www.microsoft.com Open in urlscan Pro
2a02:26f0:6c00:183::356e Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://t.co/QEfqelGWSt?amp=1
Effective URL:
https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
Submission: On October 04 via manual (October 4th 2019, 8:31:34 pm UTC) from US

Summary HTTP 71 Redirects Links 78 Behaviour Indicators

Summary

This website contacted 18 IPs in 5 countries across 13 domains to perform 71 HTTP transactions. The main IP is 2a02:26f0:6c00:183::356e, located in Ascension Island and belongs to AKAMAI-ASN1, US. The main domain is www.microsoft.com.
TLS certificate: Issued by Microsoft IT TLS CA 4 on January 16th 2018. Valid for: 2 years.

This is the only time www.microsoft.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	104.244.42.5 104.244.42.5	13414 (TWITTER) (TWITTER - Twitter Inc.)
33	2a02:26f0:6c0... 2a02:26f0:6c00:183::356e	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	2a02:26f0:6c0... 2a02:26f0:6c00:281::2957	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	104.111.216.26 104.111.216.26	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1	2.16.186.10 2.16.186.10	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
7	2a02:26f0:6c0... 2a02:26f0:6c00:294::356e	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a01:4a0:1338... 2a01:4a0:1338:28::c38a:ff10	201011 (NETZBETRI...) (NETZBETRIEB-GMBH)
1	107.154.114.97 107.154.114.97	19551 (INCAPSULA) (INCAPSULA - Incapsula Inc)
3	2a02:26f0:6c0... 2a02:26f0:6c00:19d::37	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
6	2.18.232.23 2.18.232.23	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1	2a02:26f0:6c0... 2a02:26f0:6c00:286::2b57	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a02:26f0:6c0... 2a02:26f0:6c00:296::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	23.210.248.44 23.210.248.44	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1 2	2a05:f500:11:... 2a05:f500:11:101::b93f:9005	14413 (LINKEDIN) (LINKEDIN - LinkedIn Corporation)
1 1	2620:119:50e6... 2620:119:50e6:101::6cae:b01	14413 (LINKEDIN) (LINKEDIN - LinkedIn Corporation)
1	152.199.19.160 152.199.19.160	15133 (EDGECAST) (EDGECAST - MCI Communications Services)
5	40.77.226.250 40.77.226.250	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation)
1	40.90.23.208 40.90.23.208	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation)
71	18

1 104.244.42.5 (United States)

ASN13414 (TWITTER - Twitter Inc., US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

33 2a02:26f0:6c00:183::356e (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)

www.microsoft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:26f0:6c00:281::2957 (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)

assets.onestore.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.216.26 (Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-111-216-26.deploy.static.akamaitechnologies.com

query.prod.cms.rt.microsoft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.16.186.10 (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)
PTR: a2-16-186-10.deploy.static.akamaitechnologies.com

statics-marketingsites-wcus-ms-com.akamaized.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a02:26f0:6c00:294::356e (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)

c.s-microsoft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a01:4a0:1338:28::c38a:ff10 (Germany)

ASN201011 (NETZBETRIEB-GMBH, DE)

img-prod-cms-rt-microsoft-com.akamaized.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 107.154.114.97 (United States)

ASN19551 (INCAPSULA - Incapsula Inc, US)
PTR: 107.154.114.97.ip.incapdns.net

cloudblogs.microsoft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:26f0:6c00:19d::37 (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)

mem.gfx.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2.18.232.23 (Ascension Island)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-232-23.deploy.static.akamaitechnologies.com

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:286::2b57 (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)

uhf.microsoft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:6c00:296::25ea (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.210.248.44 (Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a23-210-248-44.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
v1.addthisedge.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:f500:11:101::b93f:9005 (Ireland) 1 redirects

ASN14413 (LINKEDIN - LinkedIn Corporation, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:119:50e6:101::6cae:b01 (United States) 1 redirects

ASN14413 (LINKEDIN - LinkedIn Corporation, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 152.199.19.160 (United States)

ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)

az725175.vo.msecnd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 40.77.226.250 (Dublin, Ireland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)

web.vortex.data.microsoft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 40.90.23.208 (Washington, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)

login.live.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
41	microsoft.com www.microsoft.com query.prod.cms.rt.microsoft.com cloudblogs.microsoft.com uhf.microsoft.com web.vortex.data.microsoft.com	37 MB
7	s-microsoft.com c.s-microsoft.com	150 KB
6	adobedtm.com assets.adobedtm.com	57 KB
3	linkedin.com 2 redirects px.ads.linkedin.com www.linkedin.com	2 KB
3	gfx.ms mem.gfx.ms	49 KB
3	onestore.ms assets.onestore.ms	211 KB
2	addthis.com s7.addthis.com	189 KB
2	licdn.com snap.licdn.com	3 KB
2	akamaized.net statics-marketingsites-wcus-ms-com.akamaized.net img-prod-cms-rt-microsoft-com.akamaized.net	5 KB
1	addthisedge.com v1.addthisedge.com	785 B
1	live.com login.live.com
1	msecnd.net az725175.vo.msecnd.net	18 KB
1	t.co t.co	535 B
71	13

	Domain	Requested by
33	www.microsoft.com	t.co www.microsoft.com
7	c.s-microsoft.com	www.microsoft.com
6	assets.adobedtm.com	query.prod.cms.rt.microsoft.com assets.adobedtm.com
5	web.vortex.data.microsoft.com	az725175.vo.msecnd.net
3	mem.gfx.ms	www.microsoft.com mem.gfx.ms
3	assets.onestore.ms	www.microsoft.com
2	px.ads.linkedin.com	1 redirects www.microsoft.com
2	s7.addthis.com	www.microsoft.com s7.addthis.com
2	snap.licdn.com	t.co snap.licdn.com
1	v1.addthisedge.com	s7.addthis.com
1	login.live.com	mem.gfx.ms
1	az725175.vo.msecnd.net	t.co
1	www.linkedin.com	1 redirects
1	uhf.microsoft.com	www.microsoft.com
1	cloudblogs.microsoft.com	www.microsoft.com
1	img-prod-cms-rt-microsoft-com.akamaized.net	www.microsoft.com
1	statics-marketingsites-wcus-ms-com.akamaized.net	www.microsoft.com
1	query.prod.cms.rt.microsoft.com	www.microsoft.com
1	t.co
71	19

This site contains links to these domains. Also see Links.

Domain
go.microsoft.com
azure.microsoft.com
products.office.com
servicetrust.microsoft.com
dynamics.microsoft.com
powerbi.microsoft.com
visualstudio.microsoft.com
docs.microsoft.com
technet.microsoft.com
msdn.microsoft.com
developer.microsoft.com
fasttrack.microsoft.com
partner.microsoft.com
partnercenter.microsoft.com
appsource.microsoft.com
azuremarketplace.microsoft.com
events.microsoft.com
cloudblogs.microsoft.com
blogs.technet.microsoft.com
www.blackhat.com
blogs.windows.com
blogs.msdn.microsoft.com
www.nsslabs.com
answers.microsoft.com
twitter.com
www.facebook.com
www.xbox.com
store.office.com
account.microsoft.com
channel9.msdn.com
careers.microsoft.com
news.microsoft.com
privacy.microsoft.com
support.microsoft.com
choice.microsoft.com

Subject Issuer	Validity	Valid
t.co DigiCert SHA2 High Assurance Server CA	`2019-04-09` - `2020-04-01`	a year	crt.sh
www.microsoft.com Microsoft IT TLS CA 4	`2018-01-16` - `2020-01-16`	2 years	crt.sh
wildcard.onestore.ms Microsoft IT TLS CA 5	`2018-01-23` - `2020-01-23`	2 years	crt.sh
*.prod.cms.rt.microsoft.com Microsoft IT TLS CA 5	`2017-11-03` - `2019-11-03`	2 years	crt.sh
a248.e.akamai.net DigiCert Secure Site ECC CA-1	`2019-08-13` - `2020-08-12`	a year	crt.sh
cloudblogs.microsoft.com Microsoft IT TLS CA 2	`2018-02-21` - `2020-02-21`	2 years	crt.sh
mem.gfx.ms Microsoft IT TLS CA 2	`2018-02-05` - `2020-02-05`	2 years	crt.sh
assets.adobedtm.com DigiCert SHA2 High Assurance Server CA	`2019-09-27` - `2021-10-01`	2 years	crt.sh
unistore.www.microsoft.com Microsoft IT TLS CA 5	`2019-04-30` - `2021-04-30`	2 years	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2019-04-01` - `2021-05-07`	2 years	crt.sh
odc-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2019-06-06` - `2020-09-04`	a year	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2019-05-29` - `2021-06-29`	2 years	crt.sh
*.vo.msecnd.net Microsoft IT TLS CA 2	`2018-03-30` - `2020-03-30`	2 years	crt.sh
*.vortex.data.microsoft.com Microsoft IT TLS CA 5	`2018-01-30` - `2020-01-30`	2 years	crt.sh
*.login.live.com Microsoft IT TLS CA 2	`2018-06-29` - `2020-06-29`	2 years	crt.sh

This page contains 2 frames:

Primary Page: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
Frame ID: D5D25D2E8D8E5B0C7DB39A77257B4BDA
Requests: 71 HTTP requests in this frame

Frame: https://login.live.com/me.srf?wa=wsignin1.0&wreply=https%3A%2F%2Fwww.microsoft.com&uaid=85784524-aab0-4735-4058-b097d1786da2&partnerId=mssecurity
Frame ID: 4950D2FE4AC952558AAF74980DE366F7
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://t.co/QEfqelGWSt?amp=1 Page URL
https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

Adobe DTM (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

script /\/\/assets.adobedtm.com\//i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
script /jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?/i

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?/i

Page Statistics

71
Requests

100 %
HTTPS

50 %
IPv6

13
Domains

19
Subdomains

18
IPs

5
Countries

38777 kB
Transfer

41014 kB
Size

5
Cookies

78 Outgoing links

These are links going to different origins than the main page.

URL: https://go.microsoft.com/fwlink/?linkid=845480
Title: Learn more

Search URL Search Domain Scan URL

URL: https://azure.microsoft.com/en/services/active-directory/
Title: Azure Active Directory

Search URL Search Domain Scan URL

URL: https://azure.microsoft.com/en/services/iot-central/
Title: Azure IoT Central

Search URL Search Domain Scan URL

URL: https://azure.microsoft.com/en/services/azure-sphere/
Title: Azure Sphere

Search URL Search Domain Scan URL

URL: https://azure.microsoft.com/en-us/services/azure-dedicated-hsm/
Title: Azure Dedicated HSM Gateway

Search URL Search Domain Scan URL

URL: https://azure.microsoft.com/en/services/information-protection/
Title: Azure Information Protection

Search URL Search Domain Scan URL

URL: https://azure.microsoft.com/en-us/services/key-vault/
Title: Azure Key Vault

Search URL Search Domain Scan URL

URL: https://azure.microsoft.com/en-us/features/azure-advanced-threat-protection/
Title: Azure Advanced Threat Protection

Search URL Search Domain Scan URL

URL: https://azure.microsoft.com/en-us/services/azure-sentinel/
Title: Azure Sentinel

Search URL Search Domain Scan URL

URL: https://products.office.com/en/exchange/advance-threat-protection
Title: Office 365 Advanced Threat Protection

Search URL Search Domain Scan URL

URL: https://azure.microsoft.com/en-us/services/application-gateway/
Title: Azure Application Gateway

Search URL Search Domain Scan URL

URL: https://azure.microsoft.com/en-us/services/ddos-protection/
Title: Azure DDoS Protection

Search URL Search Domain Scan URL

URL: https://azure.microsoft.com/en/services/security-center/
Title: Azure Security Center

Search URL Search Domain Scan URL

URL: https://azure.microsoft.com/en/services/application-gateway/
Title: Azure VPN Gateway

Search URL Search Domain Scan URL

URL: https://servicetrust.microsoft.com/ViewPage/HomePage
Title: Service Trust Portal

Search URL Search Domain Scan URL

URL: https://azure.microsoft.com/
Title: Azure

Search URL Search Domain Scan URL

URL: https://products.office.com/en-us/business/office
Title: Office 365

Search URL Search Domain Scan URL

URL: https://dynamics.microsoft.com/en-us/
Title: Dynamics 365

Search URL Search Domain Scan URL

URL: https://powerbi.microsoft.com/en-us/
Title: Power BI

Search URL Search Domain Scan URL

URL: https://products.office.com/en-us/microsoft-teams/group-chat-software
Title: Teams

Search URL Search Domain Scan URL

URL: https://visualstudio.microsoft.com/
Title: Visual Studio

Search URL Search Domain Scan URL

URL: https://go.microsoft.com/fwlink/?linkid=2026462
Title: Microsoft Advertising

Search URL Search Domain Scan URL

URL: https://azure.microsoft.com/services/cognitive-services/
Title: Azure Cognitive Services

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/
Title: Docs

Search URL Search Domain Scan URL

URL: https://technet.microsoft.com/en-us/ms376608.aspx
Title: TechNet

Search URL Search Domain Scan URL

URL: https://msdn.microsoft.com/en-us
Title: Developer Network

Search URL Search Domain Scan URL

URL: https://developer.microsoft.com/en-us/windows
Title: Windows Dev Center

Search URL Search Domain Scan URL

URL: https://fasttrack.microsoft.com/office
Title: FastTrack

Search URL Search Domain Scan URL

URL: https://partner.microsoft.com/
Title: Partner Network

Search URL Search Domain Scan URL

URL: https://partnercenter.microsoft.com/partner/home
Title: Partner Center

Search URL Search Domain Scan URL

URL: https://appsource.microsoft.com/
Title: AppSource

Search URL Search Domain Scan URL

URL: https://azuremarketplace.microsoft.com/marketplace/
Title: Azure Marketplace

Search URL Search Domain Scan URL

URL: https://events.microsoft.com/
Title: Events

Search URL Search Domain Scan URL

URL: https://cloudblogs.microsoft.com/microsoftsecure/2018/09/27/out-of-sight-but-not-invisible-defeating-fileless-malware-with-behavior-monitoring-amsi-and-next-gen-av/
Title: Out of sight but not invisible: Defeating fileless malware with behavior monitoring, AMSI, and next-gen AV

Search URL Search Domain Scan URL

URL: https://cloudblogs.microsoft.com/microsoftsecure/2017/06/27/new-ransomware-old-techniques-petya-adds-worm-capabilities/
Title: Petya

Search URL Search Domain Scan URL

URL: https://cloudblogs.microsoft.com/microsoftsecure/2017/05/12/wannacrypt-ransomware-worm-targets-out-of-date-systems/
Title: WannaCry

Search URL Search Domain Scan URL

URL: https://blogs.technet.microsoft.com/mmpc/2017/11/13/detecting-reflective-dll-loading-with-windows-defender-atp/
Title: Reflective DLL injection

Search URL Search Domain Scan URL

URL: https://www.blackhat.com/docs/us-15/materials/us-15-Graeber-Abusing-Windows-Management-Instrumentation-WMI-To-Build-A-Persistent%20Asynchronous-And-Fileless-Backdoor-wp.pdf
Title: This article

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/fileless-threats
Title: comprehensive page on fileless threats

Search URL Search Domain Scan URL

URL: https://blogs.windows.com/business/2017/10/23/microsoft-365-security-management-features-available-windows-10-fall-creators-update/?ocid=cx-blog-mmpc
Title: Microsoft 365

Search URL Search Domain Scan URL

URL: https://blogs.technet.microsoft.com/mmpc/2017/10/23/making-microsoft-edge-the-most-secure-browser-with-windows-defender-application-guard/
Title: Windows Defender Application Guard

Search URL Search Domain Scan URL

URL: https://blogs.technet.microsoft.com/mmpc/2015/06/09/windows-10-to-offer-application-developers-new-malware-defenses/
Title: AMSI

Search URL Search Domain Scan URL

URL: https://blogs.technet.microsoft.com/mmpc/2017/10/23/windows-defender-exploit-guard-reduce-the-attack-surface-against-next-generation-malware/
Title: Windows Defender EG

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows/device-security/device-guard/introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies
Title: Hypervisor Code Integrity (HVCI)

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard
Title: Exploit protection module

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard
Title: Attack Surface Reduction (ASR)

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/securing-privileged-access
Title: Securing Privileged Access

Search URL Search Domain Scan URL

URL: https://blogs.technet.microsoft.com/mmpc/2017/10/23/introducing-windows-defender-application-control/
Title: Windows Defender Application Control (WDAC)

Search URL Search Domain Scan URL

URL: https://blogs.msdn.microsoft.com/powershell/2017/11/02/powershell-constrained-language-mode/
Title: Constrained Language Mode

Search URL Search Domain Scan URL

URL: https://blogs.technet.microsoft.com/mmpc/2017/12/04/windows-defender-atp-machine-learning-and-amsi-unearthing-script-based-attacks-that-live-off-the-land/
Title: leveraging AMSI

Search URL Search Domain Scan URL

URL: https://www.nsslabs.com/
Title: NSS Labs

Search URL Search Domain Scan URL

URL: https://blogs.windows.com/msedgedev/2017/02/23/mitigating-arbitrary-native-code-execution/
Title: arbitrary code protection

Search URL Search Domain Scan URL

URL: https://cloudblogs.microsoft.com/microsoftsecure/2017/10/23/making-microsoft-edge-the-most-secure-browser-with-windows-defender-application-guard/
Title: Windows Defender Application Guard

Search URL Search Domain Scan URL

URL: https://answers.microsoft.com/en-us/protect
Title: Microsoft community

Search URL Search Domain Scan URL

URL: https://twitter.com/WDSecurity
Title: @WDSecurity

Search URL Search Domain Scan URL

URL: https://www.facebook.com/MsftWDSI/
Title: Windows Defender Security Intelligence

Search URL Search Domain Scan URL

URL: https://twitter.com/@MSFTSecurity
Title: @MSFTSecurity

Search URL Search Domain Scan URL

URL: https://www.xbox.com/en-us/xbox-one-x
Title: Xbox One X

Search URL Search Domain Scan URL

URL: https://www.xbox.com/en-us/xbox-one-s?xr=shellnav
Title: Xbox One S

Search URL Search Domain Scan URL

URL: https://store.office.com/en-us/appshome.aspx
Title: Office apps

Search URL Search Domain Scan URL

URL: https://account.microsoft.com/
Title: Account profile

Search URL Search Domain Scan URL

URL: https://go.microsoft.com/fwlink/p/?LinkID=824761&clcid=0x409
Title: Microsoft Store support

Search URL Search Domain Scan URL

URL: https://go.microsoft.com/fwlink/p/?LinkID=824764&clcid=0x409
Title: Returns

Search URL Search Domain Scan URL

URL: https://account.microsoft.com/orders
Title: Order tracking

Search URL Search Domain Scan URL

URL: https://products.office.com/en-us/academic/compare-office-365-education-plans
Title: Office 365 for schools

Search URL Search Domain Scan URL

URL: https://azure.microsoft.com/en-us/community/education/
Title: Microsoft Azure in education

Search URL Search Domain Scan URL

URL: https://go.microsoft.com/fwlink/?LinkID=808093
Title: AppSource

Search URL Search Domain Scan URL

URL: https://technet.microsoft.com/en-us
Title: TechNet

Search URL Search Domain Scan URL

URL: https://developer.microsoft.com/en-us/store/register
Title: Microsoft developer program

Search URL Search Domain Scan URL

URL: https://channel9.msdn.com/
Title: Channel 9

Search URL Search Domain Scan URL

URL: https://developer.microsoft.com/en-us/office
Title: Office Dev Center

Search URL Search Domain Scan URL

URL: https://careers.microsoft.com/
Title: Careers

Search URL Search Domain Scan URL

URL: https://news.microsoft.com/
Title: Company news

Search URL Search Domain Scan URL

URL: https://privacy.microsoft.com/en-us
Title: Privacy at Microsoft

Search URL Search Domain Scan URL

URL: https://support.microsoft.com/en-us/contactus
Title: Contact Microsoft

Search URL Search Domain Scan URL

URL: https://go.microsoft.com/fwlink/?LinkId=521839
Title: Privacy & cookies

Search URL Search Domain Scan URL

URL: https://go.microsoft.com/fwlink/?LinkID=206977
Title: Terms of use

Search URL Search Domain Scan URL

URL: https://choice.microsoft.com/
Title: About our ads

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://t.co/QEfqelGWSt?amp=1 Page URL
https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 55

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7850&url=https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F2018%2F01%2F24%2Fnow-you-see-me-exposing-fileless-malware%2F&time=1570221073495 HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D7850%26url%3Dhttps%253A%252F%252Fwww.microsoft.com%252Fsecurity%252Fblog%252F2018%252F01%252F24%252Fnow-you-see-me-exposing-fileless-malware%252F%26time%3D1570221073495%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7850&url=https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F2018%2F01%2F24%2Fnow-you-see-me-exposing-fileless-malware%2F&time=1570221073495&liSync=true

71 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 QEfqelGWSt Show response
t.co/ 437 B
535 B 140ms
127ms Document
text/html 104.244.42.5
Twitter Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://t.co/QEfqelGWSt?amp=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.5 , United States, ASN13414 (TWITTER - Twitter Inc., US),

Reverse DNS

Software

tsa_o /

Resource Hash

3f517894e1d9a3b9eae057444749bb976399dbba8b255726966520420280fe05

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Request headers

:method: GET
:authority: t.co
:scheme: https
:path: /QEfqelGWSt?amp=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode: navigate
sec-fetch-user: ?1
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: none
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1

Response headers

status: 200
cache-control: private,max-age=300
content-encoding: gzip
content-length: 243
content-type: text/html; charset=utf-8
date: Fri, 04 Oct 2019 20:31:09 GMT
expires: Fri, 04 Oct 2019 20:36:09 GMT
server: tsa_o
set-cookie: muc=38d919a7-467a-4354-a418-a5931179c1c4; Max-Age=63072000; Expires=Sun, 3 Oct 2021 20:31:09 GMT; Domain=t.co
strict-transport-security: max-age=0
vary: Origin
x-connection-hash: 21f1909ed8f13f4d3c5b8d5a000f821e
x-response-time: 121
x-xss-protection: 0

GET
H2 200 Primary Request / Show response
www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/ 125 KB
27 KB 1450ms
1434ms Document
text/html 2a02:26f0:6c00:183::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/

Requested by

Host: t.co
URL: https://t.co/QEfqelGWSt?amp=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:183::356e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

8f8f65d96723c948175dc935196e7802766c7bdd53aa491c2e615579ef1861de

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.microsoft.com
:scheme: https
:path: /security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode: navigate
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
referer: https://t.co/QEfqelGWSt?amp=1
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: navigate
Referer: https://t.co/QEfqelGWSt?amp=1

Response headers

status: 200
x-cacheable: SHORT
cache-control: max-age=600, must-revalidate
content-type: text/html; charset=UTF-8
x-cache-group: normal
x-wpe-loopback-upstream-addr: 127.0.0.1:6783
content-encoding: gzip
content-security-policy: upgrade-insecure-requests
x-pingback
link: <https://mssecurity.wpengine.com/wp-json/>; rel="https://api.w.org/" <https://mssecurity.wpengine.com/?p=79862>; rel=shortlink
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-pass-why
x-frame-options: SAMEORIGIN
wpe-backend: apache
content-length: 26772
x-edgeconnect-origin-mex-latency: 955
date: Fri, 04 Oct 2019 20:31:11 GMT
vary: Accept-Encoding
set-cookie: X-Mapping-fjhppofk=93D06DBE5987EE64E12CE66A638A6CF5; path=/
tls_version: tls1.2
strict-transport-security: max-age=31536000
x-rtag: RT

GET
H2 200 uhf-search-ui.css
www.microsoft.com/security/blog/wp-content/plugins/wds-ms-searchwp/features/uhf-search-ui/ 160 B
369 B 596ms
594ms Stylesheet
text/css 2a02:26f0:6c00:183::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/security/blog/wp-content/plugins/wds-ms-searchwp/features/uhf-search-ui/uhf-search-ui.css?ver=1.0.1

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:183::356e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

f258c099e2bb029f6c9d5e9900a78f53347a16b43aa1e37a9f9c1a1539e0748d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency: 26
date: Fri, 04 Oct 2019 20:31:11 GMT
last-modified: Tue, 02 Apr 2019 19:51:16 GMT
x-rtag: RT
status: 200
etag: "5ca3bd34-a0"
strict-transport-security: max-age=31536000
content-type: text/css
access-control-allow-origin: *
tls_version: tls1.2
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 160

GET
H2 200 mwf-west-european-default.min.css
assets.onestore.ms/cdnfiles/external/mwf/short/v1/latest/css/ 581 KB
71 KB 46ms
34ms Stylesheet
text/css 2a02:26f0:6c00:281::2957
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.onestore.ms/cdnfiles/external/mwf/short/v1/latest/css/mwf-west-european-default.min.css?ver=4.9.9

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:281::2957 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /

Resource Hash

4919e80f038d2b93f1184d1733ac35009643481735c7bc7aa31d8b56e118fc04

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 04 Oct 2019 20:31:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-md5: QshXRY8/Osc4oVEHlL0Pbw==
status: 200
content-length: 71704
x-ms-lease-state: available
last-modified: Thu, 01 Feb 2018 02:22:19 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag: "0x8D5691A9EA468B4"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-lease-state,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
cache-control: max-age=900
accept-ranges: bytes

GET
H2 200 style.css
www.microsoft.com/security/blog/wp-content/themes/ms_s/ 342 B
463 B 620ms
618ms Stylesheet
text/css 2a02:26f0:6c00:183::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/security/blog/wp-content/themes/ms_s/style.css?ver=1.0.0

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:183::356e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

f174b3ce00dc0ef25fe0867dae1da92a595c50f730dbe2cd1fd7f29546034e81

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency: 68
date: Fri, 04 Oct 2019 20:31:12 GMT
content-encoding: gzip
last-modified: Fri, 22 Feb 2019 16:32:17 GMT
x-rtag: RT
status: 200
etag: W/"5c702411-156"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
tls_version: tls1.2
cache-control: public, max-age=31536000
strict-transport-security: max-age=31536000
content-length: 238

GET
H2 200 style.min.css
www.microsoft.com/security/blog/wp-content/themes/ms-security/ 62 KB
12 KB 594ms
592ms Stylesheet
text/css 2a02:26f0:6c00:183::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/security/blog/wp-content/themes/ms-security/style.min.css?ver=2.4.2

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:183::356e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

e2b36f626bc1cc2812beadf138b5e1acfc2252353e7127bd5542ab272f6c4b46

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency: 25
date: Fri, 04 Oct 2019 20:31:11 GMT
content-encoding: gzip
last-modified: Thu, 03 Oct 2019 15:56:10 GMT
x-rtag: RT
status: 200
etag: W/"5d961a1a-f7b6"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
tls_version: tls1.2
cache-control: public, max-age=31536000
strict-transport-security: max-age=31536000
content-length: 11651

GET
H/1.1 200
OK RE1r2ij Show response
query.prod.cms.rt.microsoft.com/cms/api/am/binary/ 4 KB
3 KB 28ms
7ms Script
application/x-javascript 104.111.216.26
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE1r2ij?ver=1.0.0
Requested by: Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.216.26 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-216-26.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/10.0 /
Resource Hash: c3c027a797b2f7112555a219c0a0c91e8689f97203aeab469382665f74f05016

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

AppEx-Activity-Id: 4f866d90-58ff-42bb-80ee-dc9999347026
Content-Encoding: gzip
X-CMS-Tenant: am
X-CMS-ServiceLocation: eastus:3
X-CMS-Type: binary
X-CMS-DocumentId: RE1r2ij
X-CMS-Alias: default
Content-Disposition: inline; filename=oa.min.js
Connection: keep-alive
MS-CV: wT6h98ZztEi+ZlEBqA9RUw.0
Content-Length: 2299
X-Trace-Context: {"ActivityId":"4f866d90-58ff-42bb-80ee-dc9999347026"}
X-CMS-Version: 45
Last-Modified: Tue, 09 Oct 2018 21:46:16 GMT
Server: Microsoft-IIS/10.0
ETag: W/"133"
Vary: Accept-Encoding
Content-Type: application/x-javascript
X-CMS-ExecutionTimeInMilliseconds: 300
Cache-Control: public, must-revalidate, max-age=8829
Date: Fri, 04 Oct 2019 20:31:11 GMT
X-CMS-State: Published

GET
H2 200 jquery.js Show response
www.microsoft.com/security/blog/wp-includes/js/jquery/ 95 KB
34 KB 770ms
769ms Script
application/javascript 2a02:26f0:6c00:183::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/security/blog/wp-includes/js/jquery/jquery.js?ver=1.12.4

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:183::356e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

fc48d1d80ece71a79a7b39877f4104d49d3da6c3665cf6dc203000fb7df4447e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency: 201
date: Fri, 04 Oct 2019 20:31:12 GMT
content-encoding: gzip
last-modified: Mon, 23 May 2016 09:00:29 GMT
x-rtag: RT
status: 200
etag: W/"5742c6ad-17ba0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
tls_version: tls1.2
cache-control: public, max-age=31536000
strict-transport-security: max-age=31536000
content-length: 34003

GET
H2 200 jquery-migrate.min.js Show response
www.microsoft.com/security/blog/wp-includes/js/jquery/ 10 KB
4 KB 621ms
620ms Script
application/javascript 2a02:26f0:6c00:183::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/security/blog/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:183::356e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency: 91
date: Fri, 04 Oct 2019 20:31:12 GMT
content-encoding: gzip
last-modified: Fri, 20 May 2016 06:11:28 GMT
x-rtag: RT
status: 200
etag: W/"573eaa90-2748"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
tls_version: tls1.2
cache-control: public, max-age=31536000
strict-transport-security: max-age=31536000
content-length: 4016

GET
H2 200 mwf-main.var.min.js Show response
assets.onestore.ms/cdnfiles/external/mwf/short/v1/latest/scripts/ 302 KB
70 KB 73ms
62ms Script
application/x-javascript 2a02:26f0:6c00:281::2957
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.onestore.ms/cdnfiles/external/mwf/short/v1/latest/scripts/mwf-main.var.min.js?ver=v1.23.2+5182151

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:281::2957 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /

Resource Hash

b1d83c2d49c49ea38d578afa752aaec44a86d069d6ce2d54460e2612fc31a102

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff, nosniff, nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 04 Oct 2019 20:31:11 GMT
content-encoding: gzip
x-content-type-options: nosniff, nosniff, nosniff, nosniff
content-md5: FuF99EJdzMvbQQjP24cb+Q==
status: 200
content-length: 71185
x-ms-lease-state: available
last-modified: Thu, 01 Feb 2018 02:22:29 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag: "0x8D5691AA4A90431"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-lease-state,x-ms-blob-type,Accept-Ranges
cache-control: max-age=900
accept-ranges: bytes

GET
H2 200 29-a92d62
www.microsoft.com/onerfstatics/marketingsites-wcus-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/e0-becedb/7f-6a1eb1/27-029bba/3e-3bbcc0/1d-179740/f7-894bb9/87-13daff/ 160 KB
22 KB 140ms
139ms Stylesheet
text/css 2a02:26f0:6c00:183::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/onerfstatics/marketingsites-wcus-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/e0-becedb/7f-6a1eb1/27-029bba/3e-3bbcc0/1d-179740/f7-894bb9/87-13daff/29-a92d62?ver=2.0

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:183::356e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

b68105fc4d03450431badca7b7085e6dc126c94c831cbb493f754513789bb778

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

ms-operation-id: 797a45a9c61c674c86b5314bca711787
date: Fri, 04 Oct 2019 20:31:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-rtag: RT
x-s2: 2019-09-24T22:40:23
p3p: CP="CAO CONi OTR OUR DEM ONL"
status: 200
x-activity-id: c2cfcf11-e011-4836-ac4a-9c11fe0b90b5
tls_version: tls1.2
x-s1: 2019-09-24T22:40:23
ms-cv: MrS1xy7JBU+wgr6l.0
vary: Accept-Encoding
content-length: 21733
x-xss-protection: 1
last-modified: Tue, 24 Sep 2019 22:40:23 GMT
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odeastasia, dt: 2018-05-03T20:14:23.4188992Z, bt: 2019-09-24T06:10:28.0000000Z}
strict-transport-security: max-age=31536000
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30679751
timing-allow-origin: *
x-appversion: 1.0.7205.39914
expires: Wed, 23 Sep 2020 22:40:22 GMT

GET
H/1.1 200
OK override.css
statics-marketingsites-wcus-ms-com.akamaized.net/statics/ 1 KB
907 B 23ms
5ms Stylesheet
text/css 2.16.186.10
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://statics-marketingsites-wcus-ms-com.akamaized.net/statics/override.css?c=7
Requested by: Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2.16.186.10 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-16-186-10.deploy.static.akamaitechnologies.com
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 0bd288d5397a69ead391875b422bf2cbdcc4f795d64aa2f780aff45768d78248

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Fri, 04 Oct 2019 20:31:11 GMT
Content-Encoding: gzip
Last-Modified: Tue, 11 Jun 2019 23:22:13 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
ETag: 0x8D6EEC3A2D67C35
Vary: Accept-Encoding
Content-Type: text/css
x-ms-request-id: 448b3076-d01e-0002-19b5-4008f0000000
x-ms-version: 2009-09-19
Connection: keep-alive
Content-Length: 473

GET
H2 200 mscc-0.4.1.min.css
c.s-microsoft.com/mscc/statics/ 1 KB
934 B 17ms
6ms Stylesheet
text/css 2a02:26f0:6c00:294::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.s-microsoft.com/mscc/statics/mscc-0.4.1.min.css
Requested by: Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00:294::356e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: /
Resource Hash: 35211f76c4c35c17f2649b96868c0d691f1d78b107f7635d22619948d0ee6880

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Fri, 04 Oct 2019 20:31:11 GMT
content-encoding: gzip
last-modified: Mon, 10 Sep 2018 17:42:23 GMT
content-md5: 2MKxgMQLzH/8vixotX2Pog==
status: 200
etag: 0x8D61744C3ED0073
vary: Accept-Encoding
access-control-allow-methods: GET,POST
content-type: text/css;charset=utf-8
access-control-allow-origin: *
x-ms-request-id: 41f924a0-901e-0090-04fe-4986d4000000
x-ms-version: 2009-09-19
content-length: 627

GET
H2 200 RE1Mu3b
img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/ 4 KB
4 KB 34ms
5ms Image
image/png 2a01:4a0:1338:28::c38a:ff10
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
Requested by: Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a01:4a0:1338:28::c38a:ff10 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 112fec798b78aa02e102a724b5cb1990c0f909bc1d8b7b1fa256eab41bbc0960

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-cms-cdninvalkey: am:RE1Mu3b
date: Fri, 04 Oct 2019 20:31:11 GMT
x-aspnet-version: 4.0.30319
x-source-length: 4054
x-powered-by: ASP.NET
status: 200
x-activityid: efc6c481-763d-435d-8061-fd266cbf0a07
content-location: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
x-deployment: a89a5014e89c41b7b60a64d7ee950637
content-length: 4054
last-modified: Mon, 30 Sep 2019 11:11:11 GMT
server: Microsoft-IIS/10.0
x-datacenter: NorthEU
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=52754
x-instance: Resizer.Web_IN_2
timing-allow-origin: *
expires: Sat, 05 Oct 2019 11:10:25 GMT

GET
H2 200 linkedin-black.png
www.microsoft.com/security/blog/wp-content/themes/ms-security/assets/images/ 424 B
635 B 631ms
631ms Image
image/png 2a02:26f0:6c00:183::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.microsoft.com/security/blog/wp-content/themes/ms-security/assets/images/linkedin-black.png

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:183::356e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

dfc6de0e1501679bd71244faed1d26b977260f78853325c865754d05c238fe22

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency: 23
date: Fri, 04 Oct 2019 20:31:12 GMT
last-modified: Thu, 03 Oct 2019 15:56:11 GMT
x-rtag: RT
status: 200
etag: "5d961a1b-1a8"
strict-transport-security: max-age=31536000
content-type: image/png
access-control-allow-origin: *
tls_version: tls1.2
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 424

GET
H2 200 facebook-black.png
www.microsoft.com/security/blog/wp-content/themes/ms-security/assets/images/ 231 B
441 B 601ms
601ms Image
image/png 2a02:26f0:6c00:183::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.microsoft.com/security/blog/wp-content/themes/ms-security/assets/images/facebook-black.png

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:183::356e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

875071ac76430f551ed9b36d0827d818157658b2247662db454ffcba6c07bb07

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency: 87
date: Fri, 04 Oct 2019 20:31:12 GMT
last-modified: Thu, 03 Oct 2019 15:56:11 GMT
x-rtag: RT
status: 200
etag: "5d961a1b-e7"
strict-transport-security: max-age=31536000
content-type: image/png
access-control-allow-origin: *
tls_version: tls1.2
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 231

GET
H2 200 twitter-black.png
www.microsoft.com/security/blog/wp-content/themes/ms-security/assets/images/ 395 B
606 B 12ms
12ms Image
image/png 2a02:26f0:6c00:183::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.microsoft.com/security/blog/wp-content/themes/ms-security/assets/images/twitter-black.png

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:183::356e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

d52a506abeec5c7cb2e6cafe138da0763f555a16c2920683a7eb866453624f39

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency: 73
date: Fri, 04 Oct 2019 20:31:12 GMT
last-modified: Thu, 03 Oct 2019 15:56:11 GMT
x-rtag: RT
status: 200
etag: "5d961a1b-18b"
strict-transport-security: max-age=31536000
content-type: image/png
access-control-allow-origin: *
tls_version: tls1.2
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 395

GET
H2 200 mail-black.png
www.microsoft.com/security/blog/wp-content/themes/ms-security/assets/images/ 247 B
458 B 16ms
15ms Image
image/png 2a02:26f0:6c00:183::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.microsoft.com/security/blog/wp-content/themes/ms-security/assets/images/mail-black.png

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:183::356e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

9dc88b264cb2061fdeccef48662172bf52cc1cd5c668e242e9e600f3bf39c84b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency: 24
date: Fri, 04 Oct 2019 20:31:12 GMT
last-modified: Thu, 03 Oct 2019 15:56:11 GMT
x-rtag: RT
status: 200
etag: "5d961a1b-f7"
strict-transport-security: max-age=31536000
content-type: image/png
access-control-allow-origin: *
tls_version: tls1.2
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 247

GET
H2 200 skype-black.png
www.microsoft.com/security/blog/wp-content/themes/ms-security/assets/images/ 557 B
768 B 15ms
13ms Image
image/png 2a02:26f0:6c00:183::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.microsoft.com/security/blog/wp-content/themes/ms-security/assets/images/skype-black.png

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:183::356e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

f25fb12269bb1060790dd528cb700a87c49d8f3531cedaad0d37c617a4d1c5af

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency: 68
date: Fri, 04 Oct 2019 20:31:12 GMT
last-modified: Thu, 03 Oct 2019 15:56:11 GMT
x-rtag: RT
status: 200
etag: "5d961a1b-22d"
strict-transport-security: max-age=31536000
content-type: image/png
access-control-allow-origin: *
tls_version: tls1.2
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 557

GET
H2 200 messenger-black.png
www.microsoft.com/security/blog/wp-content/themes/ms-security/assets/images/ 448 B
659 B 22ms
21ms Image
image/png 2a02:26f0:6c00:183::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.microsoft.com/security/blog/wp-content/themes/ms-security/assets/images/messenger-black.png

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:183::356e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

cd9f9701c135d4c08a851bc5f634242f03fef8132f8d763cddc9b8ed1d20344a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency: 24
date: Fri, 04 Oct 2019 20:31:12 GMT
last-modified: Thu, 03 Oct 2019 15:56:11 GMT
x-rtag: RT
status: 200
etag: "5d961a1b-1c0"
strict-transport-security: max-age=31536000
content-type: image/png
access-control-allow-origin: *
tls_version: tls1.2
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 448

GET
H2 200 whatsapp-black.png
www.microsoft.com/security/blog/wp-content/themes/ms-security/assets/images/ 502 B
712 B 33ms
31ms Image
image/png 2a02:26f0:6c00:183::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.microsoft.com/security/blog/wp-content/themes/ms-security/assets/images/whatsapp-black.png

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:183::356e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

4dadc2332aba5151f4b0bd990760d4ea2f3207f9690d0bfeff626bccef8d335f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency: 24
date: Fri, 04 Oct 2019 20:31:12 GMT
last-modified: Thu, 03 Oct 2019 15:56:12 GMT
x-rtag: RT
status: 200
etag: "5d961a1c-1f6"
strict-transport-security: max-age=31536000
content-type: image/png
access-control-allow-origin: *
tls_version: tls1.2
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 502

GET
H2 200 taxonomy-fileless-threats-thumb-4-300x300.png
www.microsoft.com/security/blog/wp-content/uploads/2018/09/ 50 KB
51 KB 256ms
254ms Image
image/png 2a02:26f0:6c00:183::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.microsoft.com/security/blog/wp-content/uploads/2018/09/taxonomy-fileless-threats-thumb-4-300x300.png

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:183::356e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

50cda9e4093b08b7567aff077dba728179dab82db334535fcc0281111171b5ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency: 37
date: Fri, 04 Oct 2019 20:31:12 GMT
last-modified: Wed, 30 Jan 2019 18:58:16 GMT
x-rtag: RT
status: 200
etag: "5c51f3c8-c930"
strict-transport-security: max-age=31536000
content-type: image/png
access-control-allow-origin: *
tls_version: tls1.2
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 51504

GET
H2 200 wp-emoji-release.min.js Show response
www.microsoft.com/security/blog/wp-includes/js/ 12 KB
5 KB 351ms
349ms Script
application/javascript 2a02:26f0:6c00:183::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/security/blog/wp-includes/js/wp-emoji-release.min.js?ver=4.9.9

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:183::356e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

d2458b9fd9089fdcb9de317093e004ef3a65597dc68b9adfdeb15a7c9968d0d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency: 25
date: Fri, 04 Oct 2019 20:31:12 GMT
content-encoding: gzip
last-modified: Fri, 13 Jul 2018 06:37:26 GMT
x-rtag: RT
status: 200
etag: W/"5b4848a6-2efa"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
tls_version: tls1.2
cache-control: public, max-age=31536000
strict-transport-security: max-age=31536000
content-length: 4421

GET
H/1.1 200
OK windows-defender-atp-8.png
cloudblogs.microsoft.com/uploads/prod/2018/04/ 22 KB
22 KB 33ms
6ms Image
image/png 107.154.114.97
Incapsula Inc

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cloudblogs.microsoft.com/uploads/prod/2018/04/windows-defender-atp-8.png
Requested by: Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 107.154.114.97 , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS: 107.154.114.97.ip.incapdns.net
Software: /
Resource Hash: 857b665b2ee3c407a22ead2afb97f7fcbb8752431c4829dd266e51ec6daac1de

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 04 Oct 2019 20:31:11 GMT
Last-Modified: Wed, 06 Jun 2018 16:04:18 GMT
X-CDN: Incapsula
Etag: "0x8D5CBC728EFAC26"
Content-Type: image/png
X-Iinfo: 4-160510800-0 0CNN RT(1570221071558 10) q(0 -1 -1 0) r(0 -1)
Cache-Control: max-age=305480512, public
Content-Length: 22032
Expires: Sat, 09 Jun 2029 12:13:03 GMT

GET
H2 200 Forrester-Microsoft-Leader-440x268.png
www.microsoft.com/security/blog/wp-content/uploads/2019/10/ 201 KB
202 KB 66ms
65ms Image
image/png 2a02:26f0:6c00:183::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.microsoft.com/security/blog/wp-content/uploads/2019/10/Forrester-Microsoft-Leader-440x268.png

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:183::356e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

00c0770e65a84065d4b243e6c19613621715a0f5bfe259c58e2d6b96b2ac14bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency: 97
date: Fri, 04 Oct 2019 20:31:12 GMT
last-modified: Tue, 01 Oct 2019 16:35:26 GMT
x-rtag: RT
status: 200
etag: "5d93804e-325b1"
strict-transport-security: max-age=31536000
content-type: image/png
access-control-allow-origin: *
tls_version: tls1.2
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 206257

GET
H2 200 Nodersok-blog.jpg
www.microsoft.com/security/blog/wp-content/uploads/2019/09/ 36 MB
36 MB 82ms
81ms Image
image/jpeg 2a02:26f0:6c00:183::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.microsoft.com/security/blog/wp-content/uploads/2019/09/Nodersok-blog.jpg

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:183::356e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

e71d86a59e43c9c682d7f039c28d29f4e82d6815fec126eac48e9dc485c731fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency: 45
date: Fri, 04 Oct 2019 20:31:12 GMT
last-modified: Thu, 26 Sep 2019 17:19:39 GMT
x-rtag: RT
status: 200
etag: "5d8cf32b-24522c2"
strict-transport-security: max-age=31536000
content-type: image/jpeg
access-control-allow-origin: *
tls_version: tls1.2
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 38085314

GET
H2 200 deep-learning-for-malicious-powershell.jpg
www.microsoft.com/security/blog/wp-content/uploads/2019/09/ 148 KB
149 KB 99ms
98ms Image
image/jpeg 2a02:26f0:6c00:183::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.microsoft.com/security/blog/wp-content/uploads/2019/09/deep-learning-for-malicious-powershell.jpg

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:183::356e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

19c38138e5b4028f4b57891ea8be907c5f5af8366d99599385720c2fd55847bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency: 46
date: Fri, 04 Oct 2019 20:31:12 GMT
last-modified: Tue, 03 Sep 2019 15:22:22 GMT
x-rtag: RT
status: 200
etag: "5d6e852e-24ffb"
strict-transport-security: max-age=31536000
content-type: image/jpeg
access-control-allow-origin: *
tls_version: tls1.2
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 151547

GET
H2 200 CTA-feature-1024x729.jpg
www.microsoft.com/security/blog/wp-content/uploads/2019/02/ 161 KB
162 KB 114ms
114ms Image
image/jpeg 2a02:26f0:6c00:183::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.microsoft.com/security/blog/wp-content/uploads/2019/02/CTA-feature-1024x729.jpg

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:183::356e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

a58941524adf31d97c86f42995772c3a250918e696d00afc4c78d149f2adc43f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency: 177
date: Fri, 04 Oct 2019 20:31:12 GMT
last-modified: Tue, 26 Feb 2019 00:33:13 GMT
x-rtag: RT
status: 200
etag: "5c748949-28405"
strict-transport-security: max-age=31536000
content-type: image/jpeg
access-control-allow-origin: *
tls_version: tls1.2
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 164869

GET
H2 200 microsoft-uhf.js Show response
www.microsoft.com/security/blog/wp-content/plugins/microsoft-uhf/assets/ 3 KB
1 KB 13ms
13ms Script
application/javascript 2a02:26f0:6c00:183::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/security/blog/wp-content/plugins/microsoft-uhf/assets/microsoft-uhf.js?ver=0.2.0

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:183::356e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

30f70cbb95de1c084e40c56914124b3c133873440057daba9659694041245be6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency: 25
date: Fri, 04 Oct 2019 20:31:12 GMT
content-encoding: gzip
last-modified: Mon, 13 May 2019 14:16:12 GMT
x-rtag: RT
status: 200
etag: W/"5cd97c2c-ae9"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
tls_version: tls1.2
cache-control: public, max-age=31536000
strict-transport-security: max-age=31536000
content-length: 1202

GET
H2 200 eucc.js Show response
www.microsoft.com/security/blog/wp-content/plugins/wds-microsoft-eu-cookie-compliance/assets/js/ 9 KB
3 KB 20ms
20ms Script
application/javascript 2a02:26f0:6c00:183::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/security/blog/wp-content/plugins/wds-microsoft-eu-cookie-compliance/assets/js/eucc.js?ver=2.2.2

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:183::356e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

c3c6fe97f918fcc40403ff671209d7d042dd4a8a7dc66e974eb1becc2bfe16ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency: 26
date: Fri, 04 Oct 2019 20:31:12 GMT
content-encoding: gzip
last-modified: Fri, 22 Feb 2019 16:33:32 GMT
x-rtag: RT
status: 200
etag: W/"5c70245c-2542"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
tls_version: tls1.2
cache-control: public, max-age=31536000
strict-transport-security: max-age=31536000
content-length: 2931

GET
H2 200 uhf-search-ui.js Show response
www.microsoft.com/security/blog/wp-content/plugins/wds-ms-searchwp/features/uhf-search-ui/ 4 KB
1 KB 16ms
16ms Script
application/javascript 2a02:26f0:6c00:183::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/security/blog/wp-content/plugins/wds-ms-searchwp/features/uhf-search-ui/uhf-search-ui.js?ver=1.0.1

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:183::356e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

16d6e957a9525cb4848051b0efc5aa101d256a3c6838007dc4ac2c41121eaade

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency: 27
date: Fri, 04 Oct 2019 20:31:12 GMT
content-encoding: gzip
last-modified: Tue, 02 Apr 2019 19:51:16 GMT
x-rtag: RT
status: 200
etag: W/"5ca3bd34-105b"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
tls_version: tls1.2
cache-control: public, max-age=31536000
strict-transport-security: max-age=31536000
content-length: 1039

GET
H2 200 modernizr.js Show response
www.microsoft.com/security/blog/wp-content/themes/ms-security/assets/bower_components/modernizer/ 50 KB
16 KB 15ms
15ms Script
application/javascript 2a02:26f0:6c00:183::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/security/blog/wp-content/themes/ms-security/assets/bower_components/modernizer/modernizr.js?ver=2.8.2

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:183::356e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

b828b15e9b7836b493a8bd6e832a24ee13aa8b6f8b4a1bf307a7af2912014178

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency: 71
date: Fri, 04 Oct 2019 20:31:12 GMT
content-encoding: gzip
last-modified: Fri, 22 Feb 2019 16:33:49 GMT
x-rtag: RT
status: 200
etag: W/"5c70246d-c897"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
tls_version: tls1.2
cache-control: public, max-age=31536000
strict-transport-security: max-age=31536000
content-length: 15897

GET
H2 200 mwf-auto-init-main.var.min.js Show response
assets.onestore.ms/cdnfiles/external/mwf/short/v1/latest/scripts/ 303 KB
71 KB 16ms
16ms Script
application/x-javascript 2a02:26f0:6c00:281::2957
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.onestore.ms/cdnfiles/external/mwf/short/v1/latest/scripts/mwf-auto-init-main.var.min.js?ver=v1.23.2+5182151

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:281::2957 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /

Resource Hash

f2a28cd82e7ec00d2d8158f21fb0507722cd8b09fa4a0a16fadc58f30385cc25

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff, nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 04 Oct 2019 20:31:12 GMT
content-encoding: gzip
x-content-type-options: nosniff, nosniff, nosniff
content-md5: 12go4t01WZJhAGBag3beKQ==
status: 200
content-length: 71611
x-ms-lease-state: available
last-modified: Thu, 01 Feb 2018 02:22:29 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag: "0x8D5691AA4A3D407"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-lease-state,x-ms-blob-type,Accept-Ranges
cache-control: max-age=900
accept-ranges: bytes

GET
H2 200 picturefill.min.js Show response
www.microsoft.com/security/blog/wp-content/themes/ms-security/assets/bower_components/picturefill/dist/ 12 KB
5 KB 12ms
12ms Script
application/javascript 2a02:26f0:6c00:183::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/security/blog/wp-content/themes/ms-security/assets/bower_components/picturefill/dist/picturefill.min.js?ver=3.0.3

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:183::356e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

893fa7fe8b6e69e2828319c04a7cbb6f129ea820db695d4ced5757d59450b6a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency: 26
date: Fri, 04 Oct 2019 20:31:12 GMT
content-encoding: gzip
last-modified: Fri, 22 Feb 2019 16:34:16 GMT
x-rtag: RT
status: 200
etag: W/"5c702488-2e1f"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
tls_version: tls1.2
cache-control: public, max-age=31536000
strict-transport-security: max-age=31536000
content-length: 5181

GET
H2 200 imagesloaded.min.js Show response
www.microsoft.com/security/blog/wp-includes/js/ 8 KB
3 KB 14ms
14ms Script
application/javascript 2a02:26f0:6c00:183::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/security/blog/wp-includes/js/imagesloaded.min.js?ver=3.2.0

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:183::356e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

854d677b850907cd851eac7e3f02f05a1e056f05bd5563199c5d93044ff16840

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency: 24
date: Fri, 04 Oct 2019 20:31:12 GMT
content-encoding: gzip
last-modified: Thu, 03 Nov 2016 05:40:34 GMT
x-rtag: RT
status: 200
etag: W/"581acdd2-1f3a"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
tls_version: tls1.2
cache-control: public, max-age=31536000
strict-transport-security: max-age=31536000
content-length: 2491

GET
H2 200 masonry.min.js Show response
www.microsoft.com/security/blog/wp-includes/js/ 28 KB
9 KB 16ms
16ms Script
application/javascript 2a02:26f0:6c00:183::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/security/blog/wp-includes/js/masonry.min.js?ver=3.3.2

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:183::356e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

3ca3e467b7d4d6b403aa4619019d9250b11449c8ee9c91c90bcbc9acdd64fea2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency: 69
date: Fri, 04 Oct 2019 20:31:12 GMT
content-encoding: gzip
last-modified: Tue, 28 Jun 2016 18:48:31 GMT
x-rtag: RT
status: 200
etag: W/"5772c67f-711a"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
tls_version: tls1.2
cache-control: public, max-age=31536000
strict-transport-security: max-age=31536000
content-length: 8584

GET
H2 200 project.min.js Show response
www.microsoft.com/security/blog/wp-content/themes/ms-security/assets/scripts/ 7 KB
2 KB 14ms
14ms Script
application/javascript 2a02:26f0:6c00:183::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/security/blog/wp-content/themes/ms-security/assets/scripts/project.min.js?ver=1.0.0

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:183::356e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

ea49a34ae66ff6330e30845980df1589a88990a50391b5b2d53248086c184924

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency: 69
date: Fri, 04 Oct 2019 20:31:12 GMT
content-encoding: gzip
last-modified: Thu, 03 Oct 2019 15:56:12 GMT
x-rtag: RT
status: 200
etag: W/"5d961a1c-1b58"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
tls_version: tls1.2
cache-control: public, max-age=31536000
strict-transport-security: max-age=31536000
content-length: 1988

GET
H2 200 comment-reply.min.js Show response
www.microsoft.com/security/blog/wp-includes/js/ 1 KB
824 B 15ms
15ms Script
application/javascript 2a02:26f0:6c00:183::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/security/blog/wp-includes/js/comment-reply.min.js?ver=4.9.9

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:183::356e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

1b1ca0f15010e0124bd4ca481404643c88f7eda1b276e9554d0ed83fb45b7e30

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency: 24
date: Fri, 04 Oct 2019 20:31:12 GMT
content-encoding: gzip
last-modified: Wed, 18 Nov 2015 19:15:28 GMT
x-rtag: RT
status: 200
etag: W/"564cce50-436"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
tls_version: tls1.2
cache-control: public, max-age=31536000
strict-transport-security: max-age=31536000
content-length: 589

GET
H2 200 wp-embed.min.js Show response
www.microsoft.com/security/blog/wp-includes/js/ 1 KB
988 B 17ms
17ms Script
application/javascript 2a02:26f0:6c00:183::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/security/blog/wp-includes/js/wp-embed.min.js?ver=4.9.9

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:183::356e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

2152557cac69e2bd7d6debef5037a9f554f9209cc305b8141b3329acb10c42b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency: 82
date: Fri, 04 Oct 2019 20:31:12 GMT
content-encoding: gzip
last-modified: Fri, 31 Aug 2018 06:29:28 GMT
x-rtag: RT
status: 200
etag: W/"5b88e048-57b"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
tls_version: tls1.2
cache-control: public, max-age=31536000
strict-transport-security: max-age=31536000
content-length: 753

GET
H2 200 d6-c4d640 Show response
www.microsoft.com/onerfstatics/marketingsites-wcus-prod/shell/_scrf/js/themes=default/54-af9f9f/c0-247156/de-099401/e1-a50eee/e7-954872/d8-97d509/f0-251fe2/46-be1318/77-04a268/11-240c7b/63-077520/a... 125 KB
34 KB 17ms
17ms Script
text/javascript 2a02:26f0:6c00:183::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/onerfstatics/marketingsites-wcus-prod/shell/_scrf/js/themes=default/54-af9f9f/c0-247156/de-099401/e1-a50eee/e7-954872/d8-97d509/f0-251fe2/46-be1318/77-04a268/11-240c7b/63-077520/a4-34de62/1b-c96630/db-bc0148/dc-7e9864/78-4c7d22/39-97e6ff/16-4c1a9d/cd-23d3b0/6d-1e7ed0/b7-cadaa7/ca-40b7b0/4e-ee3a55/3e-f5c39b/c3-6454d7/f9-7592d3/92-10345d/79-499886/7e-cda2d3/62-95a6e7/93-283c2d/e0-3c9860/91-97a04f/1f-100dea/33-abe4df/d6-c4d640?ver=2.0&iife=1

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:183::356e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

804da9bf2367258e2a08eb02db98271b122af20353cf78c6141768233cf3a9ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

ms-operation-id: 34b1bbf5b576594fa508ef91aeff57ef
date: Fri, 04 Oct 2019 20:31:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-rtag: RT
x-s2: 2019-09-24T22:40:18
p3p: CP="CAO CONi OTR OUR DEM ONL"
status: 200
x-activity-id: a86b0394-fe17-4925-9963-087d52284767
tls_version: tls1.2
x-s1: 2019-09-24T22:40:18
ms-cv: cYwtvSGH6E6J6bBw.0
vary: Accept-Encoding
content-length: 33668
x-xss-protection: 1
last-modified: Tue, 24 Sep 2019 22:40:18 GMT
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odeastasia, dt: 2018-05-03T20:14:23.4188992Z, bt: 2019-09-24T06:10:28.0000000Z}
strict-transport-security: max-age=31536000
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30679753
timing-allow-origin: *
x-appversion: 1.0.7205.39914
expires: Wed, 23 Sep 2020 22:40:25 GMT

GET
H/1.1 200
OK meversion Show response
mem.gfx.ms/ 26 KB
9 KB 87ms
48ms Script
application/javascript 2a02:26f0:6c00:19d::37
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://mem.gfx.ms/meversion?partner=MSSecurity&market=en-us&uhf=1

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:19d::37 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

eee0c2e3a77779bcc1ca34c4eef3c1ddb74b96a24bf0670128142689969783e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 04 Oct 2019 20:31:12 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: public, no-transform, max-age=43200
X-UA-Compatible: IE=edge
Connection: keep-alive
Content-Length: 9168
Expires: Sat, 05 Oct 2019 04:24:08 GMT

GET
H2 200 mscc-0.4.1.min.js Show response
c.s-microsoft.com/mscc/statics/ 3 KB
2 KB 6ms
6ms Script
text/javascript 2a02:26f0:6c00:294::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.s-microsoft.com/mscc/statics/mscc-0.4.1.min.js
Requested by: Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00:294::356e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: /
Resource Hash: c87516d7dd7077edd467f5b7b085b035cd4803ecf049670ab19de004e270aba8

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Fri, 04 Oct 2019 20:31:12 GMT
content-encoding: gzip
last-modified: Mon, 10 Sep 2018 17:42:12 GMT
content-md5: XpofSqMdSqYPb4maLkXO+A==
status: 200
etag: 0x8D61744BD6EA9B6
vary: Accept-Encoding
access-control-allow-methods: GET,POST
content-type: text/javascript;charset=utf-8
access-control-allow-origin: *
x-ms-request-id: 9fc6c4bd-001e-003f-1afe-49a444000000
x-ms-version: 2009-09-19
content-length: 1588

GET
H2 200 launch-ENc0cbffaf0f8248c3a934a56818d7737e.min.js Show response
assets.adobedtm.com/ 116 KB
25 KB 4076ms
61ms Script
application/x-javascript 2.18.232.23
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/launch-ENc0cbffaf0f8248c3a934a56818d7737e.min.js
Requested by: Host: query.prod.cms.rt.microsoft.com
URL: https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE1r2ij?ver=1.0.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.23 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-232-23.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 00bc3b669da7da749341833983fa61825d78eee43e9f7caaf480e191d06dbe8a

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 04 Oct 2019 20:31:16 GMT
content-encoding: gzip
last-modified: Wed, 02 Oct 2019 22:30:47 GMT
server: AkamaiNetStorage
etag: "35387f8b2a36e44e18f308f5e3eca665:1570055447.503886"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 25526
expires: Fri, 04 Oct 2019 21:31:16 GMT

GET
H2 200 mwfmdl2-v3.48.woff
www.microsoft.com/mwf/_h/v3.48/mwf.app/fonts/ 26 KB
26 KB 193ms
193ms Font
application/font-woff 2a02:26f0:6c00:183::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/mwf/_h/v3.48/mwf.app/fonts/mwfmdl2-v3.48.woff

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:183::356e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

56a6a953c17fe304d2f0cd1b1c7105ecfe21b1701d2066b8a9e07286dc0026e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Sec-Fetch-Mode: cors
Referer: https://www.microsoft.com/onerfstatics/marketingsites-wcus-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/e0-becedb/7f-6a1eb1/27-029bba/3e-3bbcc0/1d-179740/f7-894bb9/87-13daff/29-a92d62?ver=2.0
Origin: https://www.microsoft.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

ms-operation-id: 9033bdb4a3c8fa4e9039c6ec20cd45bb
date: Fri, 04 Oct 2019 20:31:12 GMT
x-content-type-options: nosniff
x-rtag: RT
p3p: CP="CAO CONi OTR OUR DEM ONL"
status: 200
x-activity-id: 501d1e92-f87b-4406-a4a2-ebd44f75b471
tls_version: tls1.2
ms-cv: aTW5XW7mJEun4OGG.0
content-length: 26140
x-xss-protection: 1
last-modified: Thu, 19 Sep 2019 09:42:06 GMT
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2019-09-14T02:42:26.0000000Z}
strict-transport-security: max-age=31536000
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=30201051
x-appversion: 1.0.7195.33673
expires: Fri, 18 Sep 2020 09:42:03 GMT

GET
H2 200 latest.woff2
c.s-microsoft.com/static/fonts/segoe-ui/west-european/Semibold/ 29 KB
29 KB 17ms
6ms Font
font/woff2 2a02:26f0:6c00:294::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.s-microsoft.com/static/fonts/segoe-ui/west-european/Semibold/latest.woff2
Requested by: Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00:294::356e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: /
Resource Hash: d87d0a7a7fe2c36d1dc093bfe56e9b81b311988789dbd3b65abf811d551ef02f

Request headers

Sec-Fetch-Mode: cors
Referer: https://assets.onestore.ms/cdnfiles/external/mwf/short/v1/latest/css/mwf-west-european-default.min.css?ver=4.9.9
Origin: https://www.microsoft.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 04 Oct 2019 20:31:12 GMT
last-modified: Fri, 09 Aug 2019 21:12:05 GMT
etag: "543fef18f74ed51:0"
status: 200
access-control-allow-methods: GET,POST
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=150435
accept-ranges: bytes
content-length: 29388
expires: Sun, 06 Oct 2019 14:18:27 GMT

GET
H2 200 latest.woff2
c.s-microsoft.com/static/fonts/segoe-ui/west-european/normal/ 33 KB
34 KB 21ms
12ms Font
font/woff2 2a02:26f0:6c00:294::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.s-microsoft.com/static/fonts/segoe-ui/west-european/normal/latest.woff2
Requested by: Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00:294::356e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: /
Resource Hash: 4f7f4afe26e71fa9ca1dac4a43b557a554a46f53251d849f07ed08a04829d74b

Request headers

Sec-Fetch-Mode: cors
Referer: https://assets.onestore.ms/cdnfiles/external/mwf/short/v1/latest/css/mwf-west-european-default.min.css?ver=4.9.9
Origin: https://www.microsoft.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 04 Oct 2019 20:31:12 GMT
last-modified: Fri, 09 Aug 2019 21:12:05 GMT
etag: "a7b8ed18f74ed51:0"
status: 200
access-control-allow-methods: GET,POST
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=78389
accept-ranges: bytes
content-length: 34052
expires: Sat, 05 Oct 2019 18:17:41 GMT

GET
H2 200 latest.woff2
c.s-microsoft.com/static/fonts/segoe-ui/west-european/Bold/ 29 KB
30 KB 10ms
10ms Font
font/woff2 2a02:26f0:6c00:294::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.s-microsoft.com/static/fonts/segoe-ui/west-european/Bold/latest.woff2
Requested by: Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00:294::356e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: /
Resource Hash: 1232bbdbc5d205f3c5a40efa5ed92839c79e7879d5168445cc47645bb93f7d1b

Request headers

Sec-Fetch-Mode: cors
Referer: https://assets.onestore.ms/cdnfiles/external/mwf/short/v1/latest/css/mwf-west-european-default.min.css?ver=4.9.9
Origin: https://www.microsoft.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 04 Oct 2019 20:31:12 GMT
last-modified: Fri, 09 Aug 2019 21:12:05 GMT
etag: "8061e818f74ed51:0"
status: 200
access-control-allow-methods: GET,POST
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=498488
accept-ranges: bytes
content-length: 30132
expires: Thu, 10 Oct 2019 14:59:20 GMT

GET
H2 200 latest.woff2
c.s-microsoft.com/static/fonts/segoe-ui/west-european/Light/ 27 KB
27 KB 8ms
8ms Font
font/woff2 2a02:26f0:6c00:294::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.s-microsoft.com/static/fonts/segoe-ui/west-european/Light/latest.woff2
Requested by: Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00:294::356e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: /
Resource Hash: fe8a1047376498c80a157d13555e42a92ad480fcb0bcc9de51ad1930fbeb7f91

Request headers

Sec-Fetch-Mode: cors
Referer: https://assets.onestore.ms/cdnfiles/external/mwf/short/v1/latest/css/mwf-west-european-default.min.css?ver=4.9.9
Origin: https://www.microsoft.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 04 Oct 2019 20:31:12 GMT
last-modified: Fri, 09 Aug 2019 21:12:05 GMT
etag: "2359ec18f74ed51:0"
status: 200
access-control-allow-methods: GET,POST
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=573672
accept-ranges: bytes
content-length: 27168
expires: Fri, 11 Oct 2019 11:52:24 GMT

GET
H2 200 latest.woff2
c.s-microsoft.com/static/fonts/segoe-ui/west-european/Semilight/ 28 KB
28 KB 6ms
5ms Font
font/woff2 2a02:26f0:6c00:294::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.s-microsoft.com/static/fonts/segoe-ui/west-european/Semilight/latest.woff2
Requested by: Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00:294::356e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: /
Resource Hash: 6ba0d1a726f1887bd61727b308ed0be0e73edba17d4ad11b91ab19b632e078f6

Request headers

Sec-Fetch-Mode: cors
Referer: https://assets.onestore.ms/cdnfiles/external/mwf/short/v1/latest/css/mwf-west-european-default.min.css?ver=4.9.9
Origin: https://www.microsoft.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 04 Oct 2019 20:31:12 GMT
last-modified: Fri, 09 Aug 2019 21:12:05 GMT
etag: "a473f218f74ed51:0"
status: 200
access-control-allow-methods: GET,POST
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=123523
accept-ranges: bytes
content-length: 28908
expires: Sun, 06 Oct 2019 06:49:55 GMT

GET
H2 204 _log
uhf.microsoft.com/ 0
128 B 20ms
8ms Image
text/html 2a02:26f0:6c00:286::2b57
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uhf.microsoft.com/_log?o=mscc&s=Microsoft.OneRenderFramework.Core&m=show&nv=aspnet-3.1.3&sv=0.1.2
Requested by: Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00:286::2b57 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 04 Oct 2019 20:31:12 GMT
status: 204
content-type: text/html
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 0
expires: Fri, 04 Oct 2019 20:31:12 GMT

GET
H/1.1 200
OK meBoot.min.js Show response
mem.gfx.ms/scripts/me/MeControl/10.19256.4/en-US/ 123 KB
26 KB 6ms
6ms Script
application/javascript 2a02:26f0:6c00:19d::37
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://mem.gfx.ms/scripts/me/MeControl/10.19256.4/en-US/meBoot.min.js

Requested by

Host: mem.gfx.ms
URL: https://mem.gfx.ms/meversion?partner=MSSecurity&market=en-us&uhf=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:19d::37 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

7f64e716852ef6a844b8ae575976731b6f37ca162fa4e690cba923a05dbf1323

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 04 Oct 2019 20:31:12 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Sat, 14 Sep 2019 07:56:30 GMT
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 26709
X-UA-Compatible: IE=edge

POST
H2 200 admin-ajax.php Show response
www.microsoft.com/security/blog/wp-admin/ 58 B
867 B 860ms
860ms XHR
application/json 2a02:26f0:6c00:183::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/security/blog/wp-admin/admin-ajax.php

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/wp-includes/js/jquery/jquery.js?ver=1.12.4

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:183::356e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

c02f7dbcbf49114dec273e763bca1199ed3126242c464c0262893752c1c9281b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: cors
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

x-edgeconnect-origin-mex-latency: 658
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
x-rtag: RT
status: 200
tls_version: tls1.2
content-length: 58
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
wpe-backend: apache
x-frame-options: SAMEORIGIN, SAMEORIGIN
date: Fri, 04 Oct 2019 20:31:13 GMT
strict-transport-security: max-age=31536000
content-type: application/json; charset=UTF-8
cache-control: no-cache, must-revalidate, max-age=0, no-store
x-robots-tag: noindex
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
DATA 200
OK truncated
/ 360 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 593dbe4f1db37a6da9d5f732bc4bb17eb419e2c9e42bd4b3d897bca85fa131b2

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 944 B
753 B 18ms
6ms Script
application/x-javascript 2a02:26f0:6c00:296::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: t.co
URL: https://t.co/QEfqelGWSt?amp=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00:296::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: /
Resource Hash: b659d47b0e33655c339af7283aa791e4798beed27ae27285f770e75c29d94a63

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 04 Oct 2019 20:31:13 GMT
Content-Encoding: gzip
Last-Modified: Wed, 02 Oct 2019 17:16:51 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=57665
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 440

GET
H2 200 addthis_widget.js Show response
s7.addthis.com/js/300/ 349 KB
113 KB 22ms
8ms Script
application/javascript 23.210.248.44
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/300/addthis_widget.js

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/wp-includes/js/jquery/jquery.js?ver=1.12.4

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a23-210-248-44.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

a6da9512cf7dd6fe3c4328ad3ad4e8dda6f04248422a1f1eb776f21e26640785

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Thu, 19 Sep 2019 17:51:44 GMT
server: nginx/1.15.8
etag: W/"5d83c030-573eb"
vary: Accept-Encoding
x-distribution: 99
content-type: application/javascript
status: 200
cache-control: public, max-age=600
date: Fri, 04 Oct 2019 20:31:13 GMT
x-host: s7.addthis.com
content-length: 114880

GET
H/1.1 200
OK insight.beta.min.js Show response
snap.licdn.com/li.lms-analytics/ 3 KB
2 KB 8ms
8ms Script
application/x-javascript 2a02:26f0:6c00:296::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.beta.min.js
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00:296::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: /
Resource Hash: 41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 04 Oct 2019 20:31:13 GMT
Content-Encoding: gzip
Last-Modified: Fri, 13 Sep 2019 20:18:39 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=72689
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1576

GET
H2

200

collect
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7850&url=https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F2018%2F01%2F24%2Fnow-you-see-me-exposing-fileless-malware%2F&time=1570221073495
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D7850%26url%3Dhttps%253A%252F%252Fwww.microsoft.com%252Fsecurity%252Fblog%252F2018...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7850&url=https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F2018%2F01%2F24%2Fnow-you-see-me-exposing-fileless-malware%2F&time=1570221073495&liSyn...

0
111 B

163ms
163ms

Image
application/javascript

2a05:f500:11:101::b93f:9005
LinkedIn Corporation

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7850&url=https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F2018%2F01%2F24%2Fnow-you-see-me-exposing-fileless-malware%2F&time=1570221073495&liSync=true
Requested by: Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:f500:11:101::b93f:9005 , Ireland, ASN14413 (LINKEDIN - LinkedIn Corporation, US),
Reverse DNS
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 04 Oct 2019 20:31:14 GMT
content-encoding: gzip
server: Play
vary: Accept-Encoding
x-li-fabric: prod-lor1
status: 200
x-li-proto: http/2
x-li-pop: prod-tln1
content-type: application/javascript
content-length: 20
x-li-uuid: ZbYiW7+LyhXwOgyODisAAA==

Redirect headers

date: Fri, 04 Oct 2019 20:31:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 302
vary: Accept-Encoding
content-length: 20
x-li-uuid: LTwBVL+LyhXQ/XBKpCsAAA==
server: Play
pragma: no-cache
x-li-pop: prod-ech2
x-frame-options: sameorigin
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
strict-transport-security: max-age=2592000
x-li-fabric: prod-lor1
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7850&url=https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F2018%2F01%2F24%2Fnow-you-see-me-exposing-fileless-malware%2F&time=1570221073495&liSync=true
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store
content-security-policy: default-src *; connect-src 'self' static.licdn.com media.licdn.com static-exp1.licdn.com static-exp2.licdn.com media-exp1.licdn.com media-exp2.licdn.com https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob:; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' platform.linkedin.com spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/insight.min.js; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=l
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 RCe273b42c34d5427cb02b2d6cd022cac2-source.min.js Show response
assets.adobedtm.com/5ef092d1efb5/2537c33769cb/1e7b8087c257/ 1 KB
756 B 197ms
196ms Script
application/x-javascript 2.18.232.23
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5ef092d1efb5/2537c33769cb/1e7b8087c257/RCe273b42c34d5427cb02b2d6cd022cac2-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc0cbffaf0f8248c3a934a56818d7737e.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.23 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-232-23.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: f6c0725593c1c4a845a2547e58bff54a8bac5bb7d64da24ddcfd35e0fb644a25

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 04 Oct 2019 20:31:16 GMT
content-encoding: gzip
last-modified: Wed, 02 Oct 2019 22:30:48 GMT
server: AkamaiNetStorage
etag: "f4e0c65865a82e40ab11caca2e33bc4d:1570055448.381099"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 512
expires: Fri, 04 Oct 2019 21:31:16 GMT

GET
H2 200 RC609c6a62e6764307915e122757d5274b-source.min.js Show response
assets.adobedtm.com/5ef092d1efb5/2537c33769cb/1e7b8087c257/ 74 KB
19 KB 256ms
256ms Script
application/x-javascript 2.18.232.23
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5ef092d1efb5/2537c33769cb/1e7b8087c257/RC609c6a62e6764307915e122757d5274b-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc0cbffaf0f8248c3a934a56818d7737e.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.23 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-232-23.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 78e9711cacf75243f565101a6309ede52bc8176fd7dead2b23ec2c79506392ff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 04 Oct 2019 20:31:16 GMT
content-encoding: gzip
last-modified: Wed, 02 Oct 2019 22:30:48 GMT
server: AkamaiNetStorage
etag: "f4e0c65865a82e40ab11caca2e33bc4d:1570055448.381099"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 19170
expires: Fri, 04 Oct 2019 21:31:16 GMT

GET
H2 200 RCf4d5a6b020184421bd20da64431bd00c-source.min.js Show response
assets.adobedtm.com/5ef092d1efb5/2537c33769cb/1e7b8087c257/ 1 KB
824 B 252ms
252ms Script
application/x-javascript 2.18.232.23
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5ef092d1efb5/2537c33769cb/1e7b8087c257/RCf4d5a6b020184421bd20da64431bd00c-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc0cbffaf0f8248c3a934a56818d7737e.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.23 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-232-23.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 50289b758c70a9e38ae6f8d6cd0635b7c0ac74493be3acf4d140413cb261e26a

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 04 Oct 2019 20:31:16 GMT
content-encoding: gzip
last-modified: Wed, 02 Oct 2019 22:30:48 GMT
server: AkamaiNetStorage
etag: "f4e0c65865a82e40ab11caca2e33bc4d:1570055448.381099"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 579
expires: Fri, 04 Oct 2019 21:31:16 GMT

GET
H2 200 RC28553343ff05437083fb511b81b7a31c-source.min.js Show response
assets.adobedtm.com/5ef092d1efb5/2537c33769cb/1e7b8087c257/ 50 KB
10 KB 393ms
393ms Script
application/x-javascript 2.18.232.23
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5ef092d1efb5/2537c33769cb/1e7b8087c257/RC28553343ff05437083fb511b81b7a31c-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc0cbffaf0f8248c3a934a56818d7737e.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.23 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-232-23.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 9714b576247751e41134a7df299afb3fabd3835cdd5e173c0454a9c7bb11e3e6

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 04 Oct 2019 20:31:16 GMT
content-encoding: gzip
last-modified: Wed, 02 Oct 2019 22:30:48 GMT
server: AkamaiNetStorage
etag: "f4e0c65865a82e40ab11caca2e33bc4d:1570055448.381099"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 10085
expires: Fri, 04 Oct 2019 21:31:16 GMT

GET
H2 200 jsll-4.js Show response
az725175.vo.msecnd.net/scripts/ 54 KB
18 KB 7ms
6ms Script
text/javascript 152.199.19.160
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://az725175.vo.msecnd.net/scripts/jsll-4.js
Requested by: Host: t.co
URL: https://t.co/QEfqelGWSt?amp=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.19.160 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECAcc (frc/8F78) /
Resource Hash: e6bbfa4af18fb4f0e9c8a31d6654eac92d0f82dc895c6e5f49b54a8de51e5923

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 04 Oct 2019 20:31:16 GMT
content-encoding: gzip
content-md5: Dy7dMa7nsOSUbofNz/X23A==
x-cache: HIT
status: 200
content-length: 18058
x-ms-lease-status: unlocked
last-modified: Thu, 14 Mar 2019 00:43:49 GMT
server: ECAcc (frc/8F78)
etag: 0x8D6A8161FD3B925
vary: Accept-Encoding
content-type: text/javascript; charset="utf-8"
x-ms-request-id: 3cce41c7-501e-003d-20ef-7a7a0d000000
cache-control: public, max-age=1800, immutable
x-ms-version: 2009-09-19

GET
H/1.1 200
OK t.js Show response
web.vortex.data.microsoft.com/collect/v1/ 260 B
909 B 30ms
29ms Script
application/javascript 40.77.226.250
Microsoft Corpora...

General

Check archive.org

Show headers Download Go to

Full URL

https://web.vortex.data.microsoft.com/collect/v1/t.js?ver=%272.1%27&name=%27Ms.Webi.PageView%27&time=%272019-10-04T20%3A31%3A16.780Z%27&os=%27MacOS%27&appId=%27JS%3AsecurityBlog%27&-ver=%271.0%27&-impressionGuid=%2712fbbd12-5df9-423f-8738-50db00aeca41%27&-pageName=%27Undefined%27&-uri=%27https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F2018%2F01%2F24%2Fnow-you-see-me-exposing-fileless-malware%2F%27&-referrerUri=%27https%3A%2F%2Ft.co%2FQEfqelGWSt%3Famp%3D1%27&-resHeight=1200&-resWidth=1600&-pageTags=%27%7B%22metaTags%22%3A%7B%7D%7D%27&-behavior=0&*baseType=%27Ms.Content.PageView%27&*cookieEnabled=true&*isJs=true&*title=%27Now%20you%20see%20me%3A%20Exposing%20fileless%20malware%20-%20Microsoft%20Security%27&*isLoggedIn=false&*flashInstalled=false&ext-javascript-ver=%271.1%27&ext-javascript-libVer=%274.2.14%27&ext-javascript-domain=%27www.microsoft.com%27&ext-javascript-userConsent=false&$mscomCookies=false

Requested by

Host: az725175.vo.msecnd.net
URL: https://az725175.vo.msecnd.net/scripts/jsll-4.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

40.77.226.250 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),

Reverse DNS

Software

Resource Hash

833c01b845d0ee98d9fd8ce42414b864831e0296dd5464bcb062fcd8d0cdf081

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 04 Oct 2019 20:31:15 GMT
X-Content-Type-Options: nosniff
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Cache-Control: no-cache, no-store
MS-CV: iQwrPgpzZ0y6vbw2sjaORw.0
Content-Type: application/javascript
Content-Length: 260
Expires: 0

POST
H/1.1 200
OK v1
web.vortex.data.microsoft.com/collect/ 0
0 30ms
30ms Other
application/json 40.77.226.250
Microsoft Corpora...

General

Check archive.org

Show headers Download Go to

Full URL: https://web.vortex.data.microsoft.com/collect/v1?$mscomCookies=false
Requested by: Host: az725175.vo.msecnd.net
URL: https://az725175.vo.msecnd.net/scripts/jsll-4.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 40.77.226.250 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.microsoft.com
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Origin, X-Xbl-Contract-Version, X-Xbl-Device-Type, Xbl-Authz-Actor-10, WithCredentials
Access-Control-Allow-Credentials: true

GET
H2 200 me.srf
login.live.com/ Frame 4950 0
0 283ms
96ms Document
text/html 40.90.23.208
Microsoft Corpora...

General

Check archive.org

Show headers Download Go to

Full URL

https://login.live.com/me.srf?wa=wsignin1.0&wreply=https%3A%2F%2Fwww.microsoft.com&uaid=85784524-aab0-4735-4058-b097d1786da2&partnerId=mssecurity

Requested by

Host: mem.gfx.ms
URL: https://mem.gfx.ms/scripts/me/MeControl/10.19256.4/en-US/meBoot.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

40.90.23.208 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: login.live.com
:scheme: https
:path: /me.srf?wa=wsignin1.0&wreply=https%3A%2F%2Fwww.microsoft.com&uaid=85784524-aab0-4735-4058-b097d1786da2&partnerId=mssecurity
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode: nested-navigate
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: nested-navigate
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/

Response headers

status: 200
cache-control: no-cache, no-store
pragma: no-cache
content-type: text/html; charset=utf-8
content-encoding: gzip
expires: Fri, 04 Oct 2019 20:30:18 GMT
vary: Accept-Encoding
server: Microsoft-IIS/10.0
p3p: CP="DSP CUR OTPi IND OTRi ONL FIN"
set-cookie: uaid=85784524aab047354058b097d1786da2; domain=login.live.com; Secure; path=/; HttpOnly MSPRequ=id=N&lt=1570221078&co=1; domain=login.live.com; Secure; path=/; HttpOnly
referrer-policy: strict-origin-when-cross-origin
ppserver: PPV: 30 H: BL02PF257A359EA V: 0
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block
date: Fri, 04 Oct 2019 20:31:18 GMT
content-length: 4068

GET
H/1.1 200
OK meCore.min.js Show response
mem.gfx.ms/scripts/me/MeControl/10.19256.4/en-US/ 85 KB
13 KB 7ms
7ms Script
application/javascript 2a02:26f0:6c00:19d::37
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://mem.gfx.ms/scripts/me/MeControl/10.19256.4/en-US/meCore.min.js

Requested by

Host: mem.gfx.ms
URL: https://mem.gfx.ms/meversion?partner=MSSecurity&market=en-us&uhf=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:19d::37 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

3cbeb8bedd9fd42dbf854d278f1da863b03835835a953a5be00dd2d30ec820b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 04 Oct 2019 20:31:18 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Sat, 14 Sep 2019 07:56:30 GMT
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 13212
X-UA-Compatible: IE=edge

GET
H2 200 _ate.track.config_resp Show response
v1.addthisedge.com/live/boost/ra-5a733b9bbd7faa84/ 1 KB
785 B 134ms
133ms Script
application/javascript 23.210.248.44
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://v1.addthisedge.com/live/boost/ra-5a733b9bbd7faa84/_ate.track.config_resp
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-210-248-44.deploy.static.akamaitechnologies.com
Software: Jetty(9.4.8.v20180619) /
Resource Hash: 6a364177c65b9a7868a5f155612c7a623fe69a55a75da2b0fe7068d865a577c4

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 04 Oct 2019 20:31:18 GMT
content-encoding: gzip
surrogate-key: ra-5a733b9bbd7faa84
server: Jetty(9.4.8.v20180619)
cache-tag: ra-5a733b9bbd7faa84
etag: 1462142690--gzip
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
status: 200
cache-control: public, max-age=60, s-maxage=86400
content-disposition: attachment; filename=1.txt
content-length: 539

GET
H/1.1 200
OK t.js Show response
web.vortex.data.microsoft.com/collect/v1/ 260 B
909 B 30ms
29ms Script
application/javascript 40.77.226.250
Microsoft Corpora...

General

Check archive.org

Show headers Download Go to

Full URL

https://web.vortex.data.microsoft.com/collect/v1/t.js?ver=%272.1%27&name=%27Ms.Webi.ClientError%27&time=%272019-10-04T20%3A31%3A18.617Z%27&os=%27MacOS%27&appId=%27JS%3AsecurityBlog%27&*errorInfo=%27%7B%22Page%22%3A%22https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F2018%2F01%2F24%2Fnow-you-see-me-exposing-fileless-malware%2F%22%2C%22Script%22%3A%22%22%2C%22Message%22%3A%22Script%20error.%22%2C%22LineNumber%22%3A0%2C%22StackTrace%22%3A%22%22%2C%22UserAgent%22%3A%22Mozilla%2F5.0%20(Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F74.0.3729.169%20Safari%2F537.36%22%2C%22Platform%22%3A%22Linux%20x86_64%22%7D%27&*wasDisplayed=false&*impressionGuid=%2712fbbd12-5df9-423f-8738-50db00aeca41%27&*pageName=%27Undefined%27&*uri=%27https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F2018%2F01%2F24%2Fnow-you-see-me-exposing-fileless-malware%2F%27&ext-javascript-ver=%271.1%27&ext-javascript-libVer=%274.2.14%27&ext-javascript-domain=%27www.microsoft.com%27&ext-javascript-userConsent=false&$mscomCookies=false

Requested by

Host: az725175.vo.msecnd.net
URL: https://az725175.vo.msecnd.net/scripts/jsll-4.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

40.77.226.250 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),

Reverse DNS

Software

Resource Hash

20ddb6b0ceead780ae76aa7550899c5330be4a14e408391c6fd63a8a9a466c85

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 04 Oct 2019 20:31:17 GMT
X-Content-Type-Options: nosniff
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Cache-Control: no-cache, no-store
MS-CV: MHJAhnnjQUGdqWhaZc2yQg.0
Content-Type: application/javascript
Content-Length: 260
Expires: 0

GET
H2 200 RC02a99f79d83643db96d68f21ab6d4c4e-source.min.js Show response
assets.adobedtm.com/5ef092d1efb5/2537c33769cb/1e7b8087c257/ 2 KB
1 KB 137ms
137ms Script
application/x-javascript 2.18.232.23
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5ef092d1efb5/2537c33769cb/1e7b8087c257/RC02a99f79d83643db96d68f21ab6d4c4e-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc0cbffaf0f8248c3a934a56818d7737e.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.23 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-232-23.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: b42a1007b42dfd7f3ff735d994d65db3b22146879500ac42fcc53012b3dfa85a

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 04 Oct 2019 20:31:18 GMT
content-encoding: gzip
last-modified: Wed, 02 Oct 2019 22:30:48 GMT
server: AkamaiNetStorage
etag: "f4e0c65865a82e40ab11caca2e33bc4d:1570055448.381099"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 810
expires: Fri, 04 Oct 2019 21:31:18 GMT

GET
H/1.1 200
OK t.js Show response
web.vortex.data.microsoft.com/collect/v1/ 260 B
623 B 31ms
30ms Script
application/javascript 40.77.226.250
Microsoft Corpora...

General

Check archive.org

Show headers Download Go to

Full URL

https://web.vortex.data.microsoft.com/collect/v1/t.js?ver=%272.1%27&name=%27Ms.Webi.ContentUpdate%27&time=%272019-10-04T20%3A31%3A18.634Z%27&os=%27MacOS%27&appId=%27JS%3AsecurityBlog%27&-ver=%271.0%27&-impressionGuid=%2712fbbd12-5df9-423f-8738-50db00aeca41%27&-pageName=%27Undefined%27&-uri=%27https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F2018%2F01%2F24%2Fnow-you-see-me-exposing-fileless-malware%2F%27&-pageTags=%27%7B%22metaTags%22%3A%7B%7D%2C%22timing%22%3A%22%7B%5C%22first-paint%5C%22%3A2550.1200016587973%2C%5C%22first-contentful-paint%5C%22%3A2550.1200016587973%2C%5C%22navigationStart%5C%22%3A1570221069936%2C%5C%22unloadEventStart%5C%22%3A0%2C%5C%22unloadEventEnd%5C%22%3A0%2C%5C%22redirectStart%5C%22%3A0%2C%5C%22redirectEnd%5C%22%3A0%2C%5C%22fetchStart%5C%22%3A1570221069937%2C%5C%22domainLookupStart%5C%22%3A1570221069937%2C%5C%22domainLookupEnd%5C%22%3A1570221069938%2C%5C%22connectStart%5C%22%3A1570221069938%2C%5C%22connectEnd%5C%22%3A1570221069953%2C%5C%22secureConnectionStart%5C%22%3A1570221069943%2C%5C%22requestStart%5C%22%3A1570221069954%2C%5C%22responseStart%5C%22%3A1570221071387%2C%5C%22responseEnd%5C%22%3A1570221071597%2C%5C%22domLoading%5C%22%3A1570221071396%2C%5C%22domInteractive%5C%22%3A1570221072573%2C%5C%22domContentLoadedEventStart%5C%22%3A1570221072575%2C%5C%22domContentLoadedEventEnd%5C%22%3A1570221072592%2C%5C%22domComplete%5C%22%3A1570221078588%2C%5C%22loadEventStart%5C%22%3A1570221078588%2C%5C%22loadEventEnd%5C%22%3A1570221078618%7D%22%7D%27&-pageHeight=9132&-vpHeight=1200&-vpWidth=1600&-behavior=0&-vScrollOffset=0&-hScrollOffset=0&-contentVer=%272.0%27&-content=%27%5B%7B%22cN%22%3A%22headerArea%22%2C%22cT%22%3A%22Area_coreuiArea%22%2C%22id%22%3A%22a1Body%22%2C%22sN%22%3A1%2C%22aN%22%3A%22Body%22%7D%2C%7B%22cN%22%3A%22headerRegion%22%2C%22cT%22%3A%22Region_coreui-region%22%2C%22id%22%3A%22r1a1%22%2C%22sN%22%3A1%2C%22aN%22%3A%22a1%22%7D%2C%7B%22cN%22%3A%22headerUniversalHeader%22%2C%22cT%22%3A%22Module_coreui-universalheader%22%2C%22id%22%3A%22m1r1a1%22%2C%22sN%22%3A1%2C%22aN%22%3A%22r1a1%22%7D%2C%7B%22cN%22%3A%22Universal%20Header_cont%22%2C%22cT%22%3A%22Container%22%2C%22id%22%3A%22c4c1m1r1a1%22%2C%22sN%22%3A4%2C%22aN%22%3A%22c1m1r1a1%22%7D%2C%7B%22cN%22%3A%22GlobalNav_Logo_cont%22%2C%22cT%22%3A%22Container%22%2C%22id%22%3A%22c3c4c1m1r1a1%22%2C%22sN%22%3A3%2C%22aN%22%3A%22c4c1m1r1a1%22%7D%2C%7B%22cN%22%3A%22CatNav_Microsoft%20Security_nav%22%2C%22id%22%3A%22n6c4c1m1r1a1%22%2C%22sN%22%3A6%2C%22aN%22%3A%22c4c1m1r1a1%22%7D%2C%7B%22cN%22%3A%22Category%20nav_cont%22%2C%22cT%22%3A%22Container%22%2C%22id%22%3A%22c8c4c1m1r1a1%22%2C%22sN%22%3A8%2C%22aN%22%3A%22c4c1m1r1a1%22%7D%2C%7B%22id%22%3A%22nn2c8c4c1m1r1a1%22%2C%22sN%22%3A2%2C%22aN%22%3A%22c8c4c1m1r1a1%22%7D%2C%7B%22id%22%3A%22nn4c8c4c1m1r1a1%22%2C%22sN%22%3A4%2C%22aN%22%3A%22c8c4c1m1r1a1%22%7D%2C%7B%22id%22%3A%22nn6c8c4c1m1r1a1%22%2C%22sN%22%3A6%2C%22aN%22%3A%22c8c4c1m1r1a1%22%7D%2C%7B%22id%22%3A%22nn8c8c4c1m1r1a1%22%2C%22sN%22%3A8%2C%22aN%22%3A%22c8c4c1m1r1a1%22%7D%2C%7B%22id%22%3A%22nn10c8c4c1m1r1a1%22%2C%22sN%22%3A10%2C%22aN%22%3A%22c8c4c1m1r1a1%22%7D%2C%7B%22id%22%3A%22nn12c8c4c1m1r1a1%22%2C%22sN%22%3A12%2C%22aN%22%3A%22c8c4c1m1r1a1%22%7D%2C%7B%22cN%22%3A%22Header%20actions_cont%22%2C%22cT%22%3A%22Container%22%2C%22id%22%3A%22c9c4c1m1r1a1%22%2C%22sN%22%3A9%2C%22aN%22%3A%22c4c1m1r1a1%22%7D%2C%7B%22cN%22%3A%22GlobalNav_cont%22%2C%22cT%22%3A%22Container%22%2C%22id%22%3A%22c1c9c4c1m1r1a1%22%2C%22sN%22%3A1%2C%22aN%22%3A%22c9c4c1m1r1a1%22%7D%2C%7B%22cN%22%3A%22GlobalNav_More_nonnav%22%2C%22id%22%3A%22nn1c1c9c4c1m1r1a1%22%2C%22sN%22%3A1%2C%22aN%22%3A%22c1c9c4c1m1r1a1%22%7D%2C%7B%22cN%22%3A%22GlobalNav_Search_cont%22%2C%22cT%22%3A%22Container%22%2C%22id%22%3A%22c3c1c9c4c1m1r1a1%22%2C%22sN%22%3A3%2C%22aN%22%3A%22c1c9c4c1m1r1a1%22%7D%2C%7B%22cN%22%3A%22GlobalNav_Account_cont%22%2C%22cT%22%3A%22Container%22%2C%22id%22%3A%22c5c1c9c4c1m1r1a1%22%2C%22sN%22%3A5%2C%22aN%22%3A%22c1c9c4c1m1r1a1%22%7D%5D%27&*baseType=%27Ms.Content.ContentUpdate%27&*title=%27Now%20you%20see%20me%3A%20Exposing%20fileless%20malware%20-%20Microsoft%20Security%27&*cookieEnabled=true&*isJs=true&*isDomComplete=true&*isLoggedIn=false&*pageLoadTime=8652&ext-javascript-ver=%271.1%27&ext-javascript-libVer=%274.2.14%27&ext-javascript-domain=%27www.microsoft.com%27&ext-javascript-userConsent=false&$mscomCookies=false

Requested by

Host: az725175.vo.msecnd.net
URL: https://az725175.vo.msecnd.net/scripts/jsll-4.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

40.77.226.250 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),

Reverse DNS

Software

Resource Hash

39769862a541a789aa32bd3ca2e1f060650da1cf168010c6a8b918246af3ff93

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 04 Oct 2019 20:31:17 GMT
X-Content-Type-Options: nosniff
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Cache-Control: no-cache, no-store
MS-CV: y/mZZfjsY0+5mV2KLzLxRA.0
Content-Type: application/javascript
Content-Length: 260
Expires: 0

GET
H2 200 layers.ab5cd98fe1b9a38a4a9f.js Show response
s7.addthis.com/static/ 263 KB
76 KB 7ms
7ms Script
application/javascript 23.210.248.44
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/layers.ab5cd98fe1b9a38a4a9f.js

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a23-210-248-44.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

ecc0c4a707efeb061b7de57440221feb21ab08022938aaacee779e98fe809235

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Wed, 18 Sep 2019 14:16:17 GMT
server: nginx/1.15.8
etag: W/"5d823c31-41b9f"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=86313600
date: Fri, 04 Oct 2019 20:31:19 GMT
x-host: s7.addthis.com
timing-allow-origin: *
content-length: 77528

POST
H/1.1 200
OK v1
web.vortex.data.microsoft.com/collect/ 0
0 30ms
29ms Other
application/json 40.77.226.250
Microsoft Corpora...

General

Check archive.org

Show headers Download Go to

Full URL: https://web.vortex.data.microsoft.com/collect/v1?$mscomCookies=false&ext-javascript-msfpc=%27GUID%3D97e619f6958648b987d70bf2b3b8422d%26HASH%3D97e6%26LV%3D201910%26V%3D4%26LU%3D1570221078601%27
Requested by: Host: az725175.vo.msecnd.net
URL: https://az725175.vo.msecnd.net/scripts/jsll-4.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 40.77.226.250 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.microsoft.com/security/blog/2018/01/24/now-you-see-me-exposing-fileless-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.microsoft.com
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Origin, X-Xbl-Contract-Version, X-Xbl-Device-Type, Xbl-Authz-Actor-10, WithCredentials
Access-Control-Allow-Credentials: true

Verdicts & Comments Add Verdict or Comment

104 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.microsoft.com/	1970-01-19 12:55:57	Name: MC1 Value: GUID=97e619f6958648b987d70bf2b3b8422d&HASH=97e6&LV=201910&V=4&LU=1570221078601
www.microsoft.com/	1970-01-19 13:42:05	Name: __atssc Value: twitter%3B1
.microsoft.com/	1970-01-19 04:10:22	Name: MS0 Value: 34620f6df8ed4eb69a38393e2775ab2f
www.microsoft.com/	1970-01-19 04:10:22	Name: __atuvs Value: 5d97ac11427a7689000
www.microsoft.com/	1970-01-19 13:42:05	Name: __atuvc Value: 1%7C40

7 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://www.microsoft.com/security/blog/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1(Line 2) Message: JQMIGRATE: Migrate is installed, version 1.4.1
console-api	log	(Line 2) Message: Start KWIF
console-api	log	(Line 2) Message: JSLL starts
console-api	log	(Line 2) Message: ID syncs starts
console-api	log	(Line 2) Message: JSLL ends
console-api	log	(Line 2) Message: ID syncs ends with appid
console-api	log	(Line 2) Message: AAM Visitor Lib starts

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.adobedtm.com
assets.onestore.ms
az725175.vo.msecnd.net
c.s-microsoft.com
cloudblogs.microsoft.com
img-prod-cms-rt-microsoft-com.akamaized.net
login.live.com
mem.gfx.ms
px.ads.linkedin.com
query.prod.cms.rt.microsoft.com
s7.addthis.com
snap.licdn.com
statics-marketingsites-wcus-ms-com.akamaized.net
t.co
uhf.microsoft.com
v1.addthisedge.com
web.vortex.data.microsoft.com
www.linkedin.com
www.microsoft.com
104.111.216.26
104.244.42.5
107.154.114.97
152.199.19.160
2.16.186.10
2.18.232.23
23.210.248.44
2620:119:50e6:101::6cae:b01
2a01:4a0:1338:28::c38a:ff10
2a02:26f0:6c00:183::356e
2a02:26f0:6c00:19d::37
2a02:26f0:6c00:281::2957
2a02:26f0:6c00:286::2b57
2a02:26f0:6c00:294::356e
2a02:26f0:6c00:296::25ea
2a05:f500:11:101::b93f:9005
40.77.226.250
40.90.23.208
00bc3b669da7da749341833983fa61825d78eee43e9f7caaf480e191d06dbe8a
00c0770e65a84065d4b243e6c19613621715a0f5bfe259c58e2d6b96b2ac14bf
0bd288d5397a69ead391875b422bf2cbdcc4f795d64aa2f780aff45768d78248
112fec798b78aa02e102a724b5cb1990c0f909bc1d8b7b1fa256eab41bbc0960
1232bbdbc5d205f3c5a40efa5ed92839c79e7879d5168445cc47645bb93f7d1b
16d6e957a9525cb4848051b0efc5aa101d256a3c6838007dc4ac2c41121eaade
19c38138e5b4028f4b57891ea8be907c5f5af8366d99599385720c2fd55847bd
1b1ca0f15010e0124bd4ca481404643c88f7eda1b276e9554d0ed83fb45b7e30
20ddb6b0ceead780ae76aa7550899c5330be4a14e408391c6fd63a8a9a466c85
2152557cac69e2bd7d6debef5037a9f554f9209cc305b8141b3329acb10c42b7
30f70cbb95de1c084e40c56914124b3c133873440057daba9659694041245be6
35211f76c4c35c17f2649b96868c0d691f1d78b107f7635d22619948d0ee6880
39769862a541a789aa32bd3ca2e1f060650da1cf168010c6a8b918246af3ff93
3ca3e467b7d4d6b403aa4619019d9250b11449c8ee9c91c90bcbc9acdd64fea2
3cbeb8bedd9fd42dbf854d278f1da863b03835835a953a5be00dd2d30ec820b1
3f517894e1d9a3b9eae057444749bb976399dbba8b255726966520420280fe05
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
4919e80f038d2b93f1184d1733ac35009643481735c7bc7aa31d8b56e118fc04
4dadc2332aba5151f4b0bd990760d4ea2f3207f9690d0bfeff626bccef8d335f
4f7f4afe26e71fa9ca1dac4a43b557a554a46f53251d849f07ed08a04829d74b
50289b758c70a9e38ae6f8d6cd0635b7c0ac74493be3acf4d140413cb261e26a
50cda9e4093b08b7567aff077dba728179dab82db334535fcc0281111171b5ad
56a6a953c17fe304d2f0cd1b1c7105ecfe21b1701d2066b8a9e07286dc0026e8
593dbe4f1db37a6da9d5f732bc4bb17eb419e2c9e42bd4b3d897bca85fa131b2
6a364177c65b9a7868a5f155612c7a623fe69a55a75da2b0fe7068d865a577c4
6ba0d1a726f1887bd61727b308ed0be0e73edba17d4ad11b91ab19b632e078f6
78e9711cacf75243f565101a6309ede52bc8176fd7dead2b23ec2c79506392ff
7f64e716852ef6a844b8ae575976731b6f37ca162fa4e690cba923a05dbf1323
804da9bf2367258e2a08eb02db98271b122af20353cf78c6141768233cf3a9ee
833c01b845d0ee98d9fd8ce42414b864831e0296dd5464bcb062fcd8d0cdf081
854d677b850907cd851eac7e3f02f05a1e056f05bd5563199c5d93044ff16840
857b665b2ee3c407a22ead2afb97f7fcbb8752431c4829dd266e51ec6daac1de
875071ac76430f551ed9b36d0827d818157658b2247662db454ffcba6c07bb07
893fa7fe8b6e69e2828319c04a7cbb6f129ea820db695d4ced5757d59450b6a8
8f8f65d96723c948175dc935196e7802766c7bdd53aa491c2e615579ef1861de
9714b576247751e41134a7df299afb3fabd3835cdd5e173c0454a9c7bb11e3e6
9dc88b264cb2061fdeccef48662172bf52cc1cd5c668e242e9e600f3bf39c84b
a58941524adf31d97c86f42995772c3a250918e696d00afc4c78d149f2adc43f
a6da9512cf7dd6fe3c4328ad3ad4e8dda6f04248422a1f1eb776f21e26640785
b1d83c2d49c49ea38d578afa752aaec44a86d069d6ce2d54460e2612fc31a102
b42a1007b42dfd7f3ff735d994d65db3b22146879500ac42fcc53012b3dfa85a
b659d47b0e33655c339af7283aa791e4798beed27ae27285f770e75c29d94a63
b68105fc4d03450431badca7b7085e6dc126c94c831cbb493f754513789bb778
b828b15e9b7836b493a8bd6e832a24ee13aa8b6f8b4a1bf307a7af2912014178
c02f7dbcbf49114dec273e763bca1199ed3126242c464c0262893752c1c9281b
c3c027a797b2f7112555a219c0a0c91e8689f97203aeab469382665f74f05016
c3c6fe97f918fcc40403ff671209d7d042dd4a8a7dc66e974eb1becc2bfe16ed
c87516d7dd7077edd467f5b7b085b035cd4803ecf049670ab19de004e270aba8
cd9f9701c135d4c08a851bc5f634242f03fef8132f8d763cddc9b8ed1d20344a
d2458b9fd9089fdcb9de317093e004ef3a65597dc68b9adfdeb15a7c9968d0d5
d52a506abeec5c7cb2e6cafe138da0763f555a16c2920683a7eb866453624f39
d87d0a7a7fe2c36d1dc093bfe56e9b81b311988789dbd3b65abf811d551ef02f
dfc6de0e1501679bd71244faed1d26b977260f78853325c865754d05c238fe22
e2b36f626bc1cc2812beadf138b5e1acfc2252353e7127bd5542ab272f6c4b46
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6bbfa4af18fb4f0e9c8a31d6654eac92d0f82dc895c6e5f49b54a8de51e5923
e71d86a59e43c9c682d7f039c28d29f4e82d6815fec126eac48e9dc485c731fa
ea49a34ae66ff6330e30845980df1589a88990a50391b5b2d53248086c184924
ecc0c4a707efeb061b7de57440221feb21ab08022938aaacee779e98fe809235
eee0c2e3a77779bcc1ca34c4eef3c1ddb74b96a24bf0670128142689969783e7
f174b3ce00dc0ef25fe0867dae1da92a595c50f730dbe2cd1fd7f29546034e81
f258c099e2bb029f6c9d5e9900a78f53347a16b43aa1e37a9f9c1a1539e0748d
f25fb12269bb1060790dd528cb700a87c49d8f3531cedaad0d37c617a4d1c5af
f2a28cd82e7ec00d2d8158f21fb0507722cd8b09fa4a0a16fadc58f30385cc25
f6c0725593c1c4a845a2547e58bff54a8bac5bb7d64da24ddcfd35e0fb644a25
fc48d1d80ece71a79a7b39877f4104d49d3da6c3665cf6dc203000fb7df4447e
fe8a1047376498c80a157d13555e42a92ad480fcb0bcc9de51ad1930fbeb7f91

www.microsoft.com Open in urlscan Pro 2a02:26f0:6c00:183::356e Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

71 Requests

100 %HTTPS

50 %IPv6

13 Domains

19 Subdomains

18 IPs

5 Countries

38777 kBTransfer

41014 kBSize

5 Cookies

78 Outgoing links

Page URL History

Redirected requests

71 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.microsoft.com Open in urlscan Pro
2a02:26f0:6c00:183::356e Public Scan

Screenshot
Live screenshot

Full Image

71
Requests

100 %
HTTPS

50 %
IPv6

13
Domains

19
Subdomains

18
IPs

5
Countries

38777 kB
Transfer

41014 kB
Size

5
Cookies

71 HTTP transactions
1 data transactions