www.microsoft.com Open in urlscan Pro
2600:141b:9000:492::356e Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/
Submission: On August 29 via api (August 29th 2022, 8:08:36 pm UTC) from CA — Scanned from CA

Summary HTTP 89 Redirects Links 57 Behaviour Indicators

Summary

This website contacted 24 IPs in 3 countries across 20 domains to perform 89 HTTP transactions. The main IP is 2600:141b:9000:492::356e, located in New York, United States and belongs to AKAMAI-ASN1, NL. The main domain is www.microsoft.com. The Cisco Umbrella rank of the primary domain is 264.
TLS certificate: Issued by Microsoft RSA TLS CA 01 on July 8th 2022. Valid for: a year.

This is the only time www.microsoft.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
26	2600:141b:900... 2600:141b:9000:492::356e	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	2600:1400:d:5... 2600:1400:d:5a4::2957	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	2620:1ec:46::40 2620:1ec:46::40	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	104.117.182.32 104.117.182.32	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	2620:1ec:bdf::40 2620:1ec:bdf::40	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2600:141b:13:... 2600:141b:13::17d7:82c8	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
5	2600:1400:d:5... 2600:1400:d:594::356e	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	2620:1ec:40::40 2620:1ec:40::40	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2600:141b:900... 2600:141b:9000::1725:7b88	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	104.105.83.115 104.105.83.115	16625 (AKAMAI-AS) (AKAMAI-AS)
5 5	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2 2	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 3	104.18.98.194 104.18.98.194	13335 (CLOUDFLAR...) (CLOUDFLARENET)
12	2600:141b:900... 2600:141b:9000:79c::1e80	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
8	23.96.225.71 23.96.225.71	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	20.120.65.166 20.120.65.166	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	152.199.4.33 152.199.4.33	15133 (EDGECAST) (EDGECAST)
1	54.196.86.64 54.196.86.64	14618 (AMAZON-AES) (AMAZON-AES)
2 2	142.251.40.134 142.251.40.134	15169 (GOOGLE) (GOOGLE)
1 1	2607:f8b0:400... 2607:f8b0:4006:808::2002	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:81f::2002	15169 (GOOGLE) (GOOGLE)
2 4	20.110.81.91 20.110.81.91	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2 5	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	20.190.152.21 20.190.152.21	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
5	20.50.201.195 20.50.201.195	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	2607:f8b0:400... 2607:f8b0:4006:817::2002	15169 (GOOGLE) (GOOGLE)
1 1	2607:f8b0:400... 2607:f8b0:4006:806::2004	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:809::2003	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f11... 2a03:2880:f112:182:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
89	24

26 2600:141b:9000:492::356e (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)

www.microsoft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:1400:d:5a4::2957 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)

assets.onestore.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:46::40 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

wcpstatic.microsoft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
js.monitor.azure.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.117.182.32 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-117-182-32.deploy.static.akamaitechnologies.com

statics-marketingsites-wcus-ms-com.akamaized.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:bdf::40 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

mem.gfx.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
logincdn.msauth.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:141b:13::17d7:82c8 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)

img-prod-cms-rt-microsoft-com.akamaized.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2600:1400:d:594::356e (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)

c.s-microsoft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:40::40 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:141b:9000::1725:7b88 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.105.83.115 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a104-105-83-115.deploy.static.akamaitechnologies.com

query.prod.cms.rt.microsoft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2620:1ec:21::14 (United States) 5 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dc.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.107.42.14 (United States) 2 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.18.98.194 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

p.adsymptotic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2600:141b:9000:79c::1e80 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 23.96.225.71 (Chicago, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

web.vortex.data.microsoft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 20.120.65.166 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

l.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 152.199.4.33 (United States)

ASN15133 (EDGECAST, US)

az725175.vo.msecnd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.196.86.64 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-196-86-64.compute-1.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.40.134 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: lga25s80-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:808::2002 (Perth Amboy, United States) 1 redirects

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:81f::2002 (Perth Amboy, United States)

ASN15169 (GOOGLE, US)

adservice.google.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 20.110.81.91 (Boydton, United States) 2 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c1.microsoft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2620:1ec:c11::200 (United States) 2 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 20.190.152.21 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

login.live.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 20.50.201.195 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

browser.events.data.microsoft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:817::2002 (Perth Amboy, United States) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:806::2004 (Perth Amboy, United States) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:809::2003 (Perth Amboy, United States)

ASN15169 (GOOGLE, US)

www.google.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f112:182:face:b00c:0:25de (Secaucus, United States)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
43	microsoft.com 1 redirects www.microsoft.com — Cisco Umbrella Rank: 264 wcpstatic.microsoft.com — Cisco Umbrella Rank: 4956 query.prod.cms.rt.microsoft.com — Cisco Umbrella Rank: 7705 web.vortex.data.microsoft.com — Cisco Umbrella Rank: 1399 browser.events.data.microsoft.com — Cisco Umbrella Rank: 209 c1.microsoft.com — Cisco Umbrella Rank: 5220	341 KB
12	adobedtm.com assets.adobedtm.com — Cisco Umbrella Rank: 445	104 KB
7	linkedin.com 7 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 370 www.linkedin.com — Cisco Umbrella Rank: 530 px4.ads.linkedin.com — Cisco Umbrella Rank: 5716 dc.ads.linkedin.com — Cisco Umbrella Rank: 6469	5 KB
7	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 512 l.clarity.ms — Cisco Umbrella Rank: 5215 c.clarity.ms — Cisco Umbrella Rank: 954	27 KB
5	bing.com 2 redirects c.bing.com — Cisco Umbrella Rank: 204 bat.bing.com — Cisco Umbrella Rank: 346	14 KB
5	s-microsoft.com c.s-microsoft.com — Cisco Umbrella Rank: 9349	147 KB
3	doubleclick.net 3 redirects ad.doubleclick.net — Cisco Umbrella Rank: 206 googleads.g.doubleclick.net — Cisco Umbrella Rank: 52	2 KB
3	adsymptotic.com 1 redirects p.adsymptotic.com — Cisco Umbrella Rank: 457	636 B
3	gfx.ms mem.gfx.ms — Cisco Umbrella Rank: 2806	57 KB
3	akamaized.net statics-marketingsites-wcus-ms-com.akamaized.net — Cisco Umbrella Rank: 9084 img-prod-cms-rt-microsoft-com.akamaized.net — Cisco Umbrella Rank: 1040	9 KB
3	onestore.ms assets.onestore.ms — Cisco Umbrella Rank: 11604	211 KB
2	google.ca adservice.google.ca — Cisco Umbrella Rank: 13046 www.google.ca — Cisco Umbrella Rank: 8017	1 KB
2	google.com 2 redirects adservice.google.com — Cisco Umbrella Rank: 88 www.google.com — Cisco Umbrella Rank: 9	1 KB
2	azure.com js.monitor.azure.com — Cisco Umbrella Rank: 2220	79 KB
1	msauth.net logincdn.msauth.net — Cisco Umbrella Rank: 2098	7 KB
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 111	297 B
1	live.com login.live.com — Cisco Umbrella Rank: 79	7 KB
1	demdex.net dpm.demdex.net — Cisco Umbrella Rank: 201	3 KB
1	msecnd.net az725175.vo.msecnd.net — Cisco Umbrella Rank: 7282	18 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 717	3 KB
89	20

	Domain	Requested by
26	www.microsoft.com	www.microsoft.com
12	assets.adobedtm.com	query.prod.cms.rt.microsoft.com assets.adobedtm.com
8	web.vortex.data.microsoft.com	www.microsoft.com az725175.vo.msecnd.net mem.gfx.ms
5	browser.events.data.microsoft.com	js.monitor.azure.com
5	c.s-microsoft.com	assets.onestore.ms
3	bat.bing.com	www.microsoft.com bat.bing.com
3	p.adsymptotic.com	1 redirects www.microsoft.com
3	px.ads.linkedin.com	3 redirects
3	www.clarity.ms	www.microsoft.com www.clarity.ms bat.bing.com
3	mem.gfx.ms	www.microsoft.com mem.gfx.ms
3	assets.onestore.ms	www.microsoft.com
2	c1.microsoft.com	1 redirects
2	c.bing.com	2 redirects
2	c.clarity.ms	1 redirects
2	ad.doubleclick.net	2 redirects
2	l.clarity.ms	www.clarity.ms
2	px4.ads.linkedin.com	2 redirects
2	img-prod-cms-rt-microsoft-com.akamaized.net	www.microsoft.com
2	js.monitor.azure.com	www.microsoft.com mem.gfx.ms
1	logincdn.msauth.net	login.live.com
1	www.facebook.com
1	www.google.ca
1	www.google.com	1 redirects
1	googleads.g.doubleclick.net	1 redirects
1	dc.ads.linkedin.com	1 redirects
1	login.live.com	mem.gfx.ms
1	adservice.google.ca	www.microsoft.com
1	adservice.google.com	1 redirects
1	dpm.demdex.net	az725175.vo.msecnd.net
1	az725175.vo.msecnd.net	www.microsoft.com
1	www.linkedin.com	1 redirects
1	query.prod.cms.rt.microsoft.com	www.microsoft.com
1	snap.licdn.com	www.microsoft.com
1	statics-marketingsites-wcus-ms-com.akamaized.net	www.microsoft.com
1	wcpstatic.microsoft.com	www.microsoft.com
89	35

This site contains links to these domains. Also see Links.

Domain
aka.ms
azure.microsoft.com
github.com
customers.microsoft.com
events.microsoft.com
techcommunity.microsoft.com
docs.microsoft.com
servicetrust.microsoft.com
dynamics.microsoft.com
partner.microsoft.com
about.ads.microsoft.com
azuremarketplace.microsoft.com
appsource.microsoft.com
blogs.microsoft.com
developer.microsoft.com
twitter.com
www.linkedin.com
facebook.com
www.virustotal.com
account.microsoft.com
go.microsoft.com
education.microsoft.com
powerplatform.microsoft.com
visualstudio.microsoft.com
careers.microsoft.com
news.microsoft.com
privacy.microsoft.com
support.microsoft.com
choice.microsoft.com

Subject Issuer	Validity	Valid
www.microsoft.com Microsoft RSA TLS CA 01	`2022-07-08` - `2023-07-08`	a year	crt.sh
wildcard.onestore.ms Microsoft RSA TLS CA 01	`2022-01-05` - `2023-01-05`	a year	crt.sh
wcpstatic.microsoft.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-10` - `2023-03-10`	a year	crt.sh
js.monitor.azure.com Microsoft Azure TLS Issuing CA 06	`2022-06-26` - `2023-06-21`	a year	crt.sh
a248.e.akamai.net DigiCert TLS RSA SHA256 2020 CA1	`2022-06-28` - `2023-06-30`	a year	crt.sh
identitycdn.msauth.net Microsoft Azure TLS Issuing CA 06	`2022-08-23` - `2023-08-18`	a year	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2022-02-27` - `2023-02-27`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2022-03-01` - `2023-03-01`	a year	crt.sh
*.prod.cms.rt.microsoft.com Microsoft Azure TLS Issuing CA 01	`2022-07-08` - `2023-07-03`	a year	crt.sh
assets.adobedtm.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-19` - `2023-08-19`	a year	crt.sh
*.vortex.data.microsoft.com Microsoft Azure TLS Issuing CA 02	`2022-07-08` - `2023-07-03`	a year	crt.sh
a.clarity.ms Microsoft Azure TLS Issuing CA 02	`2022-06-07` - `2023-06-02`	a year	crt.sh
*.vo.msecnd.net DigiCert SHA2 Secure Server CA	`2022-07-11` - `2023-07-11`	a year	crt.sh
*.demdex.net DigiCert TLS RSA SHA256 2020 CA1	`2021-10-19` - `2022-11-19`	a year	crt.sh
graph.windows.net DigiCert SHA2 Secure Server CA	`2022-06-09` - `2023-06-09`	a year	crt.sh
*.events.data.microsoft.com Microsoft Azure TLS Issuing CA 02	`2022-05-21` - `2023-05-16`	a year	crt.sh
www.bing.com Microsoft RSA TLS CA 01	`2022-06-10` - `2022-12-10`	6 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-06-08` - `2022-09-06`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/
Frame ID: 6DE7212CE1B012A22C117518F6A1B76D
Requests: 88 HTTP requests in this frame

Frame: https://login.live.com/me.srf?wa=wsignin1.0&wreply=https%3A%2F%2Fwww.microsoft.com&uaid=bb78e905-c054-47c0-e813-61c9c4b29569&partnerId=mssecurity
Frame ID: C4FDC5AF53E7179419B42EBAC393AA33
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Destructive malware targeting Ukrainian organizations - Microsoft Security Blogtwitter

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -

Akamai Bot Manager (Security) Expand

Overall confidence: 100%
Detected patterns

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

89
Requests

93 %
HTTPS

59 %
IPv6

20
Domains

35
Subdomains

24
IPs

3
Countries

1027 kB
Transfer

3501 kB
Size

39
Cookies

57 Outgoing links

These are links going to different origins than the main page.

URL: https://aka.ms/edgeperformanceuhf
Title: Switch now

Search URL Search Domain Scan URL

URL: https://azure.microsoft.com/en-us/services/key-vault/
Title: Azure Key Vault

Search URL Search Domain Scan URL

URL: https://azure.microsoft.com/en-us/services/azure-sentinel/
Title: Microsoft Sentinel

Search URL Search Domain Scan URL

URL: https://azure.microsoft.com/en-us/services/azure-defender/
Title: Microsoft Defender for Cloud

Search URL Search Domain Scan URL

URL: https://azure.microsoft.com/en-us/services/defender-for-cloud/
Title: Microsoft Defender for Cloud

Search URL Search Domain Scan URL

URL: https://azure.microsoft.com/en-us/services/azure-firewall/
Title: Azure Firewall

Search URL Search Domain Scan URL

URL: https://azure.microsoft.com/en-us/services/web-application-firewall/
Title: Azure Web App Firewall

Search URL Search Domain Scan URL

URL: https://azure.microsoft.com/en-us/services/ddos-protection/
Title: Azure DDoS Protection

Search URL Search Domain Scan URL

URL: https://github.com/features/security
Title: GitHub Advanced Security

Search URL Search Domain Scan URL

URL: https://customers.microsoft.com/en-us/search?sq=Microsoft%20Security&ff=&p=0&so=story_publish_date%20desc
Title: Customer stories

Search URL Search Domain Scan URL

URL: https://events.microsoft.com/en-us/allevents/?language=English&clientTimeZone=1&search=security
Title: Microsoft Security Events

Search URL Search Domain Scan URL

URL: https://techcommunity.microsoft.com/t5/security-compliance-and-identity/ct-p/MicrosoftSecurityandCompliance
Title: Microsoft Tech Community

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/security/
Title: Documentation

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/learn/topics/sci?wt.mc_id=techcom_header-webpage-m365
Title: Training & certifications

Search URL Search Domain Scan URL

URL: https://servicetrust.microsoft.com/
Title: Service Trust Portal

Search URL Search Domain Scan URL

URL: https://azure.microsoft.com/en-us/
Title: Azure

Search URL Search Domain Scan URL

URL: https://dynamics.microsoft.com/en-us/
Title: Dynamics 365

Search URL Search Domain Scan URL

URL: https://azure.microsoft.com/en-us/solutions/space/
Title: Azure Space

Search URL Search Domain Scan URL

URL: https://azure.microsoft.com/en-us/solutions/quantum-computing/
Title: Quantum computing

Search URL Search Domain Scan URL

URL: https://partner.microsoft.com/en-US/
Title: Find a partner

Search URL Search Domain Scan URL

URL: https://partner.microsoft.com/en-US/membership/cloud-solution-provider
Title: Become a partner

Search URL Search Domain Scan URL

URL: https://partner.microsoft.com/en-us/membership
Title: Partner Network

Search URL Search Domain Scan URL

URL: https://about.ads.microsoft.com/en-us/resources/microsoft-advertising-partner-program/microsoft-advertising-partner-program
Title: Find an advertising partner

Search URL Search Domain Scan URL

URL: https://about.ads.microsoft.com/en-us/partners/welcome?s_cid=en-us-gct-web-src_ext-sub_0-flx_uhfcombepartner
Title: Become an advertising partner

Search URL Search Domain Scan URL

URL: https://azuremarketplace.microsoft.com/en-us/
Title: Azure Marketplace

Search URL Search Domain Scan URL

URL: https://appsource.microsoft.com/en-us/
Title: AppSource

Search URL Search Domain Scan URL

URL: https://blogs.microsoft.com/
Title: Blog

Search URL Search Domain Scan URL

URL: https://about.ads.microsoft.com/en-us?s_cid=dig-src_uhfcomm
Title: Microsoft Advertising

Search URL Search Domain Scan URL

URL: https://developer.microsoft.com/en-us/
Title: Developer Center

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/
Title: Documentation

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/learn/
Title: Microsoft Learn

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet/?text=Destructive%20malware%20targeting%20Ukrainian%20organizations&url=https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F2022%2F01%2F15%2Fdestructive-malware-targeting-ukrainian-organizations%2F
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F2022%2F01%2F15%2Fdestructive-malware-targeting-ukrainian-organizations%2F&title=Destructive%20malware%20targeting%20Ukrainian%20organizations&source=https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F2022%2F01%2F15%2Fdestructive-malware-targeting-ukrainian-organizations%2F
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F2022%2F01%2F15%2Fdestructive-malware-targeting-ukrainian-organizations%2F
Title: Facebook

Search URL Search Domain Scan URL

URL: https://blogs.microsoft.com/on-the-issues/2022/01/15/mstic-malware-cyberattacks-ukraine-government/
Title: Microsoft is aware of the ongoing geopolitical events in Ukraine

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/controlled-folders
Title: Controlled folder Access (CFA)

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/file/a196c6b8ffcb97ffb276d04f354696e2391311db3841ae16c8c9f56f36a38e92
Title: a196c6b8ffcb97ffb276d04f354696e2391311db3841ae16c8c9f56f36a38e92

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/file/dcbbae5a1c61dbbbb7dcd6dc5dd1eb1169f5329958d38b58c3fd9384081c9b78
Title: dcbbae5a1c61dbbbb7dcd6dc5dd1eb1169f5329958d38b58c3fd9384081c9b78

Search URL Search Domain Scan URL

URL: https://twitter.com/@MSFTSecurity
Title: @MSFTSecurity

Search URL Search Domain Scan URL

URL: https://account.microsoft.com/
Title: Account profile

Search URL Search Domain Scan URL

URL: https://go.microsoft.com/fwlink/?linkid=2139749
Title: Microsoft Store support

Search URL Search Domain Scan URL

URL: https://go.microsoft.com/fwlink/p/?LinkID=824764&clcid=0x409
Title: Returns

Search URL Search Domain Scan URL

URL: https://account.microsoft.com/orders
Title: Order tracking

Search URL Search Domain Scan URL

URL: https://education.microsoft.com/
Title: Educator training and development

Search URL Search Domain Scan URL

URL: https://azure.microsoft.com/en-us/free/students/
Title: Azure for students

Search URL Search Domain Scan URL

URL: https://powerplatform.microsoft.com/en-us/
Title: Microsoft Power Platform

Search URL Search Domain Scan URL

URL: https://techcommunity.microsoft.com/
Title: Microsoft Tech Community

Search URL Search Domain Scan URL

URL: https://visualstudio.microsoft.com/
Title: Visual Studio

Search URL Search Domain Scan URL

URL: https://careers.microsoft.com/
Title: Careers

Search URL Search Domain Scan URL

URL: https://news.microsoft.com/
Title: Company news

Search URL Search Domain Scan URL

URL: https://privacy.microsoft.com/en-us
Title: Privacy at Microsoft

Search URL Search Domain Scan URL

URL: https://support.microsoft.com/contactus
Title: Contact Microsoft

Search URL Search Domain Scan URL

URL: https://go.microsoft.com/fwlink/?LinkId=521839
Title: Privacy

Search URL Search Domain Scan URL

URL: https://go.microsoft.com/fwlink/?LinkID=206977
Title: Terms of use

Search URL Search Domain Scan URL

URL: https://go.microsoft.com/fwlink/?linkid=2196228
Title: Trademarks

Search URL Search Domain Scan URL

URL: https://go.microsoft.com/fwlink/?linkid=2196227
Title: Safety & eco

Search URL Search Domain Scan URL

URL: https://choice.microsoft.com/
Title: About our ads

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 43

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7850&time=1661803711554&url=https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F2022%2F01%2F15%2Fdestructive-malware-targeting-ukrainian-organizations%2F HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7850&time=1661803711554&url=https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F2022%2F01%2F15%2Fdestructive-malware-targeting-ukrainian-organizations%2F&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D7850%26time%3D1661803711554%26url%3Dhttps%253A%252F%252Fwww.microsoft.com%252Fsecurity%252Fblog%252F2022%252F01%252F15%252Fdestructive-malware-targeting-ukrainian-organizations%252F%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7850&time=1661803711554&url=https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F2022%2F01%2F15%2Fdestructive-malware-targeting-ukrainian-organizations%2F&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=7850&time=1661803711554&url=https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F2022%2F01%2F15%2Fdestructive-malware-targeting-ukrainian-organizations%2F&cookiesTest=true&liSync=true&e_ipv6=AQLxI5rMbSz2yAAAAYLrOE3NtjQA-atTX4VsZdbIgSmZX5N2H8DLivCOpwFtlJ_aDmxkL02J HTTP 302
https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=c38800f2-570b-4223-b320-8fc334a1ac8c HTTP 302
https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=c38800f2-570b-4223-b320-8fc334a1ac8c&_expected_cookie=76dcbfd1b48c99515f824e7c343e0f69

Request Chain 60

https://ad.doubleclick.net/ddm/activity/src=6952136;type=store0;cat=jsll;u58=dcf66a57211e48f097c15589ffe592eb;match_id=dcf66a57211e48f097c15589ffe592eb;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1 HTTP 302
https://ad.doubleclick.net/ddm/activity/src=6952136;dc_pre=CKmHwp_t7PkCFcejnwodgrkOIA;type=store0;cat=jsll;u58=dcf66a57211e48f097c15589ffe592eb;match_id=dcf66a57211e48f097c15589ffe592eb;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1 HTTP 302
https://adservice.google.com/ddm/fls/p/src=6952136;dc_pre=CKmHwp_t7PkCFcejnwodgrkOIA;type=store0;cat=jsll;u58=dcf66a57211e48f097c15589ffe592eb;match_id=dcf66a57211e48f097c15589ffe592eb;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1;~oref=http://www.microsoft.com/ HTTP 302
https://adservice.google.ca/ddm/fls/p/src=6952136;dc_pre=CKmHwp_t7PkCFcejnwodgrkOIA;type=store0;cat=jsll;u58=dcf66a57211e48f097c15589ffe592eb;match_id=dcf66a57211e48f097c15589ffe592eb;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1;~oref=http://www.microsoft.com/

Request Chain 67

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=3106F8C30ADD4E2CAA6CFC50F213D5C0&RedC=c.clarity.ms&MXFR=03C6147AE6626B7B10FE0675E2626578 HTTP 302
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=3106F8C30ADD4E2CAA6CFC50F213D5C0&MUID=03C6147AE6626B7B10FE0675E2626578

Request Chain 75

https://c1.microsoft.com/c.gif?DI=4050&did=1&t= HTTP 302
https://c.bing.com/c.gif?DI=4050&did=1&t=&ctsa=mr&CtsSyncId=082957C9608F4646AE6C529BB2CF20BE&RedC=c1.microsoft.com&MXFR=201D19E079726ABD06B70BEF7D726CFE HTTP 302
https://c1.microsoft.com/c.gif?DI=4050&did=1&t=&ctsa=mr&CtsSyncId=082957C9608F4646AE6C529BB2CF20BE&MUID=201D19E079726ABD06B70BEF7D726CFE

Request Chain 77

https://dc.ads.linkedin.com/collect/?pid=7850&fmt=gif HTTP 302
https://px4.ads.linkedin.com/collect?pid=7850&fmt=gif&e_ipv6=AQKg_eBUl8yrRQAAAYLrOE_mjlkPonToEDhYAQ7dtJqlQxQHRxP0bA8bUtZ4IicMboLJ1YJ1 HTTP 302
https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=c38800f2-570b-4223-b320-8fc334a1ac8c

Request Chain 78

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/837109043/?guid=ON&script=0&random=784613 HTTP 302
https://www.google.com/pagead/1p-user-list/837109043/?guid=ON&script=0&random=784613&is_vtc=1&random=1959118063 HTTP 302
https://www.google.ca/pagead/1p-user-list/837109043/?guid=ON&script=0&random=784613&is_vtc=1&random=1959118063&ipr=y

89 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/ 168 KB
32 KB 239ms
158ms Document
text/html 2600:141b:9000:492::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:9000:492::356e New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

53cbad3331ae2391349008d8eea77be2f5d09ea82f8eac01427229951b13592b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: max-age=300, must-revalidate
content-encoding: gzip
content-length: 31671
content-type: text/html; charset=UTF-8
date: Mon, 29 Aug 2022 20:08:30 GMT
last-modified: Mon, 29 Aug 2022 20:08:30 GMT
link: <https://www.microsoft.com/security/blog/wp-json/>; rel="https://api.w.org/" <https://www.microsoft.com/security/blog/wp-json/wp/v2/posts/104856>; rel="alternate"; type="application/json" <https://www.microsoft.com/security/blog/?p=104856>; rel=shortlink
strict-transport-security: max-age=31536000
tls_version: tls1.3
vary: Accept-Encoding
x-edgeconnect-midmile-rtt: 20
x-edgeconnect-origin-mex-latency: 46
x-frame-options: SAMEORIGIN
x-rtag: RT
x-ten-cache: EXPIRED

GET
H2 200 style.min.css
www.microsoft.com/security/blog/wp-includes/css/dist/block-library/ 87 KB
12 KB 256ms
249ms Stylesheet
text/css 2600:141b:9000:492::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/security/blog/wp-includes/css/dist/block-library/style.min.css?ver=6.0.1

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:9000:492::356e New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

d7705700d24d5919255576642ad2c28bfc790390b7183a369038ff5c1e814d51

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: public
date: Mon, 29 Aug 2022 20:08:30 GMT
content-encoding: gzip
last-modified: Tue, 02 Aug 2022 06:06:13 GMT
x-rtag: RT
x-edgeconnect-midmile-rtt: 20
etag: W/"62e8bed5-15b64"
vary: Accept-Encoding
content-type: text/css
x-edgeconnect-origin-mex-latency: 32
tls_version: tls1.3
cache-control: max-age=2592000, public
strict-transport-security: max-age=31536000
content-length: 11683
expires: Wed, 28 Sep 2022 20:08:30 GMT

GET
H2 200 jsgif.css
www.microsoft.com/security/blog/wp-content/plugins/oembeds/assets/css/gifplayer/ 3 KB
1 KB 332ms
326ms Stylesheet
text/css 2600:141b:9000:492::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/security/blog/wp-content/plugins/oembeds/assets/css/gifplayer/jsgif.css?ver=1.3.1

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:9000:492::356e New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

b3cab87fbbfe2e9a7ba4dd64c621f4255e5d1ece4c6163dde3cbad45251375ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: public
date: Mon, 29 Aug 2022 20:08:30 GMT
content-encoding: gzip
last-modified: Tue, 26 Jul 2022 20:40:33 GMT
x-rtag: RT
x-edgeconnect-midmile-rtt: 19
etag: W/"62e05141-c08"
vary: Accept-Encoding
content-type: text/css
x-edgeconnect-origin-mex-latency: 31
tls_version: tls1.3
cache-control: max-age=2592000, public
strict-transport-security: max-age=31536000
content-length: 899
expires: Wed, 28 Sep 2022 20:08:30 GMT

GET
H2 200 styles.css
www.microsoft.com/security/blog/wp-content/plugins/wds-ms-inline-interruption-styles-officeblogs/css/ 10 KB
4 KB 331ms
325ms Stylesheet
text/css 2600:141b:9000:492::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/security/blog/wp-content/plugins/wds-ms-inline-interruption-styles-officeblogs/css/styles.css?ver=1661803710

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:9000:492::356e New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

b201ab52de2c92539f7a276b6cf170b1bdf0f3705f1b6ab9597517d030afefe4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: public
date: Mon, 29 Aug 2022 20:08:30 GMT
content-encoding: gzip
last-modified: Fri, 18 Jun 2021 19:28:23 GMT
x-rtag: RT
x-edgeconnect-midmile-rtt: 19
etag: W/"60ccf3d7-29a7"
vary: Accept-Encoding
content-type: text/css
x-edgeconnect-origin-mex-latency: 32
tls_version: tls1.3
cache-control: max-age=2592000, public
strict-transport-security: max-age=31536000
content-length: 3910
expires: Wed, 28 Sep 2022 20:08:30 GMT

GET
H2 200 uhf-search-ui.css
www.microsoft.com/security/blog/wp-content/plugins/wds-ms-searchwp/features/uhf-search-ui/ 160 B
429 B 588ms
582ms Stylesheet
text/css 2600:141b:9000:492::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/security/blog/wp-content/plugins/wds-ms-searchwp/features/uhf-search-ui/uhf-search-ui.css?ver=1.0.1

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:9000:492::356e New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

f258c099e2bb029f6c9d5e9900a78f53347a16b43aa1e37a9f9c1a1539e0748d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: public
date: Mon, 29 Aug 2022 20:08:31 GMT
content-encoding: gzip
last-modified: Fri, 18 Jun 2021 19:28:25 GMT
x-rtag: RT
x-edgeconnect-midmile-rtt: 136
etag: W/"60ccf3d9-a0"
vary: Accept-Encoding
content-type: text/css
x-edgeconnect-origin-mex-latency: 30
tls_version: tls1.3
cache-control: max-age=2592000, public
strict-transport-security: max-age=31536000
content-length: 145
expires: Wed, 28 Sep 2022 20:08:30 GMT

GET
H2 200 mwf-west-european-default.min.css
assets.onestore.ms/cdnfiles/external/mwf/short/v1/latest/css/ 581 KB
71 KB 445ms
47ms Stylesheet
text/css 2600:1400:d:5a4::2957
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.onestore.ms/cdnfiles/external/mwf/short/v1/latest/css/mwf-west-european-default.min.css?ver=6.0.1

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2600:1400:d:5a4::2957 New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /

Resource Hash

4919e80f038d2b93f1184d1733ac35009643481735c7bc7aa31d8b56e118fc04

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 20:08:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 01 Feb 2018 02:22:19 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
content-md5: QshXRY8/Osc4oVEHlL0Pbw==
etag: "0x8D5691A9EA468B4"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-lease-state,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
cache-control: max-age=900
accept-ranges: bytes
content-length: 71704
x-ms-lease-state: available

GET
H2 200 style.css
www.microsoft.com/security/blog/wp-content/themes/ms_s/ 342 B
523 B 586ms
581ms Stylesheet
text/css 2600:141b:9000:492::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/security/blog/wp-content/themes/ms_s/style.css?ver=1.0.0

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:9000:492::356e New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

f174b3ce00dc0ef25fe0867dae1da92a595c50f730dbe2cd1fd7f29546034e81

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: public
date: Mon, 29 Aug 2022 20:08:31 GMT
content-encoding: gzip
last-modified: Fri, 18 Jun 2021 19:28:23 GMT
x-rtag: RT
x-edgeconnect-midmile-rtt: 136
etag: W/"60ccf3d7-156"
vary: Accept-Encoding
content-type: text/css
x-edgeconnect-origin-mex-latency: 26
tls_version: tls1.3
cache-control: max-age=2592000, public
strict-transport-security: max-age=31536000
content-length: 238
expires: Wed, 28 Sep 2022 20:08:30 GMT

GET
H2 200 style.min.css
www.microsoft.com/security/blog/wp-content/themes/ms-security/ 69 KB
14 KB 587ms
583ms Stylesheet
text/css 2600:141b:9000:492::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/security/blog/wp-content/themes/ms-security/style.min.css?ver=2.4.3

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:9000:492::356e New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

8dc2a4dee7af0496223005db58d5ceb56bda186226e2e8e0a772d582f4544ef5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: public
date: Mon, 29 Aug 2022 20:08:31 GMT
content-encoding: gzip
last-modified: Wed, 17 Aug 2022 22:14:34 GMT
x-rtag: RT
x-edgeconnect-midmile-rtt: 108
etag: W/"62fd684a-1139a"
vary: Accept-Encoding
content-type: text/css
x-edgeconnect-origin-mex-latency: 24
tls_version: tls1.3
cache-control: max-age=2592000, public
strict-transport-security: max-age=31536000
content-length: 13555
expires: Wed, 28 Sep 2022 20:08:30 GMT

GET
H2 200 wcp-consent.js Show response
wcpstatic.microsoft.com/mscc/lib/v2/ 51 KB
13 KB 145ms
34ms Script
application/javascript 2620:1ec:46::40
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js
Requested by: Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:46::40 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: daf7759fedd9af6c4d7e374b0d056547ae7cb245ec24a1c4acf02932f30dc536

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 29 Aug 2022 20:08:30 GMT
content-encoding: gzip
vary: Accept-Encoding
content-md5: QT/MdZzBmCG2G2lBgIsptQ==
age: 8021
x-cache: CONFIG_NOCACHE
content-length: 13055
x-ms-lease-status: unlocked
last-modified: Wed, 24 Aug 2022 17:34:58 GMT
etag: 0x8DA85F6F74C6D08
x-azure-ref: 0vhwNYwAAAABAK7USAwxWSp0jB1INn1aYQ0hHRURHRTE2MTgAMzliNDYxNTctY2I5ZS00OWI3LWE2NWEtODcyMmEzZjgyNGU0
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: ace409a4-701e-0074-69d0-bb697b000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control: max-age=43200
x-ms-version: 2009-09-19

GET
H2 200 jquery.min.js Show response
www.microsoft.com/security/blog/wp-includes/js/jquery/ 87 KB
31 KB 654ms
650ms Script
application/javascript 2600:141b:9000:492::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/security/blog/wp-includes/js/jquery/jquery.min.js?ver=3.6.0

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:9000:492::356e New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: public
date: Mon, 29 Aug 2022 20:08:31 GMT
content-encoding: gzip
last-modified: Mon, 02 Aug 2021 16:30:55 GMT
x-rtag: RT
x-edgeconnect-midmile-rtt: 103
etag: W/"61081dbf-15db1"
vary: Accept-Encoding
content-type: application/javascript
x-edgeconnect-origin-mex-latency: 34
tls_version: tls1.3
cache-control: max-age=2592000, public
strict-transport-security: max-age=31536000
content-length: 30953
expires: Wed, 28 Sep 2022 20:08:30 GMT

GET
H2 200 jquery-migrate.min.js Show response
www.microsoft.com/security/blog/wp-includes/js/jquery/ 11 KB
4 KB 680ms
676ms Script
application/javascript 2600:141b:9000:492::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/security/blog/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:9000:492::356e New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: public
date: Mon, 29 Aug 2022 20:08:31 GMT
content-encoding: gzip
last-modified: Thu, 03 Jun 2021 09:20:38 GMT
x-rtag: RT
x-edgeconnect-midmile-rtt: 103
etag: W/"60b89ee6-2bd8"
vary: Accept-Encoding
content-type: application/javascript
x-edgeconnect-origin-mex-latency: 40
tls_version: tls1.3
cache-control: max-age=2592000, public
strict-transport-security: max-age=31536000
content-length: 4169
expires: Wed, 28 Sep 2022 20:08:30 GMT

GET
H2 200 mwf-main.var.min.js Show response
assets.onestore.ms/cdnfiles/external/mwf/short/v1/latest/scripts/ 302 KB
70 KB 474ms
78ms Script
application/x-javascript 2600:1400:d:5a4::2957
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.onestore.ms/cdnfiles/external/mwf/short/v1/latest/scripts/mwf-main.var.min.js?ver=v1.23.2+5182151

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2600:1400:d:5a4::2957 New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /

Resource Hash

b1d83c2d49c49ea38d578afa752aaec44a86d069d6ce2d54460e2612fc31a102

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

unused62: 8096267
date: Mon, 29 Aug 2022 20:08:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-md5: FuF99EJdzMvbQQjP24cb+Q==
content-length: 71185
x-ms-lease-state: available
last-modified: Thu, 01 Feb 2018 02:22:29 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag: "0x8D5691AA4A90431"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-lease-state,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
cache-control: max-age=900
accept-ranges: bytes

GET
H2 200 ms.analytics-web-3.min.js Show response
js.monitor.azure.com/scripts/c/ 136 KB
50 KB 141ms
30ms Script
text/javascript 2620:1ec:46::40
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://js.monitor.azure.com/scripts/c/ms.analytics-web-3.min.js
Requested by: Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:46::40 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 3937201672226f6b075ff55f7b7b6ffea3ee9b5e29b2438f6bc0189993041131

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 20:08:30 GMT
content-encoding: br
x-azure-ref-originshield: 03hcNYwAAAAAXBud64ZM9Qo8sigg7pr9CRE0yQUExMDkxMjA4MDI1AGYxY2E3M2Q0LTg4ODMtNGNhZi1hYmRjLWZlMmQ1NjdhZmI5Ng==
content-md5: Wq0me3ZXfOGVbOEROHF8Ng==
x-cache: TCP_HIT
x-ms-meta-jssdkver: 3.2.4
last-modified: Tue, 16 Aug 2022 15:34:22 GMT
x-ms-meta-jssdksrc: [cdn]/scripts/c/ms.analytics-web-3.2.4.min.js
etag: 0x8DA7F9CCADC750E
x-azure-ref: 0vhwNYwAAAADFJ3hvjWBPRookmuENIdPJQ0hHRURHRTE2MDgAZjFjYTczZDQtODg4My00Y2FmLWFiZGMtZmUyZDU2N2FmYjk2
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
x-ms-request-id: 8e6cc629-e01e-0010-45e0-bb2d1d000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,x-ms-meta-jssdkver,x-ms-meta-lastmodified,x-ms-meta-jssdksrc,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=1800, immutable, no-transform
x-ms-version: 2009-09-19

GET
H2 200 ef-a24652
www.microsoft.com/onerfstatics/marketingsites-wcus-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/79-4cdd0a/33-ae3d41/a5-4bf7a2/13-8e1ceb/81-32f0c0/5c-b7b685/1a-bb39e7/ 167 KB
23 KB 627ms
623ms Stylesheet
text/css 2600:141b:9000:492::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/onerfstatics/marketingsites-wcus-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/79-4cdd0a/33-ae3d41/a5-4bf7a2/13-8e1ceb/81-32f0c0/5c-b7b685/1a-bb39e7/ef-a24652?ver=2.0&_cf=20210618

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:9000:492::356e New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

2eb8bf79bd243bb9b7a18683e32a220a6a078feed519ff75d63c4681bcb31d4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

ms-operation-id: 0d4a773b30e46c418e68c1061b2c84c2
date: Mon, 29 Aug 2022 20:08:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-rtag: RT
x-s2: 2022-08-23T19:46:49
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-activity-id: acecd557-428f-47f8-83b2-e73db664a2a7
tls_version: tls1.3
x-s1: 2022-08-23T19:46:48
ms-cv: blkWAYcUHUCsZcNP.0
vary: Accept-Encoding
content-length: 22578
x-xss-protection: 1; mode=block
last-modified: Tue, 23 Aug 2022 19:46:48 GMT
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odeastus, dt: 2018-05-03T20:14:23.4188992Z, bt: 2022-07-22T05:16:44.0000000Z}
strict-transport-security: max-age=31536000
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31016395
timing-allow-origin: *
x-appversion: 1.0.8237.38302
expires: Wed, 23 Aug 2023 19:48:26 GMT

GET
H/1.1 200
OK override.css
statics-marketingsites-wcus-ms-com.akamaized.net/statics/ 1 KB
907 B 74ms
18ms Stylesheet
text/css 104.117.182.32
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://statics-marketingsites-wcus-ms-com.akamaized.net/statics/override.css
Requested by: Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.117.182.32 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-117-182-32.deploy.static.akamaitechnologies.com
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 0bd288d5397a69ead391875b422bf2cbdcc4f795d64aa2f780aff45768d78248

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 29 Aug 2022 20:08:30 GMT
Content-Encoding: gzip
Last-Modified: Tue, 11 Jun 2019 23:22:13 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
ETag: 0x8D6EEC3A2D67C35
Vary: Accept-Encoding
Content-Type: text/css
x-ms-request-id: b1c75447-701e-0004-69c4-66ff88000000
x-ms-version: 2009-09-19
Connection: keep-alive
Content-Length: 473

GET
H2 200 37-8473b9 Show response
www.microsoft.com/onerfstatics/marketingsites-wcus-prod/shell/_scrf/js/themes=default/8e-e88b64/82-2a4f02/49-a00ab0/92-02e55d/7c-dcea75/75-fca72d/ed-e77ee7/d5-bf34c0/a9-078595/7a-7ea8cc/2d-40bdad/2... 133 KB
35 KB 713ms
709ms Script
text/javascript 2600:141b:9000:492::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/onerfstatics/marketingsites-wcus-prod/shell/_scrf/js/themes=default/8e-e88b64/82-2a4f02/49-a00ab0/92-02e55d/7c-dcea75/75-fca72d/ed-e77ee7/d5-bf34c0/a9-078595/7a-7ea8cc/2d-40bdad/23-e8cd2b/96-eb5423/e6-6b0cce/d1-98d78a/a0-23c4ba/a7-f7a340/48-6ed936/2e-ca165a/fc-169dd8/8e-60935c/87-fecbed/96-6ed6eb/c3-eb62e0/ad-ffd6bf/35-621acc/b0-07f293/1e-9d9d16/52-f0367f/1f-b57352/bf-517249/e1-ed258e/20-0b10e2/6b-0f1117/fb-5e9831/37-8473b9?ver=2.0&_cf=20210618&iife=1

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:9000:492::356e New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

1493e4977a83dd53ed66b226e0ff24065931cc3559f895a51f2c0b874acce637

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

ms-operation-id: b378fc3dd70bb848b401554f8b0979e9
date: Mon, 29 Aug 2022 20:08:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-rtag: RT
x-s2: 2022-08-23T20:07:20
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-activity-id: a5e88fee-aaee-435f-84f5-bd15810d1ee5
tls_version: tls1.3
x-s1: 2022-08-23T20:07:20
ms-cv: DS8jn1ODtU6lhA1Y.0
vary: Accept-Encoding
content-length: 35578
x-xss-protection: 1; mode=block
last-modified: Tue, 23 Aug 2022 20:07:20 GMT
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odeastus, dt: 2018-05-03T20:14:23.4188992Z, bt: 2022-07-22T05:16:44.0000000Z}
strict-transport-security: max-age=31536000
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31017589
timing-allow-origin: *
x-appversion: 1.0.8237.38302
expires: Wed, 23 Aug 2023 20:08:20 GMT

GET
H2 200 meversion Show response
mem.gfx.ms/ 29 KB
10 KB 157ms
30ms Script
application/javascript 2620:1ec:bdf::40
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://mem.gfx.ms/meversion?partner=MSSecurity&market=en-us&uhf=1

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:bdf::40 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

4874fbdfa20c2b841fb34d1f34ef112fe7e71a2df027690c9e5a338385692cd6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: br
x-content-type-options: nosniff
x-azure-ref-originshield: 0P80MYwAAAAAxbAHg1BsATJNnGxBY0hq3RE0yQUExMDkxMjA4MDE5AGVhYzVmNDlmLWUwMmQtNGY0MS1iMGE2LTJkNTBmOWZjZjg0YQ==
date: Mon, 29 Aug 2022 20:08:30 GMT
x-azure-ref: 0vxwNYwAAAAD8NAb4LVkJS7VdwnWOHfF4Q0hHRURHRTE2MTYAZWFjNWY0OWYtZTAyZC00ZjQxLWIwYTYtMmQ1MGY5ZmNmODRh
x-cache: TCP_HIT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, no-transform, max-age=43200
x-ua-compatible: IE=edge
expires: Tue, 30 Aug 2022 00:02:53 GMT

GET
H2 200 RE1Mu3b
img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/ 4 KB
4 KB 79ms
18ms Image
image/png 2600:141b:13::17d7:82c8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2600:141b:13::17d7:82c8 New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

112fec798b78aa02e102a724b5cb1990c0f909bc1d8b7b1fa256eab41bbc0960

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 29 Aug 2022 20:08:31 GMT
last-modified: Thu, 30 Jun 2022 13:26:19 GMT
x-datacenter: eastus
x-source-length: 4054
x-frame-options: DENY
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=282621
x-activityid: 9c6513f2-1c4a-4c6f-9d42-a930f0d145e6
x-resizerversion: 1.0
content-location: https://image.prod.cms.rt.microsoft.com/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
content-length: 4054
expires: Fri, 02 Sep 2022 02:38:52 GMT

GET
H2 200 mercury-blog-featured-image-440x268.jpg
www.microsoft.com/security/blog/uploads/securityprod/2022/08/ 16 KB
16 KB 271ms
269ms Image
image/jpeg 2600:141b:9000:492::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.microsoft.com/security/blog/uploads/securityprod/2022/08/mercury-blog-featured-image-440x268.jpg

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:9000:492::356e New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

6c7367e9f20b1045a6b75121d678064110264a57fd5b565b8afb49807586638b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-ms-blob-type: AppendBlob
date: Mon, 29 Aug 2022 20:08:31 GMT
x-rtag: RT
x-edgeconnect-midmile-rtt: 19
tls_version: tls1.3
content-length: 16304
x-ms-lease-status: unlocked
last-modified: Wed, 24 Aug 2022 05:03:27 GMT
x-ms-blob-committed-block-count: 1
etag: 0x8DA858DFB2CD739
strict-transport-security: max-age=31536000
content-type: image/jpeg
x-edgeconnect-origin-mex-latency: 163
x-ms-request-id: 63399b5a-301e-0080-1ce3-bbc399000000
cache-control: max-age=600, must-revalidate
x-ms-version: 2009-09-19

GET
H2 200 Picture1-440x268.jpg
www.microsoft.com/security/blog/uploads/securityprod/2022/08/ 30 KB
30 KB 289ms
287ms Image
image/jpeg 2600:141b:9000:492::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.microsoft.com/security/blog/uploads/securityprod/2022/08/Picture1-440x268.jpg

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:9000:492::356e New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

474caac65d370c8d73204846937993859d1b9e86ebb031a4ca99536c8477540e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-ms-blob-type: AppendBlob
date: Mon, 29 Aug 2022 20:08:31 GMT
x-rtag: RT
x-edgeconnect-midmile-rtt: 19
tls_version: tls1.3
content-length: 30586
x-ms-lease-status: unlocked
last-modified: Fri, 19 Aug 2022 16:55:28 GMT
x-ms-blob-committed-block-count: 1
etag: 0x8DA82039EB30413
strict-transport-security: max-age=31536000
content-type: image/jpeg
x-edgeconnect-origin-mex-latency: 163
x-ms-request-id: 081f8e21-801e-0013-31e3-bb1893000000
cache-control: max-age=600, must-revalidate
x-ms-version: 2009-09-19

GET
H2 200 magicweb-featured-image-440x268.jpg
www.microsoft.com/security/blog/uploads/securityprod/2022/08/ 33 KB
34 KB 306ms
305ms Image
image/jpeg 2600:141b:9000:492::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.microsoft.com/security/blog/uploads/securityprod/2022/08/magicweb-featured-image-440x268.jpg

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:9000:492::356e New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

7e7c74ca751f36229a723cca702e3751672f40b76f0fbf8b0fdd3091b111e4f4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-ms-blob-type: AppendBlob
date: Mon, 29 Aug 2022 20:08:31 GMT
x-rtag: RT
x-edgeconnect-midmile-rtt: 78
tls_version: tls1.3
content-length: 33959
x-ms-lease-status: unlocked
last-modified: Wed, 24 Aug 2022 06:52:56 GMT
x-ms-blob-committed-block-count: 1
etag: 0x8DA859D46B34F72
strict-transport-security: max-age=31536000
content-type: image/jpeg
x-edgeconnect-origin-mex-latency: 152
x-ms-request-id: c6c05c12-001e-008b-6ae3-bb38f2000000
cache-control: max-age=600, must-revalidate
x-ms-version: 2009-09-19

GET
H2 200 focus-within.js Show response
www.microsoft.com/security/blog/wp-content/plugins/oembeds/assets/js/vendor/ 10 KB
4 KB 69ms
69ms Script
application/javascript 2600:141b:9000:492::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/security/blog/wp-content/plugins/oembeds/assets/js/vendor/focus-within.js?ver=1.3.1

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:9000:492::356e New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

c05536c0f0662d15af06f535b7e11931840fa8d5893debb0d69289d3f4b15d6c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: public
date: Mon, 29 Aug 2022 20:08:31 GMT
content-encoding: gzip
last-modified: Tue, 26 Jul 2022 20:40:33 GMT
x-rtag: RT
x-edgeconnect-midmile-rtt: 83
etag: W/"62e05141-289e"
vary: Accept-Encoding
content-type: application/javascript
x-edgeconnect-origin-mex-latency: 27
tls_version: tls1.3
cache-control: max-age=2592000, public
strict-transport-security: max-age=31536000
content-length: 3288
expires: Wed, 28 Sep 2022 20:08:31 GMT

GET
H2 200 libgif.js Show response
www.microsoft.com/security/blog/wp-content/plugins/oembeds/assets/js/gifplayer/ 34 KB
9 KB 61ms
60ms Script
application/javascript 2600:141b:9000:492::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/security/blog/wp-content/plugins/oembeds/assets/js/gifplayer/libgif.js?ver=1.3.1

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:9000:492::356e New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

a96d53bba65b704f76446a222f42383a6099715b915ef05fff32f5be2634a014

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: public
date: Mon, 29 Aug 2022 20:08:31 GMT
content-encoding: gzip
last-modified: Tue, 26 Jul 2022 20:40:33 GMT
x-rtag: RT
x-edgeconnect-midmile-rtt: 121
etag: W/"62e05141-8705"
vary: Accept-Encoding
content-type: application/javascript
x-edgeconnect-origin-mex-latency: 31
tls_version: tls1.3
cache-control: max-age=2592000, public
strict-transport-security: max-age=31536000
content-length: 9145
expires: Wed, 28 Sep 2022 20:08:31 GMT

GET
H2 200 index.js Show response
www.microsoft.com/security/blog/wp-content/plugins/oembeds/assets/js/gifplayer/ 4 KB
2 KB 98ms
95ms Script
application/javascript 2600:141b:9000:492::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/security/blog/wp-content/plugins/oembeds/assets/js/gifplayer/index.js?ver=1.3.1

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:9000:492::356e New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

50006b9e18a52891c3955d398d3a53c4ef02dfa59d06b98af62d314826c51c36

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: public
date: Mon, 29 Aug 2022 20:08:31 GMT
content-encoding: gzip
last-modified: Tue, 26 Jul 2022 20:40:37 GMT
x-rtag: RT
x-edgeconnect-midmile-rtt: 121
etag: W/"62e05145-1102"
vary: Accept-Encoding
content-type: application/javascript
x-edgeconnect-origin-mex-latency: 26
tls_version: tls1.3
cache-control: max-age=2592000, public
strict-transport-security: max-age=31536000
content-length: 1510
expires: Wed, 28 Sep 2022 20:08:31 GMT

GET
H2 200 uhf-search-ui.js Show response
www.microsoft.com/security/blog/wp-content/plugins/wds-ms-searchwp/features/uhf-search-ui/ 4 KB
1 KB 126ms
123ms Script
application/javascript 2600:141b:9000:492::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/security/blog/wp-content/plugins/wds-ms-searchwp/features/uhf-search-ui/uhf-search-ui.js?ver=1.0.1

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:9000:492::356e New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

16d6e957a9525cb4848051b0efc5aa101d256a3c6838007dc4ac2c41121eaade

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: public
date: Mon, 29 Aug 2022 20:08:31 GMT
content-encoding: gzip
last-modified: Fri, 18 Jun 2021 19:28:23 GMT
x-rtag: RT
x-edgeconnect-midmile-rtt: 65
etag: W/"60ccf3d7-105b"
vary: Accept-Encoding
content-type: application/javascript
x-edgeconnect-origin-mex-latency: 34
tls_version: tls1.3
cache-control: max-age=2592000, public
strict-transport-security: max-age=31536000
content-length: 1035
expires: Wed, 28 Sep 2022 20:08:31 GMT

GET
H2 200 modernizr.js Show response
www.microsoft.com/security/blog/wp-content/themes/ms-security/assets/bower_components/modernizer/ 50 KB
16 KB 152ms
149ms Script
application/javascript 2600:141b:9000:492::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/security/blog/wp-content/themes/ms-security/assets/bower_components/modernizer/modernizr.js?ver=2.8.2

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:9000:492::356e New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

b828b15e9b7836b493a8bd6e832a24ee13aa8b6f8b4a1bf307a7af2912014178

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: public
date: Mon, 29 Aug 2022 20:08:31 GMT
content-encoding: gzip
last-modified: Fri, 18 Jun 2021 19:28:25 GMT
x-rtag: RT
x-edgeconnect-midmile-rtt: 38
etag: W/"60ccf3d9-c897"
vary: Accept-Encoding
content-type: application/javascript
x-edgeconnect-origin-mex-latency: 31
tls_version: tls1.3
cache-control: max-age=2592000, public
strict-transport-security: max-age=31536000
content-length: 15770
expires: Wed, 28 Sep 2022 20:08:31 GMT

GET
H2 200 mwf-auto-init-main.var.min.js Show response
assets.onestore.ms/cdnfiles/external/mwf/short/v1/latest/scripts/ 303 KB
71 KB 31ms
28ms Script
application/x-javascript 2600:1400:d:5a4::2957
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.onestore.ms/cdnfiles/external/mwf/short/v1/latest/scripts/mwf-auto-init-main.var.min.js?ver=v1.23.2+5182151

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2600:1400:d:5a4::2957 New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /

Resource Hash

f2a28cd82e7ec00d2d8158f21fb0507722cd8b09fa4a0a16fadc58f30385cc25

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff, nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

unused62: 8096267
date: Mon, 29 Aug 2022 20:08:31 GMT
content-encoding: gzip
x-content-type-options: nosniff, nosniff, nosniff
content-md5: 12go4t01WZJhAGBag3beKQ==
content-length: 71611
x-ms-lease-state: available
last-modified: Thu, 01 Feb 2018 02:22:29 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag: "0x8D5691AA4A3D407"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-lease-state,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
cache-control: max-age=900
accept-ranges: bytes

GET
H2 200 picturefill.min.js Show response
www.microsoft.com/security/blog/wp-content/themes/ms-security/assets/bower_components/picturefill/dist/ 12 KB
5 KB 174ms
171ms Script
application/javascript 2600:141b:9000:492::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/security/blog/wp-content/themes/ms-security/assets/bower_components/picturefill/dist/picturefill.min.js?ver=3.0.3

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:9000:492::356e New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

893fa7fe8b6e69e2828319c04a7cbb6f129ea820db695d4ced5757d59450b6a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: public
date: Mon, 29 Aug 2022 20:08:31 GMT
content-encoding: gzip
last-modified: Fri, 18 Jun 2021 19:28:20 GMT
x-rtag: RT
x-edgeconnect-midmile-rtt: 68
etag: W/"60ccf3d4-2e1f"
vary: Accept-Encoding
content-type: application/javascript
x-edgeconnect-origin-mex-latency: 32
tls_version: tls1.3
cache-control: max-age=2592000, public
strict-transport-security: max-age=31536000
content-length: 5171
expires: Wed, 28 Sep 2022 20:08:31 GMT

GET
H2 200 imagesloaded.min.js Show response
www.microsoft.com/security/blog/wp-includes/js/ 5 KB
2 KB 193ms
190ms Script
application/javascript 2600:141b:9000:492::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/security/blog/wp-includes/js/imagesloaded.min.js?ver=4.1.4

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:9000:492::356e New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: public
date: Mon, 29 Aug 2022 20:08:31 GMT
content-encoding: gzip
last-modified: Thu, 03 Jun 2021 09:20:38 GMT
x-rtag: RT
x-edgeconnect-midmile-rtt: 43
etag: W/"60b89ee6-15fd"
vary: Accept-Encoding
content-type: application/javascript
x-edgeconnect-origin-mex-latency: 29
tls_version: tls1.3
cache-control: max-age=2592000, public
strict-transport-security: max-age=31536000
content-length: 1834
expires: Wed, 28 Sep 2022 20:08:31 GMT

GET
H2 200 masonry.min.js Show response
www.microsoft.com/security/blog/wp-includes/js/ 24 KB
8 KB 212ms
209ms Script
application/javascript 2600:141b:9000:492::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/security/blog/wp-includes/js/masonry.min.js?ver=4.2.2

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:9000:492::356e New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e00add38134eac2fb8e8e9c09cbfff7bbe57952b210322eb2eecb0a21fc055eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: public
date: Mon, 29 Aug 2022 20:08:31 GMT
content-encoding: gzip
last-modified: Fri, 18 Jun 2021 19:16:24 GMT
x-rtag: RT
x-edgeconnect-midmile-rtt: 109
etag: W/"60ccf108-5e4a"
vary: Accept-Encoding
content-type: application/javascript
x-edgeconnect-origin-mex-latency: 39
tls_version: tls1.3
cache-control: max-age=2592000, public
strict-transport-security: max-age=31536000
content-length: 7382
expires: Wed, 28 Sep 2022 20:08:31 GMT

GET
H2 200 project.min.js Show response
www.microsoft.com/security/blog/wp-content/themes/ms-security/assets/scripts/ 6 KB
2 KB 231ms
228ms Script
application/javascript 2600:141b:9000:492::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/security/blog/wp-content/themes/ms-security/assets/scripts/project.min.js?ver=1.0.1

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:9000:492::356e New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

a08955386df086739491701afd425accb0e8323dadff2dcbcceffac9ca79c939

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: public
date: Mon, 29 Aug 2022 20:08:31 GMT
content-encoding: gzip
last-modified: Tue, 10 May 2022 16:49:11 GMT
x-rtag: RT
x-edgeconnect-midmile-rtt: 39
etag: W/"627a9787-19d7"
vary: Accept-Encoding
content-type: application/javascript
x-edgeconnect-origin-mex-latency: 35
tls_version: tls1.3
cache-control: max-age=2592000, public
strict-transport-security: max-age=31536000
content-length: 2004
expires: Wed, 28 Sep 2022 20:08:31 GMT

GET
H2 200 microsoft-uhf.js Show response
www.microsoft.com/security/blog/wp-content/plugins/microsoft-uhf/assets/ 3 KB
2 KB 250ms
248ms Script
application/javascript 2600:141b:9000:492::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/security/blog/wp-content/plugins/microsoft-uhf/assets/microsoft-uhf.js?ver=0.4.0

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:9000:492::356e New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

cffbae450bcad74d65019c0aa2bada046cdcf5f5fa4af699929838f58c7ff8c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: public
date: Mon, 29 Aug 2022 20:08:31 GMT
content-encoding: gzip
last-modified: Fri, 18 Jun 2021 19:28:23 GMT
x-rtag: RT
x-edgeconnect-midmile-rtt: 39
etag: W/"60ccf3d7-d4e"
vary: Accept-Encoding
content-type: application/javascript
x-edgeconnect-origin-mex-latency: 30
tls_version: tls1.3
cache-control: max-age=2592000, public
strict-transport-security: max-age=31536000
content-length: 1370
expires: Wed, 28 Sep 2022 20:08:31 GMT

GET
H2 200 wp-emoji-release.min.js Show response
www.microsoft.com/security/blog/wp-includes/js/ 18 KB
5 KB 388ms
387ms Script
application/javascript 2600:141b:9000:492::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/security/blog/wp-includes/js/wp-emoji-release.min.js?ver=6.0.1

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:9000:492::356e New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: public
date: Mon, 29 Aug 2022 20:08:31 GMT
content-encoding: gzip
last-modified: Mon, 13 Jun 2022 08:41:50 GMT
x-rtag: RT
x-edgeconnect-midmile-rtt: 28
etag: W/"62a6f84e-48b9"
vary: Accept-Encoding
content-type: application/javascript
x-edgeconnect-origin-mex-latency: 23
tls_version: tls1.3
cache-control: max-age=2592000, public
strict-transport-security: max-age=31536000
content-length: 5004
expires: Wed, 28 Sep 2022 20:08:31 GMT

GET
H2 200 mwfmdl2-v3.54.woff
www.microsoft.com/mwf/_h/v3.54/mwf.app/fonts/ 26 KB
26 KB 339ms
338ms Font
application/font-woff 2600:141b:9000:492::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.microsoft.com/mwf/_h/v3.54/mwf.app/fonts/mwfmdl2-v3.54.woff

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/onerfstatics/marketingsites-wcus-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/79-4cdd0a/33-ae3d41/a5-4bf7a2/13-8e1ceb/81-32f0c0/5c-b7b685/1a-bb39e7/ef-a24652?ver=2.0&_cf=20210618

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:9000:492::356e New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

22b4df5c33045b645cafa45b04685f4752e471a2e933bff5bf14324d87deee12

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.microsoft.com/onerfstatics/marketingsites-wcus-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/79-4cdd0a/33-ae3d41/a5-4bf7a2/13-8e1ceb/81-32f0c0/5c-b7b685/1a-bb39e7/ef-a24652?ver=2.0&_cf=20210618
Origin: https://www.microsoft.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

ms-operation-id: f1b80bf3a9428c45abd8c805b22f0299
date: Mon, 29 Aug 2022 20:08:31 GMT
x-content-type-options: nosniff
x-rtag: RT
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-activity-id: 573adb8d-e07e-4b78-a68d-ee5b9d7d526b
tls_version: tls1.3
ms-cv: WpwtsFFJmEavSw5W.0
content-length: 26288
x-xss-protection: 1; mode=block
last-modified: Mon, 11 Apr 2022 15:05:25 GMT
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odeastus, dt: 2018-05-03T20:14:23.4188992Z, bt: 2022-04-01T07:52:08.0000000Z}
strict-transport-security: max-age=31536000
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=19421813
x-appversion: 1.0.8125.42964
expires: Tue, 11 Apr 2023 15:05:24 GMT

GET
H2 200 latest.woff2
c.s-microsoft.com/static/fonts/segoe-ui/west-european/Semibold/ 29 KB
29 KB 131ms
18ms Font
font/woff2 2600:1400:d:594::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.s-microsoft.com/static/fonts/segoe-ui/west-european/Semibold/latest.woff2
Requested by: Host: assets.onestore.ms
URL: https://assets.onestore.ms/cdnfiles/external/mwf/short/v1/latest/css/mwf-west-european-default.min.css?ver=6.0.1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1400:d:594::356e New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: d87d0a7a7fe2c36d1dc093bfe56e9b81b311988789dbd3b65abf811d551ef02f

Request headers

Referer: https://assets.onestore.ms/
Origin: https://www.microsoft.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 20:08:31 GMT
last-modified: Fri, 10 Jan 2020 19:09:43 GMT
etag: "5b68d583e9c7d51:0"
access-control-allow-methods: GET,POST
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=593725
accept-ranges: bytes
content-length: 29388
expires: Mon, 05 Sep 2022 17:03:56 GMT

GET
H2 200 latest.woff2
c.s-microsoft.com/static/fonts/segoe-ui/west-european/normal/ 33 KB
34 KB 144ms
36ms Font
font/woff2 2600:1400:d:594::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.s-microsoft.com/static/fonts/segoe-ui/west-european/normal/latest.woff2
Requested by: Host: assets.onestore.ms
URL: https://assets.onestore.ms/cdnfiles/external/mwf/short/v1/latest/css/mwf-west-european-default.min.css?ver=6.0.1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1400:d:594::356e New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 4f7f4afe26e71fa9ca1dac4a43b557a554a46f53251d849f07ed08a04829d74b

Request headers

Referer: https://assets.onestore.ms/
Origin: https://www.microsoft.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 20:08:31 GMT
last-modified: Fri, 10 Jan 2020 19:09:43 GMT
etag: "588d483e9c7d51:0"
access-control-allow-methods: GET,POST
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=536449
accept-ranges: bytes
content-length: 34052
expires: Mon, 05 Sep 2022 01:09:20 GMT

GET
H2 200 coq1z7el3n Show response
www.clarity.ms/tag/ 1 KB
2 KB 123ms
43ms Script
application/x-javascript 2620:1ec:40::40
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/coq1z7el3n
Requested by: Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:40::40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ASP.NET
Resource Hash: 1183e3168d4d9f34ea34931d5df42a79e527adc56c71950907cf24cd2feb5326

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 20:08:31 GMT
x-powered-by: ASP.NET
x-azure-ref: 0vxwNYwAAAAA7p1rep61OToArwjDWhdImWVRPMjIxMDkwODE3MDIzADZjZmJlZWUwLTUwMjctNDg0Yi04OTY3LTRhMjlhZjc3ZjFlMQ==
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
cache-control: no-cache, no-store
request-context: appId=cid-v1:e97341f6-8fff-46a6-9229-fbbfe0892c78
content-length: 1364
expires: -1

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 8 KB
3 KB 65ms
19ms Script
application/x-javascript 2600:141b:9000::1725:7b88
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:9000::1725:7b88 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: b57839788686bf37d29f47bbe45ad8258085e3aebf54650ab389c0b515b977e1

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 20:08:31 GMT
content-encoding: gzip
last-modified: Fri, 12 Aug 2022 20:23:36 GMT
x-cdn: AKAM
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=20164
accept-ranges: bytes
content-length: 3063

GET
H/1.1 200
OK RE1r2ij Show response
query.prod.cms.rt.microsoft.com/cms/api/am/binary/ 7 KB
4 KB 107ms
19ms Script
application/javascript 104.105.83.115
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE1r2ij

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.105.83.115 New York, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-105-83-115.deploy.static.akamaitechnologies.com

Software

Resource Hash

4ce067ee7b11add8ffefd6f327a6e4ee01dca104506689e39f3450d6d596dfa5

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.microsoft.com/
X-Frame-Options	deny

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Unused62: 8096267
AppEx-Activity-Id: bb6aa89c-db03-40d6-af70-1122ce52162e
Content-Encoding: gzip
Vary: Accept-Encoding
X-CMS-Tenant: am
X-CMS-ServiceLocation: eastus:15
X-CMS-Type: binary
X-CMS-DocumentId: RE1r2ij
X-CMS-Alias: default
Content-Disposition: inline; filename=oa.min.js
Connection: keep-alive
MS-CV: veV3pfB1y0iYdtuWIDcmAQ.0
Content-Length: 3129
X-Trace-Context: {"ActivityId":"bb6aa89c-db03-40d6-af70-1122ce52162e"}
X-CMS-Version: 72
Last-Modified: Mon, 26 Apr 2021 16:08:54 GMT
ETag: W/"171"
X-Frame-Options: deny
Content-Type: application/javascript
X-CMS-ExecutionTimeInMilliseconds: 221
Cache-Control: public, must-revalidate, max-age=8853
Content-Security-Policy: frame-ancestors 'self' https://www.microsoft.com/
Date: Mon, 29 Aug 2022 20:08:31 GMT
X-CMS-State: Published

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2bf73ba8c24162c4cfd51b3b508b2bc0f8ee00cab13bec8f32b6fb6359be7d17

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 223 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 707c5b510b5712a82fd8bdf073a6d9860583931ee85f6ee7e2e735e81ae05d18

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 latest.woff2
c.s-microsoft.com/static/fonts/segoe-ui/west-european/Light/ 27 KB
27 KB 72ms
45ms Font
font/woff2 2600:1400:d:594::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.s-microsoft.com/static/fonts/segoe-ui/west-european/Light/latest.woff2
Requested by: Host: assets.onestore.ms
URL: https://assets.onestore.ms/cdnfiles/external/mwf/short/v1/latest/css/mwf-west-european-default.min.css?ver=6.0.1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1400:d:594::356e New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: fe8a1047376498c80a157d13555e42a92ad480fcb0bcc9de51ad1930fbeb7f91

Request headers

Referer: https://assets.onestore.ms/
Origin: https://www.microsoft.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 20:08:31 GMT
last-modified: Fri, 10 Jan 2020 19:09:43 GMT
etag: "1282d283e9c7d51:0"
access-control-allow-methods: GET,POST
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=468563
accept-ranges: bytes
content-length: 27168
expires: Sun, 04 Sep 2022 06:17:54 GMT

GET
H2 200 latest.woff2
c.s-microsoft.com/static/fonts/segoe-ui/west-european/Bold/ 29 KB
30 KB 64ms
57ms Font
font/woff2 2600:1400:d:594::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.s-microsoft.com/static/fonts/segoe-ui/west-european/Bold/latest.woff2
Requested by: Host: assets.onestore.ms
URL: https://assets.onestore.ms/cdnfiles/external/mwf/short/v1/latest/css/mwf-west-european-default.min.css?ver=6.0.1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1400:d:594::356e New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 1232bbdbc5d205f3c5a40efa5ed92839c79e7879d5168445cc47645bb93f7d1b

Request headers

Referer: https://assets.onestore.ms/
Origin: https://www.microsoft.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 20:08:31 GMT
last-modified: Fri, 10 Jan 2020 19:09:42 GMT
etag: "83cce83e9c7d51:0"
access-control-allow-methods: GET,POST
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=430375
accept-ranges: bytes
content-length: 30132
expires: Sat, 03 Sep 2022 19:41:26 GMT

GET
H2 200 latest.woff2
c.s-microsoft.com/static/fonts/segoe-ui/west-european/Semilight/ 28 KB
28 KB 44ms
44ms Font
font/woff2 2600:1400:d:594::356e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.s-microsoft.com/static/fonts/segoe-ui/west-european/Semilight/latest.woff2
Requested by: Host: assets.onestore.ms
URL: https://assets.onestore.ms/cdnfiles/external/mwf/short/v1/latest/css/mwf-west-european-default.min.css?ver=6.0.1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1400:d:594::356e New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 6ba0d1a726f1887bd61727b308ed0be0e73edba17d4ad11b91ab19b632e078f6

Request headers

Referer: https://assets.onestore.ms/
Origin: https://www.microsoft.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 20:08:31 GMT
last-modified: Fri, 10 Jan 2020 19:09:43 GMT
etag: "95edd883e9c7d51:0"
access-control-allow-methods: GET,POST
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=197906
accept-ranges: bytes
content-length: 28908
expires: Thu, 01 Sep 2022 03:06:57 GMT

GET
H2

200

/
p.adsymptotic.com/d/px/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7850&time=1661803711554&url=https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F2022%2F01%2F15%2Fdestructive-malware-targeting-ukrainian-organizat...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7850&time=1661803711554&url=https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F2022%2F01%2F15%2Fdestructive-malware-targeting-ukrainian-organizat...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D7850%26time%3D1661803711554%26url%3Dhttps%253A%252F%252Fwww.microsoft.com%252Fsec...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7850&time=1661803711554&url=https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F2022%2F01%2F15%2Fdestructive-malware-targeting-ukrainian-organizat...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=7850&time=1661803711554&url=https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F2022%2F01%2F15%2Fdestructive-malware-targeting-ukrainian-organiza...
https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=c38800f2-570b-4223-b320-8fc334a1ac8c
https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=c38800f2-570b-4223-b320-8fc334a1ac8c&_expected_cookie=76dcbfd1b48c99515f824e7c...

43 B
142 B

59ms
58ms

Image
image/gif

104.18.98.194
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=c38800f2-570b-4223-b320-8fc334a1ac8c&_expected_cookie=76dcbfd1b48c99515f824e7c343e0f69
Requested by: Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/
Protocol: H2
Server: 104.18.98.194 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 20:08:32 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 7427eb51985fa24c-YYZ
p3p: CP='NON DSP COR CONi OUR BUS CNT'
content-type: image/gif
content-length: 43

Redirect headers

location: https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=c38800f2-570b-4223-b320-8fc334a1ac8c&_expected_cookie=76dcbfd1b48c99515f824e7c343e0f69
date: Mon, 29 Aug 2022 20:08:32 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7427eb514fd2a24c-YYZ
content-length: 0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"

GET
H2 200 clarity.js Show response
www.clarity.ms/eus-e/s/0.6.39/ 53 KB
23 KB 38ms
38ms Script
application/javascript 2620:1ec:40::40
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/eus-e/s/0.6.39/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/coq1z7el3n
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:40::40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ASP.NET
Resource Hash: f083096f236cb98c87af2abc70707aef6a74bb105074919b0bdc3aeec6964c1d

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 20:08:31 GMT
content-encoding: br
etag: "1d8b56efcd011a1"
last-modified: Wed, 01 Jun 2022 12:22:22 GMT
x-powered-by: ASP.NET
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript;charset=utf-8
cache-control: public,max-age=86400
x-azure-ref: 0vxwNYwAAAAA+oKWUlQYVQJV/CQR3SDDTWVRPMjIxMDkwODE3MDIzADZjZmJlZWUwLTUwMjctNDg0Yi04OTY3LTRhMjlhZjc3ZjFlMQ==
accept-ranges: bytes
request-context: appId=cid-v1:e55edbbe-e22b-46b4-8313-9ee2a4e71d12

GET
H2 200 launch-41185cd0b005.min.js Show response
assets.adobedtm.com/5ef092d1efb5/d6d76b37b476/ 63 KB
18 KB 100ms
19ms Script
application/x-javascript 2600:141b:9000:79c::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5ef092d1efb5/d6d76b37b476/launch-41185cd0b005.min.js
Requested by: Host: query.prod.cms.rt.microsoft.com
URL: https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE1r2ij
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:9000:79c::1e80 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 8e673d59965134cf831a38a2bdfa3578e332afc766bb3efb377624631cbde8f2

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 20:08:31 GMT
content-encoding: gzip
last-modified: Wed, 08 Dec 2021 21:39:55 GMT
server: AkamaiNetStorage
etag: "2ff66f47957052cad7dcc1ed409f7cff:1638999595.762542"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.microsoft.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 18602
expires: Mon, 29 Aug 2022 21:08:31 GMT

GET
H2 200 meBoot.min.js Show response
mem.gfx.ms/scripts/me/MeControl/10.22108.2/en-US/ 158 KB
31 KB 93ms
32ms Script
application/javascript 2620:1ec:bdf::40
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://mem.gfx.ms/scripts/me/MeControl/10.22108.2/en-US/meBoot.min.js

Requested by

Host: mem.gfx.ms
URL: https://mem.gfx.ms/meversion?partner=MSSecurity&market=en-us&uhf=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:bdf::40 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

afc4759aa1ead362c4c11504fa1e71f6fc81c5d3d1b4dd6416215d335d65ad74

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.microsoft.com/
Origin: https://www.microsoft.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: br
x-content-type-options: nosniff
last-modified: Tue, 23 Aug 2022 01:00:36 GMT
x-azure-ref-originshield: 0CLoLYwAAAADY236nc9ALR4h/kf7hOP2nRE0yQUExMDkxMjA3MDE3AGVhYzVmNDlmLWUwMmQtNGY0MS1iMGE2LTJkNTBmOWZjZjg0YQ==
etag: "1d8b6c66d3c5cbe"
x-azure-ref: 0vxwNYwAAAAA9+1BRazyaTZ3x/ukHYlAxQ0hHRURHRTE1MjIAZWFjNWY0OWYtZTAyZC00ZjQxLWIwYTYtMmQ1MGY5ZmNmODRh
x-cache: TCP_HIT
content-type: application/javascript
access-control-allow-origin: *
date: Mon, 29 Aug 2022 20:08:31 GMT
x-ua-compatible: IE=edge

GET
H/1.1 200
OK t.gif
web.vortex.data.microsoft.com/collect/v1/ 43 B
714 B 145ms
30ms Image
image/gif 23.96.225.71
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://web.vortex.data.microsoft.com/collect/v1/t.gif?ver=%272.1%27&name=%27Ms.Webi.OutgoingRequest%27&time=%272022-08-29T20%3A08%3A31.596Z%27&appId=%27JS%3AMeControl%27&cV=%27dJBNGUFAaBWm97T1.1%27&flags=2097152&ext-javascript-ver=%271.1%27&ext-javascript-libVer=%274.2.3%27&ext-javascript-domain=%27www.microsoft.com%27&ext-javascript-userConsent=false&ext-app-env=%27Prod%27&-operationName=%27meversion%27&-dependencyOperationName=%27LoadResource%27&-dependencyName=%27MeControl%27&-latencyMs=885&-succeeded=true&-targetUri=%27https%3A%2F%2Fmem.gfx.ms%2Fmeversion%3Fpartner%3D**%26market%3D**%26uhf%3D**%27&*baseType=%27Ms.Qos.OutgoingServiceRequest%27&*pageName=%27None%27&*impressionGuid=%2790f16e88-58e1-4be8-0880-ffd3146ef466%27&*market=%27en-US%27&*customData=%27%7B%22computedDuration%22%3A1029%2C%22perfDuration%22%3A884.5%2C%22metaTags%22%3A%7B%22pgpart%22%3A%22mssecurity%22%7D%2C%22config%22%3A%7B%22ver%22%3A%2210.22108.2%22%2C%22mkt%22%3A%22en-US%22%2C%22ptn%22%3A%22mssecurity%22%2C%22gfx%22%3A%22https%3A%2F%2Famcdn.msftauth.net%22%2C%22dbg%22%3Afalse%2C%22aad%22%3Atrue%2C%22int%22%3Afalse%2C%22pxy%22%3Atrue%2C%22msTxt%22%3Afalse%2C%22rwd%22%3Atrue%2C%22telEvs%22%3A%22PageAction%2C%20PageView%2C%20ContentUpdate%2C%20OutgoingRequest%2C%20ClientError%2C%20PartnerApiCall%2C%20TrackedScenario%22%2C%22instKey%22%3A%22b8ffe739c47a401190627519795ca4d2-044a8309-9d4b-430b-9d47-6e87775cbab6-6888%22%2C%22oneDSUrl%22%3A%22https%3A%2F%2Fjs.monitor.azure.com%2Fscripts%2Fc%2Fms.shared.analytics-3.1.11.gbl.min.js%22%2C%22remAcc%22%3Atrue%2C%22main%22%3A%22meBoot%22%2C%22wrapperId%22%3A%22uhf%22%2C%22cdnRegex%22%3A%22%5E(%3F%3Ahttps%3F%3A%5C%5C%2F%5C%5C%2F)%3F(mem%5C%5C.gfx%5C%5C.ms(%3F!%5C%5C.)%7Ccontrols%5C%5C.account.microsoft%3F(%3F%3A-int%7C-dev)%3F(%5C%5C.com)%3F(%3A%5B0-9%5D%7B1%2C6%7D)%7Camcdn%5C%5C.ms(%3F%3Aft)%3Fauth%5C%5C.net(%3F!%5C%5C.))%22%2C%22timeoutMs%22%3A30000%2C%22graphv2%22%3Atrue%2C%22graphinfo%22%3A%7B%22graphclientid%22%3A%227eadcef8-456d-4611-9480-4fff72b8b9e2%22%2C%22graphscope%22%3A%22user.read%22%2C%22graphcodeurl%22%3A%22https%3A%2F%2Flogin.microsoftonline.com%2Fcommon%2Foauth2%2Fv2.0%2Fauthorize%22%2C%22graphredirecturi%22%3A%22https%3A%2F%2Famcdn.msftauth.net%2Fme%2Fcallgraph%22%2C%22graphphotourl%22%3A%22https%3A%2F%2Fgraph.microsoft.com%2Fv1.0%2Fme%2Fphotos%2F96x96%2F%24value%22%7D%2C%22aadUrl%22%3A%22https%3A%2F%2Fmyaccount.microsoft.com%22%2C%22msaUrl%22%3A%22https%3A%2F%2Faccount.microsoft.com%2F%22%2C%22authAppUpsellUrl%22%3A%22%22%2C%22cache%22%3Atrue%2C%22cacheRetention%22%3A%7B%22picRetention%22%3A604800000%2C%22authAppRetention%22%3A94670856000%7D%7D%2C%22url%22%3A%22https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F2022%2F01%2F15%2Fdestructive-malware-targeting-ukrainian-organizations%2F%22%2C%22accts%22%3A%220-0%22%7D%27

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

23.96.225.71 Chicago, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 29 Aug 2022 20:08:30 GMT
X-Content-Type-Options: nosniff
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Cache-Control: no-cache, no-store
MS-CV: 4+Xbl6LTQkCRtD3FDCYCjA.0
Content-Type: image/gif
Content-Length: 43
Expires: 0

GET
H2 200 RCbec314109be34962999dbad4041375a8-source.min.js Show response
assets.adobedtm.com/5ef092d1efb5/d6d76b37b476/cc63921ab1f0/ 1 KB
794 B 31ms
31ms Script
application/x-javascript 2600:141b:9000:79c::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5ef092d1efb5/d6d76b37b476/cc63921ab1f0/RCbec314109be34962999dbad4041375a8-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/5ef092d1efb5/d6d76b37b476/launch-41185cd0b005.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:9000:79c::1e80 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 08349a70b033f56eb076549f7092120abb5a40f017bd92ee24aef58d8b10f05b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

unused62: 8096267
date: Mon, 29 Aug 2022 20:08:31 GMT
content-encoding: gzip
last-modified: Wed, 08 Dec 2021 21:39:56 GMT
server: AkamaiNetStorage
etag: "d8b4a532e9559d18d4118fb4a3525c9b:1638999596.382245"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.microsoft.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 513
expires: Mon, 29 Aug 2022 21:08:31 GMT

POST
H2 204 collect Show response
l.clarity.ms/ 0
176 B 183ms
83ms XHR
text/plain 20.120.65.166
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://l.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/eus-e/s/0.6.39/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.120.65.166 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.microsoft.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

access-control-allow-origin: https://www.microsoft.com
date: Mon, 29 Aug 2022 20:08:31 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:e55edbbe-e22b-46b4-8313-9ee2a4e71d12

GET
H/1.1 200
OK t.gif
web.vortex.data.microsoft.com/collect/v1/ 43 B
714 B 43ms
30ms Image
image/gif 23.96.225.71
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://web.vortex.data.microsoft.com/collect/v1/t.gif?ver=%272.1%27&name=%27Ms.Webi.OutgoingRequest%27&time=%272022-08-29T20%3A08%3A31.732Z%27&appId=%27JS%3AMeControl%27&cV=%27dJBNGUFAaBWm97T1.3%27&flags=2097152&ext-javascript-ver=%271.1%27&ext-javascript-libVer=%274.2.3%27&ext-javascript-domain=%27www.microsoft.com%27&ext-javascript-userConsent=false&ext-app-env=%27Prod%27&-operationName=%27meBoot.min.js%27&-dependencyOperationName=%27DownloadScript%27&-dependencyName=%27MeControl%27&-latencyMs=122&-succeeded=true&-targetUri=%27https%3A%2F%2Fmem.gfx.ms%2Fscripts%2Fme%2FMeControl%2F10.22108.2%2Fen-US%2FmeBoot.min.js%27&*baseType=%27Ms.Qos.OutgoingServiceRequest%27&*pageName=%27None%27&*impressionGuid=%2790f16e88-58e1-4be8-0880-ffd3146ef466%27&*market=%27en-US%27&*customData=%27%7B%22computedDuration%22%3A131.8000030517578%2C%22perfDuration%22%3A121.5%2C%22metaTags%22%3A%7B%22pgpart%22%3A%22mssecurity%22%7D%2C%22config%22%3A%7B%22ver%22%3A%2210.22108.2%22%2C%22mkt%22%3A%22en-US%22%2C%22ptn%22%3A%22mssecurity%22%2C%22gfx%22%3A%22https%3A%2F%2Famcdn.msftauth.net%22%2C%22dbg%22%3Afalse%2C%22aad%22%3Atrue%2C%22int%22%3Afalse%2C%22pxy%22%3Atrue%2C%22msTxt%22%3Afalse%2C%22rwd%22%3Atrue%2C%22telEvs%22%3A%22PageAction%2C%20PageView%2C%20ContentUpdate%2C%20OutgoingRequest%2C%20ClientError%2C%20PartnerApiCall%2C%20TrackedScenario%22%2C%22instKey%22%3A%22b8ffe739c47a401190627519795ca4d2-044a8309-9d4b-430b-9d47-6e87775cbab6-6888%22%2C%22oneDSUrl%22%3A%22https%3A%2F%2Fjs.monitor.azure.com%2Fscripts%2Fc%2Fms.shared.analytics-3.1.11.gbl.min.js%22%2C%22remAcc%22%3Atrue%2C%22main%22%3A%22meBoot%22%2C%22wrapperId%22%3A%22uhf%22%2C%22cdnRegex%22%3A%22%5E(%3F%3Ahttps%3F%3A%5C%5C%2F%5C%5C%2F)%3F(mem%5C%5C.gfx%5C%5C.ms(%3F!%5C%5C.)%7Ccontrols%5C%5C.account.microsoft%3F(%3F%3A-int%7C-dev)%3F(%5C%5C.com)%3F(%3A%5B0-9%5D%7B1%2C6%7D)%7Camcdn%5C%5C.ms(%3F%3Aft)%3Fauth%5C%5C.net(%3F!%5C%5C.))%22%2C%22timeoutMs%22%3A30000%2C%22graphv2%22%3Atrue%2C%22graphinfo%22%3A%7B%22graphclientid%22%3A%227eadcef8-456d-4611-9480-4fff72b8b9e2%22%2C%22graphscope%22%3A%22user.read%22%2C%22graphcodeurl%22%3A%22https%3A%2F%2Flogin.microsoftonline.com%2Fcommon%2Foauth2%2Fv2.0%2Fauthorize%22%2C%22graphredirecturi%22%3A%22https%3A%2F%2Famcdn.msftauth.net%2Fme%2Fcallgraph%22%2C%22graphphotourl%22%3A%22https%3A%2F%2Fgraph.microsoft.com%2Fv1.0%2Fme%2Fphotos%2F96x96%2F%24value%22%7D%2C%22aadUrl%22%3A%22https%3A%2F%2Fmyaccount.microsoft.com%22%2C%22msaUrl%22%3A%22https%3A%2F%2Faccount.microsoft.com%2F%22%2C%22authAppUpsellUrl%22%3A%22%22%2C%22cache%22%3Atrue%2C%22cacheRetention%22%3A%7B%22picRetention%22%3A604800000%2C%22authAppRetention%22%3A94670856000%7D%7D%2C%22url%22%3A%22https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F2022%2F01%2F15%2Fdestructive-malware-targeting-ukrainian-organizations%2F%22%2C%22accts%22%3A%220-0%22%7D%27

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

23.96.225.71 Chicago, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 29 Aug 2022 20:08:30 GMT
X-Content-Type-Options: nosniff
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Cache-Control: no-cache, no-store
MS-CV: Pm36c4657kaaiiDrejmvUA.0
Content-Type: image/gif
Content-Length: 43
Expires: 0

GET
H/1.1 200
OK t.gif
web.vortex.data.microsoft.com/collect/v1/ 43 B
714 B 67ms
30ms Image
image/gif 23.96.225.71
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://web.vortex.data.microsoft.com/collect/v1/t.gif?ver=%272.1%27&name=%27Ms.Webi.MeControl.TrackedScenario%27&time=%272022-08-29T20%3A08%3A31.740Z%27&appId=%27JS%3AMeControl%27&cV=%27dJBNGUFAaBWm97T1.5%27&flags=2097152&ext-javascript-ver=%271.1%27&ext-javascript-libVer=%274.2.3%27&ext-javascript-domain=%27www.microsoft.com%27&ext-javascript-userConsent=false&ext-app-env=%27Prod%27&*partner=%27mssecurity%27&*controlVersion=%2710.22108.2%27&*market=%27en-US%27&*scenario=%27Load%27&*action=%27END%27&*previousAction=%27START%27&*success=true&*durationMs=141.9000015258789&*details=%27loadV1%27

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

23.96.225.71 Chicago, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 29 Aug 2022 20:08:30 GMT
X-Content-Type-Options: nosniff
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Cache-Control: no-cache, no-store
MS-CV: 0mGc5DoqdE+eWfrliPLB2Q.0
Content-Type: image/gif
Content-Length: 43
Expires: 0

GET
DATA 200
OK truncated
/ 358 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ee2b841529e5d06aeae7f65b413b40bbfef5161c9fad9a8a1755dac03806291b

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H/1.1 200
OK t.gif
web.vortex.data.microsoft.com/collect/v1/ 43 B
392 B 85ms
30ms Image
image/gif 23.96.225.71
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://web.vortex.data.microsoft.com/collect/v1/t.gif?ver=%272.1%27&name=%27Ms.Webi.MeControl.TrackedScenario%27&time=%272022-08-29T20%3A08%3A31.752Z%27&appId=%27JS%3AMeControl%27&cV=%27dJBNGUFAaBWm97T1.6%27&flags=2097152&ext-javascript-ver=%271.1%27&ext-javascript-libVer=%274.2.3%27&ext-javascript-domain=%27www.microsoft.com%27&ext-javascript-userConsent=false&ext-app-env=%27Prod%27&*partner=%27mssecurity%27&*controlVersion=%2710.22108.2%27&*market=%27en-US%27&*scenario=%27Interactive%27&*action=%27END%27&*previousAction=%27START%27&*success=true&*durationMs=154.4000015258789&*details=%27Web%20header%27

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

23.96.225.71 Chicago, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 29 Aug 2022 20:08:30 GMT
X-Content-Type-Options: nosniff
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Cache-Control: no-cache, no-store
MS-CV: S50KE51Wpk6D/ErFECZ1mw.0
Content-Type: image/gif
Content-Length: 43
Expires: 0

GET
H2 200 RC93d606b4095e41c2a39459edcaf4be13-source.min.js Show response
assets.adobedtm.com/5ef092d1efb5/d6d76b37b476/cc63921ab1f0/ 1 KB
851 B 25ms
25ms Script
application/x-javascript 2600:141b:9000:79c::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5ef092d1efb5/d6d76b37b476/cc63921ab1f0/RC93d606b4095e41c2a39459edcaf4be13-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/5ef092d1efb5/d6d76b37b476/launch-41185cd0b005.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:9000:79c::1e80 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 22013d424a8c0d83c00689569238609bbf6ad3616bc51dac5b8e2c7e6775f174

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 20:08:31 GMT
content-encoding: gzip
last-modified: Wed, 08 Dec 2021 21:39:56 GMT
server: AkamaiNetStorage
etag: "d8b4a532e9559d18d4118fb4a3525c9b:1638999596.382245"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.microsoft.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 584
expires: Mon, 29 Aug 2022 21:08:31 GMT

GET
H2 200 jsll-4.js Show response
az725175.vo.msecnd.net/scripts/ 55 KB
18 KB 90ms
20ms Script
text/javascript 152.199.4.33
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://az725175.vo.msecnd.net/scripts/jsll-4.js
Requested by: Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.4.33 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (nya/7975) /
Resource Hash: e246eff2f6ae3e255a06eb561e6fc93ae3bef2cce22c5e0124d713c15f80567c

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 29 Aug 2022 20:08:31 GMT
content-encoding: gzip
content-md5: yvXHFTB8uAvUsw4tqOlcNw==
age: 535
x-cache: HIT
content-length: 18421
x-ms-lease-status: unlocked
last-modified: Mon, 22 Feb 2021 22:33:25 GMT
server: ECAcc (nya/7975)
etag: 0x8D8D781DE4DEC32
vary: Accept-Encoding
content-type: text/javascript; charset="utf-8"
access-control-allow-origin: *
x-ms-request-id: dfae7245-c01e-0038-4ce1-bb8e72000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=1800, immutable
x-ms-version: 2009-09-19

GET
H2 200 RCb827b2d874d8436fa48a7c19baf01bf1-source.min.js Show response
assets.adobedtm.com/5ef092d1efb5/d6d76b37b476/cc63921ab1f0/ 66 KB
17 KB 35ms
34ms Script
application/x-javascript 2600:141b:9000:79c::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5ef092d1efb5/d6d76b37b476/cc63921ab1f0/RCb827b2d874d8436fa48a7c19baf01bf1-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/5ef092d1efb5/d6d76b37b476/launch-41185cd0b005.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:9000:79c::1e80 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: bc96efefbf007ccc620b6188a1af63aa9cf933add7629bb6285ffc7253422bb0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

unused62: 8096267
date: Mon, 29 Aug 2022 20:08:31 GMT
content-encoding: gzip
last-modified: Wed, 08 Dec 2021 21:39:56 GMT
server: AkamaiNetStorage
etag: "d8b4a532e9559d18d4118fb4a3525c9b:1638999596.382245"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.microsoft.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 16898
expires: Mon, 29 Aug 2022 21:08:31 GMT

GET
H/1.1 200
OK t.js Show response
web.vortex.data.microsoft.com/collect/v1/ 281 B
644 B 30ms
30ms Script
application/javascript 23.96.225.71
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://web.vortex.data.microsoft.com/collect/v1/t.js?ver=%272.1%27&name=%27Ms.Webi.PageView%27&time=%272022-08-29T20%3A08%3A31.885Z%27&os=%27Windows%27&appId=%27JS%3AMicrosoft-365%27&-ver=%271.0%27&-impressionGuid=%2763bb59ca-f10f-4cbc-a7ee-f578e5b5eef3%27&-pageName=%27Undefined%27&-uri=%27https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F2022%2F01%2F15%2Fdestructive-malware-targeting-ukrainian-organizations%2F%27&-market=%27en-us%27&-pageType=%27Post%27&-resHeight=1200&-resWidth=1600&-pageTags=%27%7B%22metaTags%22%3A%7B%7D%7D%27&-behavior=0&*baseType=%27Ms.Content.PageView%27&*cookieEnabled=true&*isJs=true&*title=%27Destructive%20malware%20targeting%20Ukrainian%20organizations%20-%20Microsoft%20Security%20Blog%27&*isLoggedIn=false&*flashInstalled=false&ext-app-env=%27Production%27&ext-javascript-ver=%271.1%27&ext-javascript-libVer=%274.3.5%27&ext-javascript-domain=%27www.microsoft.com%27&ext-javascript-userConsent=true&$mscomCookies=false

Requested by

Host: az725175.vo.msecnd.net
URL: https://az725175.vo.msecnd.net/scripts/jsll-4.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

23.96.225.71 Chicago, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

ef53b5f9ff397df3793d45ef1311e750866dbe10cba9437ccaa85e78c68f935a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 29 Aug 2022 20:08:31 GMT
X-Content-Type-Options: nosniff
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Cache-Control: no-cache, no-store
MS-CV: xhEWITRlBESEeNHupwAkLg.0
Content-Type: application/javascript
Content-Length: 281
Expires: 0

GET
H2 200 launch-ENc0cbffaf0f8248c3a934a56818d7737e.min.js Show response
assets.adobedtm.com/ 184 KB
44 KB 20ms
19ms Script
application/x-javascript 2600:141b:9000:79c::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/launch-ENc0cbffaf0f8248c3a934a56818d7737e.min.js
Requested by: Host: query.prod.cms.rt.microsoft.com
URL: https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE1r2ij
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:9000:79c::1e80 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: b18d7ed945ff9d234b1d7fb348845c60c5dbf600a40131f01cb8ad32d07ed254

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 20:08:31 GMT
content-encoding: gzip
last-modified: Mon, 15 Aug 2022 21:38:59 GMT
server: AkamaiNetStorage
etag: "201dfcf0019be883cf610bfc0a7f291b:1660599539.566913"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.microsoft.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 44620
expires: Mon, 29 Aug 2022 21:08:31 GMT

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 7 KB
3 KB 121ms
31ms XHR
application/json 54.196.86.64
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_orgid=EA76ADE95776D2EC7F000101@AdobeOrg&d_cid=88170%01dcf66a57211e48f097c15589ffe592eb%010&d_ver=2

Requested by

Host: az725175.vo.msecnd.net
URL: https://az725175.vo.msecnd.net/scripts/jsll-4.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.196.86.64 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-196-86-64.compute-1.amazonaws.com

Software

Resource Hash

d5201560de7da68d50ad56670838fb729c2413881c6ae282aa98cda60441ad81

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json; charset=utf-8
Referer: https://www.microsoft.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

DCS: dcs-prod-va6-1-v038-0f6ded693.edge-va6.demdex.com 7 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: ZyMRdYukT48=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://www.microsoft.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 1992
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2

200

/
adservice.google.ca/ddm/fls/p/src=6952136;dc_pre=CKmHwp_t7PkCFcejnwodgrkOIA;type=store0;cat=jsll;u58=dcf66a57211e48f097c15589ffe592eb;match_id=dcf66a57211e48f097c15589ffe592eb;dc_lat=;dc_rdid=;tag_...
Redirect Chain

https://ad.doubleclick.net/ddm/activity/src=6952136;type=store0;cat=jsll;u58=dcf66a57211e48f097c15589ffe592eb;match_id=dcf66a57211e48f097c15589ffe592eb;dc_lat=;dc_rdid=;tag_for_child_directed_treat...
https://ad.doubleclick.net/ddm/activity/src=6952136;dc_pre=CKmHwp_t7PkCFcejnwodgrkOIA;type=store0;cat=jsll;u58=dcf66a57211e48f097c15589ffe592eb;match_id=dcf66a57211e48f097c15589ffe592eb;dc_lat=;dc_...
https://adservice.google.com/ddm/fls/p/src=6952136;dc_pre=CKmHwp_t7PkCFcejnwodgrkOIA;type=store0;cat=jsll;u58=dcf66a57211e48f097c15589ffe592eb;match_id=dcf66a57211e48f097c15589ffe592eb;dc_lat=;dc_r...
https://adservice.google.ca/ddm/fls/p/src=6952136;dc_pre=CKmHwp_t7PkCFcejnwodgrkOIA;type=store0;cat=jsll;u58=dcf66a57211e48f097c15589ffe592eb;match_id=dcf66a57211e48f097c15589ffe592eb;dc_lat=;dc_rd...

42 B
737 B

95ms
44ms

Image
image/gif

2607:f8b0:4006:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.ca/ddm/fls/p/src=6952136;dc_pre=CKmHwp_t7PkCFcejnwodgrkOIA;type=store0;cat=jsll;u58=dcf66a57211e48f097c15589ffe592eb;match_id=dcf66a57211e48f097c15589ffe592eb;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1;~oref=http://www.microsoft.com/

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/

Protocol

Server

2607:f8b0:4006:81f::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Aug 2022 20:08:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 29 Aug 2022 20:08:32 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/html; charset=UTF-8
location: https://adservice.google.ca/ddm/fls/p/src=6952136;dc_pre=CKmHwp_t7PkCFcejnwodgrkOIA;type=store0;cat=jsll;u58=dcf66a57211e48f097c15589ffe592eb;match_id=dcf66a57211e48f097c15589ffe592eb;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1;~oref=http://www.microsoft.com/
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 RCe273b42c34d5427cb02b2d6cd022cac2-source.min.js Show response
assets.adobedtm.com/5ef092d1efb5/2537c33769cb/b7143e91789e/ 1 KB
779 B 19ms
18ms Script
application/x-javascript 2600:141b:9000:79c::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5ef092d1efb5/2537c33769cb/b7143e91789e/RCe273b42c34d5427cb02b2d6cd022cac2-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc0cbffaf0f8248c3a934a56818d7737e.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:9000:79c::1e80 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: b0870c9fc71de4841981ea99af7ce54eb9c3cf47655c7c61a8b940b0e842eaea

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 20:08:31 GMT
content-encoding: gzip
last-modified: Mon, 15 Aug 2022 21:39:00 GMT
server: AkamaiNetStorage
etag: "017c6be0354c7d6d4e7ee856c1cab23d:1660599540.379059"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.microsoft.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 513
expires: Mon, 29 Aug 2022 21:08:31 GMT

GET
H2 200 RC86580b4b76fc4faca2bf443d92c6b256-source.min.js Show response
assets.adobedtm.com/5ef092d1efb5/2537c33769cb/b7143e91789e/ 2 KB
970 B 19ms
19ms Script
application/x-javascript 2600:141b:9000:79c::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5ef092d1efb5/2537c33769cb/b7143e91789e/RC86580b4b76fc4faca2bf443d92c6b256-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc0cbffaf0f8248c3a934a56818d7737e.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:9000:79c::1e80 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 8f84e6380b2cbcca2b1f405ddea760ddec41fdcee8924fe8c307a1beadf0c649

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 20:08:31 GMT
content-encoding: gzip
last-modified: Mon, 15 Aug 2022 21:39:00 GMT
server: AkamaiNetStorage
etag: "017c6be0354c7d6d4e7ee856c1cab23d:1660599540.379059"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.microsoft.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 704
expires: Mon, 29 Aug 2022 21:08:31 GMT

GET
H2 200 RC6e3e8b1d782343b1bb26a19a4cb6309f-source.min.js Show response
assets.adobedtm.com/5ef092d1efb5/2537c33769cb/b7143e91789e/ 66 KB
17 KB 20ms
20ms Script
application/x-javascript 2600:141b:9000:79c::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5ef092d1efb5/2537c33769cb/b7143e91789e/RC6e3e8b1d782343b1bb26a19a4cb6309f-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc0cbffaf0f8248c3a934a56818d7737e.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:9000:79c::1e80 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 9d7365126710539a225e8a66f604eaa93e4127b528dfd228bc42a50b6aa305d8

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 20:08:32 GMT
content-encoding: gzip
last-modified: Mon, 15 Aug 2022 21:39:00 GMT
server: AkamaiNetStorage
etag: "017c6be0354c7d6d4e7ee856c1cab23d:1660599540.379059"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.microsoft.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 16898
expires: Mon, 29 Aug 2022 21:08:32 GMT

GET
H2 200 RCafafd92e26934f528217d764d69eccb9-source.min.js Show response
assets.adobedtm.com/5ef092d1efb5/2537c33769cb/b7143e91789e/ 2 KB
1 KB 19ms
19ms Script
application/x-javascript 2600:141b:9000:79c::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5ef092d1efb5/2537c33769cb/b7143e91789e/RCafafd92e26934f528217d764d69eccb9-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc0cbffaf0f8248c3a934a56818d7737e.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:9000:79c::1e80 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 4507bc9f2168a2631b6442e0d69a200b6323442beaedcc4500a98f47c8e46bf7

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 20:08:32 GMT
content-encoding: gzip
last-modified: Mon, 15 Aug 2022 21:39:00 GMT
server: AkamaiNetStorage
etag: "017c6be0354c7d6d4e7ee856c1cab23d:1660599540.379059"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.microsoft.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 1030
expires: Mon, 29 Aug 2022 21:08:32 GMT

GET
H2 200 RCe86a4eb0fcba478dbcc7216ce8374629-source.min.js Show response
assets.adobedtm.com/5ef092d1efb5/2537c33769cb/b7143e91789e/ 893 B
767 B 21ms
19ms Script
application/x-javascript 2600:141b:9000:79c::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5ef092d1efb5/2537c33769cb/b7143e91789e/RCe86a4eb0fcba478dbcc7216ce8374629-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc0cbffaf0f8248c3a934a56818d7737e.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:9000:79c::1e80 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: d4c0ef7d36727f606bc014c311d563135b215df43c08f77133dd159e8b2d7379

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 20:08:32 GMT
content-encoding: gzip
last-modified: Mon, 15 Aug 2022 21:39:00 GMT
server: AkamaiNetStorage
etag: "017c6be0354c7d6d4e7ee856c1cab23d:1660599540.379059"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.microsoft.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 502
expires: Mon, 29 Aug 2022 21:08:32 GMT

GET
H2 200 RCa0059efdf53d4c19be7d008a0a7abf0a-source.min.js Show response
assets.adobedtm.com/5ef092d1efb5/2537c33769cb/b7143e91789e/ 4 KB
2 KB 19ms
18ms Script
application/x-javascript 2600:141b:9000:79c::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5ef092d1efb5/2537c33769cb/b7143e91789e/RCa0059efdf53d4c19be7d008a0a7abf0a-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc0cbffaf0f8248c3a934a56818d7737e.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:9000:79c::1e80 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 83ebc93aeef8e52d99a8da98659bf2cdd6a73048f9a6304587eaf5952b746f4d

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 20:08:32 GMT
content-encoding: gzip
last-modified: Mon, 15 Aug 2022 21:39:00 GMT
server: AkamaiNetStorage
etag: "017c6be0354c7d6d4e7ee856c1cab23d:1660599540.379059"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.microsoft.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 1390
expires: Mon, 29 Aug 2022 21:08:32 GMT

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=3106F8C30ADD4E2CAA6CFC50F213D5C0&RedC=c.clarity.ms&MXFR=03C6147AE6626B7B10FE0675E2626578
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=3106F8C30ADD4E2CAA6CFC50F213D5C0&MUID=03C6147AE6626B7B10FE0675E2626578

42 B
333 B

31ms
30ms

Image
image/gif

20.110.81.91
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=3106F8C30ADD4E2CAA6CFC50F213D5C0&MUID=03C6147AE6626B7B10FE0675E2626578
Protocol: H2
Server: 20.110.81.91 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Aug 2022 20:08:32 GMT
last-modified: Wed, 17 Aug 2022 16:32:48 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
etag: "6fa9befc56b2d81:0"
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-type: image/gif
content-length: 42

Redirect headers

pragma: no-cache
date: Mon, 29 Aug 2022 20:08:31 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D4040B0AFB70495E90A4BABE6DCEDC0B Ref B: YTO01EDGE0715 Ref C: 2022-08-29T20:08:32Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=3106F8C30ADD4E2CAA6CFC50F213D5C0&MUID=03C6147AE6626B7B10FE0675E2626578
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H/1.1 200
OK me.srf Show response
login.live.com/ Frame C4FD 12 KB
7 KB 210ms
46ms Document
text/html 20.190.152.21
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://login.live.com/me.srf?wa=wsignin1.0&wreply=https%3A%2F%2Fwww.microsoft.com&uaid=bb78e905-c054-47c0-e813-61c9c4b29569&partnerId=mssecurity

Requested by

Host: mem.gfx.ms
URL: https://mem.gfx.ms/scripts/me/MeControl/10.22108.2/en-US/meBoot.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.190.152.21 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

172cf9502b9dffd1c6f004a24acec79081acfc804ad8240c575b62944895d836

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.microsoft.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Cache-Control: no-store, no-cache
Content-Encoding: gzip
Content-Length: 4843
Content-Type: text/html; charset=utf-8
Date: Mon, 29 Aug 2022 20:08:32 GMT
Expires: Mon, 29 Aug 2022 20:07:32 GMT
Link: <https://logincdn.msauth.net>; rel=preconnect; crossorigin <https://acctcdn.msauth.net>; rel=preconnect; crossorigin <https://acctcdn.msftauth.net>; rel=preconnect; crossorigin <https://acctcdn.msauth.net/>; rel=dns-prefetch <https://acctcdn.msftauth.net/>; rel=dns-prefetch <https://acctcdnmsftuswe2.azureedge.net/>; rel=dns-prefetch <https://acctcdnvzeuno.azureedge.net/>; rel=dns-prefetch <https://logincdn.msauth.net/>; rel=dns-prefetch <https://lgincdnvzeuno.azureedge.net/>; rel=dns-prefetch <https://lgincdnmsftuswe2.azureedge.net/>; rel=dns-prefetch
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
PPServer: PPV: 30 H: BL02PF8A23B5D05 V: 0
Pragma: no-cache
Referrer-Policy: strict-origin-when-cross-origin
Strict-Transport-Security: max-age=31536000
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: on
X-XSS-Protection: 1; mode=block
x-ms-request-id: 7d8bfc85-6b87-4f68-a82f-40c2fd233826
x-ms-route-info: R3_BL2

GET
H2 200 meCore.min.js Show response
mem.gfx.ms/scripts/me/MeControl/10.22108.2/en-US/ 100 KB
16 KB 31ms
30ms Script
application/javascript 2620:1ec:bdf::40
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://mem.gfx.ms/scripts/me/MeControl/10.22108.2/en-US/meCore.min.js

Requested by

Host: mem.gfx.ms
URL: https://mem.gfx.ms/meversion?partner=MSSecurity&market=en-us&uhf=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:bdf::40 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

bd7c1c14906bd237be9dc60260be6ec2e2f3e93584dc67e62159cdd13bde5834

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.microsoft.com/
Origin: https://www.microsoft.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: br
x-content-type-options: nosniff
last-modified: Tue, 23 Aug 2022 01:00:42 GMT
x-azure-ref-originshield: 0PawLYwAAAACJdFTIbEClRayNaBXj51XDRE0yQUExMDkxMjA3MDQ1AGVhYzVmNDlmLWUwMmQtNGY0MS1iMGE2LTJkNTBmOWZjZjg0YQ==
etag: "1d8b6c670d03f99"
x-azure-ref: 0wBwNYwAAAAB7lNgdRfRgT6+XmgRj8hy0Q0hHRURHRTE1MjIAZWFjNWY0OWYtZTAyZC00ZjQxLWIwYTYtMmQ1MGY5ZmNmODRh
x-cache: TCP_HIT
content-type: application/javascript
access-control-allow-origin: *
date: Mon, 29 Aug 2022 20:08:32 GMT
x-ua-compatible: IE=edge

GET
H2 200 RC5eb5e08515914221ad9b4c3856d3596d-source.min.js Show response
assets.adobedtm.com/5ef092d1efb5/2537c33769cb/b7143e91789e/ 2 KB
1 KB 19ms
18ms Script
application/x-javascript 2600:141b:9000:79c::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5ef092d1efb5/2537c33769cb/b7143e91789e/RC5eb5e08515914221ad9b4c3856d3596d-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc0cbffaf0f8248c3a934a56818d7737e.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:9000:79c::1e80 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 42c40b515949a9693a1d34d54e5ab61d078c7a29d6c75a03f2f06ddba6cc2d97

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 20:08:32 GMT
content-encoding: gzip
last-modified: Mon, 15 Aug 2022 21:39:00 GMT
server: AkamaiNetStorage
etag: "017c6be0354c7d6d4e7ee856c1cab23d:1660599540.379059"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.microsoft.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 867
expires: Mon, 29 Aug 2022 21:08:32 GMT

GET
H2 200 RE4xdax
img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/ 3 KB
3 KB 28ms
28ms Image
image/png 2600:141b:13::17d7:82c8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4xdax

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2600:141b:13::17d7:82c8 New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

2176784dfc7c4beeacaecacbbc6b7a1f2f281f17ff0a3c644909c3b3849ed01e

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 29 Aug 2022 20:08:32 GMT
last-modified: Sun, 28 Aug 2022 23:00:49 GMT
x-datacenter: eastus
x-source-length: 3094
x-frame-options: DENY
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=356037
x-activityid: 1af0207d-6e81-4610-8b88-15a4b67982b7
x-resizerversion: 1.0
content-location: https://image.prod.cms.rt.microsoft.com/cms/api/am/imageFileData/RE4xdax
content-length: 3094
expires: Fri, 02 Sep 2022 23:02:29 GMT

POST
H/1.1 200
OK / Show response
browser.events.data.microsoft.com/OneCollector/1.0/ 24 B
463 B 421ms
106ms XHR
application/json 20.50.201.195
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3Ddcf66a57211e48f097c15589ffe592eb%26HASH%3Ddcf6%26LV%3D202208%26V%3D4%26LU%3D1661803711787&w=0

Requested by

Host: js.monitor.azure.com
URL: https://js.monitor.azure.com/scripts/c/ms.analytics-web-3.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.50.201.195 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-HTTPAPI/2.0 /

Resource Hash

51eb16447d65a8e85488cc5b300daa11092e03134afc7e587392a1563640ca8d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

upload-time: 1661803712414
accept-language: en-CA,en;q=0.9
client-version: 1DS-Web-JS-3.2.4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
time-delta-to-apply-millis: use-collector-delta
content-type: application/x-json-stream
cache-control: no-cache, no-store
apikey: cb68b8f590184975aa5eb4ed576fb074-e666ac9b-fa31-4339-8b9c-775f4bae31f3-6978
Referer: https://www.microsoft.com/
Client-Id: NO_AUTH

Response headers

Strict-Transport-Security: max-age=31536000
Server: Microsoft-HTTPAPI/2.0
Date: Mon, 29 Aug 2022 20:08:32 GMT
time-delta-millis: 879
Access-Control-Allow-Methods: POST
Content-Type: application/json
Access-Control-Allow-Origin: https://www.microsoft.com
Access-Control-Expose-Headers: time-delta-millis
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: time-delta-millis
Content-Length: 24

OPTIONS
H/1.1 200
OK /
browser.events.data.microsoft.com/OneCollector/1.0/ Frame 0
0 516ms
107ms Preflight 20.50.201.195
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.50.201.195 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-HTTPAPI/2.0 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Headers: apikey,cache-control,client-id,client-version,content-type,time-delta-to-apply-millis,upload-time
Access-Control-Request-Method: POST
Origin: https://www.microsoft.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: AuthMsaDeviceTicket,AuthXToken,Content-Encoding,Content-Type,Cache-Control,Client-Id,SDK-Name,sdk-version,apikey,x-apikey,client-version,upload-time,time-delta-to-apply-millis,client-time-epoch-millis,persistence-mode,reliability-mode,NoResponseBody
Access-Control-Allow-Origin: https://www.microsoft.com
Access-Control-Max-Age: 3600
Cache-Control: public, 3600
Content-Length: 0
Date: Mon, 29 Aug 2022 20:08:31 GMT
Server: Microsoft-HTTPAPI/2.0
Strict-Transport-Security: max-age=31536000

POST
H/1.1 200
OK v1
web.vortex.data.microsoft.com/collect/ 0
0 30ms
30ms Ping
application/json 23.96.225.71
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://web.vortex.data.microsoft.com/collect/v1?$mscomCookies=false&ext-javascript-msfpc=%27GUID%3Ddcf66a57211e48f097c15589ffe592eb%26HASH%3Ddcf6%26LV%3D202208%26V%3D4%26LU%3D1661803711787%27
Requested by: Host: az725175.vo.msecnd.net
URL: https://az725175.vo.msecnd.net/scripts/jsll-4.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.96.225.71 Chicago, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.microsoft.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H2

200

c.gif
c1.microsoft.com/
Redirect Chain

https://c1.microsoft.com/c.gif?DI=4050&did=1&t=
https://c.bing.com/c.gif?DI=4050&did=1&t=&ctsa=mr&CtsSyncId=082957C9608F4646AE6C529BB2CF20BE&RedC=c1.microsoft.com&MXFR=201D19E079726ABD06B70BEF7D726CFE
https://c1.microsoft.com/c.gif?DI=4050&did=1&t=&ctsa=mr&CtsSyncId=082957C9608F4646AE6C529BB2CF20BE&MUID=201D19E079726ABD06B70BEF7D726CFE

42 B
387 B

31ms
31ms

Image
image/gif

20.110.81.91
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c1.microsoft.com/c.gif?DI=4050&did=1&t=&ctsa=mr&CtsSyncId=082957C9608F4646AE6C529BB2CF20BE&MUID=201D19E079726ABD06B70BEF7D726CFE
Protocol: H2
Server: 20.110.81.91 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Aug 2022 20:08:32 GMT
last-modified: Wed, 17 Aug 2022 16:32:48 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
etag: "6fa9befc56b2d81:0"
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-type: image/gif
content-length: 42

Redirect headers

pragma: no-cache
date: Mon, 29 Aug 2022 20:08:31 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D8B34DD99D27448AABB5956FE806ABC7 Ref B: YTO01EDGE0715 Ref C: 2022-08-29T20:08:32Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c1.microsoft.com/c.gif?DI=4050&did=1&t=&ctsa=mr&CtsSyncId=082957C9608F4646AE6C529BB2CF20BE&MUID=201D19E079726ABD06B70BEF7D726CFE
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H2 200 bat.js Show response
bat.bing.com/ 38 KB
12 KB 87ms
36ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.microsoft.com
URL: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

30153b15b4cb898c421e657f6de21dc27435cb990e7888367bdee12e06398da7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Thu, 28 Jul 2022 17:32:37 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C4D05EA157CC4DAE9947C3BBFF647F9C Ref B: YTO01EDGE0408 Ref C: 2022-08-29T20:08:32Z
etag: "80a8697a8a2d81:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
date: Mon, 29 Aug 2022 20:08:31 GMT
accept-ranges: bytes
content-length: 11367

GET
H2

200

/
p.adsymptotic.com/d/px/
Redirect Chain

https://dc.ads.linkedin.com/collect/?pid=7850&fmt=gif
https://px4.ads.linkedin.com/collect?pid=7850&fmt=gif&e_ipv6=AQKg_eBUl8yrRQAAAYLrOE_mjlkPonToEDhYAQ7dtJqlQxQHRxP0bA8bUtZ4IicMboLJ1YJ1
https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=c38800f2-570b-4223-b320-8fc334a1ac8c

43 B
97 B

105ms
105ms

Image
image/gif

104.18.98.194
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=c38800f2-570b-4223-b320-8fc334a1ac8c
Protocol: H2
Server: 104.18.98.194 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 20:08:32 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 7427eb540baaa24c-YYZ
p3p: CP='NON DSP COR CONi OUR BUS CNT'
content-type: image/gif
content-length: 43

Redirect headers

date: Mon, 29 Aug 2022 20:08:31 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: A45F4E05C57F49AAA0E17D34BE6FC540 Ref B: YTO01EDGE0814 Ref C: 2022-08-29T20:08:32Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
location: https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=c38800f2-570b-4223-b320-8fc334a1ac8c
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXnZtP5f14O7PlZ+uw2gg==

GET
H2

200

/
www.google.ca/pagead/1p-user-list/837109043/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/837109043/?guid=ON&script=0&random=784613
https://www.google.com/pagead/1p-user-list/837109043/?guid=ON&script=0&random=784613&is_vtc=1&random=1959118063
https://www.google.ca/pagead/1p-user-list/837109043/?guid=ON&script=0&random=784613&is_vtc=1&random=1959118063&ipr=y

42 B
548 B

82ms
36ms

Image
image/gif

2607:f8b0:4006:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/837109043/?guid=ON&script=0&random=784613&is_vtc=1&random=1959118063&ipr=y

Protocol

Server

2607:f8b0:4006:809::2003 Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Aug 2022 20:08:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 29 Aug 2022 20:08:32 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/gif
location: https://www.google.ca/pagead/1p-user-list/837109043/?guid=ON&script=0&random=784613&is_vtc=1&random=1959118063&ipr=y
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 tr
www.facebook.com/ 44 B
297 B 61ms
18ms Image
image/gif 2a03:2880:f112:182:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr?id=1770559986549030&ev=PageView&dpo=LDU&dpoco=0&dpost=0&noscript=1&random=406747

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 20:08:32 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 44
expires: Mon, 29 Aug 2022 20:08:32 GMT

GET
H/1.1 200
OK t.gif
web.vortex.data.microsoft.com/collect/v1/ 43 B
392 B 65ms
64ms Image
image/gif 23.96.225.71
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://web.vortex.data.microsoft.com/collect/v1/t.gif?ver=%272.1%27&name=%27Ms.Webi.OutgoingRequest%27&time=%272022-08-29T20%3A08%3A32.435Z%27&appId=%27JS%3AMeControl%27&cV=%27dJBNGUFAaBWm97T1.7%27&flags=2097152&ext-javascript-ver=%271.1%27&ext-javascript-libVer=%274.2.3%27&ext-javascript-domain=%27www.microsoft.com%27&ext-javascript-userConsent=false&ext-app-env=%27Prod%27&-operationName=%27meCore.min.js%27&-dependencyOperationName=%27DownloadScript%27&-dependencyName=%27MeControl%27&-latencyMs=32&-succeeded=true&-targetUri=%27https%3A%2F%2Fmem.gfx.ms%2Fscripts%2Fme%2FMeControl%2F10.22108.2%2Fen-US%2FmeCore.min.js%27&*baseType=%27Ms.Qos.OutgoingServiceRequest%27&*pageName=%27Initial%20Collapsed%27&*impressionGuid=%2790f16e88-58e1-4be8-0880-ffd3146ef466%27&*market=%27en-US%27&*customData=%27%7B%22computedDuration%22%3A97.29999923706055%2C%22perfDuration%22%3A32.19999694824219%2C%22metaTags%22%3A%7B%22pgpart%22%3A%22mssecurity%22%7D%2C%22config%22%3A%7B%22ver%22%3A%2210.22108.2%22%2C%22mkt%22%3A%22en-US%22%2C%22ptn%22%3A%22mssecurity%22%2C%22gfx%22%3A%22https%3A%2F%2Famcdn.msftauth.net%22%2C%22dbg%22%3Afalse%2C%22aad%22%3Atrue%2C%22int%22%3Afalse%2C%22pxy%22%3Atrue%2C%22msTxt%22%3Afalse%2C%22rwd%22%3Atrue%2C%22telEvs%22%3A%22PageAction%2C%20PageView%2C%20ContentUpdate%2C%20OutgoingRequest%2C%20ClientError%2C%20PartnerApiCall%2C%20TrackedScenario%22%2C%22instKey%22%3A%22b8ffe739c47a401190627519795ca4d2-044a8309-9d4b-430b-9d47-6e87775cbab6-6888%22%2C%22oneDSUrl%22%3A%22https%3A%2F%2Fjs.monitor.azure.com%2Fscripts%2Fc%2Fms.shared.analytics-3.1.11.gbl.min.js%22%2C%22remAcc%22%3Atrue%2C%22main%22%3A%22meBoot%22%2C%22wrapperId%22%3A%22uhf%22%2C%22cdnRegex%22%3A%22%5E(%3F%3Ahttps%3F%3A%5C%5C%2F%5C%5C%2F)%3F(mem%5C%5C.gfx%5C%5C.ms(%3F!%5C%5C.)%7Ccontrols%5C%5C.account.microsoft%3F(%3F%3A-int%7C-dev)%3F(%5C%5C.com)%3F(%3A%5B0-9%5D%7B1%2C6%7D)%7Camcdn%5C%5C.ms(%3F%3Aft)%3Fauth%5C%5C.net(%3F!%5C%5C.))%22%2C%22timeoutMs%22%3A30000%2C%22graphv2%22%3Atrue%2C%22graphinfo%22%3A%7B%22graphclientid%22%3A%227eadcef8-456d-4611-9480-4fff72b8b9e2%22%2C%22graphscope%22%3A%22user.read%22%2C%22graphcodeurl%22%3A%22https%3A%2F%2Flogin.microsoftonline.com%2Fcommon%2Foauth2%2Fv2.0%2Fauthorize%22%2C%22graphredirecturi%22%3A%22https%3A%2F%2Famcdn.msftauth.net%2Fme%2Fcallgraph%22%2C%22graphphotourl%22%3A%22https%3A%2F%2Fgraph.microsoft.com%2Fv1.0%2Fme%2Fphotos%2F96x96%2F%24value%22%7D%2C%22aadUrl%22%3A%22https%3A%2F%2Fmyaccount.microsoft.com%22%2C%22msaUrl%22%3A%22https%3A%2F%2Faccount.microsoft.com%2F%22%2C%22authAppUpsellUrl%22%3A%22%22%2C%22cache%22%3Atrue%2C%22cacheRetention%22%3A%7B%22picRetention%22%3A604800000%2C%22authAppRetention%22%3A94670856000%7D%7D%2C%22url%22%3A%22https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F2022%2F01%2F15%2Fdestructive-malware-targeting-ukrainian-organizations%2F%22%2C%22accts%22%3A%220-0%22%7D%27

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

23.96.225.71 Chicago, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 29 Aug 2022 20:08:32 GMT
X-Content-Type-Options: nosniff
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Cache-Control: no-cache, no-store
MS-CV: OjiqZELBw06c3pQVEJKsyg.0
Content-Type: image/gif
Content-Length: 43
Expires: 0

GET
H2 200 ms.shared.analytics-3.1.11.gbl.min.js Show response
js.monitor.azure.com/scripts/c/ 80 KB
29 KB 95ms
32ms Script
text/javascript 2620:1ec:46::40
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://js.monitor.azure.com/scripts/c/ms.shared.analytics-3.1.11.gbl.min.js
Requested by: Host: mem.gfx.ms
URL: https://mem.gfx.ms/meversion?partner=MSSecurity&market=en-us&uhf=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:46::40 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 532486f86eb4d4423c8bdbabb00c69c942800fbba90d456d8e71210cbac09d9a

Request headers

Referer: https://www.microsoft.com/
Origin: https://www.microsoft.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 20:08:32 GMT
content-encoding: br
x-ms-meta-jssdkver: 3.1.11
last-modified: Wed, 02 Mar 2022 00:34:01 GMT
x-azure-ref-originshield: 0iEMKYwAAAAADAca/B2NiSIPBMXTTdqR+RE0yQUExMDkxMjA4MDUxAGYxY2E3M2Q0LTg4ODMtNGNhZi1hYmRjLWZlMmQ1NjdhZmI5Ng==
content-md5: DIZ9SGzozvDW8TjfsqXTcw==
etag: 0x8D9FBE45937B34A
x-azure-ref: 0wBwNYwAAAAD1mULhbYcuSb9GcoiduqbvQ0hHRURHRTE2MTgAZjFjYTczZDQtODg4My00Y2FmLWFiZGMtZmUyZDU2N2FmYjk2
x-cache: TCP_HIT
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
x-ms-request-id: 03cfeb46-001e-0037-7d3b-b33ad9000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,x-ms-meta-jssdkver,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000, immutable, no-transform
x-ms-version: 2009-09-19

POST
H/1.1 200
OK v1
web.vortex.data.microsoft.com/collect/ 0
0 30ms
30ms Ping
application/json 23.96.225.71
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://web.vortex.data.microsoft.com/collect/v1
Requested by: Host: mem.gfx.ms
URL: https://mem.gfx.ms/scripts/me/MeControl/10.22108.2/en-US/meCore.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.96.225.71 Chicago, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.microsoft.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H2 200 4000034.js Show response
bat.bing.com/p/action/ 1 KB
842 B 34ms
34ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/4000034.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

4657168fd3c24a280c873596813c9aa0ba7940e478d777176112566a9a53012b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: BFE752BD5DE246AFAC2E1C05FEE8A034 Ref B: YTO01EDGE0408 Ref C: 2022-08-29T20:08:32Z
date: Mon, 29 Aug 2022 20:08:31 GMT
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private,max-age=60
content-length: 664

GET
H2 204 0
bat.bing.com/action/ 0
176 B 46ms
45ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=4000034&Ver=2&mid=3af6824f-7041-4e3b-8c65-acb921f7915c&sid=5b38623027d611ed84e82d9869b6ac9a&vid=5b384d4027d611edabef7500bda2eb1f&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Destructive%20malware%20targeting%20Ukrainian%20organizations%20-%20Microsoft%20Security%20Blog&p=https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F2022%2F01%2F15%2Fdestructive-malware-targeting-ukrainian-organizations%2F&r=&lt=2040&evt=pageLoad&sv=1&rn=595004

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 93A71B73326646E8928148E54C80F963 Ref B: YTO01EDGE0408 Ref C: 2022-08-29T20:08:32Z
date: Mon, 29 Aug 2022 20:08:31 GMT
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 MeControl_iFp4SUwRKy814JYfThJYwg2.js Show response
logincdn.msauth.net/16.000/content/js/ Frame C4FD 17 KB
7 KB 128ms
30ms Script
application/x-javascript 2620:1ec:bdf::40
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://logincdn.msauth.net/16.000/content/js/MeControl_iFp4SUwRKy814JYfThJYwg2.js
Requested by: Host: login.live.com
URL: https://login.live.com/me.srf?wa=wsignin1.0&wreply=https%3A%2F%2Fwww.microsoft.com&uaid=bb78e905-c054-47c0-e813-61c9c4b29569&partnerId=mssecurity
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:bdf::40 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 2614fa6268b30aa20bf29839b4059e6f183a180bbdaba0e92d365b4bae5e361a

Request headers

Referer: https://login.live.com/
Origin: https://login.live.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 29 Aug 2022 20:08:32 GMT
content-encoding: gzip
x-azure-ref-originshield: 0RQYKYwAAAADEQ3LhFDYUR6goid+/jTQuRE0yQUExMDkxMjA4MDUzAGRiNjYyZmUzLWY0MzgtNDNjMi1hMjlmLWU2NTkwYzRmNWU1MQ==
content-md5: KTJYI5W5FPx3C3j3Lg245A==
x-cache: TCP_HIT
content-length: 6044
x-ms-lease-status: unlocked
last-modified: Fri, 05 Aug 2022 05:53:01 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag: 0x8DA76A6C19CF38D
x-azure-ref: 0wBwNYwAAAADzdtP0Di5kSpKD7uTTnAlLQ0hHRURHRTE1MjIAZGI2NjJmZTMtZjQzOC00M2MyLWEyOWYtZTY1OTBjNGY1ZTUx
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 48ab499e-601e-0029-48cd-b5d553000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19

GET
H2 200 4000034 Show response
www.clarity.ms/tag/uet/ 2 KB
2 KB 43ms
42ms Script
application/x-javascript 2620:1ec:40::40
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/uet/4000034
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/p/action/4000034.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:40::40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ASP.NET
Resource Hash: 8e68325ff5785f0788d01726e5043504af6de13c964b14d761380fd78a68b83b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.microsoft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 20:08:32 GMT
x-powered-by: ASP.NET
x-azure-ref: 0wBwNYwAAAADOaYnykuhLTYg9S+98a4SlWVRPMjIxMDkwODE3MDIzADZjZmJlZWUwLTUwMjctNDg0Yi04OTY3LTRhMjlhZjc3ZjFlMQ==
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
cache-control: no-cache, no-store
request-context: appId=cid-v1:67bc0b23-8423-4b52-b1ca-6a87709ceaa2
content-length: 1596
expires: -1

POST
H2 204 collect Show response
l.clarity.ms/ 0
48 B 82ms
81ms XHR
text/plain 20.120.65.166
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://l.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/eus-e/s/0.6.39/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.120.65.166 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.microsoft.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

access-control-allow-origin: https://www.microsoft.com
date: Mon, 29 Aug 2022 20:08:32 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:e55edbbe-e22b-46b4-8313-9ee2a4e71d12

POST
H/1.1 200
OK / Show response
browser.events.data.microsoft.com/OneCollector/1.0/ 24 B
463 B 106ms
105ms XHR
application/json 20.50.201.195
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: js.monitor.azure.com
URL: https://js.monitor.azure.com/scripts/c/ms.analytics-web-3.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.50.201.195 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-HTTPAPI/2.0 /

Resource Hash

4a43245106e0874b95dc5edec8fc630a06f82bf5ce87f245b1b9cd286313ca59

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

upload-time: 1661803713416
accept-language: en-CA,en;q=0.9
client-version: 1DS-Web-JS-3.2.4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
time-delta-to-apply-millis: 879
content-type: application/x-json-stream
cache-control: no-cache, no-store
apikey: cb68b8f590184975aa5eb4ed576fb074-e666ac9b-fa31-4339-8b9c-775f4bae31f3-6978
Referer: https://www.microsoft.com/
Client-Id: NO_AUTH

Response headers

Strict-Transport-Security: max-age=31536000
Server: Microsoft-HTTPAPI/2.0
Date: Mon, 29 Aug 2022 20:08:32 GMT
time-delta-millis: 158
Access-Control-Allow-Methods: POST
Content-Type: application/json
Access-Control-Allow-Origin: https://www.microsoft.com
Access-Control-Expose-Headers: time-delta-millis
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: time-delta-millis
Content-Length: 24

OPTIONS
H/1.1 200
OK /
browser.events.data.microsoft.com/OneCollector/1.0/ Frame 0
0 108ms
107ms Preflight 20.50.201.195
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.50.201.195 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-HTTPAPI/2.0 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Headers: apikey,cache-control,client-id,client-version,content-type,time-delta-to-apply-millis,upload-time
Access-Control-Request-Method: POST
Origin: https://www.microsoft.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: AuthMsaDeviceTicket,AuthXToken,Content-Encoding,Content-Type,Cache-Control,Client-Id,SDK-Name,sdk-version,apikey,x-apikey,client-version,upload-time,time-delta-to-apply-millis,client-time-epoch-millis,persistence-mode,reliability-mode,NoResponseBody
Access-Control-Allow-Origin: https://www.microsoft.com
Access-Control-Max-Age: 3600
Cache-Control: public, 3600
Content-Length: 0
Date: Mon, 29 Aug 2022 20:08:32 GMT
Server: Microsoft-HTTPAPI/2.0
Strict-Transport-Security: max-age=31536000

POST
H/1.1 200
OK / Show response
browser.events.data.microsoft.com/OneCollector/1.0/ 204 B
643 B 210ms
210ms XHR
application/json 20.50.201.195
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.1.11&apikey=b8ffe739c47a401190627519795ca4d2-044a8309-9d4b-430b-9d47-6e87775cbab6-6888&upload-time=1661803714583&time-delta-to-apply-millis=use-collector-delta&w=0

Requested by

Host: js.monitor.azure.com
URL: https://js.monitor.azure.com/scripts/c/ms.shared.analytics-3.1.11.gbl.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.50.201.195 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-HTTPAPI/2.0 /

Resource Hash

f88f626fd8d8844fefcc3d4de4d2f180ed7d01fd3334694e8319b77a62611671

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.microsoft.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Strict-Transport-Security: max-age=31536000
Server: Microsoft-HTTPAPI/2.0
Date: Mon, 29 Aug 2022 20:08:33 GMT
time-delta-millis: 53
Access-Control-Allow-Methods: POST
Content-Type: application/json
Access-Control-Allow-Origin: https://www.microsoft.com
Access-Control-Expose-Headers: time-delta-millis
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: time-delta-millis
Content-Length: 204

Verdicts & Comments Add Verdict or Comment

107 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

39 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.microsoft.com/	1970-01-20 05:36:50	Name: ak_bmsc Value: E03F57B031B1CEAAD43CB2E3FEB2A21B~000000000000000000000000000000~YAAQJpQzuAROLMmCAQAAQUg46xCURIZBxKGWhm7E0+H8hoPyDI3xPE3QSXLsDava6b9KbDO0bnK134Vxy5iRVXzqjlQQfvAFaRulBYcukShwR2dq75N0aXg0qWDoieCE7nQYCY3LhqmRthZ1X2oc01UhqAcmeqkCYOgapB+1q23xTr70NIHVJkmV84JhC4g5/XFu5nQ4x1oX6rsV+telUFU3dLPzF91BCTVmpnSXrimwiI+SLEuEESUmtMB2eAQxujJ/OFrJzISm8otKxmvKsv26RUEVHbZGdOSS+gIm63qWz/I/sSL5jr2/DvwcF8J7G6Nw6kGzOPYfSC38rpJCnQiYs65o8yl694wZtLvtefFFVRFmyH1c7lx+4VIf5ZH1n6/hp1dVB517pLQtCDYjPGXBoC0=
.microsoft.com/	1970-01-20 05:38:10	Name: MSCC Value: NR
www.microsoft.com/	1970-01-20 14:22:19	Name: MicrosoftApplicationsTelemetryDeviceId Value: a0c5b1dd-155b-4377-bd65-734496d3149c
www.microsoft.com/	1970-01-20 05:36:45	Name: ai_session Value: X0Fn0RmwdycWmOPFaa3rjZ\|1661803711359\|1661803711359
www.clarity.ms/	1970-01-20 14:22:19	Name: CLID Value: 3ab811c5e58f45ec92b68e3b6be856b0.20220829.20230829
.microsoft.com/	1970-01-20 14:22:19	Name: _clck Value: 1tp9wwp\|1\|f4f\|0
.linkedin.com/	1970-01-20 07:46:19	Name: li_sugr Value: c38800f2-570b-4223-b320-8fc334a1ac8c
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 14:22:19	Name: bcookie Value: "v=2&89325b81-5ec5-4010-87f7-1735e94fb54f"
.linkedin.com/	1970-01-20 05:38:10	Name: lidc Value: "b=OGST02:s=O:r=O:a=O:p=O:g=2748:u=1:x=1:i=1661803711:t=1661890111:v=2:sig=AQGdIMx7gwBO1F_M_QGm2rMWyCDr0M1d"
.linkedin.com/	1970-01-20 06:19:55	Name: UserMatchHistory Value: AQJqPUW6Gbt5FAAAAYLrOE0G4If2W9Z8JsVAV0dCpdMHSBybFdHxVQ7EuDFiDqwoaZwXBicdnZdDEg
.linkedin.com/	1970-01-20 06:19:55	Name: AnalyticsSyncHistory Value: AQLdvfWGSgEFiAAAAYLrOE0G3d0Rz6pNYBEnr5GHcwFFsaEUaKiBt8g2NeRlvPDeb4aEn0PzBqcKICLcBgX-VQ
.microsoft.com/	1970-01-20 14:22:19	Name: MC1 Value: GUID=dcf66a57211e48f097c15589ffe592eb&HASH=dcf6&LV=202208&V=4&LU=1661803711787
.microsoft.com/	1970-01-20 05:36:45	Name: MS0 Value: a71a39e735f6438089c8ad6c18197005
.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.www.linkedin.com/	1970-01-20 14:22:19	Name: bscookie Value: "v=1&202208292008318710eff8-8ac9-4573-85c3-ca8d5930457eAQF-U2e8Ib5DJ5f_vu9D8jBVx8j_2-FN"
.microsoft.com/	1970-01-20 05:38:10	Name: _clsk Value: 18zmm8a\|1661803711911\|1\|1\|l.clarity.ms/collect
www.microsoft.com/	1970-01-20 14:22:19	Name: MSFPC Value: GUID=dcf66a57211e48f097c15589ffe592eb&HASH=dcf6&LV=202208&V=4&LU=1661803711787
.adsymptotic.com/	1970-01-20 07:46:19	Name: U Value: 76dcbfd1b48c99515f824e7c343e0f69
.clarity.ms/	1970-01-20 14:58:19	Name: MUID Value: 03C6147AE6626B7B10FE0675E2626578
.microsoft.com/	1970-01-20 14:58:19	Name: MUID Value: 201D19E079726ABD06B70BEF7D726CFE
.c.bing.com/	1970-01-20 05:46:48	Name: MR Value: 0
.bat.bing.com/	1970-01-20 05:46:48	Name: MR Value: 0
.microsoft.com/	1970-01-20 05:38:10	Name: _uetsid Value: 5b38623027d611ed84e82d9869b6ac9a
.microsoft.com/	1970-01-20 14:58:19	Name: _uetvid Value: 5b384d4027d611edabef7500bda2eb1f
.bing.com/	1970-01-20 14:58:19	Name: MUID Value: 201D19E079726ABD06B70BEF7D726CFE
.c.bing.com/	1970-01-20 14:58:19	Name: SRM_B Value: 201D19E079726ABD06B70BEF7D726CFE
.c.bing.com/	1970-01-20 14:58:19	Name: SRM_I Value: 201D19E079726ABD06B70BEF7D726CFE
.login.live.com/	1969-12-31 23:59:59	Name: uaid Value: bb78e905c05447c0e81361c9c4b29569
.login.live.com/	1969-12-31 23:59:59	Name: MSPRequ Value: id=N&lt=1661803712&co=1
.login.live.com/	1969-12-31 23:59:59	Name: OParams Value: 11O.DfpIsLf30G0KnvTZH4!Oa0TCNEljutPOBI7pTqcFBhPcEOdMJv0Ls5SBk0!aaWgw3QKn0wGSKUgc07N09RQqzDhuHHzDua42tNjprCKjvbNDTCBipz1O0sKmcWIz!HBIgExT!ZOTcPlBrHNosADnl1fyopxnMEC8CeutRor4RrrYcwJrye6sOFE1hPYl24B7!NCjf!xm6PGPXHgEnZZAwJJX3d9M746gWUlFCKthxteYRqdBDUYBfcBzg0CBdbjttQ*ZEwx7QmdMu2j5JKjcM$
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.c.clarity.ms/	1970-01-20 05:46:48	Name: MR Value: 0
.c.clarity.ms/	1970-01-20 05:36:44	Name: ANONCHK Value: 0
.c1.microsoft.com/	1969-12-31 23:59:59	Name: SM Value: C
.c1.microsoft.com/	1970-01-20 14:58:19	Name: SRM_I Value: 201D19E079726ABD06B70BEF7D726CFE
.c1.microsoft.com/	1970-01-20 05:46:48	Name: MR Value: 0
.c1.microsoft.com/	1970-01-20 05:36:44	Name: ANONCHK Value: 0
.doubleclick.net/	1970-01-20 15:12:43	Name: IDE Value: AHWqTUnvNOPWNg8fvrydrRfAJX5GPTZRM2b75SNkyulUVLrZcUDDY-SE8nKgKGf9

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.doubleclick.net
adservice.google.ca
adservice.google.com
assets.adobedtm.com
assets.onestore.ms
az725175.vo.msecnd.net
bat.bing.com
browser.events.data.microsoft.com
c.bing.com
c.clarity.ms
c.s-microsoft.com
c1.microsoft.com
dc.ads.linkedin.com
dpm.demdex.net
googleads.g.doubleclick.net
img-prod-cms-rt-microsoft-com.akamaized.net
js.monitor.azure.com
l.clarity.ms
login.live.com
logincdn.msauth.net
mem.gfx.ms
p.adsymptotic.com
px.ads.linkedin.com
px4.ads.linkedin.com
query.prod.cms.rt.microsoft.com
snap.licdn.com
statics-marketingsites-wcus-ms-com.akamaized.net
wcpstatic.microsoft.com
web.vortex.data.microsoft.com
www.clarity.ms
www.facebook.com
www.google.ca
www.google.com
www.linkedin.com
www.microsoft.com
104.105.83.115
104.117.182.32
104.18.98.194
13.107.42.14
142.251.40.134
152.199.4.33
20.110.81.91
20.120.65.166
20.190.152.21
20.50.201.195
23.96.225.71
2600:1400:d:594::356e
2600:1400:d:5a4::2957
2600:141b:13::17d7:82c8
2600:141b:9000:492::356e
2600:141b:9000:79c::1e80
2600:141b:9000::1725:7b88
2607:f8b0:4006:806::2004
2607:f8b0:4006:808::2002
2607:f8b0:4006:809::2003
2607:f8b0:4006:817::2002
2607:f8b0:4006:81f::2002
2620:1ec:21::14
2620:1ec:40::40
2620:1ec:46::40
2620:1ec:bdf::40
2620:1ec:c11::200
2a03:2880:f112:182:face:b00c:0:25de
54.196.86.64
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
08349a70b033f56eb076549f7092120abb5a40f017bd92ee24aef58d8b10f05b
0bd288d5397a69ead391875b422bf2cbdcc4f795d64aa2f780aff45768d78248
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
112fec798b78aa02e102a724b5cb1990c0f909bc1d8b7b1fa256eab41bbc0960
1183e3168d4d9f34ea34931d5df42a79e527adc56c71950907cf24cd2feb5326
1232bbdbc5d205f3c5a40efa5ed92839c79e7879d5168445cc47645bb93f7d1b
1493e4977a83dd53ed66b226e0ff24065931cc3559f895a51f2c0b874acce637
16d6e957a9525cb4848051b0efc5aa101d256a3c6838007dc4ac2c41121eaade
172cf9502b9dffd1c6f004a24acec79081acfc804ad8240c575b62944895d836
2176784dfc7c4beeacaecacbbc6b7a1f2f281f17ff0a3c644909c3b3849ed01e
22013d424a8c0d83c00689569238609bbf6ad3616bc51dac5b8e2c7e6775f174
22b4df5c33045b645cafa45b04685f4752e471a2e933bff5bf14324d87deee12
2614fa6268b30aa20bf29839b4059e6f183a180bbdaba0e92d365b4bae5e361a
2bf73ba8c24162c4cfd51b3b508b2bc0f8ee00cab13bec8f32b6fb6359be7d17
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2eb8bf79bd243bb9b7a18683e32a220a6a078feed519ff75d63c4681bcb31d4d
30153b15b4cb898c421e657f6de21dc27435cb990e7888367bdee12e06398da7
3937201672226f6b075ff55f7b7b6ffea3ee9b5e29b2438f6bc0189993041131
42c40b515949a9693a1d34d54e5ab61d078c7a29d6c75a03f2f06ddba6cc2d97
4507bc9f2168a2631b6442e0d69a200b6323442beaedcc4500a98f47c8e46bf7
4657168fd3c24a280c873596813c9aa0ba7940e478d777176112566a9a53012b
474caac65d370c8d73204846937993859d1b9e86ebb031a4ca99536c8477540e
4874fbdfa20c2b841fb34d1f34ef112fe7e71a2df027690c9e5a338385692cd6
4919e80f038d2b93f1184d1733ac35009643481735c7bc7aa31d8b56e118fc04
4a43245106e0874b95dc5edec8fc630a06f82bf5ce87f245b1b9cd286313ca59
4ce067ee7b11add8ffefd6f327a6e4ee01dca104506689e39f3450d6d596dfa5
4f7f4afe26e71fa9ca1dac4a43b557a554a46f53251d849f07ed08a04829d74b
50006b9e18a52891c3955d398d3a53c4ef02dfa59d06b98af62d314826c51c36
51eb16447d65a8e85488cc5b300daa11092e03134afc7e587392a1563640ca8d
532486f86eb4d4423c8bdbabb00c69c942800fbba90d456d8e71210cbac09d9a
53cbad3331ae2391349008d8eea77be2f5d09ea82f8eac01427229951b13592b
5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782
6ba0d1a726f1887bd61727b308ed0be0e73edba17d4ad11b91ab19b632e078f6
6c7367e9f20b1045a6b75121d678064110264a57fd5b565b8afb49807586638b
707c5b510b5712a82fd8bdf073a6d9860583931ee85f6ee7e2e735e81ae05d18
7e7c74ca751f36229a723cca702e3751672f40b76f0fbf8b0fdd3091b111e4f4
83ebc93aeef8e52d99a8da98659bf2cdd6a73048f9a6304587eaf5952b746f4d
893fa7fe8b6e69e2828319c04a7cbb6f129ea820db695d4ced5757d59450b6a8
8dc2a4dee7af0496223005db58d5ceb56bda186226e2e8e0a772d582f4544ef5
8e673d59965134cf831a38a2bdfa3578e332afc766bb3efb377624631cbde8f2
8e68325ff5785f0788d01726e5043504af6de13c964b14d761380fd78a68b83b
8f84e6380b2cbcca2b1f405ddea760ddec41fdcee8924fe8c307a1beadf0c649
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9d7365126710539a225e8a66f604eaa93e4127b528dfd228bc42a50b6aa305d8
a08955386df086739491701afd425accb0e8323dadff2dcbcceffac9ca79c939
a96d53bba65b704f76446a222f42383a6099715b915ef05fff32f5be2634a014
afc4759aa1ead362c4c11504fa1e71f6fc81c5d3d1b4dd6416215d335d65ad74
b0870c9fc71de4841981ea99af7ce54eb9c3cf47655c7c61a8b940b0e842eaea
b18d7ed945ff9d234b1d7fb348845c60c5dbf600a40131f01cb8ad32d07ed254
b1d83c2d49c49ea38d578afa752aaec44a86d069d6ce2d54460e2612fc31a102
b201ab52de2c92539f7a276b6cf170b1bdf0f3705f1b6ab9597517d030afefe4
b3cab87fbbfe2e9a7ba4dd64c621f4255e5d1ece4c6163dde3cbad45251375ba
b57839788686bf37d29f47bbe45ad8258085e3aebf54650ab389c0b515b977e1
b828b15e9b7836b493a8bd6e832a24ee13aa8b6f8b4a1bf307a7af2912014178
bc96efefbf007ccc620b6188a1af63aa9cf933add7629bb6285ffc7253422bb0
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
bd7c1c14906bd237be9dc60260be6ec2e2f3e93584dc67e62159cdd13bde5834
c05536c0f0662d15af06f535b7e11931840fa8d5893debb0d69289d3f4b15d6c
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cffbae450bcad74d65019c0aa2bada046cdcf5f5fa4af699929838f58c7ff8c2
d4c0ef7d36727f606bc014c311d563135b215df43c08f77133dd159e8b2d7379
d5201560de7da68d50ad56670838fb729c2413881c6ae282aa98cda60441ad81
d7705700d24d5919255576642ad2c28bfc790390b7183a369038ff5c1e814d51
d87d0a7a7fe2c36d1dc093bfe56e9b81b311988789dbd3b65abf811d551ef02f
daf7759fedd9af6c4d7e374b0d056547ae7cb245ec24a1c4acf02932f30dc536
e00add38134eac2fb8e8e9c09cbfff7bbe57952b210322eb2eecb0a21fc055eb
e246eff2f6ae3e255a06eb561e6fc93ae3bef2cce22c5e0124d713c15f80567c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ee2b841529e5d06aeae7f65b413b40bbfef5161c9fad9a8a1755dac03806291b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef53b5f9ff397df3793d45ef1311e750866dbe10cba9437ccaa85e78c68f935a
f083096f236cb98c87af2abc70707aef6a74bb105074919b0bdc3aeec6964c1d
f174b3ce00dc0ef25fe0867dae1da92a595c50f730dbe2cd1fd7f29546034e81
f258c099e2bb029f6c9d5e9900a78f53347a16b43aa1e37a9f9c1a1539e0748d
f2a28cd82e7ec00d2d8158f21fb0507722cd8b09fa4a0a16fadc58f30385cc25
f88f626fd8d8844fefcc3d4de4d2f180ed7d01fd3334694e8319b77a62611671
fe8a1047376498c80a157d13555e42a92ad480fcb0bcc9de51ad1930fbeb7f91
ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869

www.microsoft.com Open in urlscan Pro 2600:141b:9000:492::356e Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

89 Requests

93 %HTTPS

59 %IPv6

20 Domains

35 Subdomains

24 IPs

3 Countries

1027 kBTransfer

3501 kBSize

39 Cookies

57 Outgoing links

Redirected requests

89 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.microsoft.com Open in urlscan Pro
2600:141b:9000:492::356e Public Scan

Screenshot
Live screenshot

Full Image

89
Requests

93 %
HTTPS

59 %
IPv6

20
Domains

35
Subdomains

24
IPs

3
Countries

1027 kB
Transfer

3501 kB
Size

39
Cookies

89 HTTP transactions
3 data transactions