docs.microsoft.com
Open in
urlscan Pro
2a02:26f0:6c00:299::353e
Public Scan
Effective URL: https://docs.microsoft.com/en-us/defender-for-identity/reconnaissance-alerts
Submission: On June 23 via api from US
Summary
TLS certificate: Issued by Microsoft RSA TLS CA 01 on October 8th 2020. Valid for: a year.
This is the only time docs.microsoft.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 104.111.242.51 104.111.242.51 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
3 13 | 2a02:26f0:6c0... 2a02:26f0:6c00:299::353e | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
2 | 2620:1ec:bdf::42 2620:1ec:bdf::42 | 8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
4 4 | 140.82.121.3 140.82.121.3 | 36459 (GITHUB) (GITHUB) | |
4 | 185.199.110.133 185.199.110.133 | 54113 (FASTLY) (FASTLY) | |
3 | 40.77.226.250 40.77.226.250 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
2 | 51.140.157.153 51.140.157.153 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
21 | 6 |
ASN16625 (AKAMAI-AS, US)
PTR: a104-111-242-51.deploy.static.akamaitechnologies.com
aka.ms |
ASN20940 (AKAMAI-ASN1, NL)
docs.microsoft.com |
ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
wcpstatic.microsoft.com | |
js.monitor.azure.com |
ASN54113 (FASTLY, US)
PTR: cdn-185-199-110-133.github.com
avatars.githubusercontent.com |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
web.vortex.data.microsoft.com |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
browser.events.data.microsoft.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
19 |
microsoft.com
3 redirects
docs.microsoft.com wcpstatic.microsoft.com web.vortex.data.microsoft.com browser.events.data.microsoft.com |
728 KB |
4 |
githubusercontent.com
avatars.githubusercontent.com |
6 KB |
4 |
github.com
4 redirects
github.com |
9 KB |
1 |
azure.com
js.monitor.azure.com |
53 KB |
1 |
aka.ms
1 redirects
aka.ms |
577 B |
21 | 5 |
Domain | Requested by | |
---|---|---|
13 | docs.microsoft.com |
3 redirects
docs.microsoft.com
|
4 | avatars.githubusercontent.com |
docs.microsoft.com
|
4 | github.com | 4 redirects |
3 | web.vortex.data.microsoft.com |
docs.microsoft.com
|
2 | browser.events.data.microsoft.com |
js.monitor.azure.com
|
1 | js.monitor.azure.com |
docs.microsoft.com
|
1 | wcpstatic.microsoft.com |
docs.microsoft.com
|
1 | aka.ms | 1 redirects |
21 | 8 |
This site contains links to these domains. Also see Links.
Domain |
---|
go.microsoft.com |
www.microsoft.com |
github.com |
twitter.com |
www.linkedin.com |
www.facebook.com |
attack.mitre.org |
aka.ms |
privacy.microsoft.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
docs.microsoft.com Microsoft RSA TLS CA 01 |
2020-10-08 - 2021-10-08 |
a year | crt.sh |
wcpstatic.microsoft.com DigiCert TLS RSA SHA256 2020 CA1 |
2021-06-12 - 2022-06-12 |
a year | crt.sh |
js.monitor.azure.com Microsoft Azure TLS Issuing CA 01 |
2021-04-01 - 2022-03-27 |
a year | crt.sh |
www.github.com DigiCert SHA2 High Assurance Server CA |
2020-05-06 - 2022-04-14 |
2 years | crt.sh |
*.vortex.data.microsoft.com Microsoft RSA TLS CA 02 |
2020-10-05 - 2021-10-05 |
a year | crt.sh |
*.events.data.microsoft.com Microsoft Azure TLS Issuing CA 01 |
2020-09-14 - 2021-09-09 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://docs.microsoft.com/en-us/defender-for-identity/reconnaissance-alerts
Frame ID: 780DF88E7BE535F7EB096D3047C3A498
Requests: 22 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://aka.ms/atasaguide-recenum
HTTP 301
https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-reconnaissance-alerts HTTP 301
https://docs.microsoft.com/en-us/defender-for-identity/atp-reconnaissance-alerts HTTP 301
https://docs.microsoft.com/en-us/defender-for-identity/reconnaissance-alerts Page URL
Page Statistics
26 Outgoing links
These are links going to different origins than the main page.
Title: Privacy Statement
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title: Edit
Search URL Search Domain Scan URL
Title: Twitter
Search URL Search Domain Scan URL
Title: LinkedIn
Search URL Search Domain Scan URL
Title: Facebook
Search URL Search Domain Scan URL
Title: d
Search URL Search Domain Scan URL
Title: s
Search URL Search Domain Scan URL
Title: D
Search URL Search Domain Scan URL
Title: m
Search URL Search Domain Scan URL
Title: Discovery (TA0007)
Search URL Search Domain Scan URL
Title: Account Discovery (T1087)
Search URL Search Domain Scan URL
Title: Domain Account (T0187.002)
Search URL Search Domain Scan URL
Title: Indirect Command Execution (T1202)
Search URL Search Domain Scan URL
Title: Permission Groups Discovery (T1069)
Search URL Search Domain Scan URL
Title: Domain Groups (T1069.002)
Search URL Search Domain Scan URL
Title: Discovery (TA0007)
Search URL Search Domain Scan URL
Title: Network Service Scanning (T1046)
Search URL Search Domain Scan URL
Title: Remote System Discovery (T1018)
Search URL Search Domain Scan URL
Title: Credential Access (TA0006)
Search URL Search Domain Scan URL
Title: System Network Connections Discovery (T1049)
Search URL Search Domain Scan URL
Title: Check out the Defender for Identity forum!
Search URL Search Domain Scan URL
Title: Privacy policy.
Search URL Search Domain Scan URL
Title: This page
Search URL Search Domain Scan URL
Title: View all page feedback
Search URL Search Domain Scan URL
Title: Trademarks
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://aka.ms/atasaguide-recenum
HTTP 301
https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-reconnaissance-alerts HTTP 301
https://docs.microsoft.com/en-us/defender-for-identity/atp-reconnaissance-alerts HTTP 301
https://docs.microsoft.com/en-us/defender-for-identity/reconnaissance-alerts Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 6- https://github.com/dcurwin.png?size=32 HTTP 302
- https://avatars.githubusercontent.com/u/45630879?s=32&v=4
- https://github.com/shsagir.png?size=32 HTTP 302
- https://avatars.githubusercontent.com/u/51323195?s=32&v=4
- https://github.com/DCtheGeek.png?size=32 HTTP 302
- https://avatars.githubusercontent.com/u/11442954?s=32&v=4
- https://github.com/msmbaldwin.png?size=32 HTTP 302
- https://avatars.githubusercontent.com/u/5092332?s=32&v=4
- https://docs.microsoft.com/en-us/azure-advanced-threat-protection/bread/toc.json HTTP 301
- https://docs.microsoft.com/en-us/defender-for-identity/bread/toc.json
21 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
reconnaissance-alerts
docs.microsoft.com/en-us/defender-for-identity/ Redirect Chain
|
67 KB 20 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
72013dd7.site-ltr.css
docs.microsoft.com/_themes/docs.theme/master/en-us/_themes/styles/ |
481 KB 68 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wcp-consent.js
wcpstatic.microsoft.com/mscc/lib/v2/ |
249 KB 74 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ms.jsll-3.min.js
js.monitor.azure.com/scripts/c/ |
174 KB 53 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jsll-4.js
docs.microsoft.com/static/third-party/jsll/4.3.4/ |
64 KB 20 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2c6911d0.index-polyfills.js
docs.microsoft.com/_themes/docs.theme/master/en-us/_themes/scripts/ |
10 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fda8f9cb.index-docs.js
docs.microsoft.com/_themes/docs.theme/master/en-us/_themes/scripts/ |
2 MB 376 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
45630879
avatars.githubusercontent.com/u/ Redirect Chain
|
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
51323195
avatars.githubusercontent.com/u/ Redirect Chain
|
995 B 1 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
11442954
avatars.githubusercontent.com/u/ Redirect Chain
|
1009 B 1 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
5092332
avatars.githubusercontent.com/u/ Redirect Chain
|
883 B 1 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
toc.json
docs.microsoft.com/en-us/defender-for-identity/ |
8 KB 3 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
toc.json
docs.microsoft.com/en-us/defender-for-identity/bread/ Redirect Chain
|
883 B 1 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
193 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
docons.66501339.woff2
docs.microsoft.com/_themes/docs.theme/master/en-us/_themes/styles/ |
12 KB 13 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SegoeUI-Roman-VF_web.woff2
docs.microsoft.com/static/third-party/SegoeUIWeb/1.01.206/ |
116 KB 116 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
latest.woff2
docs.microsoft.com/static/third-party/SegoeUI/5.32/west-european/italic/ |
27 KB 28 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
t.js
web.vortex.data.microsoft.com/collect/v1/ |
281 B 966 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
t.js
web.vortex.data.microsoft.com/collect/v1/ |
45 B 407 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
t.js
web.vortex.data.microsoft.com/collect/v1/ |
45 B 407 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
/
browser.events.data.microsoft.com/OneCollector/1.0/ |
24 B 368 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
/
browser.events.data.microsoft.com/OneCollector/1.0/ |
24 B 368 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
24 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| msDocs function| WcpConsent function| mscc object| e function| t object| oneDS object| onedsAwa object| awa function| applyFocusVisiblePolyfill object| litHtmlVersions function| __assign function| __extends function| setTheme8 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
docs.microsoft.com/ | Name: MSFPC Value: GUID=84a8eb0df19944128962fa2dd7d575eb&HASH=84a8&LV=202106&V=4&LU=1624406638209 |
|
.microsoft.com/ | Name: MS0 Value: 10e2c1eadcd94018b2808d312072b814 |
|
.docs.microsoft.com/ | Name: ARRAffinity Value: 1aa73cc8ba25c05f62078ae3d0472e982315ac6c23bade0e13ec7b13b2f490ff |
|
docs.microsoft.com/ | Name: ai_session Value: VJ7BDYnUP0V23bPI65AFOK|1624406638092|1624406638092 |
|
.docs.microsoft.com/ | Name: ARRAffinitySameSite Value: 1aa73cc8ba25c05f62078ae3d0472e982315ac6c23bade0e13ec7b13b2f490ff |
|
.microsoft.com/ | Name: MC1 Value: GUID=84a8eb0df19944128962fa2dd7d575eb&HASH=84a8&LV=202106&V=4&LU=1624406638209 |
|
docs.microsoft.com/ | Name: MicrosoftApplicationsTelemetryDeviceId Value: 6f166f38-1554-4d7f-a6b9-59ec50d15bdc |
|
docs.microsoft.com/en-us/defender-for-identity | Name: original_req_url Value: https://docs.microsoft.com/en-us/defender-for-identity/atp-reconnaissance-alerts |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000; includeSubDomains; preload |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
aka.ms
avatars.githubusercontent.com
browser.events.data.microsoft.com
docs.microsoft.com
github.com
js.monitor.azure.com
wcpstatic.microsoft.com
web.vortex.data.microsoft.com
104.111.242.51
140.82.121.3
185.199.110.133
2620:1ec:bdf::42
2a02:26f0:6c00:299::353e
40.77.226.250
51.140.157.153
0f876ac9aa72877c8b1aa79e27fb767ce0943b6243364ce6e575975aeb36b227
208edbed32b2adac9446df83caa4a093a261492ba6b8b3bcfe6a75efb8b70294
2fb59b19860d20c40569c44f5cca62c7d101017ac2509997ed0c6f96ced1164c
302dc1b2bd6fcab54e4318a72ab7ddf2a9bc5937545aa96d23b65b92a815b4ee
3b9aa4e117aa179f46fe050dba14a991448e2ab3d005aacd8e13b31e4c88e18d
45492a58fa23723fddae6f53054f23d3b057ad9c32c635f6965dbed11de40768
4a43245106e0874b95dc5edec8fc630a06f82bf5ce87f245b1b9cd286313ca59
589303ca15fba4fe95432dbb456ff614d0f2ad12d99f8671f0443a7f0cf48dff
63c12051016796d92bcf4bc20b4881057475e6dfa4937c29c9e16054814ab47d
70e1c0e04c4a818d0bffa4a01b7f7a4cfc7cb41b468c228daf491034e1657a4e
8aa1dc6925eae0e2fe988565c5d516e9c434de842e00651af76f0cf669f887f1
9e22171ee92d512b0cbc341a91a7a3d3de8695a02217bd3d63f7c04096440a94
afd588d7d1c94d797ef932006d524de973f6fc54556e62f0f340412c87f99d58
b3724bb570b85fcabe6dc497f945cd6eff6c77fea4083e776d1e17b8acd858f1
b4bbe4a3e8c13a33218876c5dfbf8d6f8e98cee3f0c59abac84e769dd4ff86b9
c6180c678999caf8697b6bc09604375673b91a34179b170072da4d432d2ce02e
c9a4dd7b50eeb82a90457cb58ab085c427494828b3c8c8b5649c6c51b3c65175
d8b310346be355b8344f3e5bf4cdb209644792c0b9ab06c2cde3020f0d97c3a7
e172a02b68f977a57a1690507df809db1e43130f0161961709a36dbd70b4d25f
ef3ab211f8d6e0368e942a46eb42da286a1372bcb3ef34c166bf6c15cd37aa9e
f85efee13933ddbe0bd574deef1e660afb7efe6227f9f23103defa22f7f457bb