security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net Open in urlscan Pro
2620:1ec:bdf::45  Public Scan

Submitted URL: http://www.microsoft.com/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
Effective URL: https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
Submission: On January 08 via api from DE — Scanned from DE

Summary

This website contacted 7 IPs in 2 countries across 6 domains to perform 67 HTTP transactions. The main IP is 2620:1ec:bdf::45, located in United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net.
TLS certificate: Issued by Microsoft Azure TLS Issuing CA 02 on January 1st 2024. Valid for: 6 months.
This is the only time security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2a02:26f0:170... 20940 (AKAMAI-ASN1)
1 2620:1ec:bdf::45 8075 (MICROSOFT...)
45 2a02:26f0:170... 20940 (AKAMAI-ASN1)
4 2620:1ec:46::63 8075 (MICROSOFT...)
2 2.16.164.83 20940 (AKAMAI-ASN1)
4 2a02:26f0:e60... 20940 (AKAMAI-ASN1)
4 20.44.10.123 8075 (MICROSOFT...)
67 7
Apex Domain
Subdomains
Transfer
51 microsoft.com
www.microsoft.com — Cisco Umbrella Rank: 401
wcpstatic.microsoft.com — Cisco Umbrella Rank: 7405
browser.events.data.microsoft.com — Cisco Umbrella Rank: 351
590 KB
4 s-microsoft.com
c.s-microsoft.com — Cisco Umbrella Rank: 9414
119 KB
2 akamaized.net
img-prod-cms-rt-microsoft-com.akamaized.net — Cisco Umbrella Rank: 2761
7 KB
2 azure.com
js.monitor.azure.com — Cisco Umbrella Rank: 3784
103 KB
1 gfx.ms
mem.gfx.ms — Cisco Umbrella Rank: 5031
12 KB
1 azurefd.net
security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
39 KB
67 6
Domain Requested by
46 www.microsoft.com 1 redirects security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
www.microsoft.com
4 browser.events.data.microsoft.com js.monitor.azure.com
4 c.s-microsoft.com www.microsoft.com
2 img-prod-cms-rt-microsoft-com.akamaized.net security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
2 js.monitor.azure.com security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
mem.gfx.ms
1 mem.gfx.ms security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
1 wcpstatic.microsoft.com security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
1 security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
67 8
Subject Issuer Validity Valid
*.azurefd.net
Microsoft Azure TLS Issuing CA 02
2024-01-01 -
2024-06-27
6 months crt.sh
www.microsoft.com
Microsoft Azure RSA TLS Issuing CA 07
2023-09-14 -
2024-09-08
a year crt.sh
wcpstatic.microsoft.com
DigiCert TLS RSA SHA256 2020 CA1
2023-12-07 -
2024-12-07
a year crt.sh
js.monitor.azure.com
Microsoft Azure RSA TLS Issuing CA 03
2023-12-19 -
2024-12-13
a year crt.sh
identitycdn.msauth.net
Microsoft Azure RSA TLS Issuing CA 07
2023-10-23 -
2024-10-17
a year crt.sh
a248.e.akamai.net
DigiCert TLS RSA SHA256 2020 CA1
2023-05-16 -
2024-05-15
a year crt.sh
*.events.data.microsoft.com
Microsoft Azure RSA TLS Issuing CA 03
2023-10-02 -
2024-09-26
a year crt.sh

This page contains 1 frames:

Primary Page: https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
Frame ID: 77ADC3C368407051402D4EE9F0AADF11
Requests: 65 HTTP requests in this frame

Screenshot

Page Title

Financially motivated threat actors misusing App Installer | Microsoft Security BlogCalifornia Consumer Privacy Act (CCPA) Opt-Out Icon

Page URL History Show full URLs

  1. http://www.microsoft.com/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-... HTTP 307
    https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/

Overall confidence: 100%
Detected patterns
  • <!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

67
Requests

90 %
HTTPS

71 %
IPv6

6
Domains

8
Subdomains

7
IPs

2
Countries

870 kB
Transfer

2122 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://www.microsoft.com/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/ HTTP 307
    https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

67 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
Redirect Chain
  • http://www.microsoft.com/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
  • https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
206 KB
39 KB
Document
General
Full URL
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
4e3ba835fd654e3c31f0230ca10babb78f6d87be1867573ae900d8c9d2b09672
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=60
content-encoding
gzip
content-length
39195
content-type
text/html; charset=utf-8
date
Mon, 08 Jan 2024 09:53:50 GMT
expires
Mon, 08 Jan 2024 09:54:50 GMT
link
<https://www.microsoft.com/en-us/security/blog/wp-json/>; rel="https://api.w.org/" <https://www.microsoft.com/en-us/security/blog/wp-json/wp/v2/posts/132866>; rel="alternate"; type="application/json" <https://www.microsoft.com/en-us/security/blog/?p=132866>; rel=shortlink
vary
Accept-Encoding
x-azure-ref
20240108T095350Z-uyads4zr8x3az6zzudk7mhc23c00000007v00000000131p8
x-cache
TCP_MISS
x-distributor
yes
x-frame-options
SAMEORIGIN

Redirect headers

Connection
keep-alive
Content-Length
0
Content-Type
text/html
Date
Mon, 08 Jan 2024 09:53:50 GMT
Location
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
TLS_version
UNKNOWN
X-RTag
RT
ms-cv
CASMicrosoftCVa05167cb.0
ms-cv-esi
CASMicrosoftCVa05167cb.0
x-azure-ref
20240108T095350Z-7pqh8e1f5t7gfb5tdwn5ybdg4n00000008c0000000005sgf
style.min.css
www.microsoft.com/en-us/security/blog/wp-includes/css/dist/block-library/
102 KB
14 KB
Stylesheet
General
Full URL
https://www.microsoft.com/en-us/security/blog/wp-includes/css/dist/block-library/style.min.css?ver=6.3.2
Requested by
Host: security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
URL: https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:387::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
67447c3656caad630373253691f3e8f64467eafd6e7305c9b0e98111b0b41694
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 08 Jan 2024 09:53:51 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
x-rtag
RT
tls_version
tls1.3
ms-cv-esi
CASMicrosoftCVa3ad49b1.0
ms-cv
CASMicrosoftCVa3ad49b1.0
content-length
13841
last-modified
Wed, 19 Jul 2023 11:13:55 GMT
etag
"19824-600d5209602c0-gzip"
x-azure-ref
20240108T095351Z-uvpmqwa7k91e118b9b2mbyg1g800000001kg00000000b0s9
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=2592000
accept-ranges
bytes
expires
Tue, 06 Feb 2024 03:25:44 GMT
jsgif.css
www.microsoft.com/en-us/security/blog/wp-content/plugins/oembeds/assets/css/gifplayer/
3 KB
1 KB
Stylesheet
General
Full URL
https://www.microsoft.com/en-us/security/blog/wp-content/plugins/oembeds/assets/css/gifplayer/jsgif.css?ver=1.3.5
Requested by
Host: security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
URL: https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:387::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
644bc58ea314f0b02f8bef2799ef7068a7ec21531543ac67f130e851480b3bda
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 08 Jan 2024 09:53:51 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
x-rtag
RT
tls_version
tls1.3
ms-cv-esi
CASMicrosoftCVa3ad49ab.0
ms-cv
CASMicrosoftCVa3ad49ab.0
content-length
898
last-modified
Wed, 03 Jan 2024 20:10:58 GMT
etag
"bde-60e103690f880-gzip"
x-azure-ref
20240108T095351Z-x4g2mz3gyh0ebaw04vp2wrqwan00000001n000000000g7sc
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=2592000
accept-ranges
bytes
expires
Tue, 06 Feb 2024 02:10:02 GMT
moray-style.css
www.microsoft.com/en-us/security/blog/wp-content/themes/security-blog/dist/css/
118 KB
16 KB
Stylesheet
General
Full URL
https://www.microsoft.com/en-us/security/blog/wp-content/themes/security-blog/dist/css/moray-style.css?ver=3dcac2de4166f5768700
Requested by
Host: security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
URL: https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:387::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
2ac13cd7c8fbbb596b97fca724b722366d63839a2cef5467f20a9d7c227eac5d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 08 Jan 2024 09:53:51 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
x-rtag
RT
tls_version
tls1.3
ms-cv-esi
CASMicrosoftCVa3ad49ac.0
ms-cv
CASMicrosoftCVa3ad49ac.0
content-length
16277
last-modified
Thu, 21 Dec 2023 14:07:20 GMT
etag
"1d99f-60d059e2cd600-gzip"
x-azure-ref
20240108T095351Z-edbnp6s5c16emetzqhyg19g6gc0000000kp000000000fngm
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=2592000
accept-ranges
bytes
expires
Thu, 25 Jan 2024 23:41:52 GMT
frontend.css
www.microsoft.com/en-us/security/blog/wp-content/themes/security-blog/dist/css/
32 KB
7 KB
Stylesheet
General
Full URL
https://www.microsoft.com/en-us/security/blog/wp-content/themes/security-blog/dist/css/frontend.css?ver=9b87160d76e4ee24bbeb
Requested by
Host: security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
URL: https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:387::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
62c084958e82fe876fd9c8741fdc560cd3d07b9df8933a1665da0518fc9479c4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 08 Jan 2024 09:53:51 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
x-rtag
RT
tls_version
tls1.3
ms-cv-esi
CASMicrosoftCVa3ad49ad.0
ms-cv
CASMicrosoftCVa3ad49ad.0
content-length
6414
last-modified
Thu, 21 Dec 2023 14:07:20 GMT
etag
"8182-60d059e2cd600-gzip"
x-azure-ref
20240108T095351Z-ducy4fy72553r8q72e930e23r0000000098g000000006nss
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=2592000
accept-ranges
bytes
expires
Tue, 30 Jan 2024 18:12:15 GMT
theme-toggle.css
www.microsoft.com/en-us/security/blog/wp-content/themes/xtheme/dist/css/
4 KB
1 KB
Stylesheet
General
Full URL
https://www.microsoft.com/en-us/security/blog/wp-content/themes/xtheme/dist/css/theme-toggle.css?ver=1704312851
Requested by
Host: security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
URL: https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:387::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
61ca50dfffba6e00b95cdef70bea41b2a67ea13fd92b4c6381e76d63bb18bede
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 08 Jan 2024 09:53:51 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
x-rtag
RT
tls_version
tls1.3
ms-cv-esi
CASMicrosoftCVa3ad49b0.0
ms-cv
CASMicrosoftCVa3ad49b0.0
content-length
1014
last-modified
Wed, 03 Jan 2024 20:14:11 GMT
etag
"e40-60e104211eac0-gzip"
x-azure-ref
20240108T095351Z-6vhhfykq593d16ssnzu9mnr1rw00000000ag0000000002k0
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=2592000
accept-ranges
bytes
expires
Tue, 06 Feb 2024 23:04:50 GMT
uhf.css
www.microsoft.com/en-us/security/blog/wp-content/themes/xtheme/dist/css/
727 B
634 B
Stylesheet
General
Full URL
https://www.microsoft.com/en-us/security/blog/wp-content/themes/xtheme/dist/css/uhf.css?ver=1704312851
Requested by
Host: security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
URL: https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:387::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
a592efcfa8fcc9af1d866278861311dd68b1196fd82a15bfa678a0a3a7713bdd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 08 Jan 2024 09:53:51 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
x-rtag
RT
tls_version
tls1.3
ms-cv-esi
CASMicrosoftCVa3ad49ae.0
ms-cv
CASMicrosoftCVa3ad49ae.0
content-length
308
last-modified
Wed, 03 Jan 2024 20:14:11 GMT
etag
"2d7-60e104211eac0-gzip"
x-azure-ref
20240108T095351Z-uvpmqwa7k91e118b9b2mbyg1g800000001kg00000000b0sk
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=2592000
accept-ranges
bytes
expires
Mon, 05 Feb 2024 17:55:16 GMT
fluent-icons.css
www.microsoft.com/en-us/security/blog/wp-content/themes/xtheme/dist/css/
1 KB
697 B
Stylesheet
General
Full URL
https://www.microsoft.com/en-us/security/blog/wp-content/themes/xtheme/dist/css/fluent-icons.css?ver=1704312851
Requested by
Host: security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
URL: https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:387::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
4f8de2ce7b046b0b7e879dd868d9c7d9e02a4467f3bbb2798fd24cc15a706a89
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 08 Jan 2024 09:53:51 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
x-rtag
RT
tls_version
tls1.3
ms-cv-esi
CASMicrosoftCVa3ad49af.0
ms-cv
CASMicrosoftCVa3ad49af.0
content-length
371
last-modified
Wed, 03 Jan 2024 20:14:11 GMT
etag
"571-60e104211eac0-gzip"
x-azure-ref
20240108T095347Z-ducy4fy72553r8q72e930e23r0000000098g000000006nc7
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=2592000
accept-ranges
bytes
expires
Fri, 02 Feb 2024 20:43:00 GMT
frontend.css
www.microsoft.com/en-us/security/blog/wp-content/plugins/cloud-marketing-modules/dist/css/
3 KB
1 KB
Stylesheet
General
Full URL
https://www.microsoft.com/en-us/security/blog/wp-content/plugins/cloud-marketing-modules/dist/css/frontend.css?ver=1.0.9
Requested by
Host: security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
URL: https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:387::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
fb0b9c96b403e67ba65839b734628ecf3c043e4021c3bb05df8f446f32abae3c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 08 Jan 2024 09:53:51 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
x-rtag
RT
tls_version
tls1.3
ms-cv-esi
CASMicrosoftCVa3ad49b2.0
ms-cv
CASMicrosoftCVa3ad49b2.0
content-length
963
last-modified
Wed, 03 Jan 2024 20:13:42 GMT
etag
"d3c-60e1040576980-gzip"
x-azure-ref
20240108T095347Z-x4g2mz3gyh0ebaw04vp2wrqwan00000001q000000000f0dg
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=2592000
accept-ranges
bytes
expires
Mon, 05 Feb 2024 21:03:39 GMT
related-posts.css
www.microsoft.com/en-us/security/blog/wp-content/plugins/cloud-marketing-modules/assets/css/
399 B
566 B
Stylesheet
General
Full URL
https://www.microsoft.com/en-us/security/blog/wp-content/plugins/cloud-marketing-modules/assets/css/related-posts.css?ver=1.0.9
Requested by
Host: security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
URL: https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:387::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
f755083ad22adff7e8d9abb5c838ef6b08c7b96540746554a1562356441ab0da
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 08 Jan 2024 09:53:51 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
x-rtag
RT
tls_version
tls1.3
ms-cv-esi
CASMicrosoftCVa3ad49a8.0
ms-cv
CASMicrosoftCVa3ad49a8.0
content-length
239
last-modified
Wed, 03 Jan 2024 20:10:57 GMT
etag
"18f-60e103681b640-gzip"
x-azure-ref
20240108T095347Z-6vhhfykq593d16ssnzu9mnr1rw00000000ag0000000002ae
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=2592000
accept-ranges
bytes
expires
Wed, 07 Feb 2024 06:14:05 GMT
rss.css
www.microsoft.com/en-us/security/blog/wp-content/plugins/microsoft-uhf/assets/
257 B
491 B
Stylesheet
General
Full URL
https://www.microsoft.com/en-us/security/blog/wp-content/plugins/microsoft-uhf/assets/rss.css?ver=0.4.0
Requested by
Host: security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
URL: https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:387::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
23d65e0901e80ece99e06d63e02a2ba3330266ffacbc60a2221edbe552117efb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 08 Jan 2024 09:53:51 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
x-rtag
RT
tls_version
tls1.3
ms-cv-esi
CASMicrosoftCVa3ad49a9.0
ms-cv
CASMicrosoftCVa3ad49a9.0
content-length
165
last-modified
Wed, 03 Jan 2024 20:10:58 GMT
etag
"101-60e103690f880-gzip"
x-azure-ref
20240108T095347Z-uvpmqwa7k91e118b9b2mbyg1g800000001kg00000000b0du
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=2592000
accept-ranges
bytes
expires
Mon, 05 Feb 2024 13:51:13 GMT
wcp-consent.js
wcpstatic.microsoft.com/mscc/lib/v2/
273 KB
80 KB
Script
General
Full URL
https://wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js
Requested by
Host: security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
URL: https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:46::63 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
c688d3f2135b6b51617a306a0b1a665324402a00a6bceba475881af281503ad9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 08 Jan 2024 09:53:51 GMT
content-encoding
gzip
content-md5
X1JOIM5h9UISVFS6+GfEew==
age
502
x-cache
CONFIG_NOCACHE
content-length
81726
x-ms-lease-status
unlocked
last-modified
Wed, 24 Aug 2022 17:34:36 GMT
etag
0x8DA85F6EA62BF74
vary
Accept-Encoding
x-azure-ref
20240108T095351Z-rmnr0agy6d5kz2bmfzd8zvwxvg0000000dbg00000000252n
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
274681fc-e01e-0059-5917-422753000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control
max-age=43200
x-ms-version
2009-09-19
accept-ranges
bytes
ms.analytics-web-3.min.js
js.monitor.azure.com/scripts/c/
137 KB
62 KB
Script
General
Full URL
https://js.monitor.azure.com/scripts/c/ms.analytics-web-3.min.js
Requested by
Host: security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
URL: https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:46::63 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
732e08f80d9a49e06b34040cef1f3501d3528eccc8d0cb3057e5a1e8a762ee78

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 08 Jan 2024 09:53:51 GMT
content-encoding
br
x-ms-meta-jssdkver
3.2.14
last-modified
Thu, 21 Sep 2023 19:26:35 GMT
x-ms-meta-jssdksrc
[cdn]/scripts/c/ms.analytics-web-3.2.14.min.js
vary
Accept-Encoding
x-azure-ref
20240108T095351Z-d33wg5cxsx3zr5ybrb1rbu6fsc00000007hg00000000rrqt
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
x-ms-request-id
f2a22225-c01e-0002-5bf3-35ce8f000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,x-ms-meta-jssdkver,x-ms-meta-lastmodified,x-ms-meta-jssdksrc,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=1800, immutable, no-transform
x-cache
TCP_HIT
x-ms-version
2009-09-19
jquery.min.js
www.microsoft.com/en-us/security/blog/wp-includes/js/jquery/
85 KB
30 KB
Script
General
Full URL
https://www.microsoft.com/en-us/security/blog/wp-includes/js/jquery/jquery.min.js?ver=3.7.0
Requested by
Host: security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
URL: https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:387::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
5c93f77799d122fb5255ee24da285f9f228cc118cba11e6ceb2b6bda8cdf4164
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 08 Jan 2024 09:53:51 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
x-rtag
RT
tls_version
tls1.3
ms-cv-esi
CASMicrosoftCVa3ad49b4.0
ms-cv
CASMicrosoftCVa3ad49b4.0
content-length
30392
last-modified
Fri, 26 May 2023 11:33:35 GMT
etag
"155ba-5fc971b7d21c0"
x-azure-ref
20240108T095347Z-x4g2mz3gyh0ebaw04vp2wrqwan00000001n000000000g7e1
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=2592000
accept-ranges
bytes
expires
Tue, 06 Feb 2024 03:01:05 GMT
jquery-migrate.min.js
www.microsoft.com/en-us/security/blog/wp-includes/js/jquery/
13 KB
5 KB
Script
General
Full URL
https://www.microsoft.com/en-us/security/blog/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1
Requested by
Host: security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
URL: https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:387::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 08 Jan 2024 09:53:51 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
x-rtag
RT
tls_version
tls1.3
ms-cv-esi
CASMicrosoftCVa3ad49b5.0
ms-cv
CASMicrosoftCVa3ad49b5.0
content-length
4872
last-modified
Fri, 09 Jun 2023 05:49:24 GMT
etag
"3509-5fdabee5f2100"
x-azure-ref
20240108T095348Z-uvpmqwa7k91e118b9b2mbyg1g800000001kg00000000b0e4
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=2592000
accept-ranges
bytes
expires
Tue, 06 Feb 2024 00:07:12 GMT
44-c33a61
www.microsoft.com/onerfstatics/marketingsites-neu-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/29-591900/68-c3a397/f4-0855a6/a8-3dc4a6/f1-3221a1/dc-d4cb46/1f-806835/
167 KB
23 KB
Stylesheet
General
Full URL
https://www.microsoft.com/onerfstatics/marketingsites-neu-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/29-591900/68-c3a397/f4-0855a6/a8-3dc4a6/f1-3221a1/dc-d4cb46/1f-806835/44-c33a61?ver=2.0&_cf=20210618
Requested by
Host: security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
URL: https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:387::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
47e77d470102641070b066a5a73c34dbd14989f55a3d435efae0fdeaaff3ae6d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

ms-operation-id
c88430ca4b129c49bec309f729d31ecd
date
Mon, 08 Jan 2024 09:53:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-rtag
RT
x-s2
2023-12-15T13:58:47
p3p
CP="CAO CONi OTR OUR DEM ONL"
x-activity-id
63ef94e9-f056-40f9-b39e-e033e45f0116
tls_version
tls1.3
ms-cv-esi
CASMicrosoftCVa3ad49aa.0
ms-cv
CASMicrosoftCVa3ad49aa.0
content-length
22738
x-xss-protection
1; mode=block
last-modified
Fri, 15 Dec 2023 13:58:47 GMT
x-az
{did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odeastasia, dt: 2018-05-03T20:14:23.4188992Z, bt: 2023-12-12T00:28:32.0000000Z}
x-s1
2023-12-15T13:58:47
access-control-allow-methods
HEAD,GET,POST,PATCH,PUT,OPTIONS
content-type
text/css; charset=utf-8
access-control-allow-origin
*
x-azure-ref
20231215T231137Z-wxca3qc18t4xz49gsz9cu1ar8g00000002sg00000000zy5b
cache-control
public, max-age=29477095
vary
Accept-Encoding
accept-ranges
bytes
timing-allow-origin
*
x-appversion
1.0.8745.29656
expires
Sat, 14 Dec 2024 13:58:46 GMT
6c-7627b9
www.microsoft.com/onerfstatics/marketingsites-neu-prod/shell/_scrf/js/themes=default/d6-d6e6df/89-746ba4/df-3feeb0/f5-14aef8/bd-f5f332/27-13b2c3/e9-07937b/33-b505e5/fa-7a47db/6e-e2d05f/74-0b2d48/88...
135 KB
36 KB
Script
General
Full URL
https://www.microsoft.com/onerfstatics/marketingsites-neu-prod/shell/_scrf/js/themes=default/d6-d6e6df/89-746ba4/df-3feeb0/f5-14aef8/bd-f5f332/27-13b2c3/e9-07937b/33-b505e5/fa-7a47db/6e-e2d05f/74-0b2d48/88-5b9b75/1b-240b37/4e-8e1a50/c2-370434/6f-bf5d0f/ea-315ddf/2e-e273bf/17-02d9ee/cf-2a93c7/c0-2ffa80/77-785548/48-4f52bb/3c-6c8ad0/3a-0d7cd3/5f-7d882b/c1-621df2/38-e8e647/17-c82a09/85-bd536d/44-776362/f8-86938e/61-951d1b/39-3d9dc2/81-96da47/ec-e44e19/6c-7627b9?ver=2.0&_cf=20210618&iife=1
Requested by
Host: security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
URL: https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:387::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
a1fe019388875b696edb373b51a51c0a8e3bad52cd489617d042c0722bdb1e48
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

ms-operation-id
2c4575d192d3c34aa183794988ff6274
date
Mon, 08 Jan 2024 09:53:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-rtag
RT
x-s2
2023-12-15T15:33:42
p3p
CP="CAO CONi OTR OUR DEM ONL"
x-activity-id
efaaf68d-0de9-4f38-840f-2a3d90da64eb
tls_version
tls1.3
ms-cv-esi
CASMicrosoftCVa3ad49b3.0
ms-cv
CASMicrosoftCVa3ad49b3.0
content-length
36102
x-xss-protection
1; mode=block
last-modified
Fri, 15 Dec 2023 15:33:42 GMT
x-az
{did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odeastasia, dt: 2018-05-03T20:14:23.4188992Z, bt: 2023-12-12T00:28:32.0000000Z}
x-s1
2023-12-15T15:33:42
access-control-allow-methods
HEAD,GET,POST,PATCH,PUT,OPTIONS
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
x-azure-ref
20231215T230538Z-ndeznf0rsh5f77y6s0xcgfvvcw00000002b00000000073rr
cache-control
public, max-age=29482759
vary
Accept-Encoding
accept-ranges
bytes
timing-allow-origin
*
x-appversion
1.0.8745.29656
expires
Sat, 14 Dec 2024 15:33:10 GMT
meversion
mem.gfx.ms/
29 KB
12 KB
Script
General
Full URL
https://mem.gfx.ms/meversion?partner=MSSecurity&market=en-us&uhf=1
Requested by
Host: security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
URL: https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:46::63 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
8f8da55fb0b3c887b1366aa05fec7f20203bf0a0ede5e2f9e6fb154b98c22511
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires
Mon, 08 Jan 2024 09:57:51 GMT
date
Mon, 08 Jan 2024 09:53:51 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-encoding
br
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-type
application/javascript
access-control-allow-origin
*
x-cache
TCP_HIT
cache-control
public, no-transform, max-age=7200
x-azure-ref
20240108T095351Z-uyads4zr8x3az6zzudk7mhc23c000000080g0000000126du
x-ua-compatible
IE=edge
RE1Mu3b
img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/
4 KB
4 KB
Image
General
Full URL
https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
Requested by
Host: security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
URL: https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.16.164.83 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-16-164-83.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
112fec798b78aa02e102a724b5cb1990c0f909bc1d8b7b1fa256eab41bbc0960
Security Headers
Name Value
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 08 Jan 2024 09:53:51 GMT
last-modified
Mon, 25 Dec 2023 08:47:42 GMT
x-resizerversion
1.0
x-datacenter
eastus
x-source-length
4054
x-frame-options
DENY
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=384770
x-activityid
e7572ce6-4b85-4d56-a6ec-b94c60367d66
timing-allow-origin
*
content-location
https://image.prod.cms.rt.microsoft.com/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
content-length
4054
alt-svc
h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
expires
Fri, 12 Jan 2024 20:46:41 GMT
Fig1-Malicious-landing-page.webp
www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/12/
41 KB
41 KB
Image
General
Full URL
https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/12/Fig1-Malicious-landing-page.webp
Requested by
Host: security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
URL: https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:387::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
0a352f66e27391d711c1664548c53c28366f147da953a4f92b108d58f4683f3b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 08 Jan 2024 09:53:51 GMT
strict-transport-security
max-age=31536000
last-modified
Wed, 27 Dec 2023 03:42:59 GMT
x-rtag
RT
etag
"a28e-60d75986c7056"
x-azure-ref
20240108T095351Z-uvpmqwa7k91e118b9b2mbyg1g800000001kg00000000b0sq
content-type
image/webp
tls_version
tls1.3
cache-control
max-age=2592000
ms-cv-esi
CASMicrosoftCVa3ad4a1e.0
accept-ranges
bytes
ms-cv
CASMicrosoftCVa3ad4a1e.0
content-length
41614
expires
Mon, 05 Feb 2024 08:50:25 GMT
Fig2-Sample-malicious-App-Installer-experience.webp
www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/12/
20 KB
20 KB
Image
General
Full URL
https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/12/Fig2-Sample-malicious-App-Installer-experience.webp
Requested by
Host: security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
URL: https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:387::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
a5bbd2af4d701d30c42d5bf7f595aeb35ca883b7e0e7b2af4f1e211ee8fdc01a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 08 Jan 2024 09:53:51 GMT
strict-transport-security
max-age=31536000
last-modified
Wed, 27 Dec 2023 03:43:04 GMT
x-rtag
RT
etag
"4e8e-60d7598b40623"
x-azure-ref
20240108T095351Z-uvpmqwa7k91e118b9b2mbyg1g800000001kg00000000b0t1
content-type
image/webp
tls_version
tls1.3
cache-control
max-age=2592000
ms-cv-esi
CASMicrosoftCVa3ad4b29.0
accept-ranges
bytes
ms-cv
CASMicrosoftCVa3ad4b29.0
content-length
20110
expires
Wed, 07 Feb 2024 04:55:50 GMT
Fig3-Landing-page.webp
www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/12/
48 KB
48 KB
Image
General
Full URL
https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/12/Fig3-Landing-page.webp
Requested by
Host: security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
URL: https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:387::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
2228a58f7dae64b3f1a4f0df867097afc0f4b485d943b41a4f4e1add0e7ea92a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 08 Jan 2024 09:53:51 GMT
strict-transport-security
max-age=31536000
last-modified
Wed, 27 Dec 2023 03:43:11 GMT
x-rtag
RT
etag
"bf52-60d75992241fe"
x-azure-ref
20240108T095351Z-x4g2mz3gyh0ebaw04vp2wrqwan00000001n000000000g7t7
content-type
image/webp
tls_version
tls1.3
cache-control
max-age=2592000
ms-cv-esi
CASMicrosoftCVa3ad4b3f.0
accept-ranges
bytes
ms-cv
CASMicrosoftCVa3ad4b3f.0
content-length
48978
expires
Sat, 03 Feb 2024 12:19:50 GMT
Fig4-Landing-page.webp
www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/12/
10 KB
11 KB
Image
General
Full URL
https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/12/Fig4-Landing-page.webp
Requested by
Host: security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
URL: https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:387::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
e5d01e31ad1ce01300935a3a582e5c80fc8f095ea0c442987b514721ef5c7a72
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 08 Jan 2024 09:53:51 GMT
strict-transport-security
max-age=31536000
last-modified
Wed, 27 Dec 2023 03:43:15 GMT
x-rtag
RT
etag
"28c8-60d75995e1974"
x-azure-ref
20240108T095351Z-edbnp6s5c16emetzqhyg19g6gc0000000kp000000000fnhy
content-type
image/webp
tls_version
tls1.3
cache-control
max-age=2592000
ms-cv-esi
CASMicrosoftCVa3ad4b40.0
accept-ranges
bytes
ms-cv
CASMicrosoftCVa3ad4b40.0
content-length
10440
expires
Tue, 06 Feb 2024 16:09:50 GMT
Fig5-Sample-malicious-App-Installer-experience.webp
www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/12/
13 KB
13 KB
Image
General
Full URL
https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/12/Fig5-Sample-malicious-App-Installer-experience.webp
Requested by
Host: security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
URL: https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:387::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
4b3bce183396d6887b891e8f1625263f0e5bee99947357af5867cfa7ec3c9e08
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 08 Jan 2024 09:53:51 GMT
strict-transport-security
max-age=31536000
last-modified
Wed, 27 Dec 2023 03:43:20 GMT
x-rtag
RT
etag
"335e-60d7599aacde5"
x-azure-ref
20240108T095351Z-6vhhfykq593d16ssnzu9mnr1rw00000000ag0000000002kd
content-type
image/webp
tls_version
tls1.3
cache-control
max-age=2592000
ms-cv-esi
CASMicrosoftCVa3ad4b53.0
accept-ranges
bytes
ms-cv
CASMicrosoftCVa3ad4b53.0
content-length
13150
expires
Mon, 05 Feb 2024 07:25:43 GMT
Fig6-Landing-page.webp
www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/12/
45 KB
45 KB
Image
General
Full URL
https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/12/Fig6-Landing-page.webp
Requested by
Host: security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
URL: https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:387::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
0704c95c24c791c0c9c29dce73c73ab3de78f4a7d5d4a6455055ac86fd0b3d3e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 08 Jan 2024 09:53:51 GMT
strict-transport-security
max-age=31536000
last-modified
Wed, 27 Dec 2023 03:43:28 GMT
x-rtag
RT
etag
"b460-60d759a232406"
x-azure-ref
20240108T095351Z-x4g2mz3gyh0ebaw04vp2wrqwan00000001n000000000g7tg
content-type
image/webp
tls_version
tls1.3
cache-control
max-age=2592000
ms-cv-esi
CASMicrosoftCVa3ad4b9a.0
accept-ranges
bytes
ms-cv
CASMicrosoftCVa3ad4b9a.0
content-length
46176
expires
Mon, 05 Feb 2024 20:12:32 GMT
Fig7-Sample-JavaScript.webp
www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/12/
17 KB
17 KB
Image
General
Full URL
https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/12/Fig7-Sample-JavaScript.webp
Requested by
Host: security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
URL: https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:387::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
f1a51501d0be8fe77c97839d07c4d67b56b161aec12088adc3513cc1ef7f6096
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 08 Jan 2024 09:53:51 GMT
strict-transport-security
max-age=31536000
last-modified
Wed, 27 Dec 2023 03:43:31 GMT
x-rtag
RT
etag
"4350-60d759a56a06e"
x-azure-ref
20240108T095351Z-uvpmqwa7k91e118b9b2mbyg1g800000001kg00000000b0t9
content-type
image/webp
tls_version
tls1.3
cache-control
max-age=2592000
ms-cv-esi
CASMicrosoftCVa3ad4b9b.0
accept-ranges
bytes
ms-cv
CASMicrosoftCVa3ad4b9b.0
content-length
17232
expires
Wed, 07 Feb 2024 06:30:43 GMT
Fig8-Sample-malicious-App-Installer-experience.webp
www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/12/
11 KB
11 KB
Image
General
Full URL
https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/12/Fig8-Sample-malicious-App-Installer-experience.webp
Requested by
Host: security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
URL: https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:387::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
541f1c9e57b1ed62179ed1bfbc47cc9b3d8f5ee5cba4fa44945cd5f2465f9d13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 08 Jan 2024 09:53:51 GMT
strict-transport-security
max-age=31536000
last-modified
Wed, 27 Dec 2023 03:43:37 GMT
x-rtag
RT
etag
"2b44-60d759aac763e"
x-azure-ref
20240108T095351Z-vwktsq1r5x16r1rvkh5wg7vtn80000000kqg000000009feb
content-type
image/webp
tls_version
tls1.3
cache-control
max-age=2592000
ms-cv-esi
CASMicrosoftCVa3ad4b9c.0
accept-ranges
bytes
ms-cv
CASMicrosoftCVa3ad4b9c.0
content-length
11076
expires
Tue, 06 Feb 2024 21:17:12 GMT
shCore.js
www.microsoft.com/en-us/security/blog/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/
23 KB
9 KB
Script
General
Full URL
https://www.microsoft.com/en-us/security/blog/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shCore.js?ver=3.0.9b
Requested by
Host: security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
URL: https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:387::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
5ac53f9f9dc2c8abbeab5762571a4f9d3920d350b015da1ae6977d17472c0a83
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 08 Jan 2024 09:53:51 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
x-rtag
RT
tls_version
tls1.3
ms-cv-esi
CASMicrosoftCVa3ad4b41.0
ms-cv
CASMicrosoftCVa3ad4b41.0
content-length
9262
last-modified
Tue, 08 Oct 2019 14:43:40 GMT
etag
"5d72-5946731b45f00"
x-azure-ref
20240108T095348Z-edbnp6s5c16emetzqhyg19g6gc0000000kp000000000fn3a
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=2592000
accept-ranges
bytes
expires
Wed, 31 Jan 2024 07:45:23 GMT
shBrushPlain.js
www.microsoft.com/en-us/security/blog/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/
788 B
1 KB
Script
General
Full URL
https://www.microsoft.com/en-us/security/blog/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shBrushPlain.js?ver=3.0.9b
Requested by
Host: security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
URL: https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:387::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
7c121ca35937264358195b5199cd9cace6908afd6e76d882e1f15f06bb985452
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 08 Jan 2024 09:53:51 GMT
strict-transport-security
max-age=31536000
last-modified
Tue, 27 Nov 2018 00:50:40 GMT
x-rtag
RT
etag
"314-57b9ad6a6f800"
x-azure-ref
20240108T095348Z-x4g2mz3gyh0ebaw04vp2wrqwan00000001n000000000g7fn
content-type
text/javascript
tls_version
tls1.3
cache-control
max-age=2592000
ms-cv-esi
CASMicrosoftCVa3ad4b42.0
accept-ranges
bytes
ms-cv
CASMicrosoftCVa3ad4b42.0
content-length
788
expires
Mon, 05 Feb 2024 17:59:25 GMT
focus-within.js
www.microsoft.com/en-us/security/blog/wp-content/plugins/oembeds/assets/js/vendor/
10 KB
4 KB
Script
General
Full URL
https://www.microsoft.com/en-us/security/blog/wp-content/plugins/oembeds/assets/js/vendor/focus-within.js?ver=1.3.5
Requested by
Host: security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
URL: https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:387::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
c05536c0f0662d15af06f535b7e11931840fa8d5893debb0d69289d3f4b15d6c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 08 Jan 2024 09:53:51 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
x-rtag
RT
tls_version
tls1.3
ms-cv-esi
CASMicrosoftCVa3ad4b43.0
ms-cv
CASMicrosoftCVa3ad4b43.0
content-length
3288
last-modified
Thu, 21 Dec 2023 14:04:35 GMT
etag
"289e-60d05945722c0"
x-azure-ref
20240108T095348Z-ducy4fy72553r8q72e930e23r0000000098g000000006neh
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=2592000
accept-ranges
bytes
expires
Thu, 01 Feb 2024 11:24:13 GMT
libgif.js
www.microsoft.com/en-us/security/blog/wp-content/plugins/oembeds/assets/js/gifplayer/
34 KB
9 KB
Script
General
Full URL
https://www.microsoft.com/en-us/security/blog/wp-content/plugins/oembeds/assets/js/gifplayer/libgif.js?ver=1.3.5
Requested by
Host: security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
URL: https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:387::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
a96d53bba65b704f76446a222f42383a6099715b915ef05fff32f5be2634a014
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 08 Jan 2024 09:53:51 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
x-rtag
RT
tls_version
tls1.3
ms-cv-esi
CASMicrosoftCVa3ad4b44.0
ms-cv
CASMicrosoftCVa3ad4b44.0
content-length
9145
last-modified
Wed, 03 Jan 2024 20:10:58 GMT
etag
"8705-60e103690f880"
x-azure-ref
20240108T095348Z-6vhhfykq593d16ssnzu9mnr1rw00000000fg000000000275
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=2592000
accept-ranges
bytes
expires
Wed, 07 Feb 2024 00:30:29 GMT
index.js
www.microsoft.com/en-us/security/blog/wp-content/plugins/oembeds/assets/js/gifplayer/
4 KB
2 KB
Script
General
Full URL
https://www.microsoft.com/en-us/security/blog/wp-content/plugins/oembeds/assets/js/gifplayer/index.js?ver=1.3.5
Requested by
Host: security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
URL: https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:387::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
b724f99a651bf0de96412e969f2f35af6f88cbe210b0fd1fefb35f9ae2ffa305
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 08 Jan 2024 09:53:51 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
x-rtag
RT
tls_version
tls1.3
ms-cv-esi
CASMicrosoftCVa3ad4b45.0
ms-cv
CASMicrosoftCVa3ad4b45.0
content-length
1507
last-modified
Thu, 21 Dec 2023 14:04:35 GMT
etag
"109f-60d05945722c0"
x-azure-ref
20240108T095348Z-ducy4fy72553r8q72e930e23r0000000098g000000006nev
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=2592000
accept-ranges
bytes
expires
Thu, 01 Feb 2024 12:55:58 GMT
moray-scripts.js
www.microsoft.com/en-us/security/blog/wp-content/themes/security-blog/dist/js/
172 KB
46 KB
Script
General
Full URL
https://www.microsoft.com/en-us/security/blog/wp-content/themes/security-blog/dist/js/moray-scripts.js?ver=10d4fdaa712d2e5df7f7
Requested by
Host: security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
URL: https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:387::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
d168b898cc480f93be28877030301238479b04ede148402e0d661a3d56c3a6b3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 08 Jan 2024 09:53:51 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
last-modified
Wed, 03 Jan 2024 20:14:57 GMT
x-rtag
RT
etag
"2af74-60e1044cfd240"
x-azure-ref
20240108T095348Z-x4g2mz3gyh0ebaw04vp2wrqwan00000001n000000000g7fv
vary
Accept-Encoding
content-type
text/javascript
tls_version
tls1.3
cache-control
max-age=2592000
ms-cv-esi
CASMicrosoftCVa3ad4b46.0
accept-ranges
bytes
ms-cv
CASMicrosoftCVa3ad4b46.0
expires
Mon, 05 Feb 2024 13:29:30 GMT
frontend.js
www.microsoft.com/en-us/security/blog/wp-content/themes/security-blog/dist/js/
8 KB
3 KB
Script
General
Full URL
https://www.microsoft.com/en-us/security/blog/wp-content/themes/security-blog/dist/js/frontend.js?ver=9b87160d76e4ee24bbeb
Requested by
Host: security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
URL: https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:387::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
e3ca8edda8495b1e1c379b762cdfea6c1bef3f520b504a407566fe278ee20bbc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 08 Jan 2024 09:53:51 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
x-rtag
RT
tls_version
tls1.3
ms-cv-esi
CASMicrosoftCVa3ad4b47.0
ms-cv
CASMicrosoftCVa3ad4b47.0
content-length
2550
last-modified
Thu, 21 Dec 2023 14:07:20 GMT
etag
"2152-60d059e2cd600"
x-azure-ref
20240108T095348Z-edbnp6s5c16emetzqhyg19g6gc0000000kp000000000fn3q
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=2592000
accept-ranges
bytes
expires
Thu, 25 Jan 2024 19:48:25 GMT
wp-polyfill-inert.min.js
www.microsoft.com/en-us/security/blog/wp-includes/js/dist/vendor/
8 KB
3 KB
Script
General
Full URL
https://www.microsoft.com/en-us/security/blog/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js?ver=3.1.2
Requested by
Host: security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
URL: https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:387::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
c1a9a3e223bad631dff12d33b5499eb145cb08d8621c20d9d73870e78d97afe4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 08 Jan 2024 09:53:51 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
x-rtag
RT
tls_version
tls1.3
ms-cv-esi
CASMicrosoftCVa3ad4b48.0
ms-cv
CASMicrosoftCVa3ad4b48.0
content-length
2484
last-modified
Wed, 18 Jan 2023 11:16:33 GMT
etag
"1feb-5f287f2e2a640"
x-azure-ref
20240108T095348Z-6vhhfykq593d16ssnzu9mnr1rw00000000ag0000000002bg
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=2592000
accept-ranges
bytes
expires
Wed, 07 Feb 2024 07:50:55 GMT
regenerator-runtime.min.js
www.microsoft.com/en-us/security/blog/wp-includes/js/dist/vendor/
6 KB
3 KB
Script
General
Full URL
https://www.microsoft.com/en-us/security/blog/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.11
Requested by
Host: security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
URL: https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:387::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
6974bfd8fa06b7831f05cb4b25860c851a5ad3f02a6699ebe688987dd7a6ebe6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 08 Jan 2024 09:53:51 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
x-rtag
RT
tls_version
tls1.3
ms-cv-esi
CASMicrosoftCVa3ad4b49.0
ms-cv
CASMicrosoftCVa3ad4b49.0
content-length
2499
last-modified
Tue, 07 Feb 2023 15:56:37 GMT
etag
"19cf-5f41e314ed740"
x-azure-ref
20240108T095348Z-6vhhfykq593d16ssnzu9mnr1rw00000000fg00000000027e
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=2592000
accept-ranges
bytes
expires
Wed, 07 Feb 2024 02:09:59 GMT
wp-polyfill.min.js
www.microsoft.com/en-us/security/blog/wp-includes/js/dist/vendor/
16 KB
6 KB
Script
General
Full URL
https://www.microsoft.com/en-us/security/blog/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
Requested by
Host: security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
URL: https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:387::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
4c0ced2cb3830d045cdd74f745fd4d6dcb082d8edd3a9fe46e39295e30cb8032
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 08 Jan 2024 09:53:51 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
x-rtag
RT
tls_version
tls1.3
ms-cv-esi
CASMicrosoftCVa3ad4b4a.0
ms-cv
CASMicrosoftCVa3ad4b4a.0
content-length
5889
last-modified
Tue, 27 Jun 2023 14:24:19 GMT
etag
"3f12-5ff1d39002ac0"
x-azure-ref
20240108T095348Z-6vhhfykq593d16ssnzu9mnr1rw00000000ag0000000002bn
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=2592000
accept-ranges
bytes
expires
Wed, 07 Feb 2024 03:22:49 GMT
dom-ready.min.js
www.microsoft.com/en-us/security/blog/wp-includes/js/dist/
498 B
806 B
Script
General
Full URL
https://www.microsoft.com/en-us/security/blog/wp-includes/js/dist/dom-ready.min.js?ver=392bdd43726760d1f3ca
Requested by
Host: security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
URL: https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:387::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
166c7c3bb5f76f977a9f2a5490589b3466374eb2b3f064802e56f08bad71fbf0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 08 Jan 2024 09:53:51 GMT
strict-transport-security
max-age=31536000
last-modified
Mon, 11 Apr 2022 12:04:30 GMT
x-rtag
RT
etag
"1f2-5dc5fbf1e6f80"
x-azure-ref
20240108T095348Z-edbnp6s5c16emetzqhyg19g6gc0000000kp000000000fn45
content-type
text/javascript
tls_version
tls1.3
cache-control
max-age=2592000
ms-cv-esi
CASMicrosoftCVa3ad4b4c.0
accept-ranges
bytes
ms-cv
CASMicrosoftCVa3ad4b4c.0
content-length
498
expires
Thu, 25 Jan 2024 20:31:16 GMT
hooks.min.js
www.microsoft.com/en-us/security/blog/wp-includes/js/dist/
5 KB
2 KB
Script
General
Full URL
https://www.microsoft.com/en-us/security/blog/wp-includes/js/dist/hooks.min.js?ver=c6aec9a8d4e5a5d543a1
Requested by
Host: security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
URL: https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:387::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
7868467c94a5aa0b3f11ef542f45287967f9627b3b5acdc86e47f8f77a126596
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 08 Jan 2024 09:53:51 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
x-rtag
RT
tls_version
tls1.3
ms-cv-esi
CASMicrosoftCVa3ad4b4d.0
ms-cv
CASMicrosoftCVa3ad4b4d.0
content-length
1567
last-modified
Tue, 27 Jun 2023 14:24:19 GMT
etag
"1213-5ff1d39002ac0"
x-azure-ref
20240108T095348Z-x4g2mz3gyh0ebaw04vp2wrqwan00000001n000000000g7g6
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=2592000
accept-ranges
bytes
expires
Mon, 05 Feb 2024 19:37:41 GMT
i18n.min.js
www.microsoft.com/en-us/security/blog/wp-includes/js/dist/
9 KB
4 KB
Script
General
Full URL
https://www.microsoft.com/en-us/security/blog/wp-includes/js/dist/i18n.min.js?ver=7701b0c3857f914212ef
Requested by
Host: security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
URL: https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:387::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
698e93fe491cc7bbf07a470579a33dbd0db53c19142b7be41ebfd39a23aef11f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 08 Jan 2024 09:53:51 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
x-rtag
RT
tls_version
tls1.3
ms-cv-esi
CASMicrosoftCVa3ad4b4e.0
ms-cv
CASMicrosoftCVa3ad4b4e.0
content-length
3692
last-modified
Wed, 28 Jun 2023 20:08:46 GMT
etag
"24e5-5ff3626b0ef80"
x-azure-ref
20240108T095348Z-ducy4fy72553r8q72e930e23r0000000098g000000006nf8
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=2592000
accept-ranges
bytes
expires
Thu, 01 Feb 2024 11:26:38 GMT
a11y.min.js
www.microsoft.com/en-us/security/blog/wp-includes/js/dist/
2 KB
1 KB
Script
General
Full URL
https://www.microsoft.com/en-us/security/blog/wp-includes/js/dist/a11y.min.js?ver=7032343a947cfccf5608
Requested by
Host: security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
URL: https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:387::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
d35faa1c0b45cc142295ae07a0c6e6e7824e0e64b58b81a83e7850251586e0df
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 08 Jan 2024 09:53:51 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
x-rtag
RT
tls_version
tls1.3
ms-cv-esi
CASMicrosoftCVa3ad4b4f.0
ms-cv
CASMicrosoftCVa3ad4b4f.0
content-length
960
last-modified
Tue, 27 Jun 2023 14:24:19 GMT
etag
"990-5ff1d39002ac0"
x-azure-ref
20240108T095348Z-uvpmqwa7k91e118b9b2mbyg1g800000001kg00000000b0f9
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=2592000
accept-ranges
bytes
expires
Tue, 06 Feb 2024 12:13:57 GMT
frontend.js
www.microsoft.com/en-us/security/blog/wp-content/themes/xtheme/dist/js/
22 KB
7 KB
Script
General
Full URL
https://www.microsoft.com/en-us/security/blog/wp-content/themes/xtheme/dist/js/frontend.js?ver=1704312851
Requested by
Host: security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
URL: https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:387::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
d86802264a0502b679e65647a61a33b4d83e04ca421ae50044bd722210bfa115
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 08 Jan 2024 09:53:51 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
x-rtag
RT
tls_version
tls1.3
ms-cv-esi
CASMicrosoftCVa3ad4b50.0
ms-cv
CASMicrosoftCVa3ad4b50.0
content-length
7275
last-modified
Thu, 21 Dec 2023 14:06:48 GMT
etag
"5799-60d059c448e00"
x-azure-ref
20240108T095351Z-vwktsq1r5x16r1rvkh5wg7vtn80000000kqg000000009fe8
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=2592000
accept-ranges
bytes
expires
Fri, 02 Feb 2024 20:41:35 GMT
frontend.js
www.microsoft.com/en-us/security/blog/wp-content/plugins/cloud-marketing-modules/dist/js/
673 B
981 B
Script
General
Full URL
https://www.microsoft.com/en-us/security/blog/wp-content/plugins/cloud-marketing-modules/dist/js/frontend.js?ver=1.0.9
Requested by
Host: security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
URL: https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:387::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
2a13764d94e51fe5a6aa92f0f162bff4f473d1ebce0fffb734afb416ee361118
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 08 Jan 2024 09:53:51 GMT
strict-transport-security
max-age=31536000
last-modified
Thu, 21 Dec 2023 14:06:28 GMT
x-rtag
RT
etag
"2a1-60d059b136100"
x-azure-ref
20240108T095351Z-ducy4fy72553r8q72e930e23r0000000098g000000006ntm
content-type
text/javascript
tls_version
tls1.3
cache-control
max-age=2592000
ms-cv-esi
CASMicrosoftCVa3ad4b51.0
accept-ranges
bytes
ms-cv
CASMicrosoftCVa3ad4b51.0
content-length
673
expires
Thu, 01 Feb 2024 11:26:41 GMT
microsoft-uhf.js
www.microsoft.com/en-us/security/blog/wp-content/plugins/microsoft-uhf/assets/
3 KB
2 KB
Script
General
Full URL
https://www.microsoft.com/en-us/security/blog/wp-content/plugins/microsoft-uhf/assets/microsoft-uhf.js?ver=0.4.0
Requested by
Host: security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
URL: https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:387::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
cffbae450bcad74d65019c0aa2bada046cdcf5f5fa4af699929838f58c7ff8c2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 08 Jan 2024 09:53:51 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
x-rtag
RT
tls_version
tls1.3
ms-cv-esi
CASMicrosoftCVa3ad4b52.0
ms-cv
CASMicrosoftCVa3ad4b52.0
content-length
1370
last-modified
Wed, 03 Jan 2024 20:10:58 GMT
etag
"d4e-60e103690f880"
x-azure-ref
20240108T095351Z-6vhhfykq593d16ssnzu9mnr1rw00000000fg0000000002g6
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=2592000
accept-ranges
bytes
expires
Tue, 06 Feb 2024 18:24:04 GMT
mwfmdl2-v3.54.woff
www.microsoft.com/mwf/_h/v3.54/mwf.app/fonts/
26 KB
26 KB
Font
General
Full URL
https://www.microsoft.com/mwf/_h/v3.54/mwf.app/fonts/mwfmdl2-v3.54.woff
Requested by
Host: www.microsoft.com
URL: https://www.microsoft.com/onerfstatics/marketingsites-neu-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/29-591900/68-c3a397/f4-0855a6/a8-3dc4a6/f1-3221a1/dc-d4cb46/1f-806835/44-c33a61?ver=2.0&_cf=20210618
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:387::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
22b4df5c33045b645cafa45b04685f4752e471a2e933bff5bf14324d87deee12
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.microsoft.com/onerfstatics/marketingsites-neu-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/29-591900/68-c3a397/f4-0855a6/a8-3dc4a6/f1-3221a1/dc-d4cb46/1f-806835/44-c33a61?ver=2.0&_cf=20210618
Origin
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

ms-operation-id
9933b0140263bb4a89c6fc3281585dad
date
Mon, 08 Jan 2024 09:53:51 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
x-rtag
RT
p3p
CP="CAO CONi OTR OUR DEM ONL"
x-activity-id
9b3b39e3-20c1-4b26-8f66-3ac255c88513
tls_version
tls1.3
ms-cv-esi
CASMicrosoftCVa052169b.0
ms-cv
CASMicrosoftCVa052169b.0
content-length
26288
x-xss-protection
1; mode=block
last-modified
Thu, 07 Dec 2023 23:17:49 GMT
x-az
{did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odeastasia, dt: 2018-05-03T20:14:23.4188992Z, bt: 2023-11-15T14:06:56.0000000Z}
x-azure-ref
20231208T070737Z-bdzr39en5t0hz4fur0h8802090000000019g00000001dzwk
access-control-allow-methods
HEAD,GET,POST,PATCH,PUT,OPTIONS
content-type
application/font-woff
access-control-allow-origin
*
cache-control
public, max-age=28819438
accept-ranges
bytes
x-appversion
1.0.8719.11008
expires
Fri, 06 Dec 2024 23:17:49 GMT
MWFFluentIcons.woff2
www.microsoft.com/en-us/security/blog/wp-content/themes/security-blog/dist/fonts/
0
0

latest.woff2
c.s-microsoft.com/static/fonts/segoe-ui/west-european/normal/
33 KB
33 KB
Font
General
Full URL
https://c.s-microsoft.com/static/fonts/segoe-ui/west-european/normal/latest.woff2
Requested by
Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/wp-content/themes/security-blog/dist/css/moray-style.css?ver=3dcac2de4166f5768700
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:e600:583::356e Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
4f7f4afe26e71fa9ca1dac4a43b557a554a46f53251d849f07ed08a04829d74b

Request headers

Referer
https://www.microsoft.com/
Origin
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 08 Jan 2024 09:53:51 GMT
last-modified
Fri, 10 Jan 2020 19:09:43 GMT
etag
"588d483e9c7d51:0"
access-control-allow-methods
GET,POST
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=262555
accept-ranges
bytes
content-length
34052
expires
Thu, 11 Jan 2024 10:49:46 GMT
latest.woff2
c.s-microsoft.com/static/fonts/segoe-ui/west-european/Semibold/
29 KB
29 KB
Font
General
Full URL
https://c.s-microsoft.com/static/fonts/segoe-ui/west-european/Semibold/latest.woff2
Requested by
Host: www.microsoft.com
URL: https://www.microsoft.com/onerfstatics/marketingsites-neu-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/29-591900/68-c3a397/f4-0855a6/a8-3dc4a6/f1-3221a1/dc-d4cb46/1f-806835/44-c33a61?ver=2.0&_cf=20210618
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:e600:583::356e Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
d87d0a7a7fe2c36d1dc093bfe56e9b81b311988789dbd3b65abf811d551ef02f

Request headers

Referer
https://www.microsoft.com/
Origin
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 08 Jan 2024 09:53:51 GMT
last-modified
Fri, 10 Jan 2020 19:09:43 GMT
etag
"5b68d583e9c7d51:0"
access-control-allow-methods
GET,POST
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=545135
accept-ranges
bytes
content-length
29388
expires
Sun, 14 Jan 2024 17:19:26 GMT
latest.woff2
c.s-microsoft.com/static/fonts/segoe-ui/west-european/Bold/
29 KB
30 KB
Font
General
Full URL
https://c.s-microsoft.com/static/fonts/segoe-ui/west-european/Bold/latest.woff2
Requested by
Host: www.microsoft.com
URL: https://www.microsoft.com/onerfstatics/marketingsites-neu-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/29-591900/68-c3a397/f4-0855a6/a8-3dc4a6/f1-3221a1/dc-d4cb46/1f-806835/44-c33a61?ver=2.0&_cf=20210618
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:e600:583::356e Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
1232bbdbc5d205f3c5a40efa5ed92839c79e7879d5168445cc47645bb93f7d1b

Request headers

Referer
https://www.microsoft.com/
Origin
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 08 Jan 2024 09:53:51 GMT
last-modified
Fri, 10 Jan 2020 19:09:42 GMT
etag
"83cce83e9c7d51:0"
access-control-allow-methods
GET,POST
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=253286
accept-ranges
bytes
content-length
30132
expires
Thu, 11 Jan 2024 08:15:17 GMT
latest.woff2
c.s-microsoft.com/static/fonts/segoe-ui/west-european/Light/
27 KB
27 KB
Font
General
Full URL
https://c.s-microsoft.com/static/fonts/segoe-ui/west-european/Light/latest.woff2
Requested by
Host: www.microsoft.com
URL: https://www.microsoft.com/onerfstatics/marketingsites-neu-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/29-591900/68-c3a397/f4-0855a6/a8-3dc4a6/f1-3221a1/dc-d4cb46/1f-806835/44-c33a61?ver=2.0&_cf=20210618
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:e600:583::356e Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
fe8a1047376498c80a157d13555e42a92ad480fcb0bcc9de51ad1930fbeb7f91

Request headers

Referer
https://www.microsoft.com/
Origin
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 08 Jan 2024 09:53:51 GMT
last-modified
Fri, 10 Jan 2020 19:09:43 GMT
etag
"1282d283e9c7d51:0"
access-control-allow-methods
GET,POST
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=484176
accept-ranges
bytes
content-length
27168
expires
Sun, 14 Jan 2024 00:23:27 GMT
App-installer-social-1024x683.webp
www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/12/
31 KB
31 KB
Image
General
Full URL
https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/12/App-installer-social-1024x683.webp
Requested by
Host: security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
URL: https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:387::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
58f3a5cc06254205413de09728b48cdea0069d4133fcd4a430cb736952412aa8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 08 Jan 2024 09:53:51 GMT
strict-transport-security
max-age=31536000
last-modified
Wed, 27 Dec 2023 17:09:41 GMT
x-rtag
RT
etag
"7ba4-60d80dd659d3e"
x-azure-ref
20240108T095351Z-edbnp6s5c16emetzqhyg19g6gc0000000kp000000000fnk5
content-type
image/webp
tls_version
tls1.3
cache-control
max-age=2592000
ms-cv-esi
CASMicrosoftCVa3ad4b9d.0
accept-ranges
bytes
ms-cv
CASMicrosoftCVa3ad4b9d.0
content-length
31652
expires
Tue, 06 Feb 2024 12:52:42 GMT
shCore.css
www.microsoft.com/en-us/security/blog/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/styles/
7 KB
2 KB
Stylesheet
General
Full URL
https://www.microsoft.com/en-us/security/blog/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/styles/shCore.css?ver=3.0.9b
Requested by
Host: security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
URL: https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:387::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
c34f24d4dcbfa71cc3813a0c1f02b17a4845c530fa3ed087c66912ccc81255ed
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 08 Jan 2024 09:53:51 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
x-rtag
RT
tls_version
tls1.3
ms-cv-esi
CASMicrosoftCVa3ad4bd2.0
ms-cv
CASMicrosoftCVa3ad4bd2.0
content-length
1444
last-modified
Mon, 29 Nov 2021 14:54:44 GMT
etag
"1a9d-5d1ee9f06d500-gzip"
x-azure-ref
20240108T095351Z-x4g2mz3gyh0ebaw04vp2wrqwan00000001n000000000g7tm
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=2592000
accept-ranges
bytes
expires
Mon, 05 Feb 2024 18:38:47 GMT
shThemeDefault.css
www.microsoft.com/en-us/security/blog/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/styles/
3 KB
994 B
Stylesheet
General
Full URL
https://www.microsoft.com/en-us/security/blog/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/styles/shThemeDefault.css?ver=3.0.9b
Requested by
Host: security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
URL: https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:387::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
9718c68f663cfdcef66e2b91917e46e3b83e31c9691a2ff658f9bd55c73bc649
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 08 Jan 2024 09:53:51 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
x-rtag
RT
tls_version
tls1.3
ms-cv-esi
CASMicrosoftCVa3ad4bd3.0
ms-cv
CASMicrosoftCVa3ad4bd3.0
content-length
667
last-modified
Tue, 27 Nov 2018 00:50:40 GMT
etag
"b3d-57b9ad6a6f800-gzip"
x-azure-ref
20240108T095351Z-edbnp6s5c16emetzqhyg19g6gc0000000kp000000000fnkb
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=2592000
accept-ranges
bytes
expires
Wed, 07 Feb 2024 06:40:26 GMT
MWFFluentIcons.woff
www.microsoft.com/en-us/security/blog/wp-content/themes/security-blog/dist/fonts/
0
0

FluentIcons%20Filled%2024.woff2
www.microsoft.com/en-us/security/blog/wp-content/themes/xtheme/dist/fonts/fluent-icons-filled/
0
0

FluentIcons%20Regular%2024.woff2
www.microsoft.com/en-us/security/blog/wp-content/themes/xtheme/dist/fonts/fluent-icons-regular/
0
0

icon-theme-light.svg
www.microsoft.com/en-us/security/blog/wp-content/themes/xtheme/dist/svg/
516 B
823 B
Image
General
Full URL
https://www.microsoft.com/en-us/security/blog/wp-content/themes/xtheme/dist/svg/icon-theme-light.svg
Requested by
Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/wp-content/themes/xtheme/dist/css/theme-toggle.css?ver=1704312851
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:387::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
f66318f82d323fc015cabfd238c99960b363757de1d48882754ddbac36e766e6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.microsoft.com/en-us/security/blog/wp-content/themes/xtheme/dist/css/theme-toggle.css?ver=1704312851
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 08 Jan 2024 09:53:51 GMT
strict-transport-security
max-age=31536000
last-modified
Wed, 03 Jan 2024 20:14:11 GMT
x-rtag
RT
etag
"204-60e104211eac0"
x-azure-ref
20240108T095351Z-edbnp6s5c16emetzqhyg19g6gc0000000kp000000000fnm7
content-type
image/svg+xml
tls_version
tls1.3
cache-control
max-age=2592000
ms-cv-esi
CASMicrosoftCVa3ad4d74.0
accept-ranges
bytes
ms-cv
CASMicrosoftCVa3ad4d74.0
content-length
516
expires
Sun, 04 Feb 2024 19:31:02 GMT
icon-rss.svg
www.microsoft.com/en-us/security/blog/wp-content/plugins/microsoft-uhf/assets/
919 B
1 KB
Image
General
Full URL
https://www.microsoft.com/en-us/security/blog/wp-content/plugins/microsoft-uhf/assets/icon-rss.svg
Requested by
Host: security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
URL: https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:387::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
f496bdb11d1ca79529018e7e5d6b6c5f405e162ffbfb70bf51e8a143967c3eb8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 08 Jan 2024 09:53:51 GMT
strict-transport-security
max-age=31536000
last-modified
Wed, 03 Jan 2024 20:10:58 GMT
x-rtag
RT
etag
"397-60e103690f880"
x-azure-ref
20240108T095351Z-x4g2mz3gyh0ebaw04vp2wrqwan00000001n000000000g7u1
content-type
image/svg+xml
tls_version
tls1.3
cache-control
max-age=2592000
ms-cv-esi
CASMicrosoftCVa3ad4dbe.0
accept-ranges
bytes
ms-cv
CASMicrosoftCVa3ad4dbe.0
content-length
919
expires
Mon, 05 Feb 2024 13:05:26 GMT
ms.shared.analytics.mectrl-3.2.7.gbl.min.js
js.monitor.azure.com/scripts/c/
89 KB
41 KB
Script
General
Full URL
https://js.monitor.azure.com/scripts/c/ms.shared.analytics.mectrl-3.2.7.gbl.min.js
Requested by
Host: mem.gfx.ms
URL: https://mem.gfx.ms/meversion?partner=MSSecurity&market=en-us&uhf=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:46::63 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
077052944d805da1cd832b70df86d282be6a1309626c646fc36dacdc9fbc7ddb

Request headers

Referer
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/
Origin
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 08 Jan 2024 09:53:51 GMT
content-encoding
br
x-ms-meta-jssdkver
3.2.7
last-modified
Wed, 05 Oct 2022 16:53:03 GMT
vary
Accept-Encoding
x-azure-ref
20240108T095351Z-d1dzuuzem977xez2ck5vsrtxwg00000000zg000000012z50
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
x-ms-request-id
6c40ecbc-501e-0087-04ba-411ed0000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,x-ms-meta-jssdkver,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000, immutable, no-transform
x-cache
TCP_HIT
x-ms-version
2009-09-19
MWFFluentIcons.ttf
www.microsoft.com/en-us/security/blog/wp-content/themes/security-blog/dist/fonts/
0
0

FluentIcons%20Filled%2024.woff
www.microsoft.com/en-us/security/blog/wp-content/themes/xtheme/dist/fonts/fluent-icons-filled/
0
0

FluentIcons%20Regular%2024.woff
www.microsoft.com/en-us/security/blog/wp-content/themes/xtheme/dist/fonts/fluent-icons-regular/
0
0

RW1fJPf
img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/
3 KB
3 KB
Image
General
Full URL
https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RW1fJPf?ver=4512
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.16.164.83 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-16-164-83.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
8d43ae761244f4b73bceeff2031a203a53709ea768a561d0de40d97079fb1e4d
Security Headers
Name Value
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 08 Jan 2024 09:53:51 GMT
last-modified
Fri, 05 Jan 2024 06:52:28 GMT
x-resizerversion
1.0
x-source-length
2602
x-datacenter
eastus
x-frame-options
DENY
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=161883
x-activityid
2b560b1e-027d-4024-85af-88a92bd2ea1b
content-location
https://image.prod.cms.rt.microsoft.com/cms/api/am/imageFileData/RW1fJPf?ver=4512
timing-allow-origin
*
content-length
2602
alt-svc
h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
expires
Wed, 10 Jan 2024 06:51:54 GMT
/
browser.events.data.microsoft.com/OneCollector/1.0/
59 B
377 B
XHR
General
Full URL
https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0
Requested by
Host: js.monitor.azure.com
URL: https://js.monitor.azure.com/scripts/c/ms.analytics-web-3.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.44.10.123 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
443a90baf04def70862b0823078ec78d01cbb47f65b3982e95022c87e12025c3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

upload-time
1704707632729
accept-language
de-DE,de;q=0.9
client-version
1DS-Web-JS-3.2.14
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
time-delta-to-apply-millis
use-collector-delta
content-type
application/x-json-stream
cache-control
no-cache, no-store
Referer
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/
apikey
cb68b8f590184975aa5eb4ed576fb074-e666ac9b-fa31-4339-8b9c-775f4bae31f3-6978
Client-Id
NO_AUTH

Response headers

strict-transport-security
max-age=31536000
date
Mon, 08 Jan 2024 09:53:54 GMT
server
Microsoft-HTTPAPI/2.0
access-control-allow-methods
POST
content-type
application/json
access-control-allow-origin
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
access-control-expose-headers
Collector-Error
access-control-allow-credentials
true
collector-error
No events are from an allowed domain.
access-control-allow-headers
Collector-Error
content-length
59
/
browser.events.data.microsoft.com/OneCollector/1.0/
0
0
Preflight
General
Full URL
https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.44.10.123 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Headers
apikey,cache-control,client-id,client-version,content-type,time-delta-to-apply-millis,upload-time
Access-Control-Request-Method
POST
Origin
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
AuthMsaDeviceTicket,AuthXToken,Content-Encoding,Content-Type,Cache-Control,Client-Id,SDK-Name,sdk-version,apikey,x-apikey,client-version,upload-time,time-delta-to-apply-millis,client-time-epoch-millis,persistence-mode,reliability-mode,NoResponseBody
access-control-allow-origin
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
access-control-max-age
3600
cache-control
public, 3600
content-length
0
date
Mon, 08 Jan 2024 09:53:53 GMT
server
Microsoft-HTTPAPI/2.0
strict-transport-security
max-age=31536000
/
browser.events.data.microsoft.com/OneCollector/1.0/
57 B
123 B
XHR
General
Full URL
https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0
Requested by
Host: js.monitor.azure.com
URL: https://js.monitor.azure.com/scripts/c/ms.analytics-web-3.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.44.10.123 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
007f9575d3d35f0c78a1de1293fdd9af540dd8de44a9fcca658336e0d1e73ea7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

upload-time
1704707635254
accept-language
de-DE,de;q=0.9
client-version
1DS-Web-JS-3.2.14
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type
application/x-json-stream
cache-control
no-cache, no-store
Referer
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/
apikey
cb68b8f590184975aa5eb4ed576fb074-e666ac9b-fa31-4339-8b9c-775f4bae31f3-6978
Client-Id
NO_AUTH

Response headers

strict-transport-security
max-age=31536000
date
Mon, 08 Jan 2024 09:53:55 GMT
server
Microsoft-HTTPAPI/2.0
access-control-allow-methods
POST
content-type
application/json
access-control-allow-origin
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
access-control-expose-headers
Collector-Error
access-control-allow-credentials
true
collector-error
No events are from an allowed domain.
access-control-allow-headers
Collector-Error
content-length
57
/
browser.events.data.microsoft.com/OneCollector/1.0/
0
0
Preflight
General
Full URL
https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.44.10.123 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Headers
apikey,cache-control,client-id,client-version,content-type,upload-time
Access-Control-Request-Method
POST
Origin
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
AuthMsaDeviceTicket,AuthXToken,Content-Encoding,Content-Type,Cache-Control,Client-Id,SDK-Name,sdk-version,apikey,x-apikey,client-version,upload-time,time-delta-to-apply-millis,client-time-epoch-millis,persistence-mode,reliability-mode,NoResponseBody
access-control-allow-origin
https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
access-control-max-age
3600
cache-control
public, 3600
content-length
0
date
Mon, 08 Jan 2024 09:53:55 GMT
server
Microsoft-HTTPAPI/2.0
strict-transport-security
max-age=31536000

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.microsoft.com
URL
https://www.microsoft.com/en-us/security/blog/wp-content/themes/security-blog/dist/fonts/MWFFluentIcons.woff2
Domain
www.microsoft.com
URL
https://www.microsoft.com/en-us/security/blog/wp-content/themes/security-blog/dist/fonts/MWFFluentIcons.woff
Domain
www.microsoft.com
URL
https://www.microsoft.com/en-us/security/blog/wp-content/themes/xtheme/dist/fonts/fluent-icons-filled/FluentIcons%20Filled%2024.woff2
Domain
www.microsoft.com
URL
https://www.microsoft.com/en-us/security/blog/wp-content/themes/xtheme/dist/fonts/fluent-icons-regular/FluentIcons%20Regular%2024.woff2
Domain
www.microsoft.com
URL
https://www.microsoft.com/en-us/security/blog/wp-content/themes/security-blog/dist/fonts/MWFFluentIcons.ttf
Domain
www.microsoft.com
URL
https://www.microsoft.com/en-us/security/blog/wp-content/themes/xtheme/dist/fonts/fluent-icons-filled/FluentIcons%20Filled%2024.woff
Domain
www.microsoft.com
URL
https://www.microsoft.com/en-us/security/blog/wp-content/themes/xtheme/dist/fonts/fluent-icons-regular/FluentIcons%20Regular%2024.woff

Verdicts & Comments Add Verdict or Comment

53 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| event object| documentPictureInPicture string| at_property function| isEmpty function| key function| distinct string| tnt_response function| tt_getCookie function| targetPageParams function| adobeTargetTracking function| WcpConsent function| mscc object| oneDS3 object| oneDS object| __dynProto$Gbl function| $ function| jQuery function| facebookTracking string| _linkedin_data_partner_id function| linkedinTracking function| doubleclickTracking function| microsoftAds function| clarityTracking function| checkThirdPartyAdsOptOutCookie function| getCookie function| onConsentChanged function| Metrics_Clear_Cookies function| Metrics_3P_Scripts object| siteConsent function| XRegExp object| SyntaxHighlighter function| applyFocusVisiblePolyfill function| SuperGif object| msgifs object| mwf object| securityBlog object| runtime object| regeneratorRuntime object| wp function| sprintf function| vsprintf object| msx object| microsoftUhfSettings object| onShellReadyToLoad object| config object| MSA object| MeControl function| MeControlDefine function| MeControlImport object| msCommonShell object| oneDsMeControl string| className boolean| gutter

2 Cookies

Domain/Path Name / Value
security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/ Name: MicrosoftApplicationsTelemetryDeviceId
Value: 54faafe7-1d09-457e-bb5d-c18ce3b8f907
security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/ Name: ai_session
Value: bZJ6PlheoscPESxRgn50oV|1704707631727|1704707631727

16 Console Messages

Source Level URL
Text
javascript error URL: https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/(Line 2659)
Message:
Access to font at 'https://www.microsoft.com/en-us/security/blog/wp-content/themes/security-blog/dist/fonts/MWFFluentIcons.woff2' from origin 'https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://www.microsoft.com/en-us/security/blog/wp-content/themes/security-blog/dist/fonts/MWFFluentIcons.woff2
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
Message:
Access to font at 'https://www.microsoft.com/en-us/security/blog/wp-content/themes/security-blog/dist/fonts/MWFFluentIcons.woff' from origin 'https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://www.microsoft.com/en-us/security/blog/wp-content/themes/security-blog/dist/fonts/MWFFluentIcons.woff
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
Message:
Access to font at 'https://www.microsoft.com/en-us/security/blog/wp-content/themes/xtheme/dist/fonts/fluent-icons-filled/FluentIcons%20Filled%2024.woff2' from origin 'https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://www.microsoft.com/en-us/security/blog/wp-content/themes/xtheme/dist/fonts/fluent-icons-filled/FluentIcons%20Filled%2024.woff2
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
Message:
Access to font at 'https://www.microsoft.com/en-us/security/blog/wp-content/themes/xtheme/dist/fonts/fluent-icons-regular/FluentIcons%20Regular%2024.woff2' from origin 'https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://www.microsoft.com/en-us/security/blog/wp-content/themes/xtheme/dist/fonts/fluent-icons-regular/FluentIcons%20Regular%2024.woff2
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
Message:
Access to font at 'https://www.microsoft.com/en-us/security/blog/wp-content/themes/security-blog/dist/fonts/MWFFluentIcons.ttf' from origin 'https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://www.microsoft.com/en-us/security/blog/wp-content/themes/security-blog/dist/fonts/MWFFluentIcons.ttf
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
Message:
Access to font at 'https://www.microsoft.com/en-us/security/blog/wp-content/themes/xtheme/dist/fonts/fluent-icons-filled/FluentIcons%20Filled%2024.woff' from origin 'https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://www.microsoft.com/en-us/security/blog/wp-content/themes/xtheme/dist/fonts/fluent-icons-filled/FluentIcons%20Filled%2024.woff
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/
Message:
Access to font at 'https://www.microsoft.com/en-us/security/blog/wp-content/themes/xtheme/dist/fonts/fluent-icons-regular/FluentIcons%20Regular%2024.woff' from origin 'https://security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://www.microsoft.com/en-us/security/blog/wp-content/themes/xtheme/dist/fonts/fluent-icons-regular/FluentIcons%20Regular%2024.woff
Message:
Failed to load resource: net::ERR_FAILED
network error URL: https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0
Message:
Failed to load resource: the server responded with a status of 403 ()
network error URL: https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0
Message:
Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

browser.events.data.microsoft.com
c.s-microsoft.com
img-prod-cms-rt-microsoft-com.akamaized.net
js.monitor.azure.com
mem.gfx.ms
security-blog-prod-hqhnb3azc8bagze5.z01.azurefd.net
wcpstatic.microsoft.com
www.microsoft.com
www.microsoft.com
2.16.164.83
20.44.10.123
2620:1ec:46::63
2620:1ec:bdf::45
2a02:26f0:1700:387::356e
2a02:26f0:1700:390::356e
2a02:26f0:e600:583::356e
007f9575d3d35f0c78a1de1293fdd9af540dd8de44a9fcca658336e0d1e73ea7
0704c95c24c791c0c9c29dce73c73ab3de78f4a7d5d4a6455055ac86fd0b3d3e
077052944d805da1cd832b70df86d282be6a1309626c646fc36dacdc9fbc7ddb
0a352f66e27391d711c1664548c53c28366f147da953a4f92b108d58f4683f3b
112fec798b78aa02e102a724b5cb1990c0f909bc1d8b7b1fa256eab41bbc0960
1232bbdbc5d205f3c5a40efa5ed92839c79e7879d5168445cc47645bb93f7d1b
166c7c3bb5f76f977a9f2a5490589b3466374eb2b3f064802e56f08bad71fbf0
2228a58f7dae64b3f1a4f0df867097afc0f4b485d943b41a4f4e1add0e7ea92a
22b4df5c33045b645cafa45b04685f4752e471a2e933bff5bf14324d87deee12
23d65e0901e80ece99e06d63e02a2ba3330266ffacbc60a2221edbe552117efb
2a13764d94e51fe5a6aa92f0f162bff4f473d1ebce0fffb734afb416ee361118
2ac13cd7c8fbbb596b97fca724b722366d63839a2cef5467f20a9d7c227eac5d
443a90baf04def70862b0823078ec78d01cbb47f65b3982e95022c87e12025c3
47e77d470102641070b066a5a73c34dbd14989f55a3d435efae0fdeaaff3ae6d
4b3bce183396d6887b891e8f1625263f0e5bee99947357af5867cfa7ec3c9e08
4c0ced2cb3830d045cdd74f745fd4d6dcb082d8edd3a9fe46e39295e30cb8032
4e3ba835fd654e3c31f0230ca10babb78f6d87be1867573ae900d8c9d2b09672
4f7f4afe26e71fa9ca1dac4a43b557a554a46f53251d849f07ed08a04829d74b
4f8de2ce7b046b0b7e879dd868d9c7d9e02a4467f3bbb2798fd24cc15a706a89
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
541f1c9e57b1ed62179ed1bfbc47cc9b3d8f5ee5cba4fa44945cd5f2465f9d13
58f3a5cc06254205413de09728b48cdea0069d4133fcd4a430cb736952412aa8
5ac53f9f9dc2c8abbeab5762571a4f9d3920d350b015da1ae6977d17472c0a83
5c93f77799d122fb5255ee24da285f9f228cc118cba11e6ceb2b6bda8cdf4164
61ca50dfffba6e00b95cdef70bea41b2a67ea13fd92b4c6381e76d63bb18bede
62c084958e82fe876fd9c8741fdc560cd3d07b9df8933a1665da0518fc9479c4
644bc58ea314f0b02f8bef2799ef7068a7ec21531543ac67f130e851480b3bda
67447c3656caad630373253691f3e8f64467eafd6e7305c9b0e98111b0b41694
6974bfd8fa06b7831f05cb4b25860c851a5ad3f02a6699ebe688987dd7a6ebe6
698e93fe491cc7bbf07a470579a33dbd0db53c19142b7be41ebfd39a23aef11f
732e08f80d9a49e06b34040cef1f3501d3528eccc8d0cb3057e5a1e8a762ee78
7868467c94a5aa0b3f11ef542f45287967f9627b3b5acdc86e47f8f77a126596
7c121ca35937264358195b5199cd9cace6908afd6e76d882e1f15f06bb985452
8d43ae761244f4b73bceeff2031a203a53709ea768a561d0de40d97079fb1e4d
8f8da55fb0b3c887b1366aa05fec7f20203bf0a0ede5e2f9e6fb154b98c22511
9718c68f663cfdcef66e2b91917e46e3b83e31c9691a2ff658f9bd55c73bc649
a1fe019388875b696edb373b51a51c0a8e3bad52cd489617d042c0722bdb1e48
a592efcfa8fcc9af1d866278861311dd68b1196fd82a15bfa678a0a3a7713bdd
a5bbd2af4d701d30c42d5bf7f595aeb35ca883b7e0e7b2af4f1e211ee8fdc01a
a96d53bba65b704f76446a222f42383a6099715b915ef05fff32f5be2634a014
b724f99a651bf0de96412e969f2f35af6f88cbe210b0fd1fefb35f9ae2ffa305
c05536c0f0662d15af06f535b7e11931840fa8d5893debb0d69289d3f4b15d6c
c1a9a3e223bad631dff12d33b5499eb145cb08d8621c20d9d73870e78d97afe4
c34f24d4dcbfa71cc3813a0c1f02b17a4845c530fa3ed087c66912ccc81255ed
c688d3f2135b6b51617a306a0b1a665324402a00a6bceba475881af281503ad9
cffbae450bcad74d65019c0aa2bada046cdcf5f5fa4af699929838f58c7ff8c2
d168b898cc480f93be28877030301238479b04ede148402e0d661a3d56c3a6b3
d35faa1c0b45cc142295ae07a0c6e6e7824e0e64b58b81a83e7850251586e0df
d86802264a0502b679e65647a61a33b4d83e04ca421ae50044bd722210bfa115
d87d0a7a7fe2c36d1dc093bfe56e9b81b311988789dbd3b65abf811d551ef02f
e3ca8edda8495b1e1c379b762cdfea6c1bef3f520b504a407566fe278ee20bbc
e5d01e31ad1ce01300935a3a582e5c80fc8f095ea0c442987b514721ef5c7a72
f1a51501d0be8fe77c97839d07c4d67b56b161aec12088adc3513cc1ef7f6096
f496bdb11d1ca79529018e7e5d6b6c5f405e162ffbfb70bf51e8a143967c3eb8
f66318f82d323fc015cabfd238c99960b363757de1d48882754ddbac36e766e6
f755083ad22adff7e8d9abb5c838ef6b08c7b96540746554a1562356441ab0da
fb0b9c96b403e67ba65839b734628ecf3c043e4021c3bb05df8f446f32abae3c
fe8a1047376498c80a157d13555e42a92ad480fcb0bcc9de51ad1930fbeb7f91