docs.microsoft.com
Open in
urlscan Pro
2a02:26f0:dc:18f::353e
Public Scan
Effective URL: https://docs.microsoft.com/en-us/defender-for-identity/domain-dominance-alerts
Submission Tags: falconsandbox
Submission: On September 13 via api from US — Scanned from IT
Summary
TLS certificate: Issued by Microsoft Azure TLS Issuing CA 01 on July 14th 2022. Valid for: a year.
This is the only time docs.microsoft.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 23.222.48.85 23.222.48.85 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
2 9 | 2a02:26f0:dc:... 2a02:26f0:dc:18f::353e | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 2620:1ec:bdf::45 2620:1ec:bdf::45 | 8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 | 2620:1ec:46::44 2620:1ec:46::44 | 8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
9 | 4 |
ASN16625 (AKAMAI-AS, US)
PTR: a23-222-48-85.deploy.static.akamaitechnologies.com
aka.ms |
ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
wcpstatic.microsoft.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
microsoft.com
2 redirects
docs.microsoft.com — Cisco Umbrella Rank: 15654 wcpstatic.microsoft.com — Cisco Umbrella Rank: 8835 |
827 KB |
1 |
azure.com
js.monitor.azure.com — Cisco Umbrella Rank: 4587 |
61 KB |
1 |
aka.ms
1 redirects
aka.ms — Cisco Umbrella Rank: 7187 |
551 B |
9 | 3 |
Domain | Requested by | |
---|---|---|
9 | docs.microsoft.com |
2 redirects
docs.microsoft.com
|
1 | js.monitor.azure.com |
docs.microsoft.com
|
1 | wcpstatic.microsoft.com |
docs.microsoft.com
|
1 | aka.ms | 1 redirects |
9 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
go.microsoft.com |
www.microsoft.com |
github.com |
attack.mitre.org |
support.microsoft.com |
www.virusbulletin.com |
aka.ms |
techcommunity.microsoft.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
docs.microsoft.com Microsoft Azure TLS Issuing CA 01 |
2022-07-14 - 2023-07-09 |
a year | crt.sh |
wcpstatic.microsoft.com DigiCert TLS RSA SHA256 2020 CA1 |
2022-03-10 - 2023-03-10 |
a year | crt.sh |
js.monitor.azure.com Microsoft Azure TLS Issuing CA 06 |
2022-06-26 - 2023-06-21 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://docs.microsoft.com/en-us/defender-for-identity/domain-dominance-alerts
Frame ID: AE7D59EE7DCCE7ED064CF5264A2522B0
Requests: 10 HTTP requests in this frame
Screenshot
Page Title
Microsoft Defender for Identity domain dominance security alerts | Microsoft DocsPage URL History Show full URLs
-
https://aka.ms/atasaguide-remotexe
HTTP 301
https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-domain-dominance-alerts HTTP 301
https://docs.microsoft.com/en-us/defender-for-identity/atp-domain-dominance-alerts HTTP 301
https://docs.microsoft.com/en-us/defender-for-identity/domain-dominance-alerts Page URL
Page Statistics
37 Outgoing links
These are links going to different origins than the main page.
Title: Download Microsoft Edge
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Credential Access (TA0006)
Search URL Search Domain Scan URL
Title: Credentials from Password Stores (T1555)
Search URL Search Domain Scan URL
Title: Execution (TA0002)
Search URL Search Domain Scan URL
Title: Lateral Movement (TA0008)
Search URL Search Domain Scan URL
Title: Command and Scripting Interpreter (T1059)
Search URL Search Domain Scan URL
Title: Remote Services (T1021)
Search URL Search Domain Scan URL
Title: PowerShell (T1059.001)
Search URL Search Domain Scan URL
Title: Windows Remote Management (T1021.006)
Search URL Search Domain Scan URL
Title: Defense Evasion (TA0005)
Search URL Search Domain Scan URL
Title: Rogue Domain Controller (T1207)
Search URL Search Domain Scan URL
Title: Persistence (TA0003)
Search URL Search Domain Scan URL
Title: OS Credential Dumping (T1003)
Search URL Search Domain Scan URL
Title: DCSync (T1003.006)
Search URL Search Domain Scan URL
Title: Privilege Escalation (TA0004)
Search URL Search Domain Scan URL
Title: Steal or Forge Kerberos Tickets (T1558)
Search URL Search Domain Scan URL
Title: Golden Ticket(T1558.001)
Search URL Search Domain Scan URL
Title: KB3011780
Search URL Search Domain Scan URL
Title: KB2496930
Search URL Search Domain Scan URL
Title: Exploitation for Privilege Escalation (T1068)
Search URL Search Domain Scan URL
Title: Exploitation of Remote Services (T1210)
Search URL Search Domain Scan URL
Title: Modify Authentication Process (T1556)
Search URL Search Domain Scan URL
Title: Domain Controller Authentication (T1556.001)
Search URL Search Domain Scan URL
Title: Skeleton Key Malware Analysis
Search URL Search Domain Scan URL
Title: Account Manipulation (T1098)
Search URL Search Domain Scan URL
Title: Domain Policy Modification (T1484)
Search URL Search Domain Scan URL
Title: System Services (T1569)
Search URL Search Domain Scan URL
Title: Create or Modify System Process (T1543)
Search URL Search Domain Scan URL
Title: Service Execution (T1569.002)
Search URL Search Domain Scan URL
Title: Windows Service (T1543.003)
Search URL Search Domain Scan URL
Title: Check out the Defender for Identity forum!
Search URL Search Domain Scan URL
Title: View all page feedback
Search URL Search Domain Scan URL
Title: Blog
Search URL Search Domain Scan URL
Title: Privacy & Cookies
Search URL Search Domain Scan URL
Title: Trademarks
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://aka.ms/atasaguide-remotexe
HTTP 301
https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-domain-dominance-alerts HTTP 301
https://docs.microsoft.com/en-us/defender-for-identity/atp-domain-dominance-alerts HTTP 301
https://docs.microsoft.com/en-us/defender-for-identity/domain-dominance-alerts Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
domain-dominance-alerts
docs.microsoft.com/en-us/defender-for-identity/ Redirect Chain
|
105 KB 26 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
eb5df998.site-ltr.css
docs.microsoft.com/_themes/docs.theme/master/en-us/_themes/styles/ |
501 KB 71 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wcp-consent.js
wcpstatic.microsoft.com/mscc/lib/v2/ |
273 KB 80 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ms.jsll-3.min.js
js.monitor.azure.com/scripts/c/ |
179 KB 61 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
67a45209.deprecation.js
docs.microsoft.com/_themes/docs.theme/master/en-us/_themes/global/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
94471a20.index-docs.js
docs.microsoft.com/_themes/docs.theme/master/en-us/_themes/scripts/ |
2 MB 488 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
docons.bd23ffe7.woff2
docs.microsoft.com/_themes/docs.theme/master/en-us/_themes/styles/ |
14 KB 14 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SegoeUI-Roman-VF_web.woff2
docs.microsoft.com/static/third-party/SegoeUIWeb/1.01.206/ |
116 KB 117 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
195 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
latest.woff2
docs.microsoft.com/static/third-party/SegoeUI/5.32/west-european/italic/ |
27 KB 28 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
19 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| msDocs function| WcpConsent function| mscc object| e function| t object| oneDS object| awa function| FormBehaviorElement function| applyFocusVisiblePolyfill object| litHtmlVersions3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
docs.microsoft.com/en-us/defender-for-identity | Name: original_req_url Value: https://docs.microsoft.com/en-us/defender-for-identity/atp-domain-dominance-alerts |
|
.docs.microsoft.com/ | Name: ARRAffinity Value: d44c8b38f9bd698444ef5839a5809623a62ae321e453169fc86c5528a3c2e357 |
|
.docs.microsoft.com/ | Name: ARRAffinitySameSite Value: d44c8b38f9bd698444ef5839a5809623a62ae321e453169fc86c5528a3c2e357 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000; includeSubDomains; preload |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
aka.ms
docs.microsoft.com
js.monitor.azure.com
wcpstatic.microsoft.com
23.222.48.85
2620:1ec:46::44
2620:1ec:bdf::45
2a02:26f0:dc:18f::353e
2123315cb05cbeea3c5838b24dd74a924eda65e06ecb3d2e6891fda20e02c267
30366fb3c93cabb928c6c472f03689d8569ae2a0a38aed1137fa1118333642d1
30904908eb2bc733d1d0fda1234256c534c8ab3b73923c3e523e63792bf5e40a
59751809f3469f2bae516a4a094be5186d82a307aa348c49f9cac135e878f215
5f1a0fb6921c50b15dfbdb885cd212747f009d85fd2219f7b4d6e6c9318d43b4
63c12051016796d92bcf4bc20b4881057475e6dfa4937c29c9e16054814ab47d
c688d3f2135b6b51617a306a0b1a665324402a00a6bceba475881af281503ad9
dc38ba12c4c74a9b7f56f1f6c64efcec67ed0ec2e9a258e15eb0d3f35198c40a
e172a02b68f977a57a1690507df809db1e43130f0161961709a36dbd70b4d25f
f8ae8a1dc7ce7877b9fb9299183d2ebb3befad0b6489ae785d99047ec2eb92d1