Submitted URL: https://aka.ms/atasaguide-recenum
Effective URL: https://docs.microsoft.com/en-us/defender-for-identity/reconnaissance-alerts
Submission: On June 23 via api from US

Summary

This website contacted 6 IPs in 4 countries across 5 domains to perform 21 HTTP transactions. The main IP is 2a02:26f0:6c00:299::353e, located in Frankfurt am Main, Germany and belongs to AKAMAI-ASN1, NL. The main domain is docs.microsoft.com.
TLS certificate: Issued by Microsoft RSA TLS CA 01 on October 8th 2020. Valid for: a year.
This is the only time docs.microsoft.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 104.111.242.51 16625 (AKAMAI-AS)
3 13 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
2 2620:1ec:bdf::42 8068 (MICROSOFT...)
4 4 140.82.121.3 36459 (GITHUB)
4 185.199.110.133 54113 (FASTLY)
3 40.77.226.250 8075 (MICROSOFT...)
2 51.140.157.153 8075 (MICROSOFT...)
21 6
Domain Requested by
13 docs.microsoft.com 3 redirects docs.microsoft.com
4 avatars.githubusercontent.com docs.microsoft.com
4 github.com 4 redirects
3 web.vortex.data.microsoft.com docs.microsoft.com
2 browser.events.data.microsoft.com js.monitor.azure.com
1 js.monitor.azure.com docs.microsoft.com
1 wcpstatic.microsoft.com docs.microsoft.com
1 aka.ms 1 redirects
21 8
Subject Issuer Validity Valid
docs.microsoft.com
Microsoft RSA TLS CA 01
2020-10-08 -
2021-10-08
a year crt.sh
wcpstatic.microsoft.com
DigiCert TLS RSA SHA256 2020 CA1
2021-06-12 -
2022-06-12
a year crt.sh
js.monitor.azure.com
Microsoft Azure TLS Issuing CA 01
2021-04-01 -
2022-03-27
a year crt.sh
www.github.com
DigiCert SHA2 High Assurance Server CA
2020-05-06 -
2022-04-14
2 years crt.sh
*.vortex.data.microsoft.com
Microsoft RSA TLS CA 02
2020-10-05 -
2021-10-05
a year crt.sh
*.events.data.microsoft.com
Microsoft Azure TLS Issuing CA 01
2020-09-14 -
2021-09-09
a year crt.sh

This page contains 1 frames:

Primary Page: https://docs.microsoft.com/en-us/defender-for-identity/reconnaissance-alerts
Frame ID: 780DF88E7BE535F7EB096D3047C3A498
Requests: 22 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://aka.ms/atasaguide-recenum HTTP 301
    https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-reconnaissance-alerts HTTP 301
    https://docs.microsoft.com/en-us/defender-for-identity/atp-reconnaissance-alerts HTTP 301
    https://docs.microsoft.com/en-us/defender-for-identity/reconnaissance-alerts Page URL

Page Statistics

21
Requests

100 %
HTTPS

29 %
IPv6

5
Domains

8
Subdomains

6
IPs

4
Countries

785 kB
Transfer

2859 kB
Size

8
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://aka.ms/atasaguide-recenum HTTP 301
    https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-reconnaissance-alerts HTTP 301
    https://docs.microsoft.com/en-us/defender-for-identity/atp-reconnaissance-alerts HTTP 301
    https://docs.microsoft.com/en-us/defender-for-identity/reconnaissance-alerts Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6
  • https://github.com/dcurwin.png?size=32 HTTP 302
  • https://avatars.githubusercontent.com/u/45630879?s=32&v=4
Request Chain 7
  • https://github.com/shsagir.png?size=32 HTTP 302
  • https://avatars.githubusercontent.com/u/51323195?s=32&v=4
Request Chain 8
  • https://github.com/DCtheGeek.png?size=32 HTTP 302
  • https://avatars.githubusercontent.com/u/11442954?s=32&v=4
Request Chain 9
  • https://github.com/msmbaldwin.png?size=32 HTTP 302
  • https://avatars.githubusercontent.com/u/5092332?s=32&v=4
Request Chain 11
  • https://docs.microsoft.com/en-us/azure-advanced-threat-protection/bread/toc.json HTTP 301
  • https://docs.microsoft.com/en-us/defender-for-identity/bread/toc.json

21 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request reconnaissance-alerts
docs.microsoft.com/en-us/defender-for-identity/
Redirect Chain
  • https://aka.ms/atasaguide-recenum
  • https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-reconnaissance-alerts
  • https://docs.microsoft.com/en-us/defender-for-identity/atp-reconnaissance-alerts
  • https://docs.microsoft.com/en-us/defender-for-identity/reconnaissance-alerts
67 KB
20 KB
Document
General
Full URL
https://docs.microsoft.com/en-us/defender-for-identity/reconnaissance-alerts
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:299::353e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
ef3ab211f8d6e0368e942a46eb42da286a1372bcb3ef34c166bf6c15cd37aa9e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
docs.microsoft.com
:scheme
https
:path
/en-us/defender-for-identity/reconnaissance-alerts
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
original_req_url=https://docs.microsoft.com/en-us/defender-for-identity/atp-reconnaissance-alerts; ARRAffinity=248cd4d1b8ebb28e4447bba050e7f8130ec8277469a38984fc44ad6194e70621; ARRAffinitySameSite=248cd4d1b8ebb28e4447bba050e7f8130ec8277469a38984fc44ad6194e70621
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

etag
"YTsRxHZS1+jEsVFQhmW1hj3AnzrrH4JYapVUHVF4ssM="
content-type
text/html
content-encoding
gzip
vary
Accept-Encoding
request-context
appId=cid-v1:b1c5b6ea-7ff0-41d3-9862-84c5e1dc3be7
x-datacenter
wus
x-frame-options
SAMEORIGIN
x-content-type-options
nosniff
x-ua-compatible
IE=edge
x-xss-protection
1; mode=block
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-rendering-stack
Dynamic
content-length
20049
cache-control
public, max-age=556
expires
Wed, 23 Jun 2021 00:13:13 GMT
date
Wed, 23 Jun 2021 00:03:57 GMT
set-cookie
ARRAffinity=4a014563a369de7f4f41f8caf8a9cb56db69e48e6792350a13b8bd563d129a0f;Path=/;HttpOnly;Secure;Domain=docs.microsoft.com ARRAffinitySameSite=4a014563a369de7f4f41f8caf8a9cb56db69e48e6792350a13b8bd563d129a0f;Path=/;HttpOnly;SameSite=None;Secure;Domain=docs.microsoft.com
akamai-cache-status
RefreshHit from child, Miss from parent
report-to
{"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
nel
{"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}

Redirect headers

location
/en-us/defender-for-identity/reconnaissance-alerts
request-context
appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter
eus
x-frame-options
SAMEORIGIN
x-content-type-options
nosniff
x-ua-compatible
IE=edge
x-xss-protection
1; mode=block
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
0
cache-control
public, max-age=580
expires
Wed, 23 Jun 2021 00:13:37 GMT
date
Wed, 23 Jun 2021 00:03:57 GMT
set-cookie
original_req_url=https://docs.microsoft.com/en-us/defender-for-identity/atp-reconnaissance-alerts; expires=Wed, 23-Jun-2021 00:04:02 GMT
akamai-cache-status
Miss from child
report-to
{"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
nel
{"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
72013dd7.site-ltr.css
docs.microsoft.com/_themes/docs.theme/master/en-us/_themes/styles/
481 KB
68 KB
Stylesheet
General
Full URL
https://docs.microsoft.com/_themes/docs.theme/master/en-us/_themes/styles/72013dd7.site-ltr.css
Requested by
Host: docs.microsoft.com
URL: https://docs.microsoft.com/en-us/defender-for-identity/reconnaissance-alerts
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:299::353e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
c6180c678999caf8697b6bc09604375673b91a34179b170072da4d432d2ce02e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/_themes/docs.theme/master/en-us/_themes/styles/72013dd7.site-ltr.css
pragma
no-cache
cookie
ARRAffinity=4a014563a369de7f4f41f8caf8a9cb56db69e48e6792350a13b8bd563d129a0f; ARRAffinitySameSite=4a014563a369de7f4f41f8caf8a9cb56db69e48e6792350a13b8bd563d129a0f
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
docs.microsoft.com
referer
https://docs.microsoft.com/en-us/defender-for-identity/reconnaissance-alerts
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://docs.microsoft.com/en-us/defender-for-identity/reconnaissance-alerts
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
content-length
69225
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge
last-modified
Mon, 21 Jun 2021 20:44:07 GMT
x-datacenter
eus
x-frame-options
SAMEORIGIN
date
Wed, 23 Jun 2021 00:03:57 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
content-type
text/css
cache-control
public, max-age=506588
etag
"0x8D934F550A67850"
akamai-cache-status
Hit from child
request-context
appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
expires
Mon, 28 Jun 2021 20:47:05 GMT
wcp-consent.js
wcpstatic.microsoft.com/mscc/lib/v2/
249 KB
74 KB
Script
General
Full URL
https://wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js
Requested by
Host: docs.microsoft.com
URL: https://docs.microsoft.com/en-us/defender-for-identity/reconnaissance-alerts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:bdf::42 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
208edbed32b2adac9446df83caa4a093a261492ba6b8b3bcfe6a75efb8b70294

Request headers

Referer
https://docs.microsoft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 23 Jun 2021 00:03:57 GMT
content-encoding
gzip
vary
Accept-Encoding
content-md5
OLdpUi3Q5MKZjJA0pU4XTg==
age
28000
x-cache
HIT, CONFIG_NOCACHE
content-length
75124
x-ms-lease-status
unlocked
last-modified
Wed, 14 Oct 2020 22:31:12 GMT
etag
0x8D87090DB39FE9E
x-azure-ref
0bXrSYAAAAABZTMF7lqH8Q5LiIrxe5NsgRlJBRURHRTEwMDkAMzliNDYxNTctY2I5ZS00OWI3LWE2NWEtODcyMmEzZjgyNGU0
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
542ada60-201e-0055-5382-67d34a000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control
max-age=43200
x-ms-version
2009-09-19
ms.jsll-3.min.js
js.monitor.azure.com/scripts/c/
174 KB
53 KB
Script
General
Full URL
https://js.monitor.azure.com/scripts/c/ms.jsll-3.min.js
Requested by
Host: docs.microsoft.com
URL: https://docs.microsoft.com/en-us/defender-for-identity/reconnaissance-alerts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:bdf::42 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
b4bbe4a3e8c13a33218876c5dfbf8d6f8e98cee3f0c59abac84e769dd4ff86b9

Request headers

Referer
https://docs.microsoft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 23 Jun 2021 00:03:57 GMT
content-encoding
br
x-azure-ref-originshield
09njSYAAAAADYgle8HtIuT7N9tN7bR6QyTE9OMjFFREdFMDIwOQBmMWNhNzNkNC04ODgzLTRjYWYtYWJkYy1mZTJkNTY3YWZiOTY=
content-md5
R/IH3bw/0Xce5UaxSUr34A==
x-cache
TCP_HIT
x-ms-meta-jssdkver
3.1.3
last-modified
Fri, 11 Jun 2021 17:26:46 GMT
x-ms-meta-jssdksrc
[cdn]/scripts/c/ms.jsll-3.1.3.min.js
etag
0x8D92CFE16C3582C
x-azure-ref
0bXrSYAAAAADHnUb4I2A1Q6dX27/xMakERlJBRURHRTEwMTgAZjFjYTczZDQtODg4My00Y2FmLWFiZGMtZmUyZDU2N2FmYjk2
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
x-ms-request-id
e01eb1a0-001e-0008-7dc1-67f27a000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,x-ms-meta-jssdkver,x-ms-meta-jssdksrc,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=1800, immutable
x-ms-version
2009-09-19
jsll-4.js
docs.microsoft.com/static/third-party/jsll/4.3.4/
64 KB
20 KB
Script
General
Full URL
https://docs.microsoft.com/static/third-party/jsll/4.3.4/jsll-4.js
Requested by
Host: docs.microsoft.com
URL: https://docs.microsoft.com/en-us/defender-for-identity/reconnaissance-alerts
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:299::353e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
589303ca15fba4fe95432dbb456ff614d0f2ad12d99f8671f0443a7f0cf48dff
Security Headers
Name Value
Strict-Transport-Security max-age=15768000 ; includeSubDomains
X-Content-Type-Options nosniff

Request headers

:path
/static/third-party/jsll/4.3.4/jsll-4.js
pragma
no-cache
cookie
ARRAffinity=4a014563a369de7f4f41f8caf8a9cb56db69e48e6792350a13b8bd563d129a0f; ARRAffinitySameSite=4a014563a369de7f4f41f8caf8a9cb56db69e48e6792350a13b8bd563d129a0f
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
docs.microsoft.com
referer
https://docs.microsoft.com/en-us/defender-for-identity/reconnaissance-alerts
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://docs.microsoft.com/en-us/defender-for-identity/reconnaissance-alerts
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
strict-transport-security
max-age=15768000 ; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
content-md5
IR4SO1k0ZPP+9o8LbgASeg==
content-length
19421
etag
0x8D8D395EE81CF35
x-ms-lease-status
unlocked
last-modified
Wed, 17 Feb 2021 22:46:57 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
date
Wed, 23 Jun 2021 00:03:57 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
f636644b-601e-0016-7185-050e0c000000
cache-control
max-age=20734262
x-ms-version
2009-09-19
akamai-cache-status
Hit from child
expires
Thu, 17 Feb 2022 23:34:59 GMT
2c6911d0.index-polyfills.js
docs.microsoft.com/_themes/docs.theme/master/en-us/_themes/scripts/
10 KB
4 KB
Script
General
Full URL
https://docs.microsoft.com/_themes/docs.theme/master/en-us/_themes/scripts/2c6911d0.index-polyfills.js
Requested by
Host: docs.microsoft.com
URL: https://docs.microsoft.com/en-us/defender-for-identity/reconnaissance-alerts
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:299::353e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
3b9aa4e117aa179f46fe050dba14a991448e2ab3d005aacd8e13b31e4c88e18d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/_themes/docs.theme/master/en-us/_themes/scripts/2c6911d0.index-polyfills.js
pragma
no-cache
cookie
ARRAffinity=4a014563a369de7f4f41f8caf8a9cb56db69e48e6792350a13b8bd563d129a0f; ARRAffinitySameSite=4a014563a369de7f4f41f8caf8a9cb56db69e48e6792350a13b8bd563d129a0f
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
docs.microsoft.com
referer
https://docs.microsoft.com/en-us/defender-for-identity/reconnaissance-alerts
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://docs.microsoft.com/en-us/defender-for-identity/reconnaissance-alerts
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
content-length
3906
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge
last-modified
Wed, 16 Jun 2021 22:25:01 GMT
x-datacenter
eus
x-frame-options
SAMEORIGIN
date
Wed, 23 Jun 2021 00:03:57 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
content-type
application/javascript
cache-control
public, max-age=404322
etag
"0x8D931159557FFB4"
akamai-cache-status
Hit from child
request-context
appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
expires
Sun, 27 Jun 2021 16:22:39 GMT
fda8f9cb.index-docs.js
docs.microsoft.com/_themes/docs.theme/master/en-us/_themes/scripts/
2 MB
376 KB
Script
General
Full URL
https://docs.microsoft.com/_themes/docs.theme/master/en-us/_themes/scripts/fda8f9cb.index-docs.js
Requested by
Host: docs.microsoft.com
URL: https://docs.microsoft.com/en-us/defender-for-identity/reconnaissance-alerts
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:299::353e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
302dc1b2bd6fcab54e4318a72ab7ddf2a9bc5937545aa96d23b65b92a815b4ee
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/_themes/docs.theme/master/en-us/_themes/scripts/fda8f9cb.index-docs.js
pragma
no-cache
cookie
ARRAffinity=4a014563a369de7f4f41f8caf8a9cb56db69e48e6792350a13b8bd563d129a0f; ARRAffinitySameSite=4a014563a369de7f4f41f8caf8a9cb56db69e48e6792350a13b8bd563d129a0f
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
docs.microsoft.com
referer
https://docs.microsoft.com/en-us/defender-for-identity/reconnaissance-alerts
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://docs.microsoft.com/en-us/defender-for-identity/reconnaissance-alerts
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
content-length
383200
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge
last-modified
Mon, 21 Jun 2021 20:44:07 GMT
x-datacenter
wus
x-frame-options
SAMEORIGIN
date
Wed, 23 Jun 2021 00:03:57 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
content-type
application/javascript
cache-control
public, max-age=506551
etag
"0x8D934F5508AFC08"
akamai-cache-status
Hit from child
request-context
appId=cid-v1:b1c5b6ea-7ff0-41d3-9862-84c5e1dc3be7
expires
Mon, 28 Jun 2021 20:46:28 GMT
45630879?s=32&v=4
avatars.githubusercontent.com/u/
Redirect Chain
  • https://github.com/dcurwin.png?size=32
  • https://avatars.githubusercontent.com/u/45630879?s=32&v=4
2 KB
2 KB
Image
General
Full URL
https://avatars.githubusercontent.com/u/45630879?s=32&v=4
Requested by
Host: docs.microsoft.com
URL: https://docs.microsoft.com/en-us/defender-for-identity/reconnaissance-alerts
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.199.110.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
cdn-185-199-110-133.github.com
Software
/
Resource Hash
8aa1dc6925eae0e2fe988565c5d516e9c434de842e00651af76f0cf669f887f1
Security Headers
Name Value
Content-Security-Policy default-src 'none'
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Referer
https://docs.microsoft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fastly-request-id
6c9a05fddb584886e73da097d41fa974b9f361a9
content-security-policy
default-src 'none'
via
1.1 varnish
x-content-type-options
nosniff
x-cache
HIT
x-cache-hits
2
vary
Authorization,Accept-Encoding
content-length
1677
x-xss-protection
1; mode=block
x-served-by
cache-ams21065-AMS
last-modified
Sun, 31 Mar 2019 08:11:41 GMT
x-github-request-id
A0F0:B477:929612:997443:60CAA3F3
x-timer
S1624406638.184068,VS0,VE0
x-frame-options
deny
date
Wed, 23 Jun 2021 00:03:58 GMT
source-age
513658
strict-transport-security
max-age=31557600
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=300
etag
"577a53b3a41a7aa7842b9c1cadf88c06647a0b7c66b0c670df3c616d4f1bbcae"
accept-ranges
bytes
timing-allow-origin
https://github.com
expires
Wed, 23 Jun 2021 00:08:58 GMT

Redirect headers

date
Wed, 23 Jun 2021 00:03:32 GMT
x-content-type-options
nosniff
vary
X-PJAX, Accept-Encoding, Accept, X-Requested-With
content-length
127
x-xss-protection
0
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
GitHub.com
x-github-request-id
3D9C:433F:15B569:168942:60D27A6D
x-frame-options
deny
expect-ct
max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
text/html; charset=utf-8
location
https://avatars.githubusercontent.com/u/45630879?s=32&v=4
cache-control
no-cache
permissions-policy
interest-cohort=()
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events translator.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com render-temp.githubusercontent.com viewscreen.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com secured-user-images.githubusercontent.com/ *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker-3f088aa2.js gist.github.com/socket-worker-3f088aa2.js
51323195?s=32&v=4
avatars.githubusercontent.com/u/
Redirect Chain
  • https://github.com/shsagir.png?size=32
  • https://avatars.githubusercontent.com/u/51323195?s=32&v=4
995 B
1 KB
Image
General
Full URL
https://avatars.githubusercontent.com/u/51323195?s=32&v=4
Requested by
Host: docs.microsoft.com
URL: https://docs.microsoft.com/en-us/defender-for-identity/reconnaissance-alerts
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.199.110.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
cdn-185-199-110-133.github.com
Software
/
Resource Hash
b3724bb570b85fcabe6dc497f945cd6eff6c77fea4083e776d1e17b8acd858f1
Security Headers
Name Value
Content-Security-Policy default-src 'none'
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Referer
https://docs.microsoft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fastly-request-id
f57638ae3dc0234e774162b357964ebad1f6ab94
content-security-policy
default-src 'none'
via
1.1 varnish
x-content-type-options
nosniff
x-cache
HIT
x-cache-hits
2
vary
Authorization,Accept-Encoding
content-length
995
x-xss-protection
1; mode=block
x-served-by
cache-ams21065-AMS
last-modified
Mon, 03 Jun 2019 11:37:45 GMT
x-github-request-id
BC4E:0F79:359619:38190C:60CBF85E
x-timer
S1624406638.183863,VS0,VE0
x-frame-options
deny
date
Wed, 23 Jun 2021 00:03:58 GMT
source-age
426511
strict-transport-security
max-age=31557600
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=300
etag
"c180d3bbac1849e7626f8c6e5640d17200cf04f628f343fbc22aded27260edd0"
accept-ranges
bytes
timing-allow-origin
https://github.com
expires
Wed, 23 Jun 2021 00:08:58 GMT

Redirect headers

date
Wed, 23 Jun 2021 00:03:33 GMT
x-content-type-options
nosniff
vary
X-PJAX, Accept-Encoding, Accept, X-Requested-With
content-length
127
x-xss-protection
0
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
GitHub.com
x-github-request-id
3D9C:433F:15B569:168943:60D27A6D
x-frame-options
deny
expect-ct
max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
text/html; charset=utf-8
location
https://avatars.githubusercontent.com/u/51323195?s=32&v=4
cache-control
no-cache
permissions-policy
interest-cohort=()
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events translator.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com render-temp.githubusercontent.com viewscreen.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com secured-user-images.githubusercontent.com/ *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker-3f088aa2.js gist.github.com/socket-worker-3f088aa2.js
11442954?s=32&v=4
avatars.githubusercontent.com/u/
Redirect Chain
  • https://github.com/DCtheGeek.png?size=32
  • https://avatars.githubusercontent.com/u/11442954?s=32&v=4
1009 B
1 KB
Image
General
Full URL
https://avatars.githubusercontent.com/u/11442954?s=32&v=4
Requested by
Host: docs.microsoft.com
URL: https://docs.microsoft.com/en-us/defender-for-identity/reconnaissance-alerts
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.199.110.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
cdn-185-199-110-133.github.com
Software
/
Resource Hash
9e22171ee92d512b0cbc341a91a7a3d3de8695a02217bd3d63f7c04096440a94
Security Headers
Name Value
Content-Security-Policy default-src 'none'
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Referer
https://docs.microsoft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fastly-request-id
07634cd780d164b37ac62a235d3b8711b9970fd0
content-security-policy
default-src 'none'
via
1.1 varnish
x-content-type-options
nosniff
x-cache
HIT
x-cache-hits
8897
vary
Authorization,Accept-Encoding
content-length
1009
x-xss-protection
1; mode=block
x-served-by
cache-ams21065-AMS
last-modified
Mon, 12 Feb 2018 16:29:42 GMT
x-github-request-id
7DF4:7FEF:2DB504:2F57DB:60BFFD01
x-timer
S1624406638.184249,VS0,VE0
x-frame-options
deny
date
Wed, 23 Jun 2021 00:03:58 GMT
source-age
1211757
strict-transport-security
max-age=31557600
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=300
etag
"73f0791d24bde3933f5c0f4b7f772dac64e75d8746df25bacf4365c48d0df04c"
accept-ranges
bytes
timing-allow-origin
https://github.com
expires
Wed, 23 Jun 2021 00:08:58 GMT

Redirect headers

date
Wed, 23 Jun 2021 00:02:48 GMT
x-content-type-options
nosniff
vary
X-PJAX, Accept-Encoding, Accept, X-Requested-With
content-length
127
x-xss-protection
0
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
GitHub.com
x-github-request-id
3D9C:433F:15B57B:16895B:60D27A6D
x-frame-options
deny
expect-ct
max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
text/html; charset=utf-8
location
https://avatars.githubusercontent.com/u/11442954?s=32&v=4
cache-control
no-cache
permissions-policy
interest-cohort=()
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events translator.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com render-temp.githubusercontent.com viewscreen.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com secured-user-images.githubusercontent.com/ *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker-3f088aa2.js gist.github.com/socket-worker-3f088aa2.js
5092332?s=32&v=4
avatars.githubusercontent.com/u/
Redirect Chain
  • https://github.com/msmbaldwin.png?size=32
  • https://avatars.githubusercontent.com/u/5092332?s=32&v=4
883 B
1 KB
Image
General
Full URL
https://avatars.githubusercontent.com/u/5092332?s=32&v=4
Requested by
Host: docs.microsoft.com
URL: https://docs.microsoft.com/en-us/defender-for-identity/reconnaissance-alerts
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.199.110.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
cdn-185-199-110-133.github.com
Software
/
Resource Hash
d8b310346be355b8344f3e5bf4cdb209644792c0b9ab06c2cde3020f0d97c3a7
Security Headers
Name Value
Content-Security-Policy default-src 'none'
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Referer
https://docs.microsoft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fastly-request-id
1cf634b58b90cd2bcb48086cfd2f18453a17ead4
content-security-policy
default-src 'none'
via
1.1 varnish
x-content-type-options
nosniff
x-cache
HIT
x-cache-hits
3
vary
Authorization,Accept-Encoding
content-length
883
x-xss-protection
1; mode=block
x-served-by
cache-ams21065-AMS
last-modified
Wed, 11 Feb 2015 20:10:25 GMT
x-github-request-id
7274:757E:1048CF5:110A6B2:60CC02D4
x-timer
S1624406638.184240,VS0,VE0
x-frame-options
deny
date
Wed, 23 Jun 2021 00:03:58 GMT
source-age
423834
strict-transport-security
max-age=31557600
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=300
etag
"8c3a7ab937bc2268b4697ecaf0b77a687e9cbc73651d8660ab624abf09b9b01d"
accept-ranges
bytes
timing-allow-origin
https://github.com
expires
Wed, 23 Jun 2021 00:08:58 GMT

Redirect headers

date
Wed, 23 Jun 2021 00:03:57 GMT
x-content-type-options
nosniff
vary
X-PJAX, Accept-Encoding, Accept, X-Requested-With
content-length
126
x-xss-protection
0
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
GitHub.com
x-github-request-id
3D9C:433F:15B57B:16895C:60D27A6D
x-frame-options
deny
expect-ct
max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-type
text/html; charset=utf-8
location
https://avatars.githubusercontent.com/u/5092332?s=32&v=4
cache-control
no-cache
permissions-policy
interest-cohort=()
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events translator.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com render-temp.githubusercontent.com viewscreen.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com secured-user-images.githubusercontent.com/ *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker-3f088aa2.js gist.github.com/socket-worker-3f088aa2.js
toc.json
docs.microsoft.com/en-us/defender-for-identity/
8 KB
3 KB
Fetch
General
Full URL
https://docs.microsoft.com/en-us/defender-for-identity/toc.json
Requested by
Host: docs.microsoft.com
URL: https://docs.microsoft.com/_themes/docs.theme/master/en-us/_themes/scripts/fda8f9cb.index-docs.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:299::353e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
f85efee13933ddbe0bd574deef1e660afb7efe6227f9f23103defa22f7f457bb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/en-us/defender-for-identity/toc.json
pragma
no-cache
cookie
original_req_url=https://docs.microsoft.com/en-us/defender-for-identity/atp-reconnaissance-alerts; ARRAffinity=4a014563a369de7f4f41f8caf8a9cb56db69e48e6792350a13b8bd563d129a0f; ARRAffinitySameSite=4a014563a369de7f4f41f8caf8a9cb56db69e48e6792350a13b8bd563d129a0f
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
docs.microsoft.com
referer
https://docs.microsoft.com/en-us/defender-for-identity/reconnaissance-alerts
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://docs.microsoft.com/en-us/defender-for-identity/reconnaissance-alerts
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
request-context
appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
content-length
2229
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge
x-rendering-stack
Static
last-modified
Mon, 31 May 2021 15:21:05 GMT
x-datacenter
eus
x-frame-options
SAMEORIGIN
date
Wed, 23 Jun 2021 00:03:58 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
content-type
application/json
cache-control
public, max-age=600
etag
"0x8D92447B58193A2"
akamai-cache-status
RefreshHit from child
set-cookie
ARRAffinity=388daeaf53660b65110db2737db23177bd8daaeb46bebddd8087aad872e9952f;Path=/;HttpOnly;Secure;Domain=docs.microsoft.com ARRAffinitySameSite=388daeaf53660b65110db2737db23177bd8daaeb46bebddd8087aad872e9952f;Path=/;HttpOnly;SameSite=None;Secure;Domain=docs.microsoft.com
expires
Wed, 23 Jun 2021 00:13:58 GMT
toc.json
docs.microsoft.com/en-us/defender-for-identity/bread/
Redirect Chain
  • https://docs.microsoft.com/en-us/azure-advanced-threat-protection/bread/toc.json
  • https://docs.microsoft.com/en-us/defender-for-identity/bread/toc.json
883 B
1 KB
Fetch
General
Full URL
https://docs.microsoft.com/en-us/defender-for-identity/bread/toc.json
Requested by
Host: docs.microsoft.com
URL: https://docs.microsoft.com/en-us/defender-for-identity/reconnaissance-alerts
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:299::353e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
0f876ac9aa72877c8b1aa79e27fb767ce0943b6243364ce6e575975aeb36b227
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/en-us/defender-for-identity/bread/toc.json
pragma
no-cache
cookie
original_req_url=https://docs.microsoft.com/en-us/defender-for-identity/atp-reconnaissance-alerts; MicrosoftApplicationsTelemetryDeviceId=6f166f38-1554-4d7f-a6b9-59ec50d15bdc; ai_session=VJ7BDYnUP0V23bPI65AFOK|1624406638092|1624406638092; ARRAffinity=1aa73cc8ba25c05f62078ae3d0472e982315ac6c23bade0e13ec7b13b2f490ff; ARRAffinitySameSite=1aa73cc8ba25c05f62078ae3d0472e982315ac6c23bade0e13ec7b13b2f490ff
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
docs.microsoft.com
referer
https://docs.microsoft.com/en-us/defender-for-identity/reconnaissance-alerts
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://docs.microsoft.com/en-us/defender-for-identity/reconnaissance-alerts
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
request-context
appId=cid-v1:b1c5b6ea-7ff0-41d3-9862-84c5e1dc3be7
content-length
442
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge
x-rendering-stack
Static
last-modified
Mon, 31 May 2021 15:21:05 GMT
x-datacenter
wus
x-frame-options
SAMEORIGIN
date
Wed, 23 Jun 2021 00:03:58 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
content-type
application/json
cache-control
public, max-age=600
etag
"0x8D92447B5816C8A"
akamai-cache-status
RefreshHit from child
set-cookie
ARRAffinity=e3f6a312fc362049ee34eeee41fd61a496cb7094845e130feb34ad13c909cfe0;Path=/;HttpOnly;Secure;Domain=docs.microsoft.com ARRAffinitySameSite=e3f6a312fc362049ee34eeee41fd61a496cb7094845e130feb34ad13c909cfe0;Path=/;HttpOnly;SameSite=None;Secure;Domain=docs.microsoft.com
expires
Wed, 23 Jun 2021 00:13:58 GMT

Redirect headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
content-length
0
x-xss-protection
1; mode=block
request-context
appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter
eus
date
Wed, 23 Jun 2021 00:03:58 GMT
x-frame-options
SAMEORIGIN
report-to
{"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
location
/en-us/defender-for-identity/bread/toc.json
cache-control
public, max-age=518
x-ua-compatible
IE=edge
akamai-cache-status
Miss from child
set-cookie
ARRAffinity=1aa73cc8ba25c05f62078ae3d0472e982315ac6c23bade0e13ec7b13b2f490ff;Path=/;HttpOnly;Secure;Domain=docs.microsoft.com ARRAffinitySameSite=1aa73cc8ba25c05f62078ae3d0472e982315ac6c23bade0e13ec7b13b2f490ff;Path=/;HttpOnly;SameSite=None;Secure;Domain=docs.microsoft.com original_req_url=https://docs.microsoft.com/en-us/azure-advanced-threat-protection/bread/toc.json; expires=Wed, 23-Jun-2021 00:04:03 GMT
expires
Wed, 23 Jun 2021 00:12:36 GMT
data:truncated
data:truncated
193 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2fb59b19860d20c40569c44f5cca62c7d101017ac2509997ed0c6f96ced1164c

Request headers

Origin
https://docs.microsoft.com
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
docons.66501339.woff2
docs.microsoft.com/_themes/docs.theme/master/en-us/_themes/styles/
12 KB
13 KB
Font
General
Full URL
https://docs.microsoft.com/_themes/docs.theme/master/en-us/_themes/styles/docons.66501339.woff2
Requested by
Host: docs.microsoft.com
URL: https://docs.microsoft.com/_themes/docs.theme/master/en-us/_themes/styles/72013dd7.site-ltr.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:299::353e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
70e1c0e04c4a818d0bffa4a01b7f7a4cfc7cb41b468c228daf491034e1657a4e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-fetch-mode
cors
origin
https://docs.microsoft.com
accept-encoding
gzip, deflate, br
accept-language
en-US
sec-fetch-dest
font
cookie
ARRAffinity=4a014563a369de7f4f41f8caf8a9cb56db69e48e6792350a13b8bd563d129a0f; ARRAffinitySameSite=4a014563a369de7f4f41f8caf8a9cb56db69e48e6792350a13b8bd563d129a0f
:path
/_themes/docs.theme/master/en-us/_themes/styles/docons.66501339.woff2
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
docs.microsoft.com
referer
https://docs.microsoft.com/_themes/docs.theme/master/en-us/_themes/styles/72013dd7.site-ltr.css
:scheme
https
sec-fetch-site
same-origin
:method
GET
Origin
https://docs.microsoft.com
Referer
https://docs.microsoft.com/_themes/docs.theme/master/en-us/_themes/styles/72013dd7.site-ltr.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
content-length
12568
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge
last-modified
Wed, 16 Jun 2021 22:25:02 GMT
x-datacenter
wus
date
Wed, 23 Jun 2021 00:03:57 GMT
x-frame-options
SAMEORIGIN
report-to
{"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
content-type
application/font-woff2
cache-control
public, max-age=404255
etag
"0x8D93115957A5B21"
akamai-cache-status
Hit from child
request-context
appId=cid-v1:b1c5b6ea-7ff0-41d3-9862-84c5e1dc3be7
expires
Sun, 27 Jun 2021 16:21:32 GMT
SegoeUI-Roman-VF_web.woff2
docs.microsoft.com/static/third-party/SegoeUIWeb/1.01.206/
116 KB
116 KB
Font
General
Full URL
https://docs.microsoft.com/static/third-party/SegoeUIWeb/1.01.206/SegoeUI-Roman-VF_web.woff2
Requested by
Host: docs.microsoft.com
URL: https://docs.microsoft.com/_themes/docs.theme/master/en-us/_themes/styles/72013dd7.site-ltr.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:299::353e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
63c12051016796d92bcf4bc20b4881057475e6dfa4937c29c9e16054814ab47d
Security Headers
Name Value
Strict-Transport-Security max-age=15768000 ; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-fetch-mode
cors
origin
https://docs.microsoft.com
accept-encoding
gzip, deflate, br
accept-language
en-US
sec-fetch-dest
font
cookie
ARRAffinity=4a014563a369de7f4f41f8caf8a9cb56db69e48e6792350a13b8bd563d129a0f; ARRAffinitySameSite=4a014563a369de7f4f41f8caf8a9cb56db69e48e6792350a13b8bd563d129a0f
:path
/static/third-party/SegoeUIWeb/1.01.206/SegoeUI-Roman-VF_web.woff2
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
docs.microsoft.com
referer
https://docs.microsoft.com/_themes/docs.theme/master/en-us/_themes/styles/72013dd7.site-ltr.css
:scheme
https
sec-fetch-site
same-origin
:method
GET
Origin
https://docs.microsoft.com
Referer
https://docs.microsoft.com/_themes/docs.theme/master/en-us/_themes/styles/72013dd7.site-ltr.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
strict-transport-security
max-age=15768000 ; includeSubDomains
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
content-md5
vKlyGNyjyxXOAoTLy0UokA==
content-length
118288
etag
0x8D8B8210FE8D1A9
x-ms-lease-status
unlocked
last-modified
Thu, 14 Jan 2021 00:12:21 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
date
Wed, 23 Jun 2021 00:03:57 GMT
report-to
{"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
content-type
application/octet-stream
access-control-allow-origin
*
x-ms-request-id
44a036ef-401e-00a0-2389-ed00f4000000
cache-control
max-age=18097092
x-ms-version
2009-09-19
akamai-cache-status
Hit from child
expires
Tue, 18 Jan 2022 11:02:09 GMT
latest.woff2
docs.microsoft.com/static/third-party/SegoeUI/5.32/west-european/italic/
27 KB
28 KB
Font
General
Full URL
https://docs.microsoft.com/static/third-party/SegoeUI/5.32/west-european/italic/latest.woff2
Requested by
Host: docs.microsoft.com
URL: https://docs.microsoft.com/_themes/docs.theme/master/en-us/_themes/styles/72013dd7.site-ltr.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:299::353e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
e172a02b68f977a57a1690507df809db1e43130f0161961709a36dbd70b4d25f
Security Headers
Name Value
Strict-Transport-Security max-age=15768000 ; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-fetch-mode
cors
origin
https://docs.microsoft.com
accept-encoding
gzip, deflate, br
accept-language
en-US
sec-fetch-dest
font
cookie
ARRAffinity=4a014563a369de7f4f41f8caf8a9cb56db69e48e6792350a13b8bd563d129a0f; ARRAffinitySameSite=4a014563a369de7f4f41f8caf8a9cb56db69e48e6792350a13b8bd563d129a0f
:path
/static/third-party/SegoeUI/5.32/west-european/italic/latest.woff2
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
docs.microsoft.com
referer
https://docs.microsoft.com/_themes/docs.theme/master/en-us/_themes/styles/72013dd7.site-ltr.css
:scheme
https
sec-fetch-site
same-origin
:method
GET
Origin
https://docs.microsoft.com
Referer
https://docs.microsoft.com/_themes/docs.theme/master/en-us/_themes/styles/72013dd7.site-ltr.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
strict-transport-security
max-age=15768000 ; includeSubDomains
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
content-md5
KDXuKBsHfKiscoVwIAfIlA==
content-length
27624
etag
0x8D86BD35C93CDB0
x-ms-lease-status
unlocked
last-modified
Thu, 08 Oct 2020 21:44:40 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
date
Wed, 23 Jun 2021 00:03:57 GMT
report-to
{"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
content-type
application/octet-stream
access-control-allow-origin
*
x-ms-request-id
1eca5dcd-401e-0089-6b24-ae76b6000000
cache-control
max-age=11126656
x-ms-version
2009-09-19
akamai-cache-status
Hit from child
expires
Fri, 29 Oct 2021 18:48:13 GMT
t.js?ver=%272.1%27&name=%27Ms.Webi.PageView%27&time=%272021-06-23T00%3A03%3A58.081Z%27&os=%27Windows%27&appId=%27JS%3ADocs%27&-ver=%271.0%27&-impressionGuid=%27b3393d22-25e9-4ac5-894b-3767243dfdad%...
web.vortex.data.microsoft.com/collect/v1/
281 B
966 B
Script
General
Full URL
https://web.vortex.data.microsoft.com/collect/v1/t.js?ver=%272.1%27&name=%27Ms.Webi.PageView%27&time=%272021-06-23T00%3A03%3A58.081Z%27&os=%27Windows%27&appId=%27JS%3ADocs%27&-ver=%271.0%27&-impressionGuid=%27b3393d22-25e9-4ac5-894b-3767243dfdad%27&-pageName=%2752af70b6-86d4-5dd4-0c17-d4e0a5f6e0ed%27&-uri=%27https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fdefender-for-identity%2Freconnaissance-alerts%23account-enumeration-reconnaissance-external-id-2003%27&-market=%27en-us%27&-pageType=%27conceptual%27&-resHeight=1200&-resWidth=1600&-pageTags=%27%7B%22author%22%3A%22dcurwin%22%2C%22depotname%22%3A%22MSDN.ATPDocs%22%2C%22document_version_independent_id%22%3A%2263d594b0-4656-1938-98da-da5494321df9%22%2C%22gitcommit%22%3A%22https%3A%2F%2Fgithub.com%2FMicrosoftDocs%2FATADocs-pr%2Fblob%2F1336f3d94023d8d6dfb4e49d3dff8ee14967d4e6%2FATPDocs%2Freconnaissance-alerts.md%22%2C%22manager%22%3A%22dcurwin%22%2C%22pgauth%22%3A%22dacurwin%22%2C%22collection%22%3A%22M365-security-compliance%22%2C%22date%22%3A%2212%2F23%2F2020%22%2C%22pgsrvcs%22%3A%22microsoft-defender-for-identity%22%2C%22suite%22%3A%22ems%22%2C%22pgtop%22%3A%22tutorial%22%2C%22giturl%22%3A%22https%3A%2F%2Fgithub.com%2FMicrosoftDocs%2FATADocs-pr%2Fblob%2Flive%2FATPDocs%2Freconnaissance-alerts.md%22%2C%22publishtime%22%3A%222021-05-19%2007%3A39%20AM%22%2C%22contentlocale%22%3A%22en-us%22%2C%22highContrast%22%3A%22false%22%2C%22metaTags%22%3A%7B%7D%7D%27&-behavior=0&*baseType=%27Ms.Content.PageView%27&*cookieEnabled=true&*isJs=true&*title=%27Microsoft%20Defender%20for%20Identity%20reconnaissance%20phase%20security%20alerts%20%7C%20Microsoft%20Docs%27&*isLoggedIn=false&*flashInstalled=false&ext-javascript-ver=%271.1%27&ext-javascript-libVer=%274.3.4%27&ext-javascript-domain=%27docs.microsoft.com%27&ext-javascript-userConsent=false&$mscomCookies=false
Requested by
Host: docs.microsoft.com
URL: https://docs.microsoft.com/static/third-party/jsll/4.3.4/jsll-4.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
40.77.226.250 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
45492a58fa23723fddae6f53054f23d3b057ad9c32c635f6965dbed11de40768
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://docs.microsoft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 23 Jun 2021 00:03:57 GMT
X-Content-Type-Options
nosniff
P3P
CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Cache-Control
no-cache, no-store
MS-CV
HytjYcJ670CWZdRyzu7FwQ.0
Content-Type
application/javascript
Content-Length
281
Expires
0
t.js?ver=%272.1%27&name=%27Ms.Webi.ContentUpdate%27&time=%272021-06-23T00%3A03%3A58.289Z%27&os=%27Windows%27&appId=%27JS%3ADocs%27&-ver=%271.0%27&-impressionGuid=%27b3393d22-25e9-4ac5-894b-3767243d...
web.vortex.data.microsoft.com/collect/v1/
45 B
407 B
Script
General
Full URL
https://web.vortex.data.microsoft.com/collect/v1/t.js?ver=%272.1%27&name=%27Ms.Webi.ContentUpdate%27&time=%272021-06-23T00%3A03%3A58.289Z%27&os=%27Windows%27&appId=%27JS%3ADocs%27&-ver=%271.0%27&-impressionGuid=%27b3393d22-25e9-4ac5-894b-3767243dfdad%27&-pageName=%2752af70b6-86d4-5dd4-0c17-d4e0a5f6e0ed%27&-uri=%27https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fdefender-for-identity%2Freconnaissance-alerts%23account-enumeration-reconnaissance-external-id-2003%27&-market=%27en-us%27&-pageTags=%27%7B%22author%22%3A%22dcurwin%22%2C%22depotname%22%3A%22MSDN.ATPDocs%22%2C%22document_version_independent_id%22%3A%2263d594b0-4656-1938-98da-da5494321df9%22%2C%22gitcommit%22%3A%22https%3A%2F%2Fgithub.com%2FMicrosoftDocs%2FATADocs-pr%2Fblob%2F1336f3d94023d8d6dfb4e49d3dff8ee14967d4e6%2FATPDocs%2Freconnaissance-alerts.md%22%2C%22manager%22%3A%22dcurwin%22%2C%22pgauth%22%3A%22dacurwin%22%2C%22collection%22%3A%22M365-security-compliance%22%2C%22date%22%3A%2212%2F23%2F2020%22%2C%22pgsrvcs%22%3A%22microsoft-defender-for-identity%22%2C%22suite%22%3A%22ems%22%2C%22pgtop%22%3A%22tutorial%22%2C%22giturl%22%3A%22https%3A%2F%2Fgithub.com%2FMicrosoftDocs%2FATADocs-pr%2Fblob%2Flive%2FATPDocs%2Freconnaissance-alerts.md%22%2C%22publishtime%22%3A%222021-05-19%2007%3A39%20AM%22%2C%22contentlocale%22%3A%22en-us%22%2C%22highContrast%22%3A%22false%22%2C%22metaTags%22%3A%7B%7D%2C%22timing%22%3A%22%7B%5C%22first-paint%5C%22%3A2001.099998474121%2C%5C%22first-contentful-paint%5C%22%3A2001.099998474121%2C%5C%22navigationStart%5C%22%3A1624406636115%2C%5C%22unloadEventStart%5C%22%3A0%2C%5C%22unloadEventEnd%5C%22%3A0%2C%5C%22redirectStart%5C%22%3A0%2C%5C%22redirectEnd%5C%22%3A0%2C%5C%22fetchStart%5C%22%3A1624406637231%2C%5C%22domainLookupStart%5C%22%3A1624406637231%2C%5C%22domainLookupEnd%5C%22%3A1624406637231%2C%5C%22connectStart%5C%22%3A1624406637231%2C%5C%22connectEnd%5C%22%3A1624406637231%2C%5C%22secureConnectionStart%5C%22%3A0%2C%5C%22requestStart%5C%22%3A1624406637232%2C%5C%22responseStart%5C%22%3A1624406637725%2C%5C%22responseEnd%5C%22%3A1624406637726%2C%5C%22domLoading%5C%22%3A1624406637727%2C%5C%22domInteractive%5C%22%3A1624406637904%2C%5C%22domContentLoadedEventStart%5C%22%3A1624406637904%2C%5C%22domContentLoadedEventEnd%5C%22%3A1624406638103%2C%5C%22domComplete%5C%22%3A1624406638232%2C%5C%22loadEventStart%5C%22%3A1624406638232%2C%5C%22loadEventEnd%5C%22%3A1624406638232%7D%22%7D%27&-pageHeight=11696&-vpHeight=1200&-vpWidth=1600&-behavior=0&-vScrollOffset=866&-hScrollOffset=0&-contentVer=%272.0%27&-content=%27%5B%5D%27&*baseType=%27Ms.Content.ContentUpdate%27&*title=%27Microsoft%20Defender%20for%20Identity%20reconnaissance%20phase%20security%20alerts%20%7C%20Microsoft%20Docs%27&*cookieEnabled=true&*isJs=true&*isDomComplete=true&*isLoggedIn=false&*pageLoadTime=2117&ext-javascript-ver=%271.1%27&ext-javascript-libVer=%274.3.4%27&ext-javascript-domain=%27docs.microsoft.com%27&ext-javascript-msfpc=%27GUID%3D84a8eb0df19944128962fa2dd7d575eb%26HASH%3D84a8%26LV%3D202106%26V%3D4%26LU%3D1624406638209%27&ext-javascript-userConsent=false&$mscomCookies=false
Requested by
Host: docs.microsoft.com
URL: https://docs.microsoft.com/static/third-party/jsll/4.3.4/jsll-4.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
40.77.226.250 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
c9a4dd7b50eeb82a90457cb58ab085c427494828b3c8c8b5649c6c51b3c65175
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://docs.microsoft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 23 Jun 2021 00:03:57 GMT
X-Content-Type-Options
nosniff
P3P
CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Cache-Control
no-cache, no-store
MS-CV
Kc7kbz+FmUGGkp6BBJfJ/w.0
Content-Type
application/javascript
Content-Length
45
Expires
0
t.js?ver=%272.1%27&name=%27Ms.Webi.ContentUpdate%27&time=%272021-06-23T00%3A03%3A58.739Z%27&os=%27Windows%27&appId=%27JS%3ADocs%27&-ver=%271.0%27&-impressionGuid=%27b3393d22-25e9-4ac5-894b-3767243d...
web.vortex.data.microsoft.com/collect/v1/
45 B
407 B
Script
General
Full URL
https://web.vortex.data.microsoft.com/collect/v1/t.js?ver=%272.1%27&name=%27Ms.Webi.ContentUpdate%27&time=%272021-06-23T00%3A03%3A58.739Z%27&os=%27Windows%27&appId=%27JS%3ADocs%27&-ver=%271.0%27&-impressionGuid=%27b3393d22-25e9-4ac5-894b-3767243dfdad%27&-pageName=%2752af70b6-86d4-5dd4-0c17-d4e0a5f6e0ed%27&-uri=%27https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fdefender-for-identity%2Freconnaissance-alerts%23account-enumeration-reconnaissance-external-id-2003%27&-market=%27en-us%27&-pageTags=%27%7B%22author%22%3A%22dcurwin%22%2C%22depotname%22%3A%22MSDN.ATPDocs%22%2C%22document_version_independent_id%22%3A%2263d594b0-4656-1938-98da-da5494321df9%22%2C%22gitcommit%22%3A%22https%3A%2F%2Fgithub.com%2FMicrosoftDocs%2FATADocs-pr%2Fblob%2F1336f3d94023d8d6dfb4e49d3dff8ee14967d4e6%2FATPDocs%2Freconnaissance-alerts.md%22%2C%22manager%22%3A%22dcurwin%22%2C%22pgauth%22%3A%22dacurwin%22%2C%22collection%22%3A%22M365-security-compliance%22%2C%22date%22%3A%2212%2F23%2F2020%22%2C%22pgsrvcs%22%3A%22microsoft-defender-for-identity%22%2C%22suite%22%3A%22ems%22%2C%22pgtop%22%3A%22tutorial%22%2C%22giturl%22%3A%22https%3A%2F%2Fgithub.com%2FMicrosoftDocs%2FATADocs-pr%2Fblob%2Flive%2FATPDocs%2Freconnaissance-alerts.md%22%2C%22publishtime%22%3A%222021-05-19%2007%3A39%20AM%22%2C%22contentlocale%22%3A%22en-us%22%2C%22highContrast%22%3A%22false%22%2C%22metaTags%22%3A%7B%7D%7D%27&-pageHeight=11696&-vpHeight=1200&-vpWidth=1600&-actionType=%27S%27&-behavior=0&-vScrollOffset=866&-hScrollOffset=0&-contentVer=%272.0%27&-content=%27%5B%5D%27&*baseType=%27Ms.Content.ContentUpdate%27&*title=%27Microsoft%20Defender%20for%20Identity%20reconnaissance%20phase%20security%20alerts%20%7C%20Microsoft%20Docs%27&*cookieEnabled=true&*isJs=true&*isDomComplete=false&*isLoggedIn=false&ext-javascript-ver=%271.1%27&ext-javascript-libVer=%274.3.4%27&ext-javascript-domain=%27docs.microsoft.com%27&ext-javascript-msfpc=%27GUID%3D84a8eb0df19944128962fa2dd7d575eb%26HASH%3D84a8%26LV%3D202106%26V%3D4%26LU%3D1624406638209%27&ext-javascript-userConsent=false&$mscomCookies=false
Requested by
Host: docs.microsoft.com
URL: https://docs.microsoft.com/static/third-party/jsll/4.3.4/jsll-4.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
40.77.226.250 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
c9a4dd7b50eeb82a90457cb58ab085c427494828b3c8c8b5649c6c51b3c65175
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://docs.microsoft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 23 Jun 2021 00:03:58 GMT
X-Content-Type-Options
nosniff
P3P
CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Cache-Control
no-cache, no-store
MS-CV
EO3Pp+qYd0ayuZwKjr1ZCw.0
Content-Type
application/javascript
Content-Length
45
Expires
0
x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.1.3&apikey=c6c27850c9c24cbfae921778d2465031-4c28c161-db47-426b-9d28-733d45d05dd9-7278&upload-time=1624406639095&ext.intweb.msfpc=GUID%3D8...
browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/
24 B
368 B
XHR
General
Full URL
https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.1.3&apikey=c6c27850c9c24cbfae921778d2465031-4c28c161-db47-426b-9d28-733d45d05dd9-7278&upload-time=1624406639095&ext.intweb.msfpc=GUID%3D84a8eb0df19944128962fa2dd7d575eb%26HASH%3D84a8%26LV%3D202106%26V%3D4%26LU%3D1624406638209&time-delta-to-apply-millis=use-collector-delta&w=0
Requested by
Host: js.monitor.azure.com
URL: https://js.monitor.azure.com/scripts/c/ms.jsll-3.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.140.157.153 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
4a43245106e0874b95dc5edec8fc630a06f82bf5ce87f245b1b9cd286313ca59

Request headers

Referer
https://docs.microsoft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Wed, 23 Jun 2021 00:03:58 GMT
Server
Microsoft-HTTPAPI/2.0
time-delta-millis
91
Access-Control-Allow-Methods
POST
Content-Type
application/json
Access-Control-Allow-Origin
https://docs.microsoft.com
Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
time-delta-millis
Content-Length
24
x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.1.3&apikey=c6c27850c9c24cbfae921778d2465031-4c28c161-db47-426b-9d28-733d45d05dd9-7278&upload-time=1624406640096&ext.intweb.msfpc=GUID%3D8...
browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/
24 B
368 B
XHR
General
Full URL
https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.1.3&apikey=c6c27850c9c24cbfae921778d2465031-4c28c161-db47-426b-9d28-733d45d05dd9-7278&upload-time=1624406640096&ext.intweb.msfpc=GUID%3D84a8eb0df19944128962fa2dd7d575eb%26HASH%3D84a8%26LV%3D202106%26V%3D4%26LU%3D1624406638209&w=0
Requested by
Host: js.monitor.azure.com
URL: https://js.monitor.azure.com/scripts/c/ms.jsll-3.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.140.157.153 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
afd588d7d1c94d797ef932006d524de973f6fc54556e62f0f340412c87f99d58

Request headers

Referer
https://docs.microsoft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Wed, 23 Jun 2021 00:03:59 GMT
Server
Microsoft-HTTPAPI/2.0
time-delta-millis
11
Access-Control-Allow-Methods
POST
Content-Type
application/json
Access-Control-Allow-Origin
https://docs.microsoft.com
Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
time-delta-millis
Content-Length
24

24 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| msDocs function| WcpConsent function| mscc object| e function| t object| oneDS object| onedsAwa object| awa function| applyFocusVisiblePolyfill object| litHtmlVersions function| __assign function| __extends function| setTheme

8 Cookies

Domain/Path Name / Value
docs.microsoft.com/ Name: MSFPC
Value: GUID=84a8eb0df19944128962fa2dd7d575eb&HASH=84a8&LV=202106&V=4&LU=1624406638209
.microsoft.com/ Name: MS0
Value: 10e2c1eadcd94018b2808d312072b814
.docs.microsoft.com/ Name: ARRAffinity
Value: 1aa73cc8ba25c05f62078ae3d0472e982315ac6c23bade0e13ec7b13b2f490ff
docs.microsoft.com/ Name: ai_session
Value: VJ7BDYnUP0V23bPI65AFOK|1624406638092|1624406638092
.docs.microsoft.com/ Name: ARRAffinitySameSite
Value: 1aa73cc8ba25c05f62078ae3d0472e982315ac6c23bade0e13ec7b13b2f490ff
.microsoft.com/ Name: MC1
Value: GUID=84a8eb0df19944128962fa2dd7d575eb&HASH=84a8&LV=202106&V=4&LU=1624406638209
docs.microsoft.com/ Name: MicrosoftApplicationsTelemetryDeviceId
Value: 6f166f38-1554-4d7f-a6b9-59ec50d15bdc
docs.microsoft.com/en-us/defender-for-identity Name: original_req_url
Value: https://docs.microsoft.com/en-us/defender-for-identity/atp-reconnaissance-alerts

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aka.ms
avatars.githubusercontent.com
browser.events.data.microsoft.com
docs.microsoft.com
github.com
js.monitor.azure.com
wcpstatic.microsoft.com
web.vortex.data.microsoft.com
104.111.242.51
140.82.121.3
185.199.110.133
2620:1ec:bdf::42
2a02:26f0:6c00:299::353e
40.77.226.250
51.140.157.153
0f876ac9aa72877c8b1aa79e27fb767ce0943b6243364ce6e575975aeb36b227
208edbed32b2adac9446df83caa4a093a261492ba6b8b3bcfe6a75efb8b70294
2fb59b19860d20c40569c44f5cca62c7d101017ac2509997ed0c6f96ced1164c
302dc1b2bd6fcab54e4318a72ab7ddf2a9bc5937545aa96d23b65b92a815b4ee
3b9aa4e117aa179f46fe050dba14a991448e2ab3d005aacd8e13b31e4c88e18d
45492a58fa23723fddae6f53054f23d3b057ad9c32c635f6965dbed11de40768
4a43245106e0874b95dc5edec8fc630a06f82bf5ce87f245b1b9cd286313ca59
589303ca15fba4fe95432dbb456ff614d0f2ad12d99f8671f0443a7f0cf48dff
63c12051016796d92bcf4bc20b4881057475e6dfa4937c29c9e16054814ab47d
70e1c0e04c4a818d0bffa4a01b7f7a4cfc7cb41b468c228daf491034e1657a4e
8aa1dc6925eae0e2fe988565c5d516e9c434de842e00651af76f0cf669f887f1
9e22171ee92d512b0cbc341a91a7a3d3de8695a02217bd3d63f7c04096440a94
afd588d7d1c94d797ef932006d524de973f6fc54556e62f0f340412c87f99d58
b3724bb570b85fcabe6dc497f945cd6eff6c77fea4083e776d1e17b8acd858f1
b4bbe4a3e8c13a33218876c5dfbf8d6f8e98cee3f0c59abac84e769dd4ff86b9
c6180c678999caf8697b6bc09604375673b91a34179b170072da4d432d2ce02e
c9a4dd7b50eeb82a90457cb58ab085c427494828b3c8c8b5649c6c51b3c65175
d8b310346be355b8344f3e5bf4cdb209644792c0b9ab06c2cde3020f0d97c3a7
e172a02b68f977a57a1690507df809db1e43130f0161961709a36dbd70b4d25f
ef3ab211f8d6e0368e942a46eb42da286a1372bcb3ef34c166bf6c15cd37aa9e
f85efee13933ddbe0bd574deef1e660afb7efe6227f9f23103defa22f7f457bb