www.microsoft.com Open in urlscan Pro
2a02:26f0:1700:187::356e Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/
Submission: On July 07 via api (July 7th 2023, 10:58:29 am UTC) from US — Scanned from DE

Summary HTTP 53 Redirects Links 68 Behaviour Indicators

Summary

This website contacted 6 IPs in 2 countries across 5 domains to perform 53 HTTP transactions. The main IP is 2a02:26f0:1700:187::356e, located in Frankfurt am Main, Germany and belongs to AKAMAI-ASN1, NL. The main domain is www.microsoft.com. The Cisco Umbrella rank of the primary domain is 279.
TLS certificate: Issued by Microsoft Azure TLS Issuing CA 06 on October 4th 2022. Valid for: a year.

This is the only time www.microsoft.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
39	2a02:26f0:170... 2a02:26f0:1700:187::356e	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2620:1ec:bdf::45 2620:1ec:bdf::45	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2620:1ec:46::45 2620:1ec:46::45	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2a02:26f0:e60... 2a02:26f0:e600::48f7:99e3	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	2a02:26f0:480... 2a02:26f0:480:993::356e	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	104.208.16.89 104.208.16.89	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
53	6

39 2a02:26f0:1700:187::356e (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

www.microsoft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:bdf::45 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

wcpstatic.microsoft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mem.gfx.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:46::45 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

js.monitor.azure.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:e600::48f7:99e3 (Düsseldorf, Germany)

ASN20940 (AKAMAI-ASN1, NL)

img-prod-cms-rt-microsoft-com.akamaized.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:26f0:480:993::356e (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

c.s-microsoft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.208.16.89 (Des Moines, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

browser.events.data.microsoft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
44	microsoft.com www.microsoft.com — Cisco Umbrella Rank: 279 wcpstatic.microsoft.com — Cisco Umbrella Rank: 5644 browser.events.data.microsoft.com — Cisco Umbrella Rank: 194	931 KB
4	s-microsoft.com c.s-microsoft.com — Cisco Umbrella Rank: 7455	119 KB
2	akamaized.net img-prod-cms-rt-microsoft-com.akamaized.net — Cisco Umbrella Rank: 1428	6 KB
2	azure.com js.monitor.azure.com — Cisco Umbrella Rank: 1834	103 KB
1	gfx.ms mem.gfx.ms — Cisco Umbrella Rank: 4266	12 KB
53	5

	Domain	Requested by
39	www.microsoft.com	www.microsoft.com
4	browser.events.data.microsoft.com	js.monitor.azure.com
4	c.s-microsoft.com	www.microsoft.com
2	img-prod-cms-rt-microsoft-com.akamaized.net	www.microsoft.com
2	js.monitor.azure.com	www.microsoft.com mem.gfx.ms
1	mem.gfx.ms	www.microsoft.com
1	wcpstatic.microsoft.com	www.microsoft.com
53	7

This site contains links to these domains. Also see Links.

Domain
go.microsoft.com
aka.ms
azure.microsoft.com
github.com
customers.microsoft.com
events.microsoft.com
techcommunity.microsoft.com
docs.microsoft.com
servicetrust.microsoft.com
dynamics.microsoft.com
partner.microsoft.com
about.ads.microsoft.com
azuremarketplace.microsoft.com
appsource.microsoft.com
blogs.microsoft.com
developer.microsoft.com
learn.microsoft.com
www.facebook.com
twitter.com
www.linkedin.com
www.youtube.com
account.microsoft.com
education.microsoft.com
powerplatform.microsoft.com
visualstudio.microsoft.com
careers.microsoft.com
news.microsoft.com
privacy.microsoft.com
support.microsoft.com
choice.microsoft.com

Subject Issuer	Validity	Valid
www.microsoft.com Microsoft Azure TLS Issuing CA 06	`2022-10-04` - `2023-09-29`	a year	crt.sh
wcpstatic.microsoft.com DigiCert TLS RSA SHA256 2020 CA1	`2022-12-06` - `2023-12-06`	a year	crt.sh
js.monitor.azure.com Microsoft Azure TLS Issuing CA 06	`2023-06-21` - `2024-06-15`	a year	crt.sh
identitycdn.msauth.net Microsoft Azure TLS Issuing CA 02	`2023-06-24` - `2024-06-18`	a year	crt.sh
a248.e.akamai.net DigiCert TLS RSA SHA256 2020 CA1	`2023-05-16` - `2024-05-15`	a year	crt.sh
*.events.data.microsoft.com Microsoft Azure TLS Issuing CA 05	`2023-06-06` - `2024-05-31`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/
Frame ID: 57C6EEADC9588C4936F1A4B627DD7147
Requests: 51 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

The five-day job: A BlackByte ransomware intrusion case study | Microsoft Security BlogCalifornia Consumer Privacy Act (CCPA) Opt-Out Icon

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

53
Requests

100 %
HTTPS

83 %
IPv6

5
Domains

7
Subdomains

6
IPs

2
Countries

1169 kB
Transfer

2444 kB
Size

5
Cookies

68 Outgoing links

These are links going to different origins than the main page.

URL: https://go.microsoft.com/fwlink/?LinkId=521839
Title: Privacy Statement

Search URL Search Domain Scan URL

URL: https://aka.ms/3rdpartycookies
Title: Third-Party Cookies

Search URL Search Domain Scan URL

URL: https://go.microsoft.com/fwlink/?linkid=2231161
Title: Try now

Search URL Search Domain Scan URL

URL: https://azure.microsoft.com/en-us/services/key-vault/
Title: Azure Key Vault

Search URL Search Domain Scan URL

URL: https://azure.microsoft.com/en-us/services/azure-firewall/
Title: Azure Firewall

Search URL Search Domain Scan URL

URL: https://azure.microsoft.com/en-us/services/web-application-firewall/
Title: Azure Web App Firewall

Search URL Search Domain Scan URL

URL: https://azure.microsoft.com/en-us/services/ddos-protection/
Title: Azure DDoS Protection

Search URL Search Domain Scan URL

URL: https://github.com/features/security
Title: GitHub Advanced Security

Search URL Search Domain Scan URL

URL: https://customers.microsoft.com/en-us/search?sq=Microsoft%20Security&ff=&p=0&so=story_publish_date%20desc
Title: Customer stories

Search URL Search Domain Scan URL

URL: https://events.microsoft.com/en-us/allevents/?language=English&clientTimeZone=1&search=security
Title: Microsoft Security Events

Search URL Search Domain Scan URL

URL: https://techcommunity.microsoft.com/t5/security-compliance-and-identity/ct-p/MicrosoftSecurityandCompliance
Title: Microsoft Tech Community

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/security/
Title: Documentation

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/learn/topics/sci?wt.mc_id=techcom_header-webpage-m365
Title: Training & certifications

Search URL Search Domain Scan URL

URL: https://aka.ms/underattack
Title: Under attack?

Search URL Search Domain Scan URL

URL: https://servicetrust.microsoft.com/
Title: Service Trust Portal

Search URL Search Domain Scan URL

URL: https://azure.microsoft.com/en-us/
Title: Azure

Search URL Search Domain Scan URL

URL: https://dynamics.microsoft.com/en-us/
Title: Dynamics 365

Search URL Search Domain Scan URL

URL: https://azure.microsoft.com/en-us/solutions/space/
Title: Azure Space

Search URL Search Domain Scan URL

URL: https://azure.microsoft.com/en-us/solutions/quantum-computing/
Title: Quantum computing

Search URL Search Domain Scan URL

URL: https://partner.microsoft.com/en-US/
Title: Find a partner

Search URL Search Domain Scan URL

URL: https://partner.microsoft.com/en-US/membership/cloud-solution-provider
Title: Become a partner

Search URL Search Domain Scan URL

URL: https://partner.microsoft.com/en-us/membership
Title: Partner Network

Search URL Search Domain Scan URL

URL: https://about.ads.microsoft.com/en-us/resources/microsoft-advertising-partner-program/microsoft-advertising-partner-program
Title: Find an advertising partner

Search URL Search Domain Scan URL

URL: https://about.ads.microsoft.com/en-us/partners/welcome?s_cid=en-us-gct-web-src_ext-sub_0-flx_uhfcombepartner
Title: Become an advertising partner

Search URL Search Domain Scan URL

URL: https://azuremarketplace.microsoft.com/en-us/
Title: Azure Marketplace

Search URL Search Domain Scan URL

URL: https://appsource.microsoft.com/en-us/
Title: AppSource

Search URL Search Domain Scan URL

URL: https://blogs.microsoft.com/
Title: Blog

Search URL Search Domain Scan URL

URL: https://about.ads.microsoft.com/en-us?s_cid=dig-src_uhfcomm
Title: Microsoft Advertising

Search URL Search Domain Scan URL

URL: https://developer.microsoft.com/en-us/
Title: Developer Center

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/docs/
Title: Documentation

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/
Title: Microsoft Learn

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer.php?u=https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/

Search URL Search Domain Scan URL

URL: https://techcommunity.microsoft.com/t5/exchange-team-blog/proxyshell-vulnerabilities-and-your-exchange-server/ba-p/2684705
Title: ProxyShell vulnerabilities

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/microsoft-365/security/defender-vulnerability-management/defender-vulnerability-management?view=o365-worldwide
Title: Microsoft Defender Vulnerability Management

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/microsoft-365/security/defender-endpoint/configure-block-at-first-sight-microsoft-defender-antivirus?view=o365-worldwide
Title: turning on cloud-based protection

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection?view=o365-worldwide
Title: tamper protection

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/azure/sentinel/sentinel-solutions-deploy
Title: https://learn.microsoft.com/azure/sentinel/sentinel-solutions-deploy

Search URL Search Domain Scan URL

URL: https://github.com/Azure/Azure-Sentinel/blob/dd6cfe437382dfbd86ac36b76a125fda0c9de0aa/Detections/W3CIISLog/ProxyShellPwn2Own.yaml
Title: ProxyShell

Search URL Search Domain Scan URL

URL: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Web%20Shells%20Threat%20Protection/Hunting%20Queries/WebShellActivity.yaml
Title: Web shell activity

Search URL Search Domain Scan URL

URL: https://github.com/Azure/Azure-Sentinel/blob/dd6cfe437382dfbd86ac36b76a125fda0c9de0aa/Detections/http_proxy_oab_CL/ExchagngeSuspiciousFileDownloads.yaml
Title: Suspicious file downloads on Exchange Servers

Search URL Search Domain Scan URL

URL: https://github.com/Azure/Azure-Sentinel/blob/dd6cfe437382dfbd86ac36b76a125fda0c9de0aa/Hunting%20Queries/MultipleDataSources/FirewallRuleChanges_using_netsh.yaml
Title: Firewall rule changes

Search URL Search Domain Scan URL

URL: https://github.com/Azure/Azure-Sentinel/blob/dd6cfe437382dfbd86ac36b76a125fda0c9de0aa/Hunting%20Queries/Microsoft%20365%20Defender/Ransomware/ShadowCopyDeletion.yml
Title: Shadow copy deletion

Search URL Search Domain Scan URL

URL: https://github.com/Azure/Azure-Sentinel/blob/dd6cfe437382dfbd86ac36b76a125fda0c9de0aa/Solutions/UEBA%20Essentials/Hunting%20Queries/Anomalous%20RDP%20Activity.yaml
Title: Anamolous RDP activity

Search URL Search Domain Scan URL

URL: https://aka.ms/threatintelblog
Title: https://aka.ms/threatintelblog

Search URL Search Domain Scan URL

URL: https://twitter.com/MsftSecIntel
Title: https://twitter.com/MsftSecIntel

Search URL Search Domain Scan URL

URL: https://twitter.com/msftsecurity

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UC4s3tv0Qq_OSUBfR735Jc6A

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/showcase/microsoft-security/

Search URL Search Domain Scan URL

URL: https://account.microsoft.com/
Title: Account profile

Search URL Search Domain Scan URL

URL: https://go.microsoft.com/fwlink/?linkid=2139749
Title: Microsoft Store support

Search URL Search Domain Scan URL

URL: https://go.microsoft.com/fwlink/p/?LinkID=824764&clcid=0x409
Title: Returns

Search URL Search Domain Scan URL

URL: https://account.microsoft.com/orders
Title: Order tracking

Search URL Search Domain Scan URL

URL: https://education.microsoft.com/
Title: Educator training and development

Search URL Search Domain Scan URL

URL: https://azure.microsoft.com/en-us/free/students/
Title: Azure for students

Search URL Search Domain Scan URL

URL: https://powerplatform.microsoft.com/en-us/
Title: Microsoft Power Platform

Search URL Search Domain Scan URL

URL: https://techcommunity.microsoft.com/
Title: Microsoft Tech Community

Search URL Search Domain Scan URL

URL: https://visualstudio.microsoft.com/
Title: Visual Studio

Search URL Search Domain Scan URL

URL: https://careers.microsoft.com/
Title: Careers

Search URL Search Domain Scan URL

URL: https://news.microsoft.com/
Title: Company news

Search URL Search Domain Scan URL

URL: https://privacy.microsoft.com/en-us
Title: Privacy at Microsoft

Search URL Search Domain Scan URL

URL: https://aka.ms/yourcaliforniaprivacychoices
Title: California Consumer Privacy Act (CCPA) Opt-Out Icon Your Privacy Choices

Search URL Search Domain Scan URL

URL: https://support.microsoft.com/contactus
Title: Contact Microsoft

Search URL Search Domain Scan URL

URL: https://go.microsoft.com/fwlink/?LinkID=206977
Title: Terms of use

Search URL Search Domain Scan URL

URL: https://go.microsoft.com/fwlink/?linkid=2196228
Title: Trademarks

Search URL Search Domain Scan URL

URL: https://go.microsoft.com/fwlink/?linkid=2196227
Title: Safety & eco

Search URL Search Domain Scan URL

URL: https://choice.microsoft.com/
Title: About our ads

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

53 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/ 251 KB
48 KB 229ms
93ms Document
text/html 2a02:26f0:1700:187::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:187::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

53db1d8e84cfc9fef8152b3f45dfcef5980cbd3f6705869481721b88e00e2a17

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=600
content-encoding: gzip
content-length: 48589
content-type: text/html; charset=utf-8
date: Fri, 07 Jul 2023 10:58:22 GMT
expires: Fri, 07 Jul 2023 11:07:13 GMT
link: <https://www.microsoft.com/en-us/security/blog/wp-json/>; rel="https://api.w.org/" <https://www.microsoft.com/en-us/security/blog/wp-json/wp/v2/posts/130822>; rel="alternate"; type="application/json" <https://www.microsoft.com/en-us/security/blog/?p=130822>; rel=shortlink
ms-cv: CASMicrosoftCV153cddeb.0
ms-cv-esi: CASMicrosoftCV153cddeb.0
strict-transport-security: max-age=31536000
tls_version: tls1.3
vary: Accept-Encoding
x-azure-ref: 20230707T105822Z-y77t7vfuy53ph7v9xayvswh5uw00000002ng0000000166xy
x-frame-options: SAMEORIGIN
x-rtag: RT

GET
H2 200 style.min.css
www.microsoft.com/en-us/security/blog/wp-includes/css/dist/block-library/ 95 KB
13 KB 537ms
537ms Stylesheet
text/css 2a02:26f0:1700:187::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/en-us/security/blog/wp-includes/css/dist/block-library/style.min.css?ver=6.2.2

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:187::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

aca566587618e75fa291a419c7c430be02e03fc72f6105658c1bc8e7d59a65e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 10:58:23 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
x-rtag: RT
tls_version: tls1.3
ms-cv-esi: CASMicrosoftCV153cf8bb.0
ms-cv: CASMicrosoftCV153cf8bb.0
content-length: 12736
last-modified: Fri, 10 Mar 2023 00:22:37 GMT
etag: "17ced-5f680c224ed40-gzip"
x-azure-ref: 20230707T105823Z-uuq347b62p5v5a587ph1391mv8000000063000000001qtw5
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=2592000
accept-ranges: bytes
expires: Sun, 06 Aug 2023 05:29:55 GMT

GET
H2 200 jsgif.css
www.microsoft.com/en-us/security/blog/wp-content/plugins/oembeds/assets/css/gifplayer/ 3 KB
1 KB 445ms
443ms Stylesheet
text/css 2a02:26f0:1700:187::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/en-us/security/blog/wp-content/plugins/oembeds/assets/css/gifplayer/jsgif.css?ver=1.3.5

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:187::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

644bc58ea314f0b02f8bef2799ef7068a7ec21531543ac67f130e851480b3bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 10:58:23 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
x-rtag: RT
tls_version: tls1.3
ms-cv-esi: CASMicrosoftCV153cf8cb.0
ms-cv: CASMicrosoftCV153cf8cb.0
content-length: 898
last-modified: Thu, 22 Jun 2023 16:09:42 GMT
etag: "bde-5feba1cac9d80-gzip"
x-azure-ref: 20230707T105823Z-wd1nf36at56g3aegap9a2neb0n00000000p000000000urur
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=2592000
accept-ranges: bytes
expires: Fri, 04 Aug 2023 06:38:41 GMT

GET
H2 200 moray-style.css
www.microsoft.com/en-us/security/blog/wp-content/themes/security-blog/dist/css/ 118 KB
16 KB 586ms
584ms Stylesheet
text/css 2a02:26f0:1700:187::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/en-us/security/blog/wp-content/themes/security-blog/dist/css/moray-style.css?ver=6890662797ebc664f02e

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:187::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e088672976cbc644436b96cf3053204a45e88e7c787feeb49e00f3b0261e6c83

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 10:58:23 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
x-rtag: RT
tls_version: tls1.3
ms-cv-esi: CASMicrosoftCV153cf8db.0
ms-cv: CASMicrosoftCV153cf8db.0
content-length: 16119
last-modified: Thu, 22 Jun 2023 16:11:48 GMT
etag: "1d6d5-5feba242f3900-gzip"
x-azure-ref: 20230707T105823Z-ut21621egd1qm4z5kvpzfxpt9c000000072000000000zcv8
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=2592000
accept-ranges: bytes
expires: Mon, 31 Jul 2023 18:07:35 GMT

GET
H2 200 frontend.css
www.microsoft.com/en-us/security/blog/wp-content/themes/security-blog/dist/css/ 28 KB
6 KB 445ms
443ms Stylesheet
text/css 2a02:26f0:1700:187::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/en-us/security/blog/wp-content/themes/security-blog/dist/css/frontend.css?ver=c4a37826ca7dbd2ad074

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:187::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

6cfe64efec010f0743f4c6bd3f5e5fb671fc7f7173aa7c340ab6d9b65bc59f21

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 10:58:23 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
x-rtag: RT
tls_version: tls1.3
ms-cv-esi: CASMicrosoftCV153cf8eb.0
ms-cv: CASMicrosoftCV153cf8eb.0
content-length: 5602
last-modified: Thu, 22 Jun 2023 16:11:48 GMT
etag: "6edf-5feba242f3900-gzip"
x-azure-ref: 20230707T105823Z-fhc3kqc70908h2f7ctzfpm882s00000000hg00000001y7f7
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=2592000
accept-ranges: bytes
expires: Tue, 01 Aug 2023 21:10:04 GMT

GET
H2 200 fluent-icons.css
www.microsoft.com/en-us/security/blog/wp-content/themes/xtheme/dist/css/ 1 KB
697 B 485ms
483ms Stylesheet
text/css 2a02:26f0:1700:187::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/en-us/security/blog/wp-content/themes/xtheme/dist/css/fluent-icons.css?ver=1687450283

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:187::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

4f8de2ce7b046b0b7e879dd868d9c7d9e02a4467f3bbb2798fd24cc15a706a89

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 10:58:23 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
x-rtag: RT
tls_version: tls1.3
ms-cv-esi: CASMicrosoftCV153cf8fb.0
ms-cv: CASMicrosoftCV153cf8fb.0
content-length: 371
last-modified: Thu, 22 Jun 2023 16:11:23 GMT
etag: "571-5feba22b1c0c0-gzip"
x-azure-ref: 20230707T105823Z-e9grt1aw9p54bfnvedrgg3yb4s0000000160000000017hde
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=2592000
accept-ranges: bytes
expires: Fri, 04 Aug 2023 21:55:56 GMT

GET
H2 200 frontend.css
www.microsoft.com/en-us/security/blog/wp-content/plugins/cloud-marketing-modules/dist/css/ 646 B
626 B 328ms
326ms Stylesheet
text/css 2a02:26f0:1700:187::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/en-us/security/blog/wp-content/plugins/cloud-marketing-modules/dist/css/frontend.css?ver=1.0.0

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:187::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

ea946baa7b0b7f68f6ba6b105be90ad03b6322a36837b38c7a2e4e3021a37cc3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 10:58:22 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
x-rtag: RT
tls_version: tls1.3
ms-cv-esi: CASMicrosoftCV153cf90b.0
ms-cv: CASMicrosoftCV153cf90b.0
content-length: 301
last-modified: Thu, 22 Jun 2023 16:11:02 GMT
etag: "286-5feba21715180-gzip"
x-azure-ref: 20230707T105822Z-5ut6fuugs94a55negvgnz5gzzg00000000k000000001nghc
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=2592000
accept-ranges: bytes
expires: Sat, 05 Aug 2023 17:13:11 GMT

GET
H2 200 related-posts.css
www.microsoft.com/en-us/security/blog/wp-content/plugins/cloud-marketing-modules/assets/css/ 399 B
565 B 201ms
199ms Stylesheet
text/css 2a02:26f0:1700:187::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/en-us/security/blog/wp-content/plugins/cloud-marketing-modules/assets/css/related-posts.css?ver=1.0.0

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:187::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

f755083ad22adff7e8d9abb5c838ef6b08c7b96540746554a1562356441ab0da

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 10:58:22 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
x-rtag: RT
tls_version: tls1.3
ms-cv-esi: CASMicrosoftCV153cf91b.0
ms-cv: CASMicrosoftCV153cf91b.0
content-length: 239
last-modified: Thu, 22 Jun 2023 16:09:42 GMT
etag: "18f-5feba1cac9d80-gzip"
x-azure-ref: 20230707T105822Z-5ut6fuugs94a55negvgnz5gzzg00000000k000000001ngh6
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=2592000
accept-ranges: bytes
expires: Sun, 06 Aug 2023 07:22:52 GMT

GET
H2 200 wcp-consent.js Show response
wcpstatic.microsoft.com/mscc/lib/v2/ 273 KB
80 KB 245ms
85ms Script
application/javascript 2620:1ec:bdf::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js
Requested by: Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: c688d3f2135b6b51617a306a0b1a665324402a00a6bceba475881af281503ad9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 07 Jul 2023 10:58:22 GMT
content-encoding: gzip
content-md5: X1JOIM5h9UISVFS6+GfEew==
age: 36343
x-cache: CONFIG_NOCACHE
content-length: 81726
x-ms-lease-status: unlocked
last-modified: Wed, 24 Aug 2022 17:34:36 GMT
etag: 0x8DA85F6EA62BF74
vary: Accept-Encoding
x-azure-ref: 20230707T105822Z-93m8ux6cud427dbvcxnswq27rn0000000ywg00000000nsyy
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 87ef4b21-801e-005f-2d6d-b0dd5f000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=43200
x-ms-version: 2009-09-19
accept-ranges: bytes

GET
H2 200 ms.analytics-web-3.min.js Show response
js.monitor.azure.com/scripts/c/ 137 KB
62 KB 241ms
86ms Script
text/javascript 2620:1ec:46::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://js.monitor.azure.com/scripts/c/ms.analytics-web-3.min.js
Requested by: Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:1ec:46::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 1745a25953ea2122472e06aa9c56924c6c1e8d465046b5a516191a9a1b3f9429

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 10:58:22 GMT
content-encoding: br
x-ms-meta-jssdkver: 3.2.12
last-modified: Thu, 01 Jun 2023 18:01:45 GMT
x-ms-meta-jssdksrc: [cdn]/scripts/c/ms.analytics-web-3.2.12.min.js
vary: Accept-Encoding
x-azure-ref: 20230707T105822Z-6byexnud2t19zfr5bumk9r70h4000000072g00000001x15u
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
x-ms-request-id: c7c62d76-901e-0067-3928-ac0ba7000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,x-ms-meta-jssdkver,x-ms-meta-lastmodified,x-ms-meta-jssdksrc,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=1800, immutable, no-transform
x-cache: TCP_HIT
x-ms-version: 2009-09-19

GET
H2 200 jquery.min.js Show response
www.microsoft.com/en-us/security/blog/wp-includes/js/jquery/ 88 KB
31 KB 194ms
191ms Script
application/javascript 2a02:26f0:1700:187::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/en-us/security/blog/wp-includes/js/jquery/jquery.min.js?ver=3.6.4

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:187::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

afacce23cb4feaaaef37997f8439819d8f827df4951f3ff02704c9f16fb7f53a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 10:58:22 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
x-rtag: RT
tls_version: tls1.3
ms-cv-esi: CASMicrosoftCV153cf92b.0
ms-cv: CASMicrosoftCV153cf92b.0
content-length: 31049
last-modified: Wed, 08 Mar 2023 18:37:33 GMT
etag: "15ed7-5f667d23f9540-gzip"
x-azure-ref: 20230707T105822Z-y77t7vfuy53ph7v9xayvswh5uw00000002ng0000000166z0
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
accept-ranges: bytes
expires: Sat, 05 Aug 2023 07:32:48 GMT

GET
H2 200 jquery-migrate.min.js Show response
www.microsoft.com/en-us/security/blog/wp-includes/js/jquery/ 13 KB
5 KB 194ms
192ms Script
application/javascript 2a02:26f0:1700:187::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/en-us/security/blog/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.0

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:187::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

9810aee7e6d57d8cceaa96322b88e6df46710194689ae12b284149148cabc2f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 10:58:22 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
x-rtag: RT
tls_version: tls1.3
ms-cv-esi: CASMicrosoftCV153cf93b.0
ms-cv: CASMicrosoftCV153cf93b.0
content-length: 4795
last-modified: Mon, 06 Feb 2023 20:59:15 GMT
etag: "3470-5f40e4dc48ec0-gzip"
x-azure-ref: 20230707T105822Z-sek5m35v313vm5c1vxzy9wmacg000000015g000000005tg3
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
accept-ranges: bytes
expires: Sat, 05 Aug 2023 16:58:47 GMT

GET
H2 200 74-888e54
www.microsoft.com/onerfstatics/marketingsites-eus-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/79-4cdd0a/33-ae3d41/a5-4bf7a2/13-8e1ceb/81-32f0c0/5c-b7b685/92-14707b/ 167 KB
23 KB 192ms
190ms Stylesheet
text/css 2a02:26f0:1700:187::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/onerfstatics/marketingsites-eus-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/79-4cdd0a/33-ae3d41/a5-4bf7a2/13-8e1ceb/81-32f0c0/5c-b7b685/92-14707b/74-888e54?ver=2.0&_cf=02242021_3231

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:187::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

47e77d470102641070b066a5a73c34dbd14989f55a3d435efae0fdeaaff3ae6d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

ms-operation-id: 62ea26cff01e124da2307985e01a933d
date: Fri, 07 Jul 2023 10:58:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
x-rtag: RT
x-s2: 2023-06-27T22:12:02
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-activity-id: 48a0224f-1c91-402e-91c9-c0ed701302f4
tls_version: tls1.3
ms-cv-esi: CASMicrosoftCV153cf94b.0
ms-cv: CASMicrosoftCV153cf94b.0
content-length: 22738
x-xss-protection: 1; mode=block
last-modified: Tue, 27 Jun 2023 22:12:02 GMT
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2023-06-02T05:34:58.0000000Z}
x-s1: 2023-06-27T22:12:02
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30712321
vary: Accept-Encoding
timing-allow-origin: *
x-appversion: 1.0.8552.38849
expires: Wed, 26 Jun 2024 22:10:23 GMT

GET
H2 200 a2-598841 Show response
www.microsoft.com/onerfstatics/marketingsites-eus-prod/shell/_scrf/js/themes=default/8e-e88b64/82-2a4f02/49-a00ab0/92-02e55d/7c-dcea75/75-fca72d/ed-e77ee7/d5-bf34c0/a9-078595/7a-7ea8cc/2d-40bdad/23... 135 KB
36 KB 321ms
319ms Script
text/javascript 2a02:26f0:1700:187::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/onerfstatics/marketingsites-eus-prod/shell/_scrf/js/themes=default/8e-e88b64/82-2a4f02/49-a00ab0/92-02e55d/7c-dcea75/75-fca72d/ed-e77ee7/d5-bf34c0/a9-078595/7a-7ea8cc/2d-40bdad/23-e8cd2b/96-eb5423/e6-6b0cce/d1-98d78a/c6-082272/a7-f7a340/1e-addbef/2e-ca165a/fc-169dd8/8e-60935c/87-fecbed/96-6ed6eb/c3-eb62e0/ad-ffd6bf/35-621acc/5b-6eff60/b0-07f293/1e-9d9d16/52-f0367f/af-abd754/bf-517249/e1-ed258e/20-0b10e2/6b-0f1117/fb-5e9831/a2-598841?ver=2.0&_cf=02242021_3231&iife=1

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:187::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

d794f9bd321156a2a2bb02102ad0bdc09bdc8dedf71ec42683fa53c3725fdd72

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

ms-operation-id: 0c6340480b263c4da24d15a45c457315
date: Fri, 07 Jul 2023 10:58:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
x-rtag: RT
x-s2: 2023-06-27T22:11:23
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-activity-id: cfe5775c-66ae-4f24-873f-d0bf841c5a1f
tls_version: tls1.3
ms-cv-esi: CASMicrosoftCV153d186b.0
ms-cv: CASMicrosoftCV153d186b.0
content-length: 36044
x-xss-protection: 1; mode=block
last-modified: Tue, 27 Jun 2023 22:11:23 GMT
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2023-06-02T05:34:58.0000000Z}
x-s1: 2023-06-27T22:11:23
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30712393
vary: Accept-Encoding
timing-allow-origin: *
x-appversion: 1.0.8552.38849
expires: Wed, 26 Jun 2024 22:11:35 GMT

GET
H2 200 meversion Show response
mem.gfx.ms/ 29 KB
12 KB 182ms
48ms Script
application/javascript 2620:1ec:bdf::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://mem.gfx.ms/meversion?partner=MSSecurity&market=en-us&uhf=1

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

fcb66a84dd66a834b551fd4578b07a939e30c94da700de1bcaf3c0bd40980adc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

expires: Fri, 07 Jul 2023 12:12:21 GMT
date: Fri, 07 Jul 2023 10:58:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: br
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
x-cache: TCP_HIT
cache-control: public, no-transform, max-age=7200
x-azure-ref: 20230707T105823Z-k8f25racux095btzzkm0pm51as0000000c4g00000000fhhk
x-ua-compatible: IE=edge

GET
H2 200 RE1Mu3b
img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/ 4 KB
4 KB 182ms
51ms Image
image/png 2a02:26f0:e600::48f7:99e3
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:e600::48f7:99e3 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

112fec798b78aa02e102a724b5cb1990c0f909bc1d8b7b1fa256eab41bbc0960

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 10:58:23 GMT
last-modified: Mon, 26 Jun 2023 16:05:25 GMT
x-resizerversion: 1.0
x-source-length: 4054
x-datacenter: eastus
x-frame-options: DENY
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=315981
x-activityid: 479d68a0-8d52-49f4-8730-7c3570cffb8b
content-location: https://image.prod.cms.rt.microsoft.com/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
timing-allow-origin: *
content-length: 4054
alt-svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
expires: Tue, 11 Jul 2023 02:44:44 GMT

GET
H2 200 BlackByte-attack-flow-diagram-2048x1027.webp
www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/07/ 91 KB
91 KB 220ms
218ms Image
image/webp 2a02:26f0:1700:187::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/07/BlackByte-attack-flow-diagram-2048x1027.webp

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:187::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

03382d06eca2cf805dc812d6c100f0eb3b34d2b3b0d8fa650f4ae583feeb30e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 10:58:23 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 05 Jul 2023 13:03:36 GMT
x-rtag: RT
etag: "16bfe-5ffbd071de7d5"
x-azure-ref: 20230707T105823Z-ut21621egd1qm4z5kvpzfxpt9c000000072000000000zcx3
tls_version: tls1.3
cache-control: max-age=2592000
ms-cv-esi: CASMicrosoftCV153d5b5b.0
accept-ranges: bytes
ms-cv: CASMicrosoftCV153d5b5b.0
content-length: 93182
expires: Sat, 05 Aug 2023 17:02:18 GMT

GET
H2 200 Figure-3.-Binary-analysis-showing-explorer.exe-functionality-for-connecting-to-file-sharing-service-MEGA-NZ.webp
www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/07/ 29 KB
29 KB 153ms
152ms Image
image/webp 2a02:26f0:1700:187::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/07/Figure-3.-Binary-analysis-showing-explorer.exe-functionality-for-connecting-to-file-sharing-service-MEGA-NZ.webp

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:187::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

83a25bbbdb47b16543cb8b8aefe9587197acf8b32649882b96443eeb08ffdd99

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 10:58:23 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 05 Jul 2023 13:07:24 GMT
x-rtag: RT
etag: "743e-5ffbd14b61e69"
x-azure-ref: 20230707T105823Z-fhc3kqc70908h2f7ctzfpm882s00000000hg00000001y7he
tls_version: tls1.3
cache-control: max-age=2592000
ms-cv-esi: CASMicrosoftCV153d5b6b.0
accept-ranges: bytes
ms-cv: CASMicrosoftCV153d5b6b.0
content-length: 29758
expires: Sat, 05 Aug 2023 17:02:17 GMT

GET
H2 200 shCore.js Show response
www.microsoft.com/en-us/security/blog/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/ 23 KB
9 KB 175ms
175ms Script
application/javascript 2a02:26f0:1700:187::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/en-us/security/blog/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shCore.js?ver=3.0.9b

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:187::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

5ac53f9f9dc2c8abbeab5762571a4f9d3920d350b015da1ae6977d17472c0a83

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 10:58:23 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
x-rtag: RT
tls_version: tls1.3
ms-cv-esi: CASMicrosoftCV153d47eb.0
ms-cv: CASMicrosoftCV153d47eb.0
content-length: 9262
last-modified: Tue, 08 Oct 2019 14:43:40 GMT
etag: "5d72-5946731b45f00-gzip"
x-azure-ref: 20230707T105823Z-e9grt1aw9p54bfnvedrgg3yb4s0000000160000000017hfd
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
accept-ranges: bytes
expires: Fri, 04 Aug 2023 21:28:10 GMT

GET
H2 200 shBrushPlain.js Show response
www.microsoft.com/en-us/security/blog/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/ 788 B
756 B 183ms
183ms Script
application/javascript 2a02:26f0:1700:187::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/en-us/security/blog/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/scripts/shBrushPlain.js?ver=3.0.9b

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:187::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

7c121ca35937264358195b5199cd9cace6908afd6e76d882e1f15f06bb985452

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 10:58:23 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
x-rtag: RT
tls_version: tls1.3
ms-cv-esi: CASMicrosoftCV153d4d4b.0
ms-cv: CASMicrosoftCV153d4d4b.0
content-length: 419
last-modified: Tue, 27 Nov 2018 00:50:40 GMT
etag: "314-57b9ad6a6f800-gzip"
x-azure-ref: 20230707T105823Z-e9grt1aw9p54bfnvedrgg3yb4s0000000160000000017hfk
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
accept-ranges: bytes
expires: Fri, 04 Aug 2023 21:28:24 GMT

GET
H2 200 focus-within.js Show response
www.microsoft.com/en-us/security/blog/wp-content/plugins/oembeds/assets/js/vendor/ 10 KB
4 KB 93ms
90ms Script
application/javascript 2a02:26f0:1700:187::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/en-us/security/blog/wp-content/plugins/oembeds/assets/js/vendor/focus-within.js?ver=1.3.5

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:187::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

c05536c0f0662d15af06f535b7e11931840fa8d5893debb0d69289d3f4b15d6c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 10:58:23 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
x-rtag: RT
tls_version: tls1.3
ms-cv-esi: CASMicrosoftCV153d521b.0
ms-cv: CASMicrosoftCV153d521b.0
content-length: 3288
last-modified: Thu, 22 Jun 2023 16:09:42 GMT
etag: "289e-5feba1cac9d80-gzip"
x-azure-ref: 20230707T105823Z-ut21621egd1qm4z5kvpzfxpt9c000000072000000000zcwn
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
accept-ranges: bytes
expires: Sat, 05 Aug 2023 09:06:56 GMT

GET
H2 200 libgif.js Show response
www.microsoft.com/en-us/security/blog/wp-content/plugins/oembeds/assets/js/gifplayer/ 34 KB
9 KB 154ms
150ms Script
application/javascript 2a02:26f0:1700:187::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/en-us/security/blog/wp-content/plugins/oembeds/assets/js/gifplayer/libgif.js?ver=1.3.5

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:187::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

a96d53bba65b704f76446a222f42383a6099715b915ef05fff32f5be2634a014

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 10:58:23 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
x-rtag: RT
tls_version: tls1.3
ms-cv-esi: CASMicrosoftCV153d522b.0
ms-cv: CASMicrosoftCV153d522b.0
content-length: 9145
last-modified: Thu, 22 Jun 2023 16:09:42 GMT
etag: "8705-5feba1cac9d80-gzip"
x-azure-ref: 20230707T105823Z-uuq347b62p5v5a587ph1391mv8000000063000000001qtx2
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
accept-ranges: bytes
expires: Sat, 05 Aug 2023 17:24:26 GMT

GET
H2 200 index.js Show response
www.microsoft.com/en-us/security/blog/wp-content/plugins/oembeds/assets/js/gifplayer/ 4 KB
2 KB 94ms
90ms Script
application/javascript 2a02:26f0:1700:187::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/en-us/security/blog/wp-content/plugins/oembeds/assets/js/gifplayer/index.js?ver=1.3.5

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:187::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

b724f99a651bf0de96412e969f2f35af6f88cbe210b0fd1fefb35f9ae2ffa305

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 10:58:23 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
x-rtag: RT
tls_version: tls1.3
ms-cv-esi: CASMicrosoftCV153d523b.0
ms-cv: CASMicrosoftCV153d523b.0
content-length: 1507
last-modified: Thu, 22 Jun 2023 16:09:42 GMT
etag: "109f-5feba1cac9d80-gzip"
x-azure-ref: 20230707T105823Z-fhc3kqc70908h2f7ctzfpm882s00000000hg00000001y7h8
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
accept-ranges: bytes
expires: Fri, 28 Jul 2023 06:06:14 GMT

GET
H2 200 moray-scripts.js Show response
www.microsoft.com/en-us/security/blog/wp-content/themes/security-blog/dist/js/ 172 KB
46 KB 93ms
90ms Script
application/javascript 2a02:26f0:1700:187::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/en-us/security/blog/wp-content/themes/security-blog/dist/js/moray-scripts.js?ver=10d4fdaa712d2e5df7f7

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:187::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

d168b898cc480f93be28877030301238479b04ede148402e0d661a3d56c3a6b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 10:58:23 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
x-rtag: RT
tls_version: tls1.3
ms-cv-esi: CASMicrosoftCV153d524b.0
ms-cv: CASMicrosoftCV153d524b.0
content-length: 47128
last-modified: Thu, 22 Jun 2023 16:11:48 GMT
etag: "2af74-5feba242f3900-gzip"
x-azure-ref: 20230707T105823Z-y77t7vfuy53ph7v9xayvswh5uw00000002ng00000001671b
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
accept-ranges: bytes
expires: Sat, 05 Aug 2023 23:28:02 GMT

GET
H2 200 frontend.js Show response
www.microsoft.com/en-us/security/blog/wp-content/themes/security-blog/dist/js/ 8 KB
3 KB 93ms
90ms Script
application/javascript 2a02:26f0:1700:187::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/en-us/security/blog/wp-content/themes/security-blog/dist/js/frontend.js?ver=c4a37826ca7dbd2ad074

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:187::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

2967daa7dcd97f55b8d2a6bf0867528ff49b5b6631f439f85078556fb8b79176

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 10:58:23 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
x-rtag: RT
tls_version: tls1.3
ms-cv-esi: CASMicrosoftCV153d525b.0
ms-cv: CASMicrosoftCV153d525b.0
content-length: 2443
last-modified: Thu, 22 Jun 2023 16:11:48 GMT
etag: "1fe1-5feba242f3900-gzip"
x-azure-ref: 20230707T105823Z-wd1nf36at56g3aegap9a2neb0n00000000p000000000urwq
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
accept-ranges: bytes
expires: Tue, 01 Aug 2023 18:45:50 GMT

GET
H2 200 wp-polyfill-inert.min.js Show response
www.microsoft.com/en-us/security/blog/wp-includes/js/dist/vendor/ 8 KB
3 KB 219ms
216ms Script
application/javascript 2a02:26f0:1700:187::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/en-us/security/blog/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js?ver=3.1.2

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:187::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

c1a9a3e223bad631dff12d33b5499eb145cb08d8621c20d9d73870e78d97afe4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 10:58:23 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
x-rtag: RT
tls_version: tls1.3
ms-cv-esi: CASMicrosoftCV153d526b.0
ms-cv: CASMicrosoftCV153d526b.0
content-length: 2484
last-modified: Wed, 18 Jan 2023 11:16:33 GMT
etag: "1feb-5f287f2e2a640-gzip"
x-azure-ref: 20230707T105823Z-uuq347b62p5v5a587ph1391mv8000000063000000001qtx6
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
accept-ranges: bytes
expires: Thu, 27 Jul 2023 23:35:22 GMT

GET
H2 200 regenerator-runtime.min.js Show response
www.microsoft.com/en-us/security/blog/wp-includes/js/dist/vendor/ 6 KB
3 KB 92ms
89ms Script
application/javascript 2a02:26f0:1700:187::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/en-us/security/blog/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.11

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:187::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

6974bfd8fa06b7831f05cb4b25860c851a5ad3f02a6699ebe688987dd7a6ebe6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 10:58:23 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
x-rtag: RT
tls_version: tls1.3
ms-cv-esi: CASMicrosoftCV153d527b.0
ms-cv: CASMicrosoftCV153d527b.0
content-length: 2499
last-modified: Tue, 07 Feb 2023 15:56:37 GMT
etag: "19cf-5f41e314ed740-gzip"
x-azure-ref: 20230707T105823Z-uuq347b62p5v5a587ph1391mv8000000063000000001qtwz
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
accept-ranges: bytes
expires: Fri, 28 Jul 2023 06:28:23 GMT

GET
H2 200 wp-polyfill.min.js Show response
www.microsoft.com/en-us/security/blog/wp-includes/js/dist/vendor/ 17 KB
7 KB 92ms
89ms Script
application/javascript 2a02:26f0:1700:187::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/en-us/security/blog/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:187::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

1c1fef6e6b4f9832603850b9b6562e74d9a6a3700ba836efe88facc577121e8b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 10:58:23 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
x-rtag: RT
tls_version: tls1.3
ms-cv-esi: CASMicrosoftCV153d528b.0
ms-cv: CASMicrosoftCV153d528b.0
content-length: 6532
last-modified: Tue, 20 Sep 2022 15:43:29 GMT
etag: "459f-5e91db08e6a40-gzip"
x-azure-ref: 20230707T105823Z-sek5m35v313vm5c1vxzy9wmacg000000015g000000005tkg
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
accept-ranges: bytes
expires: Fri, 04 Aug 2023 20:40:48 GMT

GET
H2 200 dom-ready.min.js Show response
www.microsoft.com/en-us/security/blog/wp-includes/js/dist/ 498 B
669 B 219ms
216ms Script
application/javascript 2a02:26f0:1700:187::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/en-us/security/blog/wp-includes/js/dist/dom-ready.min.js?ver=392bdd43726760d1f3ca

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:187::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

166c7c3bb5f76f977a9f2a5490589b3466374eb2b3f064802e56f08bad71fbf0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 10:58:23 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
x-rtag: RT
tls_version: tls1.3
ms-cv-esi: CASMicrosoftCV153d529b.0
ms-cv: CASMicrosoftCV153d529b.0
content-length: 331
last-modified: Mon, 11 Apr 2022 12:04:30 GMT
etag: "1f2-5dc5fbf1e6f80-gzip"
x-azure-ref: 20230707T105823Z-6byexnud2t19zfr5bumk9r70h400000007600000000135xq
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
accept-ranges: bytes
expires: Sun, 06 Aug 2023 04:52:52 GMT

GET
H2 200 hooks.min.js Show response
www.microsoft.com/en-us/security/blog/wp-includes/js/dist/ 5 KB
2 KB 154ms
152ms Script
application/javascript 2a02:26f0:1700:187::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/en-us/security/blog/wp-includes/js/dist/hooks.min.js?ver=4169d3cf8e8d95a3d6d5

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:187::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

9bd82960d99b3a76f4af77a88a346bd61f87bac5ff2f385ee28cd669d8f22134

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 10:58:23 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
x-rtag: RT
tls_version: tls1.3
ms-cv-esi: CASMicrosoftCV153d5acb.0
ms-cv: CASMicrosoftCV153d5acb.0
content-length: 1661
last-modified: Mon, 11 Apr 2022 12:04:30 GMT
etag: "132e-5dc5fbf1e6f80-gzip"
x-azure-ref: 20230707T105823Z-wd1nf36at56g3aegap9a2neb0n00000000p000000000urx2
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
accept-ranges: bytes
expires: Sat, 05 Aug 2023 14:34:14 GMT

GET
H2 200 i18n.min.js Show response
www.microsoft.com/en-us/security/blog/wp-includes/js/dist/ 10 KB
4 KB 218ms
215ms Script
application/javascript 2a02:26f0:1700:187::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/en-us/security/blog/wp-includes/js/dist/i18n.min.js?ver=9e794f35a71bb98672ae

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:187::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

01c3955df67a9b9d1367957e2c187729eae46b72e92c2b52bdb217b14a8fc874

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 10:58:23 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
x-rtag: RT
tls_version: tls1.3
ms-cv-esi: CASMicrosoftCV153d5adb.0
ms-cv: CASMicrosoftCV153d5adb.0
content-length: 3866
last-modified: Fri, 23 Sep 2022 19:55:30 GMT
etag: "27f6-5e95d8f5cb080-gzip"
x-azure-ref: 20230707T105823Z-ut21621egd1qm4z5kvpzfxpt9c000000072000000000zcx2
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
accept-ranges: bytes
expires: Thu, 03 Aug 2023 07:20:10 GMT

GET
H2 200 a11y.min.js Show response
www.microsoft.com/en-us/security/blog/wp-includes/js/dist/ 2 KB
1 KB 219ms
217ms Script
application/javascript 2a02:26f0:1700:187::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/en-us/security/blog/wp-includes/js/dist/a11y.min.js?ver=ecce20f002eda4c19664

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:187::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

5df2942db2352e49e00bcf3393b875a71d0acee986e48fbdcc5879846f5c3689

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 10:58:23 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
x-rtag: RT
tls_version: tls1.3
ms-cv-esi: CASMicrosoftCV153d5aeb.0
ms-cv: CASMicrosoftCV153d5aeb.0
content-length: 989
last-modified: Mon, 11 Apr 2022 12:04:30 GMT
etag: "9cc-5dc5fbf1e6f80-gzip"
x-azure-ref: 20230707T105823Z-e9grt1aw9p54bfnvedrgg3yb4s0000000160000000017hg5
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
accept-ranges: bytes
expires: Fri, 04 Aug 2023 22:37:44 GMT

GET
H2 200 frontend.js Show response
www.microsoft.com/en-us/security/blog/wp-content/themes/xtheme/dist/js/ 19 KB
7 KB 153ms
151ms Script
application/javascript 2a02:26f0:1700:187::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/en-us/security/blog/wp-content/themes/xtheme/dist/js/frontend.js?ver=1687450283

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:187::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

736f80e2691598d84f39330a090caa586b462ea1bbf21bd4db074e6afe5f349d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 10:58:23 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
x-rtag: RT
tls_version: tls1.3
ms-cv-esi: CASMicrosoftCV153d5b0b.0
ms-cv: CASMicrosoftCV153d5b0b.0
content-length: 6328
last-modified: Thu, 22 Jun 2023 16:11:23 GMT
etag: "4ddd-5feba22b1c0c0-gzip"
x-azure-ref: 20230707T105823Z-e9grt1aw9p54bfnvedrgg3yb4s0000000160000000017hg3
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
accept-ranges: bytes
expires: Wed, 02 Aug 2023 04:54:14 GMT

GET
H2 200 frontend.js Show response
www.microsoft.com/en-us/security/blog/wp-content/plugins/cloud-marketing-modules/dist/js/ 0
310 B 216ms
214ms Script
application/javascript 2a02:26f0:1700:187::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/en-us/security/blog/wp-content/plugins/cloud-marketing-modules/dist/js/frontend.js?ver=1.0.0

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:187::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 10:58:23 GMT
strict-transport-security: max-age=31536000
last-modified: Thu, 22 Jun 2023 16:11:02 GMT
x-rtag: RT
etag: "0-5feba21715180"
x-azure-ref: 20230707T105823Z-sek5m35v313vm5c1vxzy9wmacg000000015g000000005tkv
content-type: application/javascript
tls_version: tls1.3
cache-control: max-age=2592000
ms-cv-esi: CASMicrosoftCV153d5b2b.0
accept-ranges: bytes
ms-cv: CASMicrosoftCV153d5b2b.0
content-length: 0
expires: Wed, 02 Aug 2023 11:32:39 GMT

GET
H2 200 microsoft-uhf.js Show response
www.microsoft.com/en-us/security/blog/wp-content/plugins/microsoft-uhf/assets/ 3 KB
2 KB 219ms
217ms Script
application/javascript 2a02:26f0:1700:187::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/en-us/security/blog/wp-content/plugins/microsoft-uhf/assets/microsoft-uhf.js?ver=0.4.0

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:187::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

cffbae450bcad74d65019c0aa2bada046cdcf5f5fa4af699929838f58c7ff8c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 10:58:23 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
x-rtag: RT
tls_version: tls1.3
ms-cv-esi: CASMicrosoftCV153d5b3b.0
ms-cv: CASMicrosoftCV153d5b3b.0
content-length: 1370
last-modified: Thu, 22 Jun 2023 16:09:42 GMT
etag: "d4e-5feba1cac9d80-gzip"
x-azure-ref: 20230707T105823Z-uuq347b62p5v5a587ph1391mv8000000063000000001qtxk
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
accept-ranges: bytes
expires: Sat, 05 Aug 2023 00:04:21 GMT

GET
H2 200 page-banner-bg--single.svg
www.microsoft.com/en-us/security/blog/wp-content/themes/security-blog/dist/svg/ 2 KB
2 KB 198ms
197ms Image
image/svg+xml 2a02:26f0:1700:187::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.microsoft.com/en-us/security/blog/wp-content/themes/security-blog/dist/svg/page-banner-bg--single.svg

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/wp-content/themes/security-blog/dist/css/frontend.css?ver=c4a37826ca7dbd2ad074

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:187::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

df7570dbe0276401107ef405e5d6230547c5161d9cfbad7a579cb095ec25bb76

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/en-us/security/blog/wp-content/themes/security-blog/dist/css/frontend.css?ver=c4a37826ca7dbd2ad074
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 10:58:23 GMT
strict-transport-security: max-age=31536000
last-modified: Thu, 22 Jun 2023 16:11:48 GMT
x-rtag: RT
etag: "742-5feba242f3900"
x-azure-ref: 20230707T105823Z-y77t7vfuy53ph7v9xayvswh5uw00000002ng00000001671h
content-type: image/svg+xml
tls_version: tls1.3
cache-control: max-age=2592000
ms-cv-esi: CASMicrosoftCV153d5b8b.0
accept-ranges: bytes
ms-cv: CASMicrosoftCV153d5b8b.0
content-length: 1858
expires: Fri, 04 Aug 2023 16:08:06 GMT

GET
H2 200 mwfmdl2-v3.54.woff
www.microsoft.com/mwf/_h/v3.54/mwf.app/fonts/ 26 KB
26 KB 111ms
111ms Font
application/font-woff 2a02:26f0:1700:187::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/mwf/_h/v3.54/mwf.app/fonts/mwfmdl2-v3.54.woff

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/onerfstatics/marketingsites-eus-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/79-4cdd0a/33-ae3d41/a5-4bf7a2/13-8e1ceb/81-32f0c0/5c-b7b685/92-14707b/74-888e54?ver=2.0&_cf=02242021_3231

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:187::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

22b4df5c33045b645cafa45b04685f4752e471a2e933bff5bf14324d87deee12

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.microsoft.com/onerfstatics/marketingsites-eus-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/79-4cdd0a/33-ae3d41/a5-4bf7a2/13-8e1ceb/81-32f0c0/5c-b7b685/92-14707b/74-888e54?ver=2.0&_cf=02242021_3231
Origin: https://www.microsoft.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

ms-operation-id: cb25a72cb4db8845a0dd198bf64707e4
date: Fri, 07 Jul 2023 10:58:23 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-rtag: RT
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-activity-id: 67572c4b-b9c8-4c17-8a0e-7ee2ad46933a
tls_version: tls1.3
ms-cv-esi: CASMicrosoftCV153d5b9b.0
ms-cv: CASMicrosoftCV153d5b9b.0
content-length: 26288
x-xss-protection: 1; mode=block
last-modified: Mon, 11 Apr 2022 09:08:42 GMT
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2022-04-01T07:52:08.0000000Z}
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=26145460
x-appversion: 1.0.8125.42964
expires: Sun, 05 May 2024 01:36:03 GMT

GET
H2 200 MWFFluentIcons.woff2
www.microsoft.com/en-us/security/blog/wp-content/themes/security-blog/dist/fonts/ 26 KB
26 KB 178ms
178ms Font
font/woff2 2a02:26f0:1700:187::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/en-us/security/blog/wp-content/themes/security-blog/dist/fonts/MWFFluentIcons.woff2

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/wp-content/themes/security-blog/dist/css/moray-style.css?ver=6890662797ebc664f02e

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:187::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

870394537bb9a3371eb4fc8b224f3405602462e483fb77ed30bd4d4741db8f05

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.microsoft.com/en-us/security/blog/wp-content/themes/security-blog/dist/css/moray-style.css?ver=6890662797ebc664f02e
Origin: https://www.microsoft.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 10:58:23 GMT
strict-transport-security: max-age=31536000
last-modified: Thu, 22 Jun 2023 16:11:48 GMT
x-rtag: RT
etag: "67c0-5feba242f3900"
x-azure-ref: 20230707T105823Z-y77t7vfuy53ph7v9xayvswh5uw00000002ng00000001671n
content-type: font/woff2
tls_version: tls1.3
cache-control: max-age=2592000
ms-cv-esi: CASMicrosoftCV153d5bab.0
accept-ranges: bytes
ms-cv: CASMicrosoftCV153d5bab.0
content-length: 26560
expires: Fri, 04 Aug 2023 20:40:49 GMT

GET
H2 200 latest.woff2
c.s-microsoft.com/static/fonts/segoe-ui/west-european/normal/ 33 KB
33 KB 206ms
43ms Font
font/woff2 2a02:26f0:480:993::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.s-microsoft.com/static/fonts/segoe-ui/west-european/normal/latest.woff2
Requested by: Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/wp-content/themes/security-blog/dist/css/moray-style.css?ver=6890662797ebc664f02e
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:993::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 4f7f4afe26e71fa9ca1dac4a43b557a554a46f53251d849f07ed08a04829d74b

Request headers

Referer: https://www.microsoft.com/
Origin: https://www.microsoft.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 10:58:23 GMT
last-modified: Fri, 10 Jan 2020 19:09:43 GMT
etag: "588d483e9c7d51:0"
access-control-allow-methods: GET,POST
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=469285
accept-ranges: bytes
content-length: 34052
expires: Wed, 12 Jul 2023 21:19:48 GMT

GET
H2 200 latest.woff2
c.s-microsoft.com/static/fonts/segoe-ui/west-european/Semibold/ 29 KB
29 KB 203ms
43ms Font
font/woff2 2a02:26f0:480:993::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.s-microsoft.com/static/fonts/segoe-ui/west-european/Semibold/latest.woff2
Requested by: Host: www.microsoft.com
URL: https://www.microsoft.com/onerfstatics/marketingsites-eus-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/79-4cdd0a/33-ae3d41/a5-4bf7a2/13-8e1ceb/81-32f0c0/5c-b7b685/92-14707b/74-888e54?ver=2.0&_cf=02242021_3231
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:993::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: d87d0a7a7fe2c36d1dc093bfe56e9b81b311988789dbd3b65abf811d551ef02f

Request headers

Referer: https://www.microsoft.com/
Origin: https://www.microsoft.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 10:58:23 GMT
last-modified: Fri, 10 Jan 2020 19:09:43 GMT
etag: "5b68d583e9c7d51:0"
access-control-allow-methods: GET,POST
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=474823
accept-ranges: bytes
content-length: 29388
expires: Wed, 12 Jul 2023 22:52:06 GMT

GET
H2 200 latest.woff2
c.s-microsoft.com/static/fonts/segoe-ui/west-european/Bold/ 29 KB
30 KB 196ms
43ms Font
font/woff2 2a02:26f0:480:993::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.s-microsoft.com/static/fonts/segoe-ui/west-european/Bold/latest.woff2
Requested by: Host: www.microsoft.com
URL: https://www.microsoft.com/onerfstatics/marketingsites-eus-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/79-4cdd0a/33-ae3d41/a5-4bf7a2/13-8e1ceb/81-32f0c0/5c-b7b685/92-14707b/74-888e54?ver=2.0&_cf=02242021_3231
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:993::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 1232bbdbc5d205f3c5a40efa5ed92839c79e7879d5168445cc47645bb93f7d1b

Request headers

Referer: https://www.microsoft.com/
Origin: https://www.microsoft.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 10:58:23 GMT
last-modified: Fri, 10 Jan 2020 19:09:42 GMT
etag: "83cce83e9c7d51:0"
access-control-allow-methods: GET,POST
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=461290
accept-ranges: bytes
content-length: 30132
expires: Wed, 12 Jul 2023 19:06:33 GMT

GET
H2 200 latest.woff2
c.s-microsoft.com/static/fonts/segoe-ui/west-european/Light/ 27 KB
27 KB 283ms
136ms Font
font/woff2 2a02:26f0:480:993::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.s-microsoft.com/static/fonts/segoe-ui/west-european/Light/latest.woff2
Requested by: Host: www.microsoft.com
URL: https://www.microsoft.com/onerfstatics/marketingsites-eus-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/79-4cdd0a/33-ae3d41/a5-4bf7a2/13-8e1ceb/81-32f0c0/5c-b7b685/92-14707b/74-888e54?ver=2.0&_cf=02242021_3231
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:993::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: fe8a1047376498c80a157d13555e42a92ad480fcb0bcc9de51ad1930fbeb7f91

Request headers

Referer: https://www.microsoft.com/
Origin: https://www.microsoft.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 10:58:23 GMT
last-modified: Fri, 10 Jan 2020 19:09:43 GMT
etag: "1282d283e9c7d51:0"
access-control-allow-methods: GET,POST
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=451137
accept-ranges: bytes
content-length: 27168
expires: Wed, 12 Jul 2023 16:17:20 GMT

GET
H2 200 Featured-image-BlackByte-1024x683.jpg
www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/07/ 123 KB
123 KB 105ms
105ms Image
image/jpeg 2a02:26f0:1700:187::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/07/Featured-image-BlackByte-1024x683.jpg

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:187::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

6e701eb69a55006979701e90fe262678de4b11d5c0c732ef76b215dfef2fb459

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 10:58:23 GMT
strict-transport-security: max-age=31536000
last-modified: Thu, 06 Jul 2023 12:18:53 GMT
x-rtag: RT
etag: "1eb7f-5ffd08501b669"
x-azure-ref: 20230707T105823Z-e9grt1aw9p54bfnvedrgg3yb4s0000000160000000017hdx
content-type: image/jpeg
tls_version: tls1.3
cache-control: max-age=31536000
ms-cv-esi: CASMicrosoftCV153d653b.0
accept-ranges: bytes
ms-cv: CASMicrosoftCV153d653b.0
content-length: 125823
expires: Fri, 05 Jul 2024 17:02:16 GMT

GET
H2 200 shCore.css
www.microsoft.com/en-us/security/blog/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/styles/ 7 KB
2 KB 135ms
134ms Stylesheet
text/css 2a02:26f0:1700:187::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/en-us/security/blog/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/styles/shCore.css?ver=3.0.9b

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:187::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

c34f24d4dcbfa71cc3813a0c1f02b17a4845c530fa3ed087c66912ccc81255ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 10:58:23 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
x-rtag: RT
tls_version: tls1.3
ms-cv-esi: CASMicrosoftCV153d6f0b.0
ms-cv: CASMicrosoftCV153d6f0b.0
content-length: 1444
last-modified: Mon, 29 Nov 2021 14:54:44 GMT
etag: "1a9d-5d1ee9f06d500-gzip"
x-azure-ref: 20230707T105823Z-y77t7vfuy53ph7v9xayvswh5uw00000002ng000000016723
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=2592000
accept-ranges: bytes
expires: Fri, 04 Aug 2023 21:28:24 GMT

GET
H2 200 shThemeDefault.css
www.microsoft.com/en-us/security/blog/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/styles/ 3 KB
994 B 119ms
117ms Stylesheet
text/css 2a02:26f0:1700:187::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/en-us/security/blog/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/styles/shThemeDefault.css?ver=3.0.9b

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:187::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

9718c68f663cfdcef66e2b91917e46e3b83e31c9691a2ff658f9bd55c73bc649

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 10:58:23 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
x-rtag: RT
tls_version: tls1.3
ms-cv-esi: CASMicrosoftCV153d6f2b.0
ms-cv: CASMicrosoftCV153d6f2b.0
content-length: 667
last-modified: Tue, 27 Nov 2018 00:50:40 GMT
etag: "b3d-57b9ad6a6f800-gzip"
x-azure-ref: 20230707T105823Z-ut21621egd1qm4z5kvpzfxpt9c000000072000000000zcxf
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=2592000
accept-ranges: bytes
expires: Fri, 04 Aug 2023 21:28:25 GMT

GET
H2 200 FluentIcons%20Filled%2024.woff2
www.microsoft.com/en-us/security/blog/wp-content/themes/xtheme/dist/fonts/fluent-icons-filled/ 125 KB
125 KB 90ms
89ms Font
font/woff2 2a02:26f0:1700:187::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/en-us/security/blog/wp-content/themes/xtheme/dist/fonts/fluent-icons-filled/FluentIcons%20Filled%2024.woff2

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/wp-content/themes/xtheme/dist/css/fluent-icons.css?ver=1687450283

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:187::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

61bd1264e7118a03e96c5cc2934eb5c4c6dc6669e21d29677e5aa76aeddab7b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.microsoft.com/en-us/security/blog/wp-content/themes/xtheme/dist/css/fluent-icons.css?ver=1687450283
Origin: https://www.microsoft.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 10:58:23 GMT
strict-transport-security: max-age=31536000
last-modified: Thu, 22 Jun 2023 16:11:23 GMT
x-rtag: RT
etag: "1f2c4-5feba22b1c0c0"
x-azure-ref: 20230707T105823Z-y77t7vfuy53ph7v9xayvswh5uw00000002ng000000016734
content-type: font/woff2
tls_version: tls1.3
cache-control: max-age=2592000
ms-cv-esi: CASMicrosoftCV153d90cb.0
accept-ranges: bytes
ms-cv: CASMicrosoftCV153d90cb.0
content-length: 127684
expires: Sat, 05 Aug 2023 18:50:42 GMT

GET
H2 200 FluentIcons%20Regular%2024.woff2
www.microsoft.com/en-us/security/blog/wp-content/themes/xtheme/dist/fonts/fluent-icons-regular/ 139 KB
139 KB 103ms
102ms Font
font/woff2 2a02:26f0:1700:187::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/en-us/security/blog/wp-content/themes/xtheme/dist/fonts/fluent-icons-regular/FluentIcons%20Regular%2024.woff2

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/en-us/security/blog/wp-content/themes/xtheme/dist/css/fluent-icons.css?ver=1687450283

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:187::356e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

85bc9d682f882e5028ef7ca9a0a2b1ec39cf36cde0d8dc8f02e04b1049c36dbf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.microsoft.com/en-us/security/blog/wp-content/themes/xtheme/dist/css/fluent-icons.css?ver=1687450283
Origin: https://www.microsoft.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 10:58:23 GMT
strict-transport-security: max-age=31536000
last-modified: Thu, 22 Jun 2023 16:11:23 GMT
x-rtag: RT
etag: "22c60-5feba22b1c0c0"
x-azure-ref: 20230707T105823Z-ut21621egd1qm4z5kvpzfxpt9c000000072000000000zcyq
content-type: font/woff2
tls_version: tls1.3
cache-control: max-age=2592000
ms-cv-esi: CASMicrosoftCV153d917b.0
accept-ranges: bytes
ms-cv: CASMicrosoftCV153d917b.0
content-length: 142432
expires: Fri, 04 Aug 2023 20:40:51 GMT

GET
H2 200 ms.shared.analytics.mectrl-3.2.7.gbl.min.js Show response
js.monitor.azure.com/scripts/c/ 89 KB
41 KB 159ms
79ms Script
text/javascript 2620:1ec:46::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://js.monitor.azure.com/scripts/c/ms.shared.analytics.mectrl-3.2.7.gbl.min.js
Requested by: Host: mem.gfx.ms
URL: https://mem.gfx.ms/meversion?partner=MSSecurity&market=en-us&uhf=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:1ec:46::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 077052944d805da1cd832b70df86d282be6a1309626c646fc36dacdc9fbc7ddb

Request headers

Referer: https://www.microsoft.com/
Origin: https://www.microsoft.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 10:58:23 GMT
content-encoding: br
x-ms-meta-jssdkver: 3.2.7
last-modified: Wed, 05 Oct 2022 16:53:03 GMT
vary: Accept-Encoding
x-azure-ref: 20230707T105823Z-pfzs9y7arp7a3b62r1a15s2ktn0000000ca000000000cwa4
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
x-ms-request-id: 9bedaf7d-b01e-00dd-61c5-a973f6000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,x-ms-meta-jssdkver,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000, immutable, no-transform
x-cache: TCP_HIT
x-ms-version: 2009-09-19

GET
H2 200 RW12cms
img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/ 986 B
1 KB 51ms
51ms Image
image/png 2a02:26f0:e600::48f7:99e3
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RW12cms?ver=051d

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:e600::48f7:99e3 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

5ad85a5beb76061c38b1e3b84fefa50aee63348a500286fcaad9da9c31a17e89

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.microsoft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 10:58:24 GMT
last-modified: Tue, 04 Jul 2023 07:19:06 GMT
x-resizerversion: 1.0
x-source-length: 986
x-datacenter: eastus
x-frame-options: DENY
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=159677
x-activityid: 9eb3db15-ec55-464c-a3cc-c7ffc736628f
content-location: https://image.prod.cms.rt.microsoft.com/cms/api/am/imageFileData/RW12cms?ver=051d
timing-allow-origin: *
content-length: 986
alt-svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
expires: Sun, 09 Jul 2023 07:19:41 GMT

OPTIONS
H/1.1 200
OK /
browser.events.data.microsoft.com/OneCollector/1.0/ 0
0 655ms
153ms Preflight 104.208.16.89
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.208.16.89 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-HTTPAPI/2.0 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Headers: apikey,cache-control,client-id,client-version,content-type,time-delta-to-apply-millis,upload-time
Access-Control-Request-Method: POST
Origin: https://www.microsoft.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: AuthMsaDeviceTicket,AuthXToken,Content-Encoding,Content-Type,Cache-Control,Client-Id,SDK-Name,sdk-version,apikey,x-apikey,client-version,upload-time,time-delta-to-apply-millis,client-time-epoch-millis,persistence-mode,reliability-mode,NoResponseBody
Access-Control-Allow-Origin: https://www.microsoft.com
Access-Control-Max-Age: 3600
Cache-Control: public, 3600
Content-Length: 0
Date: Fri, 07 Jul 2023 10:58:24 GMT
Server: Microsoft-HTTPAPI/2.0
Strict-Transport-Security: max-age=31536000

POST
H/1.1 200
OK / Show response
browser.events.data.microsoft.com/OneCollector/1.0/ 153 B
1 KB 617ms
153ms XHR
application/json 104.208.16.89
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0

Requested by

Host: js.monitor.azure.com
URL: https://js.monitor.azure.com/scripts/c/ms.analytics-web-3.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.208.16.89 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-HTTPAPI/2.0 /

Resource Hash

f085d5b1b4b1a2801d5798a730f62caca2bf1018cb41099e545a841f2fb23c09

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

upload-time: 1688727504791
accept-language: de-DE,de;q=0.9
client-version: 1DS-Web-JS-3.2.12
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
time-delta-to-apply-millis: use-collector-delta
content-type: application/x-json-stream
cache-control: no-cache, no-store
Referer: https://www.microsoft.com/
apikey: cb68b8f590184975aa5eb4ed576fb074-e666ac9b-fa31-4339-8b9c-775f4bae31f3-6978
Client-Id: NO_AUTH

Response headers

Strict-Transport-Security: max-age=31536000
Date: Fri, 07 Jul 2023 10:58:25 GMT
Server: Microsoft-HTTPAPI/2.0
time-delta-millis: 1180
Access-Control-Allow-Methods: POST
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Content-Type: application/json
Access-Control-Allow-Origin: https://www.microsoft.com
Access-Control-Expose-Headers: time-delta-millis
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
Content-Length: 153

OPTIONS
H/1.1 200
OK /
browser.events.data.microsoft.com/OneCollector/1.0/ 0
0 153ms
153ms Preflight 104.208.16.89
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.208.16.89 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-HTTPAPI/2.0 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Headers: apikey,cache-control,client-id,client-version,content-type,time-delta-to-apply-millis,upload-time
Access-Control-Request-Method: POST
Origin: https://www.microsoft.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: AuthMsaDeviceTicket,AuthXToken,Content-Encoding,Content-Type,Cache-Control,Client-Id,SDK-Name,sdk-version,apikey,x-apikey,client-version,upload-time,time-delta-to-apply-millis,client-time-epoch-millis,persistence-mode,reliability-mode,NoResponseBody
Access-Control-Allow-Origin: https://www.microsoft.com
Access-Control-Max-Age: 3600
Cache-Control: public, 3600
Content-Length: 0
Date: Fri, 07 Jul 2023 10:58:25 GMT
Server: Microsoft-HTTPAPI/2.0
Strict-Transport-Security: max-age=31536000

POST
H/1.1 200
OK / Show response
browser.events.data.microsoft.com/OneCollector/1.0/ 153 B
593 B 153ms
153ms XHR
application/json 104.208.16.89
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0

Requested by

Host: js.monitor.azure.com
URL: https://js.monitor.azure.com/scripts/c/ms.analytics-web-3.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.208.16.89 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-HTTPAPI/2.0 /

Resource Hash

b412a57aabfd271d61aa3322b175f4950a1e5a5fe90b3435ed60daa5a7031279

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

upload-time: 1688727506066
accept-language: de-DE,de;q=0.9
client-version: 1DS-Web-JS-3.2.12
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
time-delta-to-apply-millis: 1180
content-type: application/x-json-stream
cache-control: no-cache, no-store
Referer: https://www.microsoft.com/
apikey: cb68b8f590184975aa5eb4ed576fb074-e666ac9b-fa31-4339-8b9c-775f4bae31f3-6978
Client-Id: NO_AUTH

Response headers

Strict-Transport-Security: max-age=31536000
Date: Fri, 07 Jul 2023 10:58:25 GMT
Server: Microsoft-HTTPAPI/2.0
time-delta-millis: 217
Access-Control-Allow-Methods: POST
Content-Type: application/json
Access-Control-Allow-Origin: https://www.microsoft.com
Access-Control-Expose-Headers: time-delta-millis
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: time-delta-millis
Content-Length: 153

Verdicts & Comments Add Verdict or Comment

49 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.microsoft.com/	1970-01-20 21:51:03	Name: MicrosoftApplicationsTelemetryDeviceId Value: 30a73b0f-56bb-4b36-a0f9-2fa2d8b149e7
www.microsoft.com/	1970-01-20 13:05:29	Name: ai_session Value: hP8tOYNAQpvzoFvGWwX7M+\|1688727503788\|1688727503788
.microsoft.com/	1970-01-20 21:51:03	Name: MC1 Value: GUID=66a6819e7c7e4131975612c6c72f98dd&HASH=66a6&LV=202307&V=4&LU=1688727505971
.microsoft.com/	1970-01-20 13:05:29	Name: MS0 Value: c2eced16817545cca21bb02f4feca16f
www.microsoft.com/	1970-01-20 21:51:03	Name: MSFPC Value: GUID=66a6819e7c7e4131975612c6c72f98dd&HASH=66a6&LV=202307&V=4&LU=1688727505971

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	URL: https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/ Message: Mixed Content: The page at 'https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/' was loaded over HTTPS, but requested an insecure element 'http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RW12cms?ver=051d'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

browser.events.data.microsoft.com
c.s-microsoft.com
img-prod-cms-rt-microsoft-com.akamaized.net
js.monitor.azure.com
mem.gfx.ms
wcpstatic.microsoft.com
www.microsoft.com
104.208.16.89
2620:1ec:46::45
2620:1ec:bdf::45
2a02:26f0:1700:187::356e
2a02:26f0:480:993::356e
2a02:26f0:e600::48f7:99e3
01c3955df67a9b9d1367957e2c187729eae46b72e92c2b52bdb217b14a8fc874
03382d06eca2cf805dc812d6c100f0eb3b34d2b3b0d8fa650f4ae583feeb30e1
077052944d805da1cd832b70df86d282be6a1309626c646fc36dacdc9fbc7ddb
112fec798b78aa02e102a724b5cb1990c0f909bc1d8b7b1fa256eab41bbc0960
1232bbdbc5d205f3c5a40efa5ed92839c79e7879d5168445cc47645bb93f7d1b
166c7c3bb5f76f977a9f2a5490589b3466374eb2b3f064802e56f08bad71fbf0
1745a25953ea2122472e06aa9c56924c6c1e8d465046b5a516191a9a1b3f9429
1c1fef6e6b4f9832603850b9b6562e74d9a6a3700ba836efe88facc577121e8b
22b4df5c33045b645cafa45b04685f4752e471a2e933bff5bf14324d87deee12
2967daa7dcd97f55b8d2a6bf0867528ff49b5b6631f439f85078556fb8b79176
47e77d470102641070b066a5a73c34dbd14989f55a3d435efae0fdeaaff3ae6d
4f7f4afe26e71fa9ca1dac4a43b557a554a46f53251d849f07ed08a04829d74b
4f8de2ce7b046b0b7e879dd868d9c7d9e02a4467f3bbb2798fd24cc15a706a89
53db1d8e84cfc9fef8152b3f45dfcef5980cbd3f6705869481721b88e00e2a17
5ac53f9f9dc2c8abbeab5762571a4f9d3920d350b015da1ae6977d17472c0a83
5ad85a5beb76061c38b1e3b84fefa50aee63348a500286fcaad9da9c31a17e89
5df2942db2352e49e00bcf3393b875a71d0acee986e48fbdcc5879846f5c3689
61bd1264e7118a03e96c5cc2934eb5c4c6dc6669e21d29677e5aa76aeddab7b7
644bc58ea314f0b02f8bef2799ef7068a7ec21531543ac67f130e851480b3bda
6974bfd8fa06b7831f05cb4b25860c851a5ad3f02a6699ebe688987dd7a6ebe6
6cfe64efec010f0743f4c6bd3f5e5fb671fc7f7173aa7c340ab6d9b65bc59f21
6e701eb69a55006979701e90fe262678de4b11d5c0c732ef76b215dfef2fb459
736f80e2691598d84f39330a090caa586b462ea1bbf21bd4db074e6afe5f349d
7c121ca35937264358195b5199cd9cace6908afd6e76d882e1f15f06bb985452
83a25bbbdb47b16543cb8b8aefe9587197acf8b32649882b96443eeb08ffdd99
85bc9d682f882e5028ef7ca9a0a2b1ec39cf36cde0d8dc8f02e04b1049c36dbf
870394537bb9a3371eb4fc8b224f3405602462e483fb77ed30bd4d4741db8f05
9718c68f663cfdcef66e2b91917e46e3b83e31c9691a2ff658f9bd55c73bc649
9810aee7e6d57d8cceaa96322b88e6df46710194689ae12b284149148cabc2f3
9bd82960d99b3a76f4af77a88a346bd61f87bac5ff2f385ee28cd669d8f22134
a96d53bba65b704f76446a222f42383a6099715b915ef05fff32f5be2634a014
aca566587618e75fa291a419c7c430be02e03fc72f6105658c1bc8e7d59a65e4
afacce23cb4feaaaef37997f8439819d8f827df4951f3ff02704c9f16fb7f53a
b412a57aabfd271d61aa3322b175f4950a1e5a5fe90b3435ed60daa5a7031279
b724f99a651bf0de96412e969f2f35af6f88cbe210b0fd1fefb35f9ae2ffa305
c05536c0f0662d15af06f535b7e11931840fa8d5893debb0d69289d3f4b15d6c
c1a9a3e223bad631dff12d33b5499eb145cb08d8621c20d9d73870e78d97afe4
c34f24d4dcbfa71cc3813a0c1f02b17a4845c530fa3ed087c66912ccc81255ed
c688d3f2135b6b51617a306a0b1a665324402a00a6bceba475881af281503ad9
cffbae450bcad74d65019c0aa2bada046cdcf5f5fa4af699929838f58c7ff8c2
d168b898cc480f93be28877030301238479b04ede148402e0d661a3d56c3a6b3
d794f9bd321156a2a2bb02102ad0bdc09bdc8dedf71ec42683fa53c3725fdd72
d87d0a7a7fe2c36d1dc093bfe56e9b81b311988789dbd3b65abf811d551ef02f
df7570dbe0276401107ef405e5d6230547c5161d9cfbad7a579cb095ec25bb76
e088672976cbc644436b96cf3053204a45e88e7c787feeb49e00f3b0261e6c83
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ea946baa7b0b7f68f6ba6b105be90ad03b6322a36837b38c7a2e4e3021a37cc3
f085d5b1b4b1a2801d5798a730f62caca2bf1018cb41099e545a841f2fb23c09
f755083ad22adff7e8d9abb5c838ef6b08c7b96540746554a1562356441ab0da
fcb66a84dd66a834b551fd4578b07a939e30c94da700de1bcaf3c0bd40980adc
fe8a1047376498c80a157d13555e42a92ad480fcb0bcc9de51ad1930fbeb7f91

www.microsoft.com Open in urlscan Pro 2a02:26f0:1700:187::356e Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

53 Requests

100 %HTTPS

83 %IPv6

5 Domains

7 Subdomains

6 IPs

2 Countries

1169 kBTransfer

2444 kBSize

5 Cookies

68 Outgoing links

Redirected requests

53 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.microsoft.com Open in urlscan Pro
2a02:26f0:1700:187::356e Public Scan

Screenshot
Live screenshot

Full Image

53
Requests

100 %
HTTPS

83 %
IPv6

5
Domains

7
Subdomains

6
IPs

2
Countries

1169 kB
Transfer

2444 kB
Size

5
Cookies

53 HTTP transactions
0 data transactions