Submitted URL: https://aka.ms/atasaguide-recsamr
Effective URL: https://docs.microsoft.com/en-us/defender-for-identity/reconnaissance-alerts
Submission: On April 08 via api from US

Summary

This website contacted 10 IPs in 4 countries across 10 domains to perform 25 HTTP transactions. The main IP is 2a02:26f0:6c00:29b::353e, located in Frankfurt am Main, Germany and belongs to AKAMAI-ASN1, NL. The main domain is docs.microsoft.com.
TLS certificate: Issued by Microsoft RSA TLS CA 01 on October 8th 2020. Valid for: a year.
This is the only time docs.microsoft.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 23.211.149.25 16625 (AKAMAI-AS)
3 13 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
2 2620:1ec:29::19 8068 (MICROSOFT...)
4 4 140.82.121.3 36459 (GITHUB)
4 185.199.108.133 54113 (FASTLY)
3 40.77.226.250 8075 (MICROSOFT...)
2 2a00:1450:400... 15169 (GOOGLE)
1 151.101.114.217 54113 (FASTLY)
1 52.31.179.168 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
1 2 52.142.114.2 8075 (MICROSOFT...)
1 1 2620:1ec:c11:... 8068 (MICROSOFT...)
25 10
Domain Requested by
13 docs.microsoft.com 3 redirects docs.microsoft.com
4 avatars.githubusercontent.com docs.microsoft.com
4 github.com 4 redirects
3 web.vortex.data.microsoft.com docs.microsoft.com
2 c1.microsoft.com 1 redirects
2 www.google-analytics.com docs.microsoft.com
www.google-analytics.com
1 c.bing.com 1 redirects
1 stats.g.doubleclick.net www.google-analytics.com
1 w.usabilla.com docs.microsoft.com
1 cdn.speedcurve.com docs.microsoft.com
1 js.monitor.azure.com docs.microsoft.com
1 wcpstatic.microsoft.com docs.microsoft.com
1 aka.ms 1 redirects
25 13

This site contains links to these domains. Also see Links.

Domain
www.microsoft.com
github.com
twitter.com
www.linkedin.com
www.facebook.com
aka.ms
go.microsoft.com
Subject Issuer Validity Valid
docs.microsoft.com
Microsoft RSA TLS CA 01
2020-10-08 -
2021-10-08
a year crt.sh
wcpstatic.microsoft.com
DigiCert SHA2 Secure Server CA
2020-09-15 -
2021-09-15
a year crt.sh
js.monitor.azure.com
Microsoft Azure TLS Issuing CA 01
2021-04-01 -
2022-03-27
a year crt.sh
www.github.com
DigiCert SHA2 High Assurance Server CA
2020-05-06 -
2022-04-14
2 years crt.sh
*.vortex.data.microsoft.com
Microsoft RSA TLS CA 02
2020-10-05 -
2021-10-05
a year crt.sh
*.google-analytics.com
GTS CA 1O1
2021-03-16 -
2021-06-08
3 months crt.sh
*.speedcurve.com
GlobalSign Atlas R3 DV TLS CA 2020
2020-12-09 -
2022-01-10
a year crt.sh
w.usabilla.com
Amazon
2021-03-12 -
2022-04-10
a year crt.sh
*.g.doubleclick.net
GTS CA 1O1
2021-03-16 -
2021-06-08
3 months crt.sh
c.msn.com
Microsoft RSA TLS CA 02
2021-02-03 -
2022-02-03
a year crt.sh

This page contains 2 frames:

Primary Page: https://docs.microsoft.com/en-us/defender-for-identity/reconnaissance-alerts
Frame ID: 56B5377059C71BDEB30CAD104C54BEF2
Requests: 25 HTTP requests in this frame

Frame: https://w.usabilla.com/cd99660205c0.js?lv=1
Frame ID: 2D033A73D90E3C57CAA1E6DDE22822AA
Requests: 1 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://aka.ms/atasaguide-recsamr HTTP 301
    https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-reconnaissance-alerts HTTP 301
    https://docs.microsoft.com/en-us/defender-for-identity/atp-reconnaissance-alerts HTTP 301
    https://docs.microsoft.com/en-us/defender-for-identity/reconnaissance-alerts Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

25
Requests

100 %
HTTPS

42 %
IPv6

10
Domains

13
Subdomains

10
IPs

4
Countries

779 kB
Transfer

3114 kB
Size

11
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://aka.ms/atasaguide-recsamr HTTP 301
    https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-reconnaissance-alerts HTTP 301
    https://docs.microsoft.com/en-us/defender-for-identity/atp-reconnaissance-alerts HTTP 301
    https://docs.microsoft.com/en-us/defender-for-identity/reconnaissance-alerts Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6
  • https://github.com/dcurwin.png?size=32 HTTP 302
  • https://avatars.githubusercontent.com/u/45630879?s=32&v=4
Request Chain 7
  • https://github.com/shsagir.png?size=32 HTTP 302
  • https://avatars.githubusercontent.com/u/51323195?s=32&v=4
Request Chain 8
  • https://github.com/DCtheGeek.png?size=32 HTTP 302
  • https://avatars.githubusercontent.com/u/11442954?s=32&v=4
Request Chain 9
  • https://github.com/msmbaldwin.png?size=32 HTTP 302
  • https://avatars.githubusercontent.com/u/5092332?s=32&v=4
Request Chain 11
  • https://docs.microsoft.com/en-us/azure-advanced-threat-protection/bread/toc.json HTTP 301
  • https://docs.microsoft.com/en-us/defender-for-identity/bread/toc.json
Request Chain 23
  • https://c1.microsoft.com/c.gif?DI=4050&did=1&t= HTTP 302
  • https://c.bing.com/c.gif?DI=4050&did=1&t=&CtsSyncId=0A8B4C8E0D0649549AD38971AE3F3089&RedC=c1.microsoft.com&MXFR=21E0C691E7E164C81341D682E3E16284 HTTP 302
  • https://c1.microsoft.com/c.gif?DI=4050&did=1&t=&CtsSyncId=0A8B4C8E0D0649549AD38971AE3F3089&MUID=21E0C691E7E164C81341D682E3E16284

25 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request reconnaissance-alerts
docs.microsoft.com/en-us/defender-for-identity/
Redirect Chain
  • https://aka.ms/atasaguide-recsamr
  • https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-reconnaissance-alerts
  • https://docs.microsoft.com/en-us/defender-for-identity/atp-reconnaissance-alerts
  • https://docs.microsoft.com/en-us/defender-for-identity/reconnaissance-alerts
62 KB
19 KB
Document
General
Full URL
https://docs.microsoft.com/en-us/defender-for-identity/reconnaissance-alerts
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:29b::353e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
e09044b6ebd184c1d93a36955554801e3dd0de45902957ae758f11d38a7e90aa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
docs.microsoft.com
:scheme
https
:path
/en-us/defender-for-identity/reconnaissance-alerts
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
original_req_url=https://docs.microsoft.com/en-us/defender-for-identity/atp-reconnaissance-alerts; ARRAffinity=08511c5b89e4ee33e142d8363ecb30b40f78605b32942a2eb99a85a4d4f71be1; ARRAffinitySameSite=08511c5b89e4ee33e142d8363ecb30b40f78605b32942a2eb99a85a4d4f71be1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

etag
"jVARAhW71VAeJxyQlTzi852PqhKLI+SZxBm3la9FoAE="
request-context
appId=cid-v1:b1c5b6ea-7ff0-41d3-9862-84c5e1dc3be7
x-datacenter
wus
x-frame-options
SAMEORIGIN
x-content-type-options
nosniff
x-ua-compatible
IE=edge
x-xss-protection
1; mode=block
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-rendering-stack
Dynamic
content-type
text/html
content-encoding
gzip
vary
Accept-Encoding
content-length
18664
cache-control
public, max-age=573
expires
Thu, 08 Apr 2021 09:30:05 GMT
date
Thu, 08 Apr 2021 09:20:32 GMT
akamai-cache-status
RefreshHit from child, RefreshHit from parent
report-to
{"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
nel
{"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}

Redirect headers

location
/en-us/defender-for-identity/reconnaissance-alerts
request-context
appId=cid-v1:b1c5b6ea-7ff0-41d3-9862-84c5e1dc3be7
x-datacenter
wus
x-frame-options
SAMEORIGIN
x-content-type-options
nosniff
x-ua-compatible
IE=edge
x-xss-protection
1; mode=block
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
0
cache-control
public, max-age=599
expires
Thu, 08 Apr 2021 09:30:31 GMT
date
Thu, 08 Apr 2021 09:20:32 GMT
set-cookie
ARRAffinity=08511c5b89e4ee33e142d8363ecb30b40f78605b32942a2eb99a85a4d4f71be1;Path=/;HttpOnly;Secure;Domain=docs.microsoft.com ARRAffinitySameSite=08511c5b89e4ee33e142d8363ecb30b40f78605b32942a2eb99a85a4d4f71be1;Path=/;HttpOnly;SameSite=None;Secure;Domain=docs.microsoft.com original_req_url=https://docs.microsoft.com/en-us/defender-for-identity/atp-reconnaissance-alerts; expires=Thu, 08-Apr-2021 09:20:37 GMT
akamai-cache-status
Miss from child
report-to
{"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
nel
{"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
c4620546.site-ltr.css
docs.microsoft.com/_themes/docs.theme/master/en-us/_themes/styles/
456 KB
64 KB
Stylesheet
General
Full URL
https://docs.microsoft.com/_themes/docs.theme/master/en-us/_themes/styles/c4620546.site-ltr.css
Requested by
Host: docs.microsoft.com
URL: https://docs.microsoft.com/en-us/defender-for-identity/reconnaissance-alerts
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:29b::353e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
a90f82e335987ace1c58512038d5305e15db5c6e9ab4d56aa0166ac9068166a8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://docs.microsoft.com/en-us/defender-for-identity/reconnaissance-alerts
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
content-length
64638
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge
last-modified
Tue, 06 Apr 2021 19:37:36 GMT
x-datacenter
eus
x-frame-options
SAMEORIGIN
date
Thu, 08 Apr 2021 09:20:32 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
content-type
text/css
cache-control
public, max-age=469045
etag
"0x8D8F9336E5A8141"
akamai-cache-status
Hit from child
request-context
appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
expires
Tue, 13 Apr 2021 19:37:57 GMT
wcp-consent.js
wcpstatic.microsoft.com/mscc/lib/v2/
51 KB
13 KB
Script
General
Full URL
https://wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js
Requested by
Host: docs.microsoft.com
URL: https://docs.microsoft.com/en-us/defender-for-identity/reconnaissance-alerts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:29::19 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
919dca34db91911735f214ed2cff5e08f37459d94a364afb3df187baf1f77aff

Request headers

Referer
https://docs.microsoft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 08 Apr 2021 09:20:32 GMT
content-encoding
gzip
vary
Accept-Encoding
content-md5
1SASGSEzi1FltZlq3xaTHA==
age
22709
x-cache
HIT
content-length
12802
x-ms-lease-status
unlocked
last-modified
Wed, 14 Oct 2020 22:31:33 GMT
etag
0x8D87090E7569F4F
x-azure-ref
04MpuYAAAAABFnwsvK2bYQ5O6HBNRVQI+TE9OMjFFREdFMDExNQAzOWI0NjE1Ny1jYjllLTQ5YjctYTY1YS04NzIyYTNmODI0ZTQ=
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
2a4f9c58-801e-008f-1f23-2ce939000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control
max-age=43200
x-ms-version
2009-09-19
ms.jsll-3.js
js.monitor.azure.com/next/1/
546 KB
80 KB
Script
General
Full URL
https://js.monitor.azure.com/next/1/ms.jsll-3.js
Requested by
Host: docs.microsoft.com
URL: https://docs.microsoft.com/en-us/defender-for-identity/reconnaissance-alerts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:29::19 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
2d0b92b1d2fce763f8bd451518617e4e3154a16ff62e03e8e3fa858ce7b216bf

Request headers

Referer
https://docs.microsoft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 08 Apr 2021 09:20:32 GMT
content-encoding
br
x-ms-meta-jssdkver
3.1.0
last-modified
Mon, 05 Apr 2021 16:07:42 GMT
x-ms-meta-jssdksrc
[cdn]/next/1/ms.jsll-3.1.0.js
content-md5
UvcHHjZ72DmkhUeo741rhg==
etag
0x8D8F84CF157AD8A
x-azure-ref
04MpuYAAAAADMIgWba69RSJ1GaaeYpAcoTE9OMjFFREdFMDIxOABmMWNhNzNkNC04ODgzLTRjYWYtYWJkYy1mZTJkNTY3YWZiOTY=
x-cache
TCP_HIT
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
x-ms-request-id
24e09c73-901e-000a-4f55-2c4cc2000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,x-ms-meta-jssdkver,x-ms-meta-jssdksrc,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=1800, immutable
x-ms-version
2009-09-19
jsll-4.js
docs.microsoft.com/static/third-party/jsll/4.3.4/
64 KB
20 KB
Script
General
Full URL
https://docs.microsoft.com/static/third-party/jsll/4.3.4/jsll-4.js
Requested by
Host: docs.microsoft.com
URL: https://docs.microsoft.com/en-us/defender-for-identity/reconnaissance-alerts
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:29b::353e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
589303ca15fba4fe95432dbb456ff614d0f2ad12d99f8671f0443a7f0cf48dff
Security Headers
Name Value
Strict-Transport-Security max-age=15768000 ; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://docs.microsoft.com/en-us/defender-for-identity/reconnaissance-alerts
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
strict-transport-security
max-age=15768000 ; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
content-md5
IR4SO1k0ZPP+9o8LbgASeg==
content-length
19421
etag
0x8D8D395EE81CF35
x-ms-lease-status
unlocked
last-modified
Wed, 17 Feb 2021 22:46:57 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
date
Thu, 08 Apr 2021 09:20:32 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
f636644b-601e-0016-7185-050e0c000000
cache-control
max-age=27267354
x-ms-version
2009-09-19
akamai-cache-status
Hit from child
expires
Thu, 17 Feb 2022 23:36:26 GMT
8a64e446.index-polyfills.js
docs.microsoft.com/_themes/docs.theme/master/en-us/_themes/scripts/
9 KB
4 KB
Script
General
Full URL
https://docs.microsoft.com/_themes/docs.theme/master/en-us/_themes/scripts/8a64e446.index-polyfills.js
Requested by
Host: docs.microsoft.com
URL: https://docs.microsoft.com/en-us/defender-for-identity/reconnaissance-alerts
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:29b::353e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
aa7dd71eebadc1039eea7308114eae927fb442b27d701a670db43c5da5b551f2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://docs.microsoft.com/en-us/defender-for-identity/reconnaissance-alerts
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
content-length
3802
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge
last-modified
Tue, 06 Apr 2021 23:27:07 GMT
x-datacenter
eus
x-frame-options
SAMEORIGIN
date
Thu, 08 Apr 2021 09:20:32 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
content-type
application/javascript
cache-control
public, max-age=514097
etag
"0x8D8F9537EA91F16"
akamai-cache-status
Hit from child
request-context
appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
expires
Wed, 14 Apr 2021 08:08:49 GMT
e6a01691.index-docs.js
docs.microsoft.com/_themes/docs.theme/master/en-us/_themes/scripts/
2 MB
371 KB
Script
General
Full URL
https://docs.microsoft.com/_themes/docs.theme/master/en-us/_themes/scripts/e6a01691.index-docs.js
Requested by
Host: docs.microsoft.com
URL: https://docs.microsoft.com/en-us/defender-for-identity/reconnaissance-alerts
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:29b::353e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
b5999a851d1a42ab4d079bb742761ecaf51b1244478b6c1214b27445148ec1f9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://docs.microsoft.com/en-us/defender-for-identity/reconnaissance-alerts
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
content-length
378411
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge
last-modified
Wed, 07 Apr 2021 18:35:04 GMT
x-datacenter
eus
x-frame-options
SAMEORIGIN
date
Thu, 08 Apr 2021 09:20:32 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
content-type
application/javascript
cache-control
public, max-age=551636
etag
"0x8D8F9F3DC6E2094"
akamai-cache-status
Hit from child
request-context
appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
expires
Wed, 14 Apr 2021 18:34:28 GMT
45630879?s=32&v=4
avatars.githubusercontent.com/u/
Redirect Chain
  • https://github.com/dcurwin.png?size=32
  • https://avatars.githubusercontent.com/u/45630879?s=32&v=4
2 KB
2 KB
Image
General
Full URL
https://avatars.githubusercontent.com/u/45630879?s=32&v=4
Requested by
Host: docs.microsoft.com
URL: https://docs.microsoft.com/en-us/defender-for-identity/reconnaissance-alerts
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.199.108.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
cdn-185-199-108-133.github.com
Software
/
Resource Hash
8aa1dc6925eae0e2fe988565c5d516e9c434de842e00651af76f0cf669f887f1
Security Headers
Name Value
Content-Security-Policy default-src 'none'
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Referer
https://docs.microsoft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fastly-request-id
e822b510a826b6985e0eceb786b0b2707fea6b0d
content-security-policy
default-src 'none'
via
1.1 varnish
x-content-type-options
nosniff
x-cache
HIT
x-cache-hits
1
vary
Authorization,Accept-Encoding
content-length
1677
x-xss-protection
1; mode=block
x-served-by
cache-ams21028-AMS
last-modified
Sun, 31 Mar 2019 08:11:41 GMT
x-github-request-id
EE2C:B911:2F3896:327E9A:60650F63
x-timer
S1617873633.957153,VS0,VE1
x-frame-options
deny
date
Thu, 08 Apr 2021 09:20:32 GMT
source-age
637821
strict-transport-security
max-age=31557600
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=300
etag
"577a53b3a41a7aa7842b9c1cadf88c06647a0b7c66b0c670df3c616d4f1bbcae"
accept-ranges
bytes
timing-allow-origin
https://github.com
expires
Thu, 08 Apr 2021 09:25:32 GMT

Redirect headers

date
Thu, 08 Apr 2021 09:18:49 GMT
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
GitHub.com
x-github-request-id
5F5C:8090:73184F:7FA2C9:606ECAE0
x-frame-options
deny
expect-ct
max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
vary
X-PJAX, Accept-Encoding, Accept, X-Requested-With
content-type
text/html; charset=utf-8
location
https://avatars.githubusercontent.com/u/45630879?s=32&v=4
cache-control
no-cache
x-content-type-options
nosniff
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com secured-user-images.githubusercontent.com/ *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker-3f088aa2.js gist.github.com/socket-worker-3f088aa2.js
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-length
127
x-xss-protection
0
51323195?s=32&v=4
avatars.githubusercontent.com/u/
Redirect Chain
  • https://github.com/shsagir.png?size=32
  • https://avatars.githubusercontent.com/u/51323195?s=32&v=4
995 B
1 KB
Image
General
Full URL
https://avatars.githubusercontent.com/u/51323195?s=32&v=4
Requested by
Host: docs.microsoft.com
URL: https://docs.microsoft.com/en-us/defender-for-identity/reconnaissance-alerts
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.199.108.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
cdn-185-199-108-133.github.com
Software
/
Resource Hash
b3724bb570b85fcabe6dc497f945cd6eff6c77fea4083e776d1e17b8acd858f1
Security Headers
Name Value
Content-Security-Policy default-src 'none'
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Referer
https://docs.microsoft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fastly-request-id
1a1b988e397997c8808a5acfb0562a11f4c872f9
content-security-policy
default-src 'none'
via
1.1 varnish
x-content-type-options
nosniff
x-cache
HIT
x-cache-hits
1
vary
Authorization,Accept-Encoding
content-length
995
x-xss-protection
1; mode=block
x-served-by
cache-ams21028-AMS
last-modified
Mon, 03 Jun 2019 11:37:45 GMT
x-github-request-id
BA06:0861:1169A16:131DB0D:6049816B
x-timer
S1617873633.957338,VS0,VE1
x-frame-options
deny
date
Thu, 08 Apr 2021 09:20:32 GMT
source-age
2443638
strict-transport-security
max-age=31557600
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=300
etag
"c180d3bbac1849e7626f8c6e5640d17200cf04f628f343fbc22aded27260edd0"
accept-ranges
bytes
timing-allow-origin
https://github.com
expires
Thu, 08 Apr 2021 09:25:32 GMT

Redirect headers

date
Thu, 08 Apr 2021 09:19:35 GMT
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
GitHub.com
x-github-request-id
5F5C:8090:73184F:7FA2CA:606ECAE0
x-frame-options
deny
expect-ct
max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
vary
X-PJAX, Accept-Encoding, Accept, X-Requested-With
content-type
text/html; charset=utf-8
location
https://avatars.githubusercontent.com/u/51323195?s=32&v=4
cache-control
no-cache
x-content-type-options
nosniff
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com secured-user-images.githubusercontent.com/ *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker-3f088aa2.js gist.github.com/socket-worker-3f088aa2.js
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-length
127
x-xss-protection
0
11442954?s=32&v=4
avatars.githubusercontent.com/u/
Redirect Chain
  • https://github.com/DCtheGeek.png?size=32
  • https://avatars.githubusercontent.com/u/11442954?s=32&v=4
1009 B
2 KB
Image
General
Full URL
https://avatars.githubusercontent.com/u/11442954?s=32&v=4
Requested by
Host: docs.microsoft.com
URL: https://docs.microsoft.com/en-us/defender-for-identity/reconnaissance-alerts
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.199.108.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
cdn-185-199-108-133.github.com
Software
/
Resource Hash
9e22171ee92d512b0cbc341a91a7a3d3de8695a02217bd3d63f7c04096440a94
Security Headers
Name Value
Content-Security-Policy default-src 'none'
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Referer
https://docs.microsoft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fastly-request-id
2e8820727c2eb421898b367674d454f0543d45ab
content-security-policy
default-src 'none'
via
1.1 varnish
x-content-type-options
nosniff
x-cache
HIT
x-cache-hits
396
vary
Authorization,Accept-Encoding
content-length
1009
x-xss-protection
1; mode=block
x-served-by
cache-ams21028-AMS
last-modified
Mon, 12 Feb 2018 16:29:42 GMT
x-github-request-id
968A:91F2:32E83B:34E661:604AB002
x-timer
S1617873633.957316,VS0,VE0
x-frame-options
deny
date
Thu, 08 Apr 2021 09:20:32 GMT
source-age
2366174
strict-transport-security
max-age=31557600
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=300
etag
"73f0791d24bde3933f5c0f4b7f772dac64e75d8746df25bacf4365c48d0df04c"
accept-ranges
bytes
timing-allow-origin
https://github.com
expires
Thu, 08 Apr 2021 09:25:32 GMT

Redirect headers

date
Thu, 08 Apr 2021 09:20:08 GMT
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
GitHub.com
x-github-request-id
5F5C:8090:731853:7FA2CE:606ECAE0
x-frame-options
deny
expect-ct
max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
vary
X-PJAX, Accept-Encoding, Accept, X-Requested-With
content-type
text/html; charset=utf-8
location
https://avatars.githubusercontent.com/u/11442954?s=32&v=4
cache-control
no-cache
x-content-type-options
nosniff
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com secured-user-images.githubusercontent.com/ *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker-3f088aa2.js gist.github.com/socket-worker-3f088aa2.js
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-length
127
x-xss-protection
0
5092332?s=32&v=4
avatars.githubusercontent.com/u/
Redirect Chain
  • https://github.com/msmbaldwin.png?size=32
  • https://avatars.githubusercontent.com/u/5092332?s=32&v=4
883 B
1 KB
Image
General
Full URL
https://avatars.githubusercontent.com/u/5092332?s=32&v=4
Requested by
Host: docs.microsoft.com
URL: https://docs.microsoft.com/en-us/defender-for-identity/reconnaissance-alerts
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.199.108.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
cdn-185-199-108-133.github.com
Software
/
Resource Hash
d8b310346be355b8344f3e5bf4cdb209644792c0b9ab06c2cde3020f0d97c3a7
Security Headers
Name Value
Content-Security-Policy default-src 'none'
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Referer
https://docs.microsoft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fastly-request-id
91a278a38b6abb26c392ad403b1ca215553b7c19
content-security-policy
default-src 'none'
via
1.1 varnish
x-content-type-options
nosniff
x-cache
HIT
x-cache-hits
1
vary
Authorization,Accept-Encoding
content-length
883
x-xss-protection
1; mode=block
x-served-by
cache-ams21028-AMS
last-modified
Wed, 11 Feb 2015 20:10:25 GMT
x-github-request-id
650E:574E:9384DA:A252B3:60499B40
x-timer
S1617873633.957318,VS0,VE1
x-frame-options
deny
date
Thu, 08 Apr 2021 09:20:32 GMT
source-age
2437025
strict-transport-security
max-age=31557600
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=300
etag
"8c3a7ab937bc2268b4697ecaf0b77a687e9cbc73651d8660ab624abf09b9b01d"
accept-ranges
bytes
timing-allow-origin
https://github.com
expires
Thu, 08 Apr 2021 09:25:32 GMT

Redirect headers

date
Thu, 08 Apr 2021 09:20:05 GMT
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
GitHub.com
x-github-request-id
5F5C:8090:731853:7FA2CF:606ECAE0
x-frame-options
deny
expect-ct
max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
vary
X-PJAX, Accept-Encoding, Accept, X-Requested-With
content-type
text/html; charset=utf-8
location
https://avatars.githubusercontent.com/u/5092332?s=32&v=4
cache-control
no-cache
x-content-type-options
nosniff
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com secured-user-images.githubusercontent.com/ *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker-3f088aa2.js gist.github.com/socket-worker-3f088aa2.js
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-length
126
x-xss-protection
0
toc.json
docs.microsoft.com/en-us/defender-for-identity/
8 KB
3 KB
Fetch
General
Full URL
https://docs.microsoft.com/en-us/defender-for-identity/toc.json
Requested by
Host: docs.microsoft.com
URL: https://docs.microsoft.com/_themes/docs.theme/master/en-us/_themes/scripts/e6a01691.index-docs.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:29b::353e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
6988cf25e4e6ecb21c664a195f14763e3b7cd1da33f013cea3caf00315b324df
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://docs.microsoft.com/en-us/defender-for-identity/reconnaissance-alerts
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
content-length
2181
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge
x-rendering-stack
Static
last-modified
Sun, 04 Apr 2021 17:14:19 GMT
x-datacenter
eus
x-frame-options
SAMEORIGIN
date
Thu, 08 Apr 2021 09:20:32 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
content-type
application/json
cache-control
public, max-age=600
etag
"0x8D8F78D1544CD3A"
akamai-cache-status
RefreshHit from child, RefreshHit from parent
request-context
appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
expires
Thu, 08 Apr 2021 09:30:32 GMT
toc.json
docs.microsoft.com/en-us/defender-for-identity/bread/
Redirect Chain
  • https://docs.microsoft.com/en-us/azure-advanced-threat-protection/bread/toc.json
  • https://docs.microsoft.com/en-us/defender-for-identity/bread/toc.json
884 B
1 KB
Fetch
General
Full URL
https://docs.microsoft.com/en-us/defender-for-identity/bread/toc.json
Requested by
Host: docs.microsoft.com
URL: https://docs.microsoft.com/en-us/defender-for-identity/reconnaissance-alerts
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:29b::353e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
384ad0dba941f9cef51d1549c693136c1c2d19b8adac2238888e2d6a7f8ee934
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://docs.microsoft.com/en-us/defender-for-identity/reconnaissance-alerts
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
content-length
446
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge
x-rendering-stack
Static
last-modified
Wed, 17 Mar 2021 13:22:18 GMT
x-datacenter
wus
x-frame-options
SAMEORIGIN
date
Thu, 08 Apr 2021 09:20:33 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
content-type
application/json
cache-control
public, max-age=600
etag
"0x8D8E947B0713B74"
akamai-cache-status
RefreshHit from child
request-context
appId=cid-v1:21aee9e4-1cf5-4750-b2bd-78b2747f4211
expires
Thu, 08 Apr 2021 09:30:33 GMT

Redirect headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
x-datacenter
eus
date
Thu, 08 Apr 2021 09:20:32 GMT
x-frame-options
SAMEORIGIN
report-to
{"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
location
/en-us/defender-for-identity/bread/toc.json
cache-control
public, max-age=600
x-ua-compatible
IE=edge
akamai-cache-status
Miss from child
request-context
appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
content-length
0
x-xss-protection
1; mode=block
expires
Thu, 08 Apr 2021 09:30:32 GMT
data:truncated
data:truncated
193 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2fb59b19860d20c40569c44f5cca62c7d101017ac2509997ed0c6f96ced1164c

Request headers

Origin
https://docs.microsoft.com
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
docons.4e395743.woff2
docs.microsoft.com/_themes/docs.theme/master/en-us/_themes/styles/
12 KB
13 KB
Font
General
Full URL
https://docs.microsoft.com/_themes/docs.theme/master/en-us/_themes/styles/docons.4e395743.woff2
Requested by
Host: docs.microsoft.com
URL: https://docs.microsoft.com/_themes/docs.theme/master/en-us/_themes/styles/c4620546.site-ltr.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:29b::353e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
a88fc84d3d42504ba43305645bc1e77e11cbc7179b561efd5cde499848b16763
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Origin
https://docs.microsoft.com
Referer
https://docs.microsoft.com/_themes/docs.theme/master/en-us/_themes/styles/c4620546.site-ltr.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
content-length
12364
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge
last-modified
Mon, 05 Apr 2021 22:07:29 GMT
x-datacenter
eus
date
Thu, 08 Apr 2021 09:20:32 GMT
x-frame-options
SAMEORIGIN
report-to
{"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
content-type
application/font-woff2
cache-control
public, max-age=432839
etag
"0x8D8F87F345E3824"
akamai-cache-status
Hit from child
request-context
appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
expires
Tue, 13 Apr 2021 09:34:31 GMT
SegoeUI-Roman-VF_web.woff2
docs.microsoft.com/static/third-party/SegoeUIWeb/1.01.206/
116 KB
116 KB
Font
General
Full URL
https://docs.microsoft.com/static/third-party/SegoeUIWeb/1.01.206/SegoeUI-Roman-VF_web.woff2
Requested by
Host: docs.microsoft.com
URL: https://docs.microsoft.com/_themes/docs.theme/master/en-us/_themes/styles/c4620546.site-ltr.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:29b::353e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
63c12051016796d92bcf4bc20b4881057475e6dfa4937c29c9e16054814ab47d
Security Headers
Name Value
Strict-Transport-Security max-age=15768000 ; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Origin
https://docs.microsoft.com
Referer
https://docs.microsoft.com/_themes/docs.theme/master/en-us/_themes/styles/c4620546.site-ltr.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
strict-transport-security
max-age=15768000 ; includeSubDomains
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
content-md5
vKlyGNyjyxXOAoTLy0UokA==
content-length
118288
etag
0x8D8B8210FE8D1A9
x-ms-lease-status
unlocked
last-modified
Thu, 14 Jan 2021 00:12:21 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
date
Thu, 08 Apr 2021 09:20:32 GMT
report-to
{"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
content-type
application/octet-stream
access-control-allow-origin
*
x-ms-request-id
44a036ef-401e-00a0-2389-ed00f4000000
cache-control
max-age=24630068
x-ms-version
2009-09-19
akamai-cache-status
Hit from child
expires
Tue, 18 Jan 2022 11:01:40 GMT
latest.woff2
docs.microsoft.com/static/third-party/SegoeUI/5.32/west-european/italic/
27 KB
28 KB
Font
General
Full URL
https://docs.microsoft.com/static/third-party/SegoeUI/5.32/west-european/italic/latest.woff2
Requested by
Host: docs.microsoft.com
URL: https://docs.microsoft.com/_themes/docs.theme/master/en-us/_themes/styles/c4620546.site-ltr.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:29b::353e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
e172a02b68f977a57a1690507df809db1e43130f0161961709a36dbd70b4d25f
Security Headers
Name Value
Strict-Transport-Security max-age=15768000 ; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Origin
https://docs.microsoft.com
Referer
https://docs.microsoft.com/_themes/docs.theme/master/en-us/_themes/styles/c4620546.site-ltr.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
strict-transport-security
max-age=15768000 ; includeSubDomains
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
content-md5
KDXuKBsHfKiscoVwIAfIlA==
content-length
27624
etag
0x8D86BD35C93CDB0
x-ms-lease-status
unlocked
last-modified
Thu, 08 Oct 2020 21:44:40 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
date
Thu, 08 Apr 2021 09:20:32 GMT
report-to
{"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
content-type
application/octet-stream
access-control-allow-origin
*
x-ms-request-id
1eca5dcd-401e-0089-6b24-ae76b6000000
cache-control
max-age=17659784
x-ms-version
2009-09-19
akamai-cache-status
Hit from child
expires
Fri, 29 Oct 2021 18:50:16 GMT
t.js?ver=%272.1%27&name=%27Ms.Webi.PageView%27&time=%272021-04-08T09%3A20%3A32.891Z%27&os=%27Windows%27&appId=%27JS%3ADocs%27&-ver=%271.0%27&-impressionGuid=%2734e3465e-b914-4c8e-8fc4-1cf1bf7aec2b%...
web.vortex.data.microsoft.com/collect/v1/
281 B
966 B
Script
General
Full URL
https://web.vortex.data.microsoft.com/collect/v1/t.js?ver=%272.1%27&name=%27Ms.Webi.PageView%27&time=%272021-04-08T09%3A20%3A32.891Z%27&os=%27Windows%27&appId=%27JS%3ADocs%27&-ver=%271.0%27&-impressionGuid=%2734e3465e-b914-4c8e-8fc4-1cf1bf7aec2b%27&-pageName=%2752af70b6-86d4-5dd4-0c17-d4e0a5f6e0ed%27&-uri=%27https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fdefender-for-identity%2Freconnaissance-alerts%23user-and-group-membership-reconnaissance-samr-external-id-2021%27&-market=%27en-us%27&-pageType=%27conceptual%27&-resHeight=1200&-resWidth=1600&-pageTags=%27%7B%22author%22%3A%22dcurwin%22%2C%22depotname%22%3A%22MSDN.ATPDocs%22%2C%22document_version_independent_id%22%3A%2263d594b0-4656-1938-98da-da5494321df9%22%2C%22gitcommit%22%3A%22https%3A%2F%2Fgithub.com%2FMicrosoftDocs%2FATADocs-pr%2Fblob%2Fd9691d0972b0f7f79c2353cc63f4af3c8639239e%2FATPDocs%2Freconnaissance-alerts.md%22%2C%22manager%22%3A%22dcurwin%22%2C%22pgauth%22%3A%22dacurwin%22%2C%22collection%22%3A%22M365-security-compliance%22%2C%22date%22%3A%2212%2F23%2F2020%22%2C%22pgsrvcs%22%3A%22microsoft-defender-for-identity%22%2C%22suite%22%3A%22ems%22%2C%22pgtop%22%3A%22tutorial%22%2C%22giturl%22%3A%22https%3A%2F%2Fgithub.com%2FMicrosoftDocs%2FATADocs-pr%2Fblob%2Flive%2FATPDocs%2Freconnaissance-alerts.md%22%2C%22publishtime%22%3A%222021-04-05%2011%3A51%20AM%22%2C%22contentlocale%22%3A%22en-us%22%2C%22highContrast%22%3A%22false%22%2C%22metaTags%22%3A%7B%7D%7D%27&-behavior=0&*baseType=%27Ms.Content.PageView%27&*cookieEnabled=true&*isJs=true&*title=%27Microsoft%20Defender%20for%20Identity%20reconnaissance%20phase%20security%20alerts%20%7C%20Microsoft%20Docs%27&*isLoggedIn=false&*flashInstalled=false&ext-javascript-ver=%271.1%27&ext-javascript-libVer=%274.3.4%27&ext-javascript-domain=%27docs.microsoft.com%27&ext-javascript-userConsent=true&$mscomCookies=false
Requested by
Host: docs.microsoft.com
URL: https://docs.microsoft.com/static/third-party/jsll/4.3.4/jsll-4.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
40.77.226.250 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
c4559aecd138bcd63c0ae0d431c9d8461de670c5093c58c63b868a406d07d02c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://docs.microsoft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 08 Apr 2021 09:20:32 GMT
X-Content-Type-Options
nosniff
P3P
CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Cache-Control
no-cache, no-store
MS-CV
DdCYbscox0a76mImDWTneQ.0
Content-Type
application/javascript
Content-Length
281
Expires
0
analytics.js
www.google-analytics.com/
48 KB
19 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: docs.microsoft.com
URL: https://docs.microsoft.com/_themes/docs.theme/master/en-us/_themes/scripts/e6a01691.index-docs.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
f79723478f4c48501cd49ac52b81d6244a6562b9d3f08ce8ab208a8b8878d4c4
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://docs.microsoft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 19 Mar 2021 19:22:18 GMT
server
Golfe2
age
5863
date
Thu, 08 Apr 2021 07:42:49 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19463
expires
Thu, 08 Apr 2021 09:42:49 GMT
lux.js?id=409849828
cdn.speedcurve.com/js/
21 KB
7 KB
Script
General
Full URL
https://cdn.speedcurve.com/js/lux.js?id=409849828
Requested by
Host: docs.microsoft.com
URL: https://docs.microsoft.com/_themes/docs.theme/master/en-us/_themes/scripts/e6a01691.index-docs.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.114.217 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
Apache /
Resource Hash
d17ef692b6787b1e88fa7ec9b42240f18bbc25cb615658bb464df2ef6f07c9a6

Request headers

Origin
https://docs.microsoft.com
Referer
https://docs.microsoft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 08 Apr 2021 09:20:32 GMT
via
1.1 vegur, 1.1 varnish
age
2308
x-cache
HIT
x-cache-hits
86
content-encoding
gzip
content-length
6821
x-served-by
cache-hhn4037-HHN
last-modified
Thu, 08 Apr 2021 08:42:04 GMT
server
Apache
x-timer
S1617873633.951721,VS0,VE0
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=604800
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 15 Apr 2021 08:42:04 GMT
cd99660205c0.js?lv=1
w.usabilla.com/ Frame 2D03
53 KB
13 KB
Script
General
Full URL
https://w.usabilla.com/cd99660205c0.js?lv=1
Requested by
Host: docs.microsoft.com
URL: https://docs.microsoft.com/en-us/defender-for-identity/reconnaissance-alerts
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.31.179.168 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-31-179-168.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
d3c86eda70098d94f2ac05cb9fa3d7ba7ab3516ab1a88eb872eb7c4462d2bcc8

Request headers

Referer
https://docs.microsoft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 08 Apr 2021 09:20:33 GMT
content-encoding
gzip
x-widget-server
2.1
etag
"82851ac40341ba9d385a97606e39e5ef"
content-type
text/javascript
cache-control
public,max-age=0
content-length
12673
collect?v=1&_v=j89&aip=1&a=1943746542&t=pageview&_s=1&dl=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fdefender-for-identity%2Freconnaissance-alerts&ul=en-us&de=UTF-8&dt=Microsoft%20Defender%20for%20I...
www.google-analytics.com/j/
4 B
391 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j89&aip=1&a=1943746542&t=pageview&_s=1&dl=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fdefender-for-identity%2Freconnaissance-alerts&ul=en-us&de=UTF-8&dt=Microsoft%20Defender%20for%20Identity%20reconnaissance%20phase%20security%20alerts%20%7C%20Microsoft%20Docs&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=1321441020&gjid=1393091291&cid=1131100832.1617873633&tid=UA-62780441-21&_gid=1205717917.1617873633&_r=1&_slc=1&cd2=off&cd3=Conceptual&z=1850023626
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://docs.microsoft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 08 Apr 2021 09:20:33 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://docs.microsoft.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect?t=dc&aip=1&_r=3&v=1&_v=j89&tid=UA-62780441-21&cid=1131100832.1617873633&jid=1321441020&gjid=1393091291&_gid=1205717917.1617873633&_u=YEBAAEAAAAAAAC~&z=1988003798
stats.g.doubleclick.net/j/
1 B
444 B
XHR
General
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j89&tid=UA-62780441-21&cid=1131100832.1617873633&jid=1321441020&gjid=1393091291&_gid=1205717917.1617873633&_u=YEBAAEAAAAAAAC~&z=1988003798
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c1b::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://docs.microsoft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Thu, 08 Apr 2021 09:20:33 GMT
content-type
text/plain
access-control-allow-origin
https://docs.microsoft.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
t.js?ver=%272.1%27&name=%27Ms.Webi.ContentUpdate%27&time=%272021-04-08T09%3A20%3A33.094Z%27&os=%27Windows%27&appId=%27JS%3ADocs%27&-ver=%271.0%27&-impressionGuid=%2734e3465e-b914-4c8e-8fc4-1cf1bf7a...
web.vortex.data.microsoft.com/collect/v1/
45 B
407 B
Script
General
Full URL
https://web.vortex.data.microsoft.com/collect/v1/t.js?ver=%272.1%27&name=%27Ms.Webi.ContentUpdate%27&time=%272021-04-08T09%3A20%3A33.094Z%27&os=%27Windows%27&appId=%27JS%3ADocs%27&-ver=%271.0%27&-impressionGuid=%2734e3465e-b914-4c8e-8fc4-1cf1bf7aec2b%27&-pageName=%2752af70b6-86d4-5dd4-0c17-d4e0a5f6e0ed%27&-uri=%27https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fdefender-for-identity%2Freconnaissance-alerts%23user-and-group-membership-reconnaissance-samr-external-id-2021%27&-market=%27en-us%27&-pageTags=%27%7B%22author%22%3A%22dcurwin%22%2C%22depotname%22%3A%22MSDN.ATPDocs%22%2C%22document_version_independent_id%22%3A%2263d594b0-4656-1938-98da-da5494321df9%22%2C%22gitcommit%22%3A%22https%3A%2F%2Fgithub.com%2FMicrosoftDocs%2FATADocs-pr%2Fblob%2Fd9691d0972b0f7f79c2353cc63f4af3c8639239e%2FATPDocs%2Freconnaissance-alerts.md%22%2C%22manager%22%3A%22dcurwin%22%2C%22pgauth%22%3A%22dacurwin%22%2C%22collection%22%3A%22M365-security-compliance%22%2C%22date%22%3A%2212%2F23%2F2020%22%2C%22pgsrvcs%22%3A%22microsoft-defender-for-identity%22%2C%22suite%22%3A%22ems%22%2C%22pgtop%22%3A%22tutorial%22%2C%22giturl%22%3A%22https%3A%2F%2Fgithub.com%2FMicrosoftDocs%2FATADocs-pr%2Fblob%2Flive%2FATPDocs%2Freconnaissance-alerts.md%22%2C%22publishtime%22%3A%222021-04-05%2011%3A51%20AM%22%2C%22contentlocale%22%3A%22en-us%22%2C%22highContrast%22%3A%22false%22%2C%22metaTags%22%3A%7B%7D%2C%22timing%22%3A%22%7B%5C%22first-paint%5C%22%3A1986.9450004771352%2C%5C%22first-contentful-paint%5C%22%3A1986.9450004771352%2C%5C%22navigationStart%5C%22%3A1617873630939%2C%5C%22unloadEventStart%5C%22%3A0%2C%5C%22unloadEventEnd%5C%22%3A0%2C%5C%22redirectStart%5C%22%3A0%2C%5C%22redirectEnd%5C%22%3A0%2C%5C%22fetchStart%5C%22%3A1617873632260%2C%5C%22domainLookupStart%5C%22%3A1617873632260%2C%5C%22domainLookupEnd%5C%22%3A1617873632260%2C%5C%22connectStart%5C%22%3A1617873632260%2C%5C%22connectEnd%5C%22%3A1617873632260%2C%5C%22secureConnectionStart%5C%22%3A0%2C%5C%22requestStart%5C%22%3A1617873632261%2C%5C%22responseStart%5C%22%3A1617873632554%2C%5C%22responseEnd%5C%22%3A1617873632564%2C%5C%22domLoading%5C%22%3A1617873632558%2C%5C%22domInteractive%5C%22%3A1617873632744%2C%5C%22domContentLoadedEventStart%5C%22%3A1617873632744%2C%5C%22domContentLoadedEventEnd%5C%22%3A1617873632910%2C%5C%22domComplete%5C%22%3A1617873633041%2C%5C%22loadEventStart%5C%22%3A1617873633041%2C%5C%22loadEventEnd%5C%22%3A1617873633041%7D%22%7D%27&-pageHeight=10348&-vpHeight=1200&-vpWidth=1600&-behavior=0&-vScrollOffset=7460&-hScrollOffset=0&-contentVer=%272.0%27&-content=%27%5B%5D%27&*baseType=%27Ms.Content.ContentUpdate%27&*title=%27Microsoft%20Defender%20for%20Identity%20reconnaissance%20phase%20security%20alerts%20%7C%20Microsoft%20Docs%27&*cookieEnabled=true&*isJs=true&*isDomComplete=true&*isLoggedIn=false&*pageLoadTime=2102&ext-javascript-ver=%271.1%27&ext-javascript-libVer=%274.3.4%27&ext-javascript-domain=%27docs.microsoft.com%27&ext-javascript-msfpc=%27GUID%3Dd66c0303512a4daf9f8b9324f5d3210a%26HASH%3Dd66c%26LV%3D202104%26V%3D4%26LU%3D1617873633013%27&ext-javascript-userConsent=true&$mscomCookies=false
Requested by
Host: docs.microsoft.com
URL: https://docs.microsoft.com/static/third-party/jsll/4.3.4/jsll-4.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
40.77.226.250 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
c9a4dd7b50eeb82a90457cb58ab085c427494828b3c8c8b5649c6c51b3c65175
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://docs.microsoft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 08 Apr 2021 09:20:32 GMT
X-Content-Type-Options
nosniff
P3P
CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Cache-Control
no-cache, no-store
MS-CV
L/5dwR4iekq/PTVuvx8iyw.0
Content-Type
application/javascript
Content-Length
45
Expires
0
c.gif?DI=4050&did=1&t=&CtsSyncId=0A8B4C8E0D0649549AD38971AE3F3089&MUID=21E0C691E7E164C81341D682E3E16284
c1.microsoft.com/
Redirect Chain
  • https://c1.microsoft.com/c.gif?DI=4050&did=1&t=
  • https://c.bing.com/c.gif?DI=4050&did=1&t=&CtsSyncId=0A8B4C8E0D0649549AD38971AE3F3089&RedC=c1.microsoft.com&MXFR=21E0C691E7E164C81341D682E3E16284
  • https://c1.microsoft.com/c.gif?DI=4050&did=1&t=&CtsSyncId=0A8B4C8E0D0649549AD38971AE3F3089&MUID=21E0C691E7E164C81341D682E3E16284
42 B
262 B
Image
General
Full URL
https://c1.microsoft.com/c.gif?DI=4050&did=1&t=&CtsSyncId=0A8B4C8E0D0649549AD38971AE3F3089&MUID=21E0C691E7E164C81341D682E3E16284
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.142.114.2 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Referer
https://docs.microsoft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 08 Apr 2021 09:20:33 GMT
last-modified
Tue, 23 Feb 2021 19:11:50 GMT
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
etag
"506f5bd17ad71:0"
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
private, no-cache, proxy-revalidate, no-store
accept-ranges
bytes
content-type
image/gif
content-length
42

Redirect headers

pragma
no-cache
date
Thu, 08 Apr 2021 09:20:33 GMT
x-msedge-ref
Ref A: 4BD9653783614C83980CB2048AF7ED33 Ref B: FRAEDGE1319 Ref C: 2021-04-08T09:20:33Z
x-powered-by
ASP.NET
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location
https://c1.microsoft.com/c.gif?DI=4050&did=1&t=&CtsSyncId=0A8B4C8E0D0649549AD38971AE3F3089&MUID=21E0C691E7E164C81341D682E3E16284
cache-control
private, no-cache, proxy-revalidate, no-store
content-length
0
t.js?ver=%272.1%27&name=%27Ms.Webi.ContentUpdate%27&time=%272021-04-08T09%3A20%3A33.570Z%27&os=%27Windows%27&appId=%27JS%3ADocs%27&-ver=%271.0%27&-impressionGuid=%2734e3465e-b914-4c8e-8fc4-1cf1bf7a...
web.vortex.data.microsoft.com/collect/v1/
45 B
407 B
Script
General
Full URL
https://web.vortex.data.microsoft.com/collect/v1/t.js?ver=%272.1%27&name=%27Ms.Webi.ContentUpdate%27&time=%272021-04-08T09%3A20%3A33.570Z%27&os=%27Windows%27&appId=%27JS%3ADocs%27&-ver=%271.0%27&-impressionGuid=%2734e3465e-b914-4c8e-8fc4-1cf1bf7aec2b%27&-pageName=%2752af70b6-86d4-5dd4-0c17-d4e0a5f6e0ed%27&-uri=%27https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fdefender-for-identity%2Freconnaissance-alerts%23user-and-group-membership-reconnaissance-samr-external-id-2021%27&-market=%27en-us%27&-pageTags=%27%7B%22author%22%3A%22dcurwin%22%2C%22depotname%22%3A%22MSDN.ATPDocs%22%2C%22document_version_independent_id%22%3A%2263d594b0-4656-1938-98da-da5494321df9%22%2C%22gitcommit%22%3A%22https%3A%2F%2Fgithub.com%2FMicrosoftDocs%2FATADocs-pr%2Fblob%2Fd9691d0972b0f7f79c2353cc63f4af3c8639239e%2FATPDocs%2Freconnaissance-alerts.md%22%2C%22manager%22%3A%22dcurwin%22%2C%22pgauth%22%3A%22dacurwin%22%2C%22collection%22%3A%22M365-security-compliance%22%2C%22date%22%3A%2212%2F23%2F2020%22%2C%22pgsrvcs%22%3A%22microsoft-defender-for-identity%22%2C%22suite%22%3A%22ems%22%2C%22pgtop%22%3A%22tutorial%22%2C%22giturl%22%3A%22https%3A%2F%2Fgithub.com%2FMicrosoftDocs%2FATADocs-pr%2Fblob%2Flive%2FATPDocs%2Freconnaissance-alerts.md%22%2C%22publishtime%22%3A%222021-04-05%2011%3A51%20AM%22%2C%22contentlocale%22%3A%22en-us%22%2C%22highContrast%22%3A%22false%22%2C%22metaTags%22%3A%7B%7D%7D%27&-pageHeight=10348&-vpHeight=1200&-vpWidth=1600&-actionType=%27S%27&-behavior=0&-vScrollOffset=7460&-hScrollOffset=0&-contentVer=%272.0%27&-content=%27%5B%5D%27&*baseType=%27Ms.Content.ContentUpdate%27&*title=%27Microsoft%20Defender%20for%20Identity%20reconnaissance%20phase%20security%20alerts%20%7C%20Microsoft%20Docs%27&*cookieEnabled=true&*isJs=true&*isDomComplete=false&*isLoggedIn=false&ext-javascript-ver=%271.1%27&ext-javascript-libVer=%274.3.4%27&ext-javascript-domain=%27docs.microsoft.com%27&ext-javascript-msfpc=%27GUID%3Dd66c0303512a4daf9f8b9324f5d3210a%26HASH%3Dd66c%26LV%3D202104%26V%3D4%26LU%3D1617873633013%27&ext-javascript-userConsent=true&ext-user-localId=%27t%3A21E0C691E7E164C81341D682E3E16284%27&$mscomCookies=false
Requested by
Host: docs.microsoft.com
URL: https://docs.microsoft.com/static/third-party/jsll/4.3.4/jsll-4.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
40.77.226.250 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
c9a4dd7b50eeb82a90457cb58ab085c427494828b3c8c8b5649c6c51b3c65175
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://docs.microsoft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 08 Apr 2021 09:20:33 GMT
X-Content-Type-Options
nosniff
P3P
CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Cache-Control
no-cache, no-store
MS-CV
V1cRbjr+CEqaUIeGHGw3ng.0
Content-Type
application/javascript
Content-Length
45
Expires
0

36 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| msDocs function| WcpConsent function| mscc object| oneDS function| __assign function| __extends object| onedsAwa object| awa object| __core-js_shared__ object| core function| applyFocusVisiblePolyfill object| litHtmlVersions function| setTheme string| GoogleAnalyticsObject function| ga object| LUX object| LUX_ae object| LUX_al function| lightningjs object| google_tag_data object| gaplugins object| gaGlobal object| gaData number| LUX_t_start number| LUX_t_end

11 Cookies

Domain/Path Name / Value
docs.microsoft.com/ Name: MSFPC
Value: GUID=d66c0303512a4daf9f8b9324f5d3210a&HASH=d66c&LV=202104&V=4&LU=1617873633013
.microsoft.com/ Name: MC1
Value: GUID=d66c0303512a4daf9f8b9324f5d3210a&HASH=d66c&LV=202104&V=4&LU=1617873633013
docs.microsoft.com/ Name: lux_uid
Value: 161787363298811588
.docs.microsoft.com/ Name: ARRAffinitySameSite
Value: e11145e197c6f01e002a4d98ef13f29c7257988fe3b830b46359ccbc96d662ce
.microsoft.com/ Name: MS0
Value: 254ce64e4534415d941b56c0866763bf
.microsoft.com/ Name: _gat
Value: 1
.microsoft.com/ Name: _ga
Value: GA1.2.1131100832.1617873633
.microsoft.com/ Name: _gid
Value: GA1.2.1205717917.1617873633
.docs.microsoft.com/ Name: ARRAffinity
Value: e11145e197c6f01e002a4d98ef13f29c7257988fe3b830b46359ccbc96d662ce
.microsoft.com/ Name: MSCC
Value: NR
docs.microsoft.com/en-us/defender-for-identity Name: original_req_url
Value: https://docs.microsoft.com/en-us/defender-for-identity/atp-reconnaissance-alerts

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aka.ms
avatars.githubusercontent.com
c.bing.com
c1.microsoft.com
cdn.speedcurve.com
docs.microsoft.com
github.com
js.monitor.azure.com
stats.g.doubleclick.net
w.usabilla.com
wcpstatic.microsoft.com
web.vortex.data.microsoft.com
www.google-analytics.com
140.82.121.3
151.101.114.217
185.199.108.133
23.211.149.25
2620:1ec:29::19
2620:1ec:c11::200
2a00:1450:4001:813::200e
2a00:1450:400c:c1b::9d
2a02:26f0:6c00:29b::353e
40.77.226.250
52.142.114.2
52.31.179.168
2d0b92b1d2fce763f8bd451518617e4e3154a16ff62e03e8e3fa858ce7b216bf
2fb59b19860d20c40569c44f5cca62c7d101017ac2509997ed0c6f96ced1164c
384ad0dba941f9cef51d1549c693136c1c2d19b8adac2238888e2d6a7f8ee934
589303ca15fba4fe95432dbb456ff614d0f2ad12d99f8671f0443a7f0cf48dff
63c12051016796d92bcf4bc20b4881057475e6dfa4937c29c9e16054814ab47d
6988cf25e4e6ecb21c664a195f14763e3b7cd1da33f013cea3caf00315b324df
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
8aa1dc6925eae0e2fe988565c5d516e9c434de842e00651af76f0cf669f887f1
919dca34db91911735f214ed2cff5e08f37459d94a364afb3df187baf1f77aff
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9e22171ee92d512b0cbc341a91a7a3d3de8695a02217bd3d63f7c04096440a94
a88fc84d3d42504ba43305645bc1e77e11cbc7179b561efd5cde499848b16763
a90f82e335987ace1c58512038d5305e15db5c6e9ab4d56aa0166ac9068166a8
aa7dd71eebadc1039eea7308114eae927fb442b27d701a670db43c5da5b551f2
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b3724bb570b85fcabe6dc497f945cd6eff6c77fea4083e776d1e17b8acd858f1
b5999a851d1a42ab4d079bb742761ecaf51b1244478b6c1214b27445148ec1f9
c4559aecd138bcd63c0ae0d431c9d8461de670c5093c58c63b868a406d07d02c
c9a4dd7b50eeb82a90457cb58ab085c427494828b3c8c8b5649c6c51b3c65175
d17ef692b6787b1e88fa7ec9b42240f18bbc25cb615658bb464df2ef6f07c9a6
d3c86eda70098d94f2ac05cb9fa3d7ba7ab3516ab1a88eb872eb7c4462d2bcc8
d8b310346be355b8344f3e5bf4cdb209644792c0b9ab06c2cde3020f0d97c3a7
e09044b6ebd184c1d93a36955554801e3dd0de45902957ae758f11d38a7e90aa
e172a02b68f977a57a1690507df809db1e43130f0161961709a36dbd70b4d25f
f79723478f4c48501cd49ac52b81d6244a6562b9d3f08ce8ab208a8b8878d4c4