msrc-blog.microsoft.com
Open in
urlscan Pro
40.122.65.162
Public Scan
Effective URL: https://msrc-blog.microsoft.com/2020/12/21/december-21st-2020-solorigate-resource-center/
Submission: On January 11 via manual from US
Summary
TLS certificate: Issued by Microsoft Azure TLS Issuing CA 05 on October 13th 2020. Valid for: a year.
This is the only time msrc-blog.microsoft.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 52.2.89.141 52.2.89.141 | 14618 (AMAZON-AES) (AMAZON-AES) | |
10 | 40.122.65.162 40.122.65.162 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
10 | 1 |
ASN14618 (AMAZON-AES, US)
PTR: ec2-52-2-89-141.compute-1.amazonaws.com
www.msgapp.com |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
msrc-blog.microsoft.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
microsoft.com
msrc-blog.microsoft.com |
69 KB |
1 |
msgapp.com
1 redirects
www.msgapp.com |
728 B |
10 | 2 |
Domain | Requested by | |
---|---|---|
10 | msrc-blog.microsoft.com |
msrc-blog.microsoft.com
|
1 | www.msgapp.com | 1 redirects |
10 | 2 |
This site contains links to these domains. Also see Links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
blog.msrc.microsoft.com Microsoft Azure TLS Issuing CA 05 |
2020-10-13 - 2021-10-08 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://msrc-blog.microsoft.com/2020/12/21/december-21st-2020-solorigate-resource-center/
Frame ID: 0E266055F91F045B3D0008094018D4E1
Requests: 10 HTTP requests in this frame
Screenshot
Page Title
Solorigate Resource Center – updated December 31st, 2020 – Microsoft Security Response CenterPage URL History Show full URLs
-
http://www.msgapp.com/jc.aspx?d=GWGMW3UCIAMENX7F35RHJZAORFE23XEEEJFMLEHOMC4FMBTBXBUGR6XOTVGVPZZMZ3...
HTTP 302
https://msrc-blog.microsoft.com/2020/12/21/december-21st-2020-solorigate-resource-center/ Page URL
Detected technologies
WordPress (CMS) ExpandDetected patterns
- html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
- script /\/wp-(?:content|includes)\//i
- headers link /rel="https:\/\/api\.w\.org\/"/i
PHP (Programming Languages) Expand
Detected patterns
- html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
- script /\/wp-(?:content|includes)\//i
- headers link /rel="https:\/\/api\.w\.org\/"/i
MySQL (Databases) Expand
Detected patterns
- html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
- script /\/wp-(?:content|includes)\//i
- headers link /rel="https:\/\/api\.w\.org\/"/i
Windows Server (Operating Systems) Expand
Detected patterns
- headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
- url /\.aspx?(?:$|\?)/i
Microsoft ASP.NET (Web Frameworks) Expand
Detected patterns
- url /\.aspx?(?:$|\?)/i
IIS (Web Servers) Expand
Detected patterns
- headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
- url /\.aspx?(?:$|\?)/i
Page Statistics
29 Outgoing links
These are links going to different origins than the main page.
Title: Report Security Vulnerability
Search URL Search Domain Scan URL
Title: Report Abuse
Search URL Search Domain Scan URL
Title: Security Update Guide
Search URL Search Domain Scan URL
Title: About MSRC
Search URL Search Domain Scan URL
Title: https://aka.ms/solorigate
Search URL Search Domain Scan URL
Title: A moment of reckoning: the need for a strong and global cybersecurity response
Search URL Search Domain Scan URL
Title: Important steps for customers to protect themselves from recent nation-state cyberattacks – Microsoft On the Issues
Search URL Search Domain Scan URL
Title: Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor
Search URL Search Domain Scan URL
Title: https://aka.ms/detect_solorigate
Search URL Search Domain Scan URL
Title: Azure AD workbook to help you assess Solorigate risk
Search URL Search Domain Scan URL
Title: Understanding “Solorigate”‘s Identity IOCs – for Identity Vendors and their customers
Search URL Search Domain Scan URL
Title: Advice for incident responders on recovery from systemic identity compromises
Search URL Search Domain Scan URL
Title: Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect
Search URL Search Domain Scan URL
Title: SolarWinds Post-Compromise Hunting with Azure Sentinel
Search URL Search Domain Scan URL
Title: Latest Threat Intelligence for Azure Defender for IoT
Search URL Search Domain Scan URL
Title: Threat Analytics article
Search URL Search Domain Scan URL
Title: protect Microsoft 365 from on-premises attacks
Search URL Search Domain Scan URL
Title: Ensure customers are protected from Solorigate
Search URL Search Domain Scan URL
Title: https://docs.microsoft.com/security/
Search URL Search Domain Scan URL
Title: https://docs.microsoft.com/azure/security/
Search URL Search Domain Scan URL
Title: https://docs.microsoft.com/azure/sentinel/
Search URL Search Domain Scan URL
Title: https://docs.microsoft.com/microsoft-365/security/
Search URL Search Domain Scan URL
Title: https://docs.microsoft.com/windows/security/
Search URL Search Domain Scan URL
Title: https://docs.microsoft.com/cloud-app-security/
Search URL Search Domain Scan URL
Title: https://support.microsoft.com/contactus
Search URL Search Domain Scan URL
Title: https://fasttrack.microsoft.com
Search URL Search Domain Scan URL
Title: Global Intrusion Campaign Leverages Software Supply Chain Compromise
Search URL Search Domain Scan URL
Title: SolarWinds Advisory
Search URL Search Domain Scan URL
Title: https://us-cert.cisa.gov/ncas/alerts/aa20-352a
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://www.msgapp.com/jc.aspx?d=GWGMW3UCIAMENX7F35RHJZAORFE23XEEEJFMLEHOMC4FMBTBXBUGR6XOTVGVPZZMZ3372AAGTWLSLJAIZIFPABF2E2UZFRUUQAXAXIWIFQAV2EGUFUXYWLDZQAHAQVUQGN7OOSO3234ZVVCN6VUJVJGN32DHEWHDA5Q4DQECHXR7QP3A37AODTU3BPQYUCZX7CYNHBJH2FUQZY6Y6DIWROA6TXPPWO6ZG2TID3FDOWHNH7VV77ZJKWR3CAPBTF5CUJ7FXUQ3OFPBIVYWRUWJWO7DYA7NCEBV5ZZZGXNKZBZYFLEPSNIOYPRN53UR7HHDI2ORGEUZ3E6KKZVU6RMON3TZDEXFE57DKSVFZF5Q3TW6B5YP
HTTP 302
https://msrc-blog.microsoft.com/2020/12/21/december-21st-2020-solorigate-resource-center/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Cookie set
/
msrc-blog.microsoft.com/2020/12/21/december-21st-2020-solorigate-resource-center/ Redirect Chain
|
89 KB 22 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.min.css
msrc-blog.microsoft.com/wp-content/themes/astra/assets/css/minified/ |
86 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.min.css
msrc-blog.microsoft.com/wp-includes/css/dist/block-library/ |
50 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
astra-addon-5fe27966e24d52-06616509.css
msrc-blog.microsoft.com/wp-content/uploads/astra-addon/ |
23 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wp-emoji-release.min.js
msrc-blog.microsoft.com/wp-includes/js/ |
14 KB 5 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.min.js
msrc-blog.microsoft.com/wp-content/themes/astra/assets/js/minified/ |
10 KB 4 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
astra-addon-5fe27965977489-96409158.js
msrc-blog.microsoft.com/wp-content/uploads/astra-addon/ |
2 KB 1 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wp-embed.min.js
msrc-blog.microsoft.com/wp-includes/js/ |
1 KB 1 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
astra.woff
msrc-blog.microsoft.com/wp-content/themes/astra/assets/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
astra.ttf
msrc-blog.microsoft.com/wp-content/themes/astra/assets/fonts/ |
3 KB 3 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
30 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| _wpemojiSettings object| astra function| astraGetParents function| getParents function| astraToggleClass function| toggleClass function| astraTriggerEvent function| AstraToggleSubMenu function| AstraNavigationMenu function| AstraToggleMenu function| AstraToggleSetup function| astraNavMenuToggle object| bodyElement object| astraAddon object| wp object| button object| menu object| links object| subMenus number| len object| twemoji2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.msrc-blog.microsoft.com/ | Name: ARRAffinitySameSite Value: 076a7fe9c379d2061e74fbdd188c1f548d31c79559f23ef52c1fed5d7712a624 |
|
.msrc-blog.microsoft.com/ | Name: ARRAffinity Value: 076a7fe9c379d2061e74fbdd188c1f548d31c79559f23ef52c1fed5d7712a624 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
msrc-blog.microsoft.com
www.msgapp.com
40.122.65.162
52.2.89.141
3685c3818240f5f390073c7d04f944a5cb5d848093224f3a7888034e8c050eb4
495b23f6426c5d43a9bfc3ec7b02c0d848ed45711b43fb0a9930305e2387d508
5c2288ca7b324881faae5e368eb4d69457e2784e042e868de335d3827bb90981
62c2aafc4d87c9187996f40a2f23df9710d98ade7366818aedc6233acfe97614
6ebcda7a3a41ef97f0b4071160ceb1020e540fdc0f790079a5c2ef01ab654fe0
758af520af740958167ad867622e499b689a3299fa395f5697ad775f8b9ae4ea
a0d544de4c91c30690c6274fbe310631a1b98906f5aceab84d4f71ebec3de9ba
c3326eca3e04119400003592725c6a3c116ea221a7b3c581b8f92f789d71e4e8
cacbee602d0291b5b9cc98525c2127c56e4eae5336dc139f647e142dc487ed61