLWUwMmQtNGY0MS1iMGE2LTJkNTBmOWZjZjg0YQ==
x-azure-ref: 0MYo9ZAAAAADIJpvPIj28QZORwq6ileraRlJBMzFFREdFMDkwOABlYWM1ZjQ5Zi1lMDJkLTRmNDEtYjBhNi0yZDUwZjlmY2Y4NGE=
x-cache: TCP_HIT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, no-transform, max-age=43200
expires: Mon, 17 Apr 2023 17:18:32 GMT

GET
H2 200 RE1Mu3b
img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/ 4 KB
4 KB 94ms
46ms Image
image/png 2a02:26f0:780::210:ca7a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a02:26f0:780::210:ca7a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

112fec798b78aa02e102a724b5cb1990c0f909bc1d8b7b1fa256eab41bbc0960

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Mon, 17 Apr 2023 18:04:33 GMT
last-modified: Thu, 13 Apr 2023 20:37:29 GMT
x-resizerversion: 1.0
x-datacenter: northeu
x-source-length: 4054
x-frame-options: DENY
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=95578
x-activityid: 9a68338b-330b-4436-8e78-1591ee0cab82
content-location: https://image.prod.cms.rt.microsoft.com/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
timing-allow-origin: *
content-length: 4054
alt-svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
expires: Tue, 18 Apr 2023 20:37:31 GMT

GET
H2 200 fig1-wmic-related-attacks.png
www.microsoft.com/en-us/security/blog/wp-content/uploads/2019/08/ 18 KB
19 KB 48ms
47ms Image
image/png 2a02:26f0:7100:8a6::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2019/08/fig1-wmic-related-attacks.png

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100:8a6::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

9d4e88df90b0f6cca80624b64fd0f13b505f0bf412a8d4d4675c13a62ed6d653

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Mon, 17 Apr 2023 18:04:33 GMT
strict-transport-security: max-age=31536000
last-modified: Thu, 08 Sep 2022 11:49:44 GMT
x-rtag: RT
etag: "4925-5e829068dc4a3"
content-type: image/png
tls_version: tls1.3
cache-control: max-age=31536000
ms-cv-esi: CASMicrosoftCV48f37adb.0
accept-ranges: bytes
ms-cv: CASMicrosoftCV48f37adb.0
content-length: 18725
expires: Tue, 16 Apr 2024 18:04:32 GMT

GET
H2 200 taxonomy-fileless-threats-blog.png
www.microsoft.com/en-us/security/blog/wp-content/uploads/2018/09/ 59 KB
59 KB 131ms
130ms Image
image/png 2a02:26f0:7100:8a6::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2018/09/taxonomy-fileless-threats-blog.png

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100:8a6::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

0bd4a1e528ed9dc983cebccb6de608309053d200f35fae988f887b64f8658d48

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Mon, 17 Apr 2023 18:04:33 GMT
strict-transport-security: max-age=31536000
last-modified: Thu, 08 Sep 2022 11:46:29 GMT
x-rtag: RT
etag: "eb29-5e828faea6077"
content-type: image/png
tls_version: tls1.3
cache-control: max-age=31536000
ms-cv-esi: CASMicrosoftCV48f37adc.0
accept-ranges: bytes
ms-cv: CASMicrosoftCV48f37adc.0
content-length: 60201
expires: Tue, 16 Apr 2024 18:04:33 GMT

GET
H2 200 Astaroth-2020-blog-440x268.png
www.microsoft.com/en-us/security/blog/wp-content/uploads/2020/03/ 181 KB
182 KB 46ms
45ms Image
image/png 2a02:26f0:7100:8a6::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2020/03/Astaroth-2020-blog-440x268.png

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100:8a6::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

c2b2c2e19d501f35ba37e5dc0a722dce3d5109a1399d6fdbf3edf591fe25d736

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Mon, 17 Apr 2023 18:04:33 GMT
strict-transport-security: max-age=31536000
last-modified: Thu, 08 Sep 2022 11:52:05 GMT
x-rtag: RT
etag: "2d4e6-5e8290eead4c1"
content-type: image/png
tls_version: tls1.3
cache-control: max-age=31536000
ms-cv-esi: CASMicrosoftCV48f37add.0
accept-ranges: bytes
ms-cv: CASMicrosoftCV48f37add.0
content-length: 185574
expires: Tue, 16 Apr 2024 18:04:33 GMT

GET
H2 200 Nodersok-blog.jpg
www.microsoft.com/en-us/security/blog/wp-content/uploads/2019/09/ 36 MB
36 MB 133ms
132ms Image
image/jpeg 2a02:26f0:7100:8a6::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2019/09/Nodersok-blog.jpg

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100:8a6::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e71d86a59e43c9c682d7f039c28d29f4e82d6815fec126eac48e9dc485c731fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Mon, 17 Apr 2023 18:04:33 GMT
strict-transport-security: max-age=31536000
last-modified: Thu, 08 Sep 2022 11:58:56 GMT
x-rtag: RT
etag: "24522c2-5e82927719cf0"
content-type: image/jpeg
tls_version: tls1.3
cache-control: max-age=31536000
ms-cv-esi: CASMicrosoftCV48f37b02.0
accept-ranges: bytes
ms-cv: CASMicrosoftCV48f37b02.0
content-length: 38085314
expires: Tue, 16 Apr 2024 18:04:33 GMT

GET
H2 200 modernizr.js Show response
www.microsoft.com/en-us/security/blog/wp-content/themes/ms-security/assets/bower_components/modernizer/ 50 KB
16 KB 246ms
245ms Script
application/javascript 2a02:26f0:7100:8a6::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/en-us/security/blog/wp-content/themes/ms-security/assets/bower_components/modernizer/modernizr.js?ver=2.8.2

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100:8a6::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

b828b15e9b7836b493a8bd6e832a24ee13aa8b6f8b4a1bf307a7af2912014178

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Mon, 17 Apr 2023 18:04:33 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Tue, 11 Apr 2023 17:23:30 GMT
x-rtag: RT
etag: "c897-5f912c0078880-gzip"
vary: Accept-Encoding
content-type: application/javascript
tls_version: tls1.3
cache-control: max-age=2592000
ms-cv-esi: CASMicrosoftCV48f37a11.0
accept-ranges: bytes
ms-cv: CASMicrosoftCV48f37a11.0
content-length: 15769
expires: Wed, 17 May 2023 18:04:33 GMT

GET
H2 200 mwf-auto-init-main.var.min.js Show response
assets.onestore.ms/cdnfiles/external/mwf/short/v1/latest/scripts/ 303 KB
71 KB 136ms
136ms Script
application/x-javascript 2a02:26f0:9100:7a2::2957
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.onestore.ms/cdnfiles/external/mwf/short/v1/latest/scripts/mwf-auto-init-main.var.min.js?ver=v1.23.2+5182151

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:9100:7a2::2957 Paris, France, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /

Resource Hash

f2a28cd82e7ec00d2d8158f21fb0507722cd8b09fa4a0a16fadc58f30385cc25

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Mon, 17 Apr 2023 18:04:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 01 Feb 2018 02:22:29 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
content-md5: 12go4t01WZJhAGBag3beKQ==
etag: "0x8D5691AA4A3D407"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-lease-state,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
cache-control: max-age=900
accept-ranges: bytes
content-length: 71611
x-ms-lease-state: available

GET
H2 200 picturefill.min.js Show response
www.microsoft.com/en-us/security/blog/wp-content/themes/ms-security/assets/bower_components/picturefill/dist/ 12 KB
5 KB 143ms
142ms Script
application/javascript 2a02:26f0:7100:8a6::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/en-us/security/blog/wp-content/themes/ms-security/assets/bower_components/picturefill/dist/picturefill.min.js?ver=3.0.3

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100:8a6::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

893fa7fe8b6e69e2828319c04a7cbb6f129ea820db695d4ced5757d59450b6a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Mon, 17 Apr 2023 18:04:33 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Tue, 11 Apr 2023 17:23:30 GMT
x-rtag: RT
etag: "2e1f-5f912c0078880-gzip"
vary: Accept-Encoding
content-type: application/javascript
tls_version: tls1.3
cache-control: max-age=2592000
ms-cv-esi: CASMicrosoftCV48f37ad4.0
accept-ranges: bytes
ms-cv: CASMicrosoftCV48f37ad4.0
content-length: 5171
expires: Wed, 17 May 2023 18:04:33 GMT

GET
H2 200 imagesloaded.min.js Show response
www.microsoft.com/en-us/security/blog/wp-includes/js/ 5 KB
2 KB 145ms
144ms Script
application/javascript 2a02:26f0:7100:8a6::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/en-us/security/blog/wp-includes/js/imagesloaded.min.js?ver=4.1.4

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100:8a6::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Mon, 17 Apr 2023 18:04:33 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Sat, 13 Jun 2020 18:53:27 GMT
x-rtag: RT
etag: "15fd-5a7fbb57c37c0-gzip"
vary: Accept-Encoding
content-type: application/javascript
tls_version: tls1.3
cache-control: max-age=2592000
ms-cv-esi: CASMicrosoftCV48f37ad5.0
accept-ranges: bytes
ms-cv: CASMicrosoftCV48f37ad5.0
content-length: 1834
expires: Wed, 17 May 2023 18:04:33 GMT

GET
H2 200 masonry.min.js Show response
www.microsoft.com/en-us/security/blog/wp-includes/js/ 24 KB
8 KB 165ms
163ms Script
application/javascript 2a02:26f0:7100:8a6::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/en-us/security/blog/wp-includes/js/masonry.min.js?ver=4.2.2

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100:8a6::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e00add38134eac2fb8e8e9c09cbfff7bbe57952b210322eb2eecb0a21fc055eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Mon, 17 Apr 2023 18:04:33 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Sat, 13 Jun 2020 18:53:27 GMT
x-rtag: RT
etag: "5e4a-5a7fbb57c37c0-gzip"
vary: Accept-Encoding
content-type: application/javascript
tls_version: tls1.3
cache-control: max-age=2592000
ms-cv-esi: CASMicrosoftCV48f37ad6.0
accept-ranges: bytes
ms-cv: CASMicrosoftCV48f37ad6.0
content-length: 7382
expires: Wed, 17 May 2023 18:04:33 GMT

GET
H2 200 project.min.js Show response
www.microsoft.com/en-us/security/blog/wp-content/themes/ms-security/assets/scripts/ 6 KB
2 KB 161ms
159ms Script
application/javascript 2a02:26f0:7100:8a6::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/en-us/security/blog/wp-content/themes/ms-security/assets/scripts/project.min.js?ver=1681233810

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100:8a6::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

682d50732b7337b57f5d67840f768b93e9a209ad11b6b71e208cca2d4f504b27

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Mon, 17 Apr 2023 18:04:33 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Tue, 11 Apr 2023 17:23:30 GMT
x-rtag: RT
etag: "19d5-5f912c0078880-gzip"
vary: Accept-Encoding
content-type: application/javascript
tls_version: tls1.3
cache-control: max-age=2592000
ms-cv-esi: CASMicrosoftCV48f37ad7.0
accept-ranges: bytes
ms-cv: CASMicrosoftCV48f37ad7.0
content-length: 2006
expires: Wed, 17 May 2023 18:04:33 GMT

GET
H2 200 focus-within.js Show response
www.microsoft.com/en-us/security/blog/wp-content/plugins/oembeds/assets/js/vendor/ 10 KB
4 KB 74ms
72ms Script
application/javascript 2a02:26f0:7100:8a6::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/en-us/security/blog/wp-content/plugins/oembeds/assets/js/vendor/focus-within.js?ver=1.3.8

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100:8a6::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

c05536c0f0662d15af06f535b7e11931840fa8d5893debb0d69289d3f4b15d6c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Mon, 17 Apr 2023 18:04:33 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Tue, 11 Apr 2023 17:24:57 GMT
x-rtag: RT
etag: "289e-5f912c5370c40-gzip"
vary: Accept-Encoding
content-type: application/javascript
tls_version: tls1.3
cache-control: max-age=2592000
ms-cv-esi: CASMicrosoftCV48f37ad8.0
accept-ranges: bytes
ms-cv: CASMicrosoftCV48f37ad8.0
content-length: 3288
expires: Wed, 17 May 2023 18:04:33 GMT

GET
H2 404 ms-oembed-lib-gif.js
www.microsoft.com/en-us/security/blog/wp-content/plugins/oembeds/dist/js/ 0
0 109ms
108ms Script
text/html 2a02:26f0:7100:8a6::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/en-us/security/blog/wp-content/plugins/oembeds/dist/js/ms-oembed-lib-gif.js

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100:8a6::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Mon, 17 Apr 2023 18:04:33 GMT
strict-transport-security: max-age=31536000
x-rtag: RT
x-frame-options: SAMEORIGIN
content-type: text/html; charset=utf-8
tls_version: tls1.3
cache-control: no-cache, must-revalidate, max-age=0
ms-cv-esi: CASMicrosoftCV48f37ad9.0
ms-cv: CASMicrosoftCV48f37ad9.0
link: <https://www.microsoft.com/en-us/security/blog/wp-json/>; rel="https://api.w.org/"
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 microsoft-uhf.js Show response
www.microsoft.com/en-us/security/blog/wp-content/plugins/microsoft-uhf/assets/ 3 KB
2 KB 47ms
46ms Script
application/javascript 2a02:26f0:7100:8a6::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/en-us/security/blog/wp-content/plugins/microsoft-uhf/assets/microsoft-uhf.js?ver=0.4.0

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100:8a6::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

cffbae450bcad74d65019c0aa2bada046cdcf5f5fa4af699929838f58c7ff8c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Mon, 17 Apr 2023 18:04:33 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Tue, 11 Apr 2023 17:24:57 GMT
x-rtag: RT
etag: "d4e-5f912c5370c40-gzip"
vary: Accept-Encoding
content-type: application/javascript
tls_version: tls1.3
cache-control: max-age=2592000
ms-cv-esi: CASMicrosoftCV48f37ada.0
accept-ranges: bytes
ms-cv: CASMicrosoftCV48f37ada.0
content-length: 1370
expires: Wed, 17 May 2023 18:04:33 GMT

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2bf73ba8c24162c4cfd51b3b508b2bc0f8ee00cab13bec8f32b6fb6359be7d17

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 223 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 707c5b510b5712a82fd8bdf073a6d9860583931ee85f6ee7e2e735e81ae05d18

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 mwfmdl2-v3.54.woff
www.microsoft.com/mwf/_h/v3.54/mwf.app/fonts/ 26 KB
26 KB 44ms
44ms Font
application/font-woff 2a02:26f0:7100:8a6::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/mwf/_h/v3.54/mwf.app/fonts/mwfmdl2-v3.54.woff

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/onerfstatics/marketingsites-eus-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/79-4cdd0a/33-ae3d41/a5-4bf7a2/13-8e1ceb/81-32f0c0/5c-b7b685/51-0a6e40/74-888e54?ver=2.0&_cf=02242021_3231

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100:8a6::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

22b4df5c33045b645cafa45b04685f4752e471a2e933bff5bf14324d87deee12

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.microsoft.com/onerfstatics/marketingsites-eus-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/79-4cdd0a/33-ae3d41/a5-4bf7a2/13-8e1ceb/81-32f0c0/5c-b7b685/51-0a6e40/74-888e54?ver=2.0&_cf=02242021_3231
Origin: https://www.microsoft.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

ms-operation-id: 14e8e4f1f9f1ae40aed708457d12d752
date: Mon, 17 Apr 2023 18:04:33 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-rtag: RT
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-activity-id: c4f9f0d8-8187-40ff-92bb-db0535ecc2e5
tls_version: tls1.3
ms-cv-esi: CASMicrosoftCV48f37b03.0
ms-cv: CASMicrosoftCV48f37b03.0
content-length: 26288
x-xss-protection: 1; mode=block
last-modified: Thu, 30 Mar 2023 13:01:34 GMT
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2023-03-10T08:58:24.0000000Z}
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=29962586
x-appversion: 1.0.8468.43152
expires: Fri, 29 Mar 2024 13:00:59 GMT

GET
H2 200 latest.woff2
c.s-microsoft.com/static/fonts/segoe-ui/west-european/Semibold/ 29 KB
29 KB 75ms
8ms Font
font/woff2 2a02:26f0:480:79d::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.s-microsoft.com/static/fonts/segoe-ui/west-european/Semibold/latest.woff2
Requested by: Host: assets.onestore.ms
URL: https://assets.onestore.ms/cdnfiles/external/mwf/short/v1/latest/css/mwf-west-european-default.min.css?ver=6.2
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:79d::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: d87d0a7a7fe2c36d1dc093bfe56e9b81b311988789dbd3b65abf811d551ef02f

Request headers

Referer: https://assets.onestore.ms/
Origin: https://www.microsoft.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Mon, 17 Apr 2023 18:04:33 GMT
last-modified: Fri, 10 Jan 2020 19:09:43 GMT
etag: "5b68d583e9c7d51:0"
access-control-allow-methods: GET,POST
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=347441
accept-ranges: bytes
content-length: 29388
expires: Fri, 21 Apr 2023 18:35:14 GMT

GET
H2 200 latest.woff2
c.s-microsoft.com/static/fonts/segoe-ui/west-european/normal/ 33 KB
34 KB 80ms
14ms Font
font/woff2 2a02:26f0:480:79d::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.s-microsoft.com/static/fonts/segoe-ui/west-european/normal/latest.woff2
Requested by: Host: assets.onestore.ms
URL: https://assets.onestore.ms/cdnfiles/external/mwf/short/v1/latest/css/mwf-west-european-default.min.css?ver=6.2
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:79d::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 4f7f4afe26e71fa9ca1dac4a43b557a554a46f53251d849f07ed08a04829d74b

Request headers

Referer: https://assets.onestore.ms/
Origin: https://www.microsoft.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Mon, 17 Apr 2023 18:04:33 GMT
last-modified: Fri, 10 Jan 2020 19:09:43 GMT
etag: "588d483e9c7d51:0"
access-control-allow-methods: GET,POST
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=350225
accept-ranges: bytes
content-length: 34052
expires: Fri, 21 Apr 2023 19:21:38 GMT

GET
H2 200 latest.woff2
c.s-microsoft.com/static/fonts/segoe-ui/west-european/Light/ 27 KB
27 KB 74ms
15ms Font
font/woff2 2a02:26f0:480:79d::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.s-microsoft.com/static/fonts/segoe-ui/west-european/Light/latest.woff2
Requested by: Host: assets.onestore.ms
URL: https://assets.onestore.ms/cdnfiles/external/mwf/short/v1/latest/css/mwf-west-european-default.min.css?ver=6.2
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:79d::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: fe8a1047376498c80a157d13555e42a92ad480fcb0bcc9de51ad1930fbeb7f91

Request headers

Referer: https://assets.onestore.ms/
Origin: https://www.microsoft.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Mon, 17 Apr 2023 18:04:33 GMT
last-modified: Fri, 10 Jan 2020 19:09:43 GMT
etag: "1282d283e9c7d51:0"
access-control-allow-methods: GET,POST
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=346034
accept-ranges: bytes
content-length: 27168
expires: Fri, 21 Apr 2023 18:11:47 GMT

GET
H2 200 latest.woff2
c.s-microsoft.com/static/fonts/segoe-ui/west-european/Bold/ 29 KB
30 KB 82ms
27ms Font
font/woff2 2a02:26f0:480:79d::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.s-microsoft.com/static/fonts/segoe-ui/west-european/Bold/latest.woff2
Requested by: Host: assets.onestore.ms
URL: https://assets.onestore.ms/cdnfiles/external/mwf/short/v1/latest/css/mwf-west-european-default.min.css?ver=6.2
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:79d::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 1232bbdbc5d205f3c5a40efa5ed92839c79e7879d5168445cc47645bb93f7d1b

Request headers

Referer: https://assets.onestore.ms/
Origin: https://www.microsoft.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Mon, 17 Apr 2023 18:04:33 GMT
last-modified: Fri, 10 Jan 2020 19:09:42 GMT
etag: "83cce83e9c7d51:0"
access-control-allow-methods: GET,POST
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=347784
accept-ranges: bytes
content-length: 30132
expires: Fri, 21 Apr 2023 18:40:57 GMT

GET
H2 200 latest.woff2
c.s-microsoft.com/static/fonts/segoe-ui/west-european/Semilight/ 28 KB
28 KB 71ms
27ms Font
font/woff2 2a02:26f0:480:79d::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.s-microsoft.com/static/fonts/segoe-ui/west-european/Semilight/latest.woff2
Requested by: Host: assets.onestore.ms
URL: https://assets.onestore.ms/cdnfiles/external/mwf/short/v1/latest/css/mwf-west-european-default.min.css?ver=6.2
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:79d::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 6ba0d1a726f1887bd61727b308ed0be0e73edba17d4ad11b91ab19b632e078f6

Request headers

Referer: https://assets.onestore.ms/
Origin: https://www.microsoft.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Mon, 17 Apr 2023 18:04:33 GMT
last-modified: Fri, 10 Jan 2020 19:09:43 GMT
etag: "95edd883e9c7d51:0"
access-control-allow-methods: GET,POST
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=347921
accept-ranges: bytes
content-length: 28908
expires: Fri, 21 Apr 2023 18:43:14 GMT

GET
H2 200 fig1a-astaroth-attack-chain.png
www.microsoft.com/en-us/security/blog/wp-content/uploads/2019/08/ 161 KB
162 KB 51ms
51ms Image
image/png 2a02:26f0:7100:8a6::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2019/08/fig1a-astaroth-attack-chain.png

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100:8a6::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

44bb1e8277630dda7180ea6a9dd02cc67176c6ef1fe794c51d50e2ed15ec7d08

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Mon, 17 Apr 2023 18:04:33 GMT
strict-transport-security: max-age=31536000
last-modified: Thu, 08 Sep 2022 11:50:47 GMT
x-rtag: RT
etag: "282a3-5e8290a4beb20"
content-type: image/png
tls_version: tls1.3
cache-control: max-age=31536000
ms-cv-esi: CASMicrosoftCV48f37b63.0
accept-ranges: bytes
ms-cv: CASMicrosoftCV48f37b63.0
content-length: 164515
expires: Tue, 16 Apr 2024 18:04:33 GMT

GET
H2 200 fig2b-microsoft-defender-atp-next-gen-protection.png
www.microsoft.com/en-us/security/blog/wp-content/uploads/2019/08/ 156 KB
157 KB 48ms
48ms Image
image/png 2a02:26f0:7100:8a6::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2019/08/fig2b-microsoft-defender-atp-next-gen-protection.png

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100:8a6::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

dc15233246c7f4e2d2a9e8c860a2961cd89379f961b1fe8be08fbc46096a0125

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Mon, 17 Apr 2023 18:04:33 GMT
strict-transport-security: max-age=31536000
last-modified: Thu, 08 Sep 2022 11:49:25 GMT
x-rtag: RT
etag: "2703d-5e829056018c9"
content-type: image/png
tls_version: tls1.3
cache-control: max-age=31536000
ms-cv-esi: CASMicrosoftCV48f37b64.0
accept-ranges: bytes
ms-cv: CASMicrosoftCV48f37b64.0
content-length: 159805
expires: Tue, 16 Apr 2024 18:04:33 GMT

GET
H2 200 ms.shared.analytics.mectrl-3.2.6.gbl.min.js Show response
js.monitor.azure.com/scripts/c/ 88 KB
34 KB 27ms
10ms Script
text/javascript 2620:1ec:4f:1::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://js.monitor.azure.com/scripts/c/ms.shared.analytics.mectrl-3.2.6.gbl.min.js
Requested by: Host: mem.gfx.ms
URL: https://mem.gfx.ms/meversion?partner=MSSecurity&market=en-us&uhf=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:4f:1::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 7d145b10d4a03fc22a08b2228f403779414c838430ce718ba52fb23e15837e55

Request headers

Referer: https://www.microsoft.com/
Origin: https://www.microsoft.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Mon, 17 Apr 2023 18:04:33 GMT
content-encoding: br
x-ms-meta-jssdkver: 3.2.6
last-modified: Thu, 18 Aug 2022 21:40:45 GMT
x-azure-ref-originshield: 0rYU4ZAAAAACPOOFYrpCsTIJ04WZ0L7aLRlJBMjMxMDUwNDE4MDMzAGYxY2E3M2Q0LTg4ODMtNGNhZi1hYmRjLWZlMmQ1NjdhZmI5Ng==
content-md5: RlzwH95FOkmm6gksZWAC+w==
etag: 0x8DA81624EF9033C
x-azure-ref: 0MYo9ZAAAAAAXt02npKhCSo3wWlvVxOugRlJBMzFFREdFMDkyMgBmMWNhNzNkNC04ODgzLTRjYWYtYWJkYy1mZTJkNTY3YWZiOTY=
x-cache: TCP_HIT
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
x-ms-request-id: 0559b95b-701e-00c1-2134-6d37cd000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,x-ms-meta-jssdkver,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000, immutable, no-transform
x-ms-version: 2009-09-19

GET
H2 200 meBoot.min.js Show response
mem.gfx.ms/scripts/me/MeControl/10.23082.2/en-US/ 177 KB
33 KB 28ms
11ms Script
application/javascript 2620:1ec:4f:1::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://mem.gfx.ms/scripts/me/MeControl/10.23082.2/en-US/meBoot.min.js

Requested by

Host: mem.gfx.ms
URL: https://mem.gfx.ms/meversion?partner=MSSecurity&market=en-us&uhf=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:4f:1::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

fa334c1e3766c50298f83ee32aed20fcd0978230350837dc7cb9115d096a7167

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.microsoft.com/
Origin: https://www.microsoft.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: br
x-content-type-options: nosniff
date: Mon, 17 Apr 2023 18:04:32 GMT
last-modified: Wed, 29 Mar 2023 19:24:18 GMT
x-azure-ref-originshield: 03rU6ZAAAAADyL5EtFR1HT5zWkeiZMwFnRlJBMjMxMDUwNDE3MDExAGVhYzVmNDlmLWUwMmQtNGY0MS1iMGE2LTJkNTBmOWZjZjg0YQ==
etag: "1d962aebaac36e7"
x-azure-ref: 0MYo9ZAAAAAB4widdTgAKS6EGHUavwAoQRlJBMzFFREdFMDMxOQBlYWM1ZjQ5Zi1lMDJkLTRmNDEtYjBhNi0yZDUwZjlmY2Y4NGE=
x-cache: TCP_HIT
content-type: application/javascript
access-control-allow-origin: *
x-ua-compatible: IE=edge

GET
DATA 200
OK truncated
/ 358 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ee2b841529e5d06aeae7f65b413b40bbfef5161c9fad9a8a1755dac03806291b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

OPTIONS
H/1.1 200
OK /
browser.events.data.microsoft.com/OneCollector/1.0/ Frame 0
0 157ms
18ms Preflight 51.105.71.137
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

51.105.71.137 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-HTTPAPI/2.0 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Headers: apikey,cache-control,client-id,client-version,content-type,time-delta-to-apply-millis,upload-time
Access-Control-Request-Method: POST
Origin: https://www.microsoft.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: AuthMsaDeviceTicket,AuthXToken,Content-Encoding,Content-Type,Cache-Control,Client-Id,SDK-Name,sdk-version,apikey,x-apikey,client-version,upload-time,time-delta-to-apply-millis,client-time-epoch-millis,persistence-mode,reliability-mode,NoResponseBody
Access-Control-Allow-Origin: https://www.microsoft.com
Access-Control-Max-Age: 3600
Cache-Control: public, 3600
Content-Length: 0
Date: Mon, 17 Apr 2023 18:04:34 GMT
Server: Microsoft-HTTPAPI/2.0
Strict-Transport-Security: max-age=31536000

POST
H/1.1 200
OK / Show response
browser.events.data.microsoft.com/OneCollector/1.0/ 153 B
1 KB 91ms
22ms XHR
application/json 51.105.71.137
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0

Requested by

Host: js.monitor.azure.com
URL: https://js.monitor.azure.com/scripts/c/ms.analytics-web-3.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

51.105.71.137 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-HTTPAPI/2.0 /

Resource Hash

353f1ddd40e49e40b00f8b5030dc9b8722f28f694e9e329f4e4d2c67e6ca1c42

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

upload-time: 1681754674594
accept-language: de-DE,de;q=0.9
client-version: 1DS-Web-JS-3.2.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
time-delta-to-apply-millis: use-collector-delta
content-type: application/x-json-stream
cache-control: no-cache, no-store
Referer: https://www.microsoft.com/
apikey: cb68b8f590184975aa5eb4ed576fb074-e666ac9b-fa31-4339-8b9c-775f4bae31f3-6978
Client-Id: NO_AUTH

Response headers

Strict-Transport-Security: max-age=31536000
Date: Mon, 17 Apr 2023 18:04:34 GMT
Server: Microsoft-HTTPAPI/2.0
time-delta-millis: 225
Access-Control-Allow-Methods: POST
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Content-Type: application/json
Access-Control-Allow-Origin: https://www.microsoft.com
Access-Control-Expose-Headers: time-delta-millis
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
Content-Length: 153

GET
H/1.1 200
OK me.srf Show response
login.live.com/ Frame 10CE 12 KB
7 KB 248ms
108ms Document
text/html 2603:1027:1:d8::9
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://login.live.com/me.srf?wa=wsignin1.0&wreply=https%3A%2F%2Fwww.microsoft.com&uaid=1c1db284-d53a-4be7-cc3d-4f2a946453e0&partnerId=mssecurity

Requested by

Host: mem.gfx.ms
URL: https://mem.gfx.ms/scripts/me/MeControl/10.23082.2/en-US/meBoot.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2603:1027:1:d8::9 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

bc93b6370c1d4d77a61a43aebd80e15bf1d63109cbc294f8b16044ec6c3f7022

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.microsoft.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache
Content-Encoding: gzip
Content-Length: 5107
Content-Type: text/html; charset=utf-8
Date: Mon, 17 Apr 2023 18:04:35 GMT
Expires: Mon, 17 Apr 2023 18:03:36 GMT
Link: <https://logincdn.msauth.net>; rel=preconnect; crossorigin <https://acctcdn.msauth.net>; rel=preconnect; crossorigin <https://acctcdn.msftauth.net>; rel=preconnect; crossorigin <https://acctcdn.msauth.net/>; rel=dns-prefetch <https://acctcdn.msftauth.net/>; rel=dns-prefetch <https://acctcdnmsftuswe2.azureedge.net/>; rel=dns-prefetch <https://acctcdnvzeuno.azureedge.net/>; rel=dns-prefetch <https://logincdn.msauth.net/>; rel=dns-prefetch <https://logincdn.msftauth.net/>; rel=dns-prefetch <https://lgincdnvzeuno.azureedge.net/>; rel=dns-prefetch <https://lgincdnmsftuswe2.azureedge.net/>; rel=dns-prefetch
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
PPServer: PPV: 30 H: BL02PF1F3FB8F9C V: 0
Pragma: no-cache
Referrer-Policy: strict-origin-when-cross-origin
Strict-Transport-Security: max-age=31536000
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: on
X-XSS-Protection: 1; mode=block
x-ms-request-id: c7bf2cdb-19be-4c1d-b430-055c91977290
x-ms-route-info: C107_BL2

GET
H2 200 meCore.min.js Show response
mem.gfx.ms/scripts/me/MeControl/10.23082.2/en-US/ 98 KB
16 KB 10ms
9ms Script
application/javascript 2620:1ec:4f:1::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://mem.gfx.ms/scripts/me/MeControl/10.23082.2/en-US/meCore.min.js

Requested by

Host: mem.gfx.ms
URL: https://mem.gfx.ms/meversion?partner=MSSecurity&market=en-us&uhf=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:4f:1::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

a5268a183f2a091d2d17773997e89a25fc45cbd60e586edf61f544fb85d6f6a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.microsoft.com/
Origin: https://www.microsoft.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: br
x-content-type-options: nosniff
date: Mon, 17 Apr 2023 18:04:35 GMT
last-modified: Wed, 29 Mar 2023 19:24:26 GMT
x-azure-ref-originshield: 0ax07ZAAAAAC61+o0UlIASapC/i934/6CRlJBMjMxMDUwNDE3MDI3AGVhYzVmNDlmLWUwMmQtNGY0MS1iMGE2LTJkNTBmOWZjZjg0YQ==
etag: "1d962aebf7220a1"
x-azure-ref: 0M4o9ZAAAAAAqBopR2CavTI8bk6voZ/GzRlJBMzFFREdFMDMxOQBlYWM1ZjQ5Zi1lMDJkLTRmNDEtYjBhNi0yZDUwZjlmY2Y4NGE=
x-cache: TCP_HIT
content-type: application/javascript
access-control-allow-origin: *
x-ua-compatible: IE=edge

GET
H2 200 RW10pup
img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/ 3 KB
3 KB 18ms
18ms Image
image/png 2a02:26f0:780::210:ca7a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RW10pup?ver=d8fa

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a02:26f0:780::210:ca7a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

c23044c09bca18df7cf6420ba798462d3a3950fa7ffbf69579bfc98a75a4cd67

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Mon, 17 Apr 2023 18:04:36 GMT
last-modified: Fri, 31 Mar 2023 06:07:35 GMT
x-resizerversion: 1.0
x-source-length: 2946
x-datacenter: northeu
x-frame-options: DENY
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86553
x-activityid: 1f6971e2-14cd-45a2-ae3d-96b4ae7fa207
content-location: https://image.prod.cms.rt.microsoft.com/cms/api/am/imageFileData/RW10pup?ver=d8fa
timing-allow-origin: *
content-length: 2946
alt-svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
expires: Tue, 18 Apr 2023 18:07:09 GMT

GET
H2 200 MeControl_LYdEsDAvguH3z-iaooTqQQ2.js Show response
logincdn.msauth.net/16.000/content/js/ Frame 10CE 17 KB
6 KB 73ms
7ms Script
application/x-javascript 192.229.221.185

General

Check archive.org

Show headers Download Go to

Full URL: https://logincdn.msauth.net/16.000/content/js/MeControl_LYdEsDAvguH3z-iaooTqQQ2.js
Requested by: Host: login.live.com
URL: https://login.live.com/me.srf?wa=wsignin1.0&wreply=https%3A%2F%2Fwww.microsoft.com&uaid=1c1db284-d53a-4be7-cc3d-4f2a946453e0&partnerId=mssecurity
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.229.221.185 -, , ASN (),
Reverse DNS
Software: ECAcc (frc/4C83) /
Resource Hash: e26590ae930cd742866f8ad0d1e2901a3311881cf0093af0433fc7b54d75eb88

Request headers

Referer: https://login.live.com/
Origin: https://login.live.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 17 Apr 2023 18:04:36 GMT
content-encoding: gzip
content-md5: i0Xx5nsPOrYeh5MHBBdN2A==
age: 3048719
x-cache: HIT
content-length: 6056
x-ms-lease-status: unlocked
last-modified: Fri, 10 Mar 2023 06:24:24 GMT
server: ECAcc (frc/4C83)
etag: 0x8DB213017E67B59
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: b49235bb-d01e-0021-0d9c-555ed9000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19
accept-ranges: bytes

GET
H2 200 mecache Show response
mem.gfx.ms/me/ Frame F6FC 3 KB
1 KB 9ms
9ms Document
text/html 2620:1ec:4f:1::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://mem.gfx.ms/me/mecache?partner=mssecurity&wreply=https%3A%2F%2Fwww.microsoft.com

Requested by

Host: mem.gfx.ms
URL: https://mem.gfx.ms/scripts/me/MeControl/10.23082.2/en-US/meBoot.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:4f:1::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

9fb986a4af68e84538254ac7354aa38a7aabab9a998b6d5268206a1d9b946cab

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://www.microsoft.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.microsoft.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: public, no-transform, max-age=43200
content-encoding: br
content-security-policy: frame-ancestors https://www.microsoft.com;
content-type: text/html; charset=utf-8
date: Mon, 17 Apr 2023 18:04:35 GMT
expires: Tue, 18 Apr 2023 03:43:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-azure-ref: 0NIo9ZAAAAABEbTMs32N4SbOKsR+o5+K5RlJBMzFFREdFMDkwOABlYWM1ZjQ5Zi1lMDJkLTRmNDEtYjBhNi0yZDUwZjlmY2Y4NGE=
x-azure-ref-originshield: 0voI9ZAAAAADE1qQNeQarRY9uliVcrfyLRlJBMjMxMDUwNDE4MDE3AGVhYzVmNDlmLWUwMmQtNGY0MS1iMGE2LTJkNTBmOWZjZjg0YQ==
x-cache: TCP_HIT
x-content-type-options: nosniff
x-ua-compatible: IE=edge

OPTIONS
H/1.1 200
OK /
browser.events.data.microsoft.com/OneCollector/1.0/ Frame 0
0 19ms
19ms Preflight 51.105.71.137
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3D05b93e62cdf440a2bdabd2e416f55440%26HASH%3D05b9%26LV%3D202304%26V%3D4%26LU%3D1681754674819&w=0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

51.105.71.137 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-HTTPAPI/2.0 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Headers: apikey,cache-control,client-id,client-version,content-type,time-delta-to-apply-millis,upload-time
Access-Control-Request-Method: POST
Origin: https://www.microsoft.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: AuthMsaDeviceTicket,AuthXToken,Content-Encoding,Content-Type,Cache-Control,Client-Id,SDK-Name,sdk-version,apikey,x-apikey,client-version,upload-time,time-delta-to-apply-millis,client-time-epoch-millis,persistence-mode,reliability-mode,NoResponseBody
Access-Control-Allow-Origin: https://www.microsoft.com
Access-Control-Max-Age: 3600
Cache-Control: public, 3600
Content-Length: 0
Date: Mon, 17 Apr 2023 18:04:37 GMT
Server: Microsoft-HTTPAPI/2.0
Strict-Transport-Security: max-age=31536000

POST
H/1.1 200
OK / Show response
browser.events.data.microsoft.com/OneCollector/1.0/ 24 B
462 B 19ms
19ms XHR
application/json 51.105.71.137
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: js.monitor.azure.com
URL: https://js.monitor.azure.com/scripts/c/ms.analytics-web-3.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

51.105.71.137 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-HTTPAPI/2.0 /

Resource Hash

afd588d7d1c94d797ef932006d524de973f6fc54556e62f0f340412c87f99d58

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

upload-time: 1681754677386
accept-language: de-DE,de;q=0.9
client-version: 1DS-Web-JS-3.2.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
time-delta-to-apply-millis: 225
content-type: application/x-json-stream
cache-control: no-cache, no-store
Referer: https://www.microsoft.com/
apikey: cb68b8f590184975aa5eb4ed576fb074-e666ac9b-fa31-4339-8b9c-775f4bae31f3-6978
Client-Id: NO_AUTH

Response headers

Strict-Transport-Security: max-age=31536000
Date: Mon, 17 Apr 2023 18:04:36 GMT
Server: Microsoft-HTTPAPI/2.0
time-delta-millis: 26
Access-Control-Allow-Methods: POST
Content-Type: application/json
Access-Control-Allow-Origin: https://www.microsoft.com
Access-Control-Expose-Headers: time-delta-millis
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: time-delta-millis
Content-Length: 24

POST
H/1.1 200
OK / Show response
browser.events.data.microsoft.com/OneCollector/1.0/ 24 B
462 B 21ms
21ms XHR
application/json 51.105.71.137
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: js.monitor.azure.com
URL: https://js.monitor.azure.com/scripts/c/ms.analytics-web-3.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

51.105.71.137 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-HTTPAPI/2.0 /

Resource Hash

afd588d7d1c94d797ef932006d524de973f6fc54556e62f0f340412c87f99d58

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

upload-time: 1681754678387
accept-language: de-DE,de;q=0.9
client-version: 1DS-Web-JS-3.2.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
time-delta-to-apply-millis: 225
content-type: application/x-json-stream
cache-control: no-cache, no-store
Referer: https://www.microsoft.com/
apikey: cb68b8f590184975aa5eb4ed576fb074-e666ac9b-fa31-4339-8b9c-775f4bae31f3-6978
Client-Id: NO_AUTH

Response headers

Strict-Transport-Security: max-age=31536000
Date: Mon, 17 Apr 2023 18:04:37 GMT
Server: Microsoft-HTTPAPI/2.0
time-delta-millis: 26
Access-Control-Allow-Methods: POST
Content-Type: application/json
Access-Control-Allow-Origin: https://www.microsoft.com
Access-Control-Expose-Headers: time-delta-millis
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: time-delta-millis
Content-Length: 24

OPTIONS
H/1.1 200
OK /
browser.events.data.microsoft.com/OneCollector/1.0/ Frame 0
0 18ms
18ms Preflight 51.105.71.137
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

51.105.71.137 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-HTTPAPI/2.0 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Headers: apikey,cache-control,client-id,client-version,content-type,time-delta-to-apply-millis,upload-time
Access-Control-Request-Method: POST
Origin: https://www.microsoft.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: AuthMsaDeviceTicket,AuthXToken,Content-Encoding,Content-Type,Cache-Control,Client-Id,SDK-Name,sdk-version,apikey,x-apikey,client-version,upload-time,time-delta-to-apply-millis,client-time-epoch-millis,persistence-mode,reliability-mode,NoResponseBody
Access-Control-Allow-Origin: https://www.microsoft.com
Access-Control-Max-Age: 3600
Cache-Control: public, 3600
Content-Length: 0
Date: Mon, 17 Apr 2023 18:04:38 GMT
Server: Microsoft-HTTPAPI/2.0
Strict-Transport-Security: max-age=31536000

Verdicts & Comments Add Verdict or Comment

59 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.microsoft.com/	1970-01-20 19:54:50	Name: MicrosoftApplicationsTelemetryDeviceId Value: 144128c8-a120-448b-8925-9b8a566c021e
www.microsoft.com/	1970-01-20 11:09:16	Name: ai_session Value: AOSuAEnTYsOXIcr9bpn2Fx\|1681754673592\|1681754673592
.microsoft.com/	1970-01-20 19:54:50	Name: MC1 Value: GUID=05b93e62cdf440a2bdabd2e416f55440&HASH=05b9&LV=202304&V=4&LU=1681754674819
.microsoft.com/	1970-01-20 11:09:16	Name: MS0 Value: b1d945970b5945e789edb493c8307922
www.microsoft.com/	1970-01-20 19:54:50	Name: MSFPC Value: GUID=05b93e62cdf440a2bdabd2e416f55440&HASH=05b9&LV=202304&V=4&LU=1681754674819
.login.live.com/	1969-12-31 23:59:59	Name: uaid Value: 1c1db284d53a4be7cc3d4f2a946453e0
.login.live.com/	1969-12-31 23:59:59	Name: MSPRequ Value: id=N&lt=1681754676&co=1
.login.live.com/	1969-12-31 23:59:59	Name: OParams Value: 11O.DR!Q1vegN8oBI56zsokCKJcwQds0O6EDDOWaF7Z0c9yk9wsKfSHWeoX5FGHPYfJMypfoCGTMbqprnwkSRy0AazzlrAJ8ms7aHF61HKuGNoGgCGqih0TKI31mXcu1giipG2avSM8X6CswfGE6Wy7Edi19yvpi0H29HhJUls7!hAY9CvtsRZfMf!MJrAm1IP9!a7pU*JOv7JVFEQ50zw34cmUBOc5SRG2HR4xRAONl2un24vwDG9gEjK4zD9DP!BvblBJnuVhLL28QIvAjh1RpU$

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.microsoft.com/en-us/security/blog/wp-content/plugins/oembeds/dist/js/ms-oembed-lib-gif.js Message: Failed to load resource: the server responded with a status of 404 ()
security	warning	URL: https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/ Message: Mixed Content: The page at 'https://www.microsoft.com/en-us/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/' was loaded over HTTPS, but requested an insecure element 'http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RW10pup?ver=d8fa'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.onestore.ms
browser.events.data.microsoft.com
c.s-microsoft.com
img-prod-cms-rt-microsoft-com.akamaized.net
js.monitor.azure.com
login.live.com
logincdn.msauth.net
mem.gfx.ms
statics-marketingsites-eus-ms-com.akamaized.net
wcpstatic.microsoft.com
www.microsoft.com
192.229.221.185
2603:1027:1:d8::9
2620:1ec:4e:1::45
2620:1ec:4f:1::45
2a02:26f0:480:79d::356e
2a02:26f0:7100:8a6::356e
2a02:26f0:780::210:ca7a
2a02:26f0:9100:7a2::2957
51.105.71.137
95.101.54.137
0bd288d5397a69ead391875b422bf2cbdcc4f795d64aa2f780aff45768d78248
0bd4a1e528ed9dc983cebccb6de608309053d200f35fae988f887b64f8658d48
112fec798b78aa02e102a724b5cb1990c0f909bc1d8b7b1fa256eab41bbc0960
1232bbdbc5d205f3c5a40efa5ed92839c79e7879d5168445cc47645bb93f7d1b
22b4df5c33045b645cafa45b04685f4752e471a2e933bff5bf14324d87deee12
2bf73ba8c24162c4cfd51b3b508b2bc0f8ee00cab13bec8f32b6fb6359be7d17
353f1ddd40e49e40b00f8b5030dc9b8722f28f694e9e329f4e4d2c67e6ca1c42
3f9133661081aceb9b5e1e10aa17a87e4b7db93609497be50b677477fb5a050c
44bb1e8277630dda7180ea6a9dd02cc67176c6ef1fe794c51d50e2ed15ec7d08
461ed9d0d13a5810a89ee9b591508e9a1ffe49205cd71e0df3214c7f18ad8eb1
4919e80f038d2b93f1184d1733ac35009643481735c7bc7aa31d8b56e118fc04
4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230
4f7f4afe26e71fa9ca1dac4a43b557a554a46f53251d849f07ed08a04829d74b
682d50732b7337b57f5d67840f768b93e9a209ad11b6b71e208cca2d4f504b27
6ba0d1a726f1887bd61727b308ed0be0e73edba17d4ad11b91ab19b632e078f6
707c5b510b5712a82fd8bdf073a6d9860583931ee85f6ee7e2e735e81ae05d18
7d145b10d4a03fc22a08b2228f403779414c838430ce718ba52fb23e15837e55
893fa7fe8b6e69e2828319c04a7cbb6f129ea820db695d4ced5757d59450b6a8
8a13eda4650628c3b24edd6b407cfedf1821188701430545bc17ccf7fe0083ac
9810aee7e6d57d8cceaa96322b88e6df46710194689ae12b284149148cabc2f3
9d4e88df90b0f6cca80624b64fd0f13b505f0bf412a8d4d4675c13a62ed6d653
9fb986a4af68e84538254ac7354aa38a7aabab9a998b6d5268206a1d9b946cab
a5268a183f2a091d2d17773997e89a25fc45cbd60e586edf61f544fb85d6f6a8
a9f24da628989ece81a468b5a98977c64c8d914e9d139aad578bccde73bcc2da
aca566587618e75fa291a419c7c430be02e03fc72f6105658c1bc8e7d59a65e4
afacce23cb4feaaaef37997f8439819d8f827df4951f3ff02704c9f16fb7f53a
afd588d7d1c94d797ef932006d524de973f6fc54556e62f0f340412c87f99d58
b1d83c2d49c49ea38d578afa752aaec44a86d069d6ce2d54460e2612fc31a102
b201ab52de2c92539f7a276b6cf170b1bdf0f3705f1b6ab9597517d030afefe4
b828b15e9b7836b493a8bd6e832a24ee13aa8b6f8b4a1bf307a7af2912014178
bc93b6370c1d4d77a61a43aebd80e15bf1d63109cbc294f8b16044ec6c3f7022
c05536c0f0662d15af06f535b7e11931840fa8d5893debb0d69289d3f4b15d6c
c23044c09bca18df7cf6420ba798462d3a3950fa7ffbf69579bfc98a75a4cd67
c2b2c2e19d501f35ba37e5dc0a722dce3d5109a1399d6fdbf3edf591fe25d736
c688d3f2135b6b51617a306a0b1a665324402a00a6bceba475881af281503ad9
cffbae450bcad74d65019c0aa2bada046cdcf5f5fa4af699929838f58c7ff8c2
d87d0a7a7fe2c36d1dc093bfe56e9b81b311988789dbd3b65abf811d551ef02f
dc15233246c7f4e2d2a9e8c860a2961cd89379f961b1fe8be08fbc46096a0125
dcd9f488bd62ba0ee403b07a97e40b9ffd63a0eff61091588c913b16d5153d48
e00add38134eac2fb8e8e9c09cbfff7bbe57952b210322eb2eecb0a21fc055eb
e0c4a17058f3b70c5a894f92c8e4fffb1c17a88fd8e1741da61caa966ea0ddda
e26590ae930cd742866f8ad0d1e2901a3311881cf0093af0433fc7b54d75eb88
e71d86a59e43c9c682d7f039c28d29f4e82d6815fec126eac48e9dc485c731fa
ee2b841529e5d06aeae7f65b413b40bbfef5161c9fad9a8a1755dac03806291b
f174b3ce00dc0ef25fe0867dae1da92a595c50f730dbe2cd1fd7f29546034e81
f2a28cd82e7ec00d2d8158f21fb0507722cd8b09fa4a0a16fadc58f30385cc25
f972ffc4af215a60ab0d70a63535cfcd23a951766c9903c6770bfc431e88852e
fa334c1e3766c50298f83ee32aed20fcd0978230350837dc7cb9115d096a7167
fe8a1047376498c80a157d13555e42a92ad480fcb0bcc9de51ad1930fbeb7f91
ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869

www.microsoft.com Open in urlscan Pro 2a02:26f0:7100:8a6::356e Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

52 Requests

100 %HTTPS

70 %IPv6

8 Domains

11 Subdomains

11 IPs

5 Countries

38723 kBTransfer

40881 kBSize

8 Cookies

76 Outgoing links

Page URL History

Redirected requests

52 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.microsoft.com Open in urlscan Pro
2a02:26f0:7100:8a6::356e Public Scan

Screenshot
Live screenshot

Full Image

52
Requests

100 %
HTTPS

70 %
IPv6

8
Domains

11
Subdomains

11
IPs

5
Countries

38723 kB
Transfer

40881 kB
Size

8
Cookies

52 HTTP transactions
3 data transactions