docs.microsoft.com Open in urlscan Pro
2a02:26f0:dc:18f::353e Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://aka.ms/atasaguide-remotexe
Effective URL:
https://docs.microsoft.com/en-us/defender-for-identity/domain-dominance-alerts
Submission Tags: falconsandbox
Submission: On September 13 via api (September 13th 2022, 3:33:13 pm UTC) from US — Scanned from IT

Summary HTTP 9 Redirects Links 37 Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 3 domains to perform 9 HTTP transactions. The main IP is 2a02:26f0:dc:18f::353e, located in Vienna, Austria and belongs to AKAMAI-ASN1, NL. The main domain is docs.microsoft.com. The Cisco Umbrella rank of the primary domain is 15654.
TLS certificate: Issued by Microsoft Azure TLS Issuing CA 01 on July 14th 2022. Valid for: a year.

This is the only time docs.microsoft.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	23.222.48.85 23.222.48.85	16625 (AKAMAI-AS) (AKAMAI-AS)
2 9	2a02:26f0:dc:... 2a02:26f0:dc:18f::353e	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2620:1ec:bdf::45 2620:1ec:bdf::45	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2620:1ec:46::44 2620:1ec:46::44	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
9	4

1 23.222.48.85 (Amsterdam, Netherlands) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-222-48-85.deploy.static.akamaitechnologies.com

aka.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a02:26f0:dc:18f::353e (Vienna, Austria) 2 redirects

ASN20940 (AKAMAI-ASN1, NL)

docs.microsoft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:bdf::45 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

wcpstatic.microsoft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:46::44 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

js.monitor.azure.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	microsoft.com 2 redirects docs.microsoft.com — Cisco Umbrella Rank: 15654 wcpstatic.microsoft.com — Cisco Umbrella Rank: 8835	827 KB
1	azure.com js.monitor.azure.com — Cisco Umbrella Rank: 4587	61 KB
1	aka.ms 1 redirects aka.ms — Cisco Umbrella Rank: 7187	551 B
9	3

	Domain	Requested by
9	docs.microsoft.com	2 redirects docs.microsoft.com
1	js.monitor.azure.com	docs.microsoft.com
1	wcpstatic.microsoft.com	docs.microsoft.com
1	aka.ms	1 redirects
9	4

This site contains links to these domains. Also see Links.

Domain
go.microsoft.com
www.microsoft.com
github.com
attack.mitre.org
support.microsoft.com
www.virusbulletin.com
aka.ms
techcommunity.microsoft.com

Subject Issuer	Validity	Valid
docs.microsoft.com Microsoft Azure TLS Issuing CA 01	`2022-07-14` - `2023-07-09`	a year	crt.sh
wcpstatic.microsoft.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-10` - `2023-03-10`	a year	crt.sh
js.monitor.azure.com Microsoft Azure TLS Issuing CA 06	`2022-06-26` - `2023-06-21`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://docs.microsoft.com/en-us/defender-for-identity/domain-dominance-alerts
Frame ID: AE7D59EE7DCCE7ED064CF5264A2522B0
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Microsoft Defender for Identity domain dominance security alerts | Microsoft Docs

Page URL History Show full URLs

https://aka.ms/atasaguide-remotexe HTTP 301
https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-domain-dominance-alerts HTTP 301
https://docs.microsoft.com/en-us/defender-for-identity/atp-domain-dominance-alerts HTTP 301
https://docs.microsoft.com/en-us/defender-for-identity/domain-dominance-alerts Page URL

Page Statistics

9
Requests

100 %
HTTPS

75 %
IPv6

3
Domains

4
Subdomains

4
IPs

3
Countries

886 kB
Transfer

3007 kB
Size

3
Cookies

37 Outgoing links

These are links going to different origins than the main page.

URL: https://go.microsoft.com/fwlink/p/?LinkID=2092881
Title: Download Microsoft Edge

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/

Search URL Search Domain Scan URL

URL: https://github.com/Microsoft/ATADocs/blob/main/ATPDocs/domain-dominance-alerts.md

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/tactics/TA0006
Title: Credential Access (TA0006)

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1555/
Title: Credentials from Password Stores (T1555)

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/tactics/TA0002
Title: Execution (TA0002)

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/tactics/TA0008
Title: Lateral Movement (TA0008)

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1059/
Title: Command and Scripting Interpreter (T1059)

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1021/
Title: Remote Services (T1021)

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1059/001/
Title: PowerShell (T1059.001)

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1021/006/
Title: Windows Remote Management (T1021.006)

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/tactics/TA0005
Title: Defense Evasion (TA0005)

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1207/
Title: Rogue Domain Controller (T1207)

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/tactics/TA0003
Title: Persistence (TA0003)

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1003/
Title: OS Credential Dumping (T1003)

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1003/006/
Title: DCSync (T1003.006)

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/tactics/TA0004
Title: Privilege Escalation (TA0004)

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1558/
Title: Steal or Forge Kerberos Tickets (T1558)

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1558/001/
Title: Golden Ticket(T1558.001)

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/download/details.aspx?id=44978
Title: KB3011780

Search URL Search Domain Scan URL

URL: https://support.microsoft.com/help/2496930/ms11-013-vulnerabilities-in-kerberos-could-allow-elevation-of-privileg
Title: KB2496930

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1068/
Title: Exploitation for Privilege Escalation (T1068)

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1210/
Title: Exploitation of Remote Services (T1210)

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1556/
Title: Modify Authentication Process (T1556)

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1556/001/
Title: Domain Controller Authentication (T1556.001)

Search URL Search Domain Scan URL

URL: https://www.virusbulletin.com/virusbulletin/2016/01/paper-digital-bian-lian-face-changing-skeleton-key-malware
Title: Skeleton Key Malware Analysis

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1098/
Title: Account Manipulation (T1098)

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1484/
Title: Domain Policy Modification (T1484)

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1569/
Title: System Services (T1569)

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1543/
Title: Create or Modify System Process (T1543)

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1569/002/
Title: Service Execution (T1569.002)

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1543/003/
Title: Windows Service (T1543.003)

Search URL Search Domain Scan URL

URL: https://aka.ms/MDIcommunity
Title: Check out the Defender for Identity forum!

Search URL Search Domain Scan URL

URL: https://github.com/MicrosoftDocs/atadocs/issues
Title: View all page feedback

Search URL Search Domain Scan URL

URL: https://techcommunity.microsoft.com/t5/microsoft-learn-blog/bg-p/MicrosoftLearnBlog
Title: Blog

Search URL Search Domain Scan URL

URL: https://go.microsoft.com/fwlink/?LinkId=521839
Title: Privacy & Cookies

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/en-us/legal/intellectualproperty/Trademarks/EN-US.aspx
Title: Trademarks

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://aka.ms/atasaguide-remotexe HTTP 301
https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-domain-dominance-alerts HTTP 301
https://docs.microsoft.com/en-us/defender-for-identity/atp-domain-dominance-alerts HTTP 301
https://docs.microsoft.com/en-us/defender-for-identity/domain-dominance-alerts Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request domain-dominance-alerts Show response
docs.microsoft.com/en-us/defender-for-identity/
Redirect Chain

https://aka.ms/atasaguide-remotexe
https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-domain-dominance-alerts
https://docs.microsoft.com/en-us/defender-for-identity/atp-domain-dominance-alerts
https://docs.microsoft.com/en-us/defender-for-identity/domain-dominance-alerts

105 KB
26 KB

288ms
287ms

Document
text/html

2a02:26f0:dc:18f::353e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://docs.microsoft.com/en-us/defender-for-identity/domain-dominance-alerts

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:dc:18f::353e Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

59751809f3469f2bae516a4a094be5186d82a307aa348c49f9cac135e878f215

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: it-IT,it;q=0.9

Response headers

akamai-cache-status: Miss from child, RefreshHit from parent
cache-control: public, max-age=600
content-encoding: gzip
content-length: 25704
content-type: text/html
date: Tue, 13 Sep 2022 15:33:08 GMT
etag: "epddfbHLaIwShi9cFd0Z6OmKionCN368qOJskh25pqM="
expires: Tue, 13 Sep 2022 15:43:08 GMT
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
request-context: appId=cid-v1:b1c5b6ea-7ff0-41d3-9862-84c5e1dc3be7
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-azure-ref: 0s6IgYwAAAADVjQfFJrIyQIC0F4JkBoNVRlJBRURHRTEwMTMANzE2ODkyMGUtOWY1Yi00YTYyLWIxNmUtZDViZTYzY2U2MWU3
x-content-type-options: nosniff
x-datacenter: wus
x-frame-options: SAMEORIGIN
x-rendering-stack: Dynamic
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block

Redirect headers

akamai-cache-status: Miss from child, Miss from parent
cache-control: public, max-age=600
content-length: 0
date: Tue, 13 Sep 2022 15:33:07 GMT
expires: Tue, 13 Sep 2022 15:43:07 GMT
location: /en-us/defender-for-identity/domain-dominance-alerts
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-azure-ref: 0s6IgYwAAAADT0+v5yiooTZY6ZZrddqtdRlJBMjMxMDUwNDE3MDI3ADcxNjg5MjBlLTlmNWItNGE2Mi1iMTZlLWQ1YmU2M2NlNjFlNw==
x-content-type-options: nosniff
x-datacenter: eus
x-frame-options: SAMEORIGIN
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block

GET
H2 200 eb5df998.site-ltr.css
docs.microsoft.com/_themes/docs.theme/master/en-us/_themes/styles/ 501 KB
71 KB 50ms
49ms Stylesheet
text/css 2a02:26f0:dc:18f::353e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://docs.microsoft.com/_themes/docs.theme/master/en-us/_themes/styles/eb5df998.site-ltr.css

Requested by

Host: docs.microsoft.com
URL: https://docs.microsoft.com/en-us/defender-for-identity/domain-dominance-alerts

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:dc:18f::353e Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

30904908eb2bc733d1d0fda1234256c534c8ab3b73923c3e523e63792bf5e40a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://docs.microsoft.com/en-us/defender-for-identity/domain-dominance-alerts
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
x-azure-ref: 03qIfYwAAAABGfZ9ZSKi+SIk/zbLUXS/zTUlMMzBFREdFMDYwOQA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
content-length: 71835
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge
last-modified: Mon, 12 Sep 2022 21:21:00 GMT
x-datacenter: eus
x-frame-options: SAMEORIGIN
date: Tue, 13 Sep 2022 15:33:08 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
content-type: text/css
cache-control: public, max-age=539280
etag: "0x8DA9504B0E0CD78"
akamai-cache-status: Hit from child
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
expires: Mon, 19 Sep 2022 21:21:08 GMT

GET
H2 200 wcp-consent.js Show response
wcpstatic.microsoft.com/mscc/lib/v2/ 273 KB
80 KB 232ms
44ms Script
application/javascript 2620:1ec:bdf::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js
Requested by: Host: docs.microsoft.com
URL: https://docs.microsoft.com/en-us/defender-for-identity/domain-dominance-alerts
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:bdf::45 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: c688d3f2135b6b51617a306a0b1a665324402a00a6bceba475881af281503ad9

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://docs.microsoft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 13 Sep 2022 15:33:07 GMT
content-encoding: gzip
vary: Accept-Encoding
content-md5: X1JOIM5h9UISVFS6+GfEew==
age: 34663
x-cache: CONFIG_NOCACHE
content-length: 81726
x-ms-lease-status: unlocked
last-modified: Wed, 24 Aug 2022 17:34:36 GMT
etag: 0x8DA85F6EA62BF74
x-azure-ref: 0tKIgYwAAAABDOdm7pGFwTb7o1ptyIREKRlJBRURHRTEwMTEAMzliNDYxNTctY2I5ZS00OWI3LWE2NWEtODcyMmEzZjgyNGU0
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 71995d36-d01e-007e-4b35-c7676e000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=43200
x-ms-version: 2009-09-19

GET
H2 200 ms.jsll-3.min.js Show response
js.monitor.azure.com/scripts/c/ 179 KB
61 KB 151ms
38ms Script
text/javascript 2620:1ec:46::44
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://js.monitor.azure.com/scripts/c/ms.jsll-3.min.js
Requested by: Host: docs.microsoft.com
URL: https://docs.microsoft.com/en-us/defender-for-identity/domain-dominance-alerts
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:46::44 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 2123315cb05cbeea3c5838b24dd74a924eda65e06ecb3d2e6891fda20e02c267

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://docs.microsoft.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 15:33:07 GMT
content-encoding: br
x-azure-ref-originshield: 0+aAgYwAAAAAPCfeOwsJoTL62Haf3eEBORlJBMjMxMDUwNDE4MDI3AGYxY2E3M2Q0LTg4ODMtNGNhZi1hYmRjLWZlMmQ1NjdhZmI5Ng==
content-md5: 7cu3ev19VA1NTXfpBIiLPA==
x-cache: TCP_HIT
x-ms-meta-jssdkver: 3.2.6
last-modified: Wed, 31 Aug 2022 16:53:36 GMT
x-ms-meta-jssdksrc: [cdn]/scripts/c/ms.jsll-3.2.6.min.js
etag: 0x8DA8B7159250BCA
x-azure-ref: 0tKIgYwAAAADIVASOVFZNTbXEtG68cXKCWlJIRURHRTA2MTgAZjFjYTczZDQtODg4My00Y2FmLWFiZGMtZmUyZDU2N2FmYjk2
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
x-ms-request-id: d0f9f600-201e-0052-0183-c7949d000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,x-ms-meta-jssdkver,x-ms-meta-jssdksrc,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=1800, immutable, no-transform
x-ms-version: 2009-09-19

GET
H2 200 67a45209.deprecation.js Show response
docs.microsoft.com/_themes/docs.theme/master/en-us/_themes/global/ 1 KB
1 KB 68ms
68ms Script
application/javascript 2a02:26f0:dc:18f::353e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://docs.microsoft.com/_themes/docs.theme/master/en-us/_themes/global/67a45209.deprecation.js

Requested by

Host: docs.microsoft.com
URL: https://docs.microsoft.com/en-us/defender-for-identity/domain-dominance-alerts

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:dc:18f::353e Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

f8ae8a1dc7ce7877b9fb9299183d2ebb3befad0b6489ae785d99047ec2eb92d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://docs.microsoft.com/en-us/defender-for-identity/domain-dominance-alerts
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
x-azure-ref: 0SSEdYwAAAABe/mXdMg3RRbcCTnbjpXeATUlMMzBFREdFMDYxNwA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
content-length: 588
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge
last-modified: Fri, 09 Sep 2022 19:46:04 GMT
x-datacenter: eus
x-frame-options: SAMEORIGIN
date: Tue, 13 Sep 2022 15:33:08 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
content-type: application/javascript
cache-control: public, max-age=375048
etag: "0x8DA929BEEAEA106"
akamai-cache-status: Hit from child
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
expires: Sat, 17 Sep 2022 23:43:56 GMT

GET
H2 200 94471a20.index-docs.js Show response
docs.microsoft.com/_themes/docs.theme/master/en-us/_themes/scripts/ 2 MB
488 KB 93ms
93ms Script
application/javascript 2a02:26f0:dc:18f::353e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://docs.microsoft.com/_themes/docs.theme/master/en-us/_themes/scripts/94471a20.index-docs.js

Requested by

Host: docs.microsoft.com
URL: https://docs.microsoft.com/en-us/defender-for-identity/domain-dominance-alerts

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:dc:18f::353e Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

30366fb3c93cabb928c6c472f03689d8569ae2a0a38aed1137fa1118333642d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://docs.microsoft.com/en-us/defender-for-identity/domain-dominance-alerts
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
x-azure-ref: 03qIfYwAAAADopnUX1zkvTbupVAFHMg8ITUlMMzBFREdFMDYwNwA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
content-length: 497587
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge
last-modified: Mon, 12 Sep 2022 21:21:00 GMT
x-datacenter: eus
x-frame-options: SAMEORIGIN
date: Tue, 13 Sep 2022 15:33:08 GMT
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
content-type: application/javascript
cache-control: public, max-age=539323
etag: "0x8DA9504B0CBC1F1"
akamai-cache-status: Hit from child
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
expires: Mon, 19 Sep 2022 21:21:51 GMT

GET
H2 200 docons.bd23ffe7.woff2
docs.microsoft.com/_themes/docs.theme/master/en-us/_themes/styles/ 14 KB
14 KB 49ms
49ms Font
font/woff2 2a02:26f0:dc:18f::353e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://docs.microsoft.com/_themes/docs.theme/master/en-us/_themes/styles/docons.bd23ffe7.woff2

Requested by

Host: docs.microsoft.com
URL: https://docs.microsoft.com/_themes/docs.theme/master/en-us/_themes/styles/eb5df998.site-ltr.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:dc:18f::353e Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

5f1a0fb6921c50b15dfbdb885cd212747f009d85fd2219f7b4d6e6c9318d43b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://docs.microsoft.com/_themes/docs.theme/master/en-us/_themes/styles/eb5df998.site-ltr.css
Origin: https://docs.microsoft.com
accept-language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
x-azure-ref: 036IfYwAAAABvkl/6lxMPS457FaKpkwZpTUlMMzBFREdFMDYxMAA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
content-length: 14020
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge
last-modified: Mon, 12 Sep 2022 21:21:00 GMT
x-datacenter: eus
date: Tue, 13 Sep 2022 15:33:08 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
content-type: font/woff2
cache-control: public, max-age=539236
etag: "0x8DA9504B0DB5004"
akamai-cache-status: Hit from child
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
expires: Mon, 19 Sep 2022 21:20:24 GMT

GET
H2 200 SegoeUI-Roman-VF_web.woff2
docs.microsoft.com/static/third-party/SegoeUIWeb/1.01.206/ 116 KB
117 KB 52ms
52ms Font
application/octet-stream 2a02:26f0:dc:18f::353e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://docs.microsoft.com/static/third-party/SegoeUIWeb/1.01.206/SegoeUI-Roman-VF_web.woff2
Requested by: Host: docs.microsoft.com
URL: https://docs.microsoft.com/_themes/docs.theme/master/en-us/_themes/styles/eb5df998.site-ltr.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:dc:18f::353e Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 63c12051016796d92bcf4bc20b4881057475e6dfa4937c29c9e16054814ab47d

Request headers

Referer: https://docs.microsoft.com/_themes/docs.theme/master/en-us/_themes/styles/eb5df998.site-ltr.css
Origin: https://docs.microsoft.com
accept-language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 13 Sep 2022 15:33:08 GMT
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}{"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
x-azure-ref-originshield: 02U4WYwAAAAAfhbAGqpKJSorv1ojv3m+NRlJBMjMxMDUwNDE4MDI1ADQ0ZThlNTA3LTRiYTUtNGI3MC04NzBhLTI4MDg0MzhkNmIyYg==
content-md5: vKlyGNyjyxXOAoTLy0UokA==
content-length: 118288
x-ms-lease-status: unlocked
last-modified: Wed, 17 Aug 2022 21:37:40 GMT
etag: 0x8DA8098B63919C7
x-azure-ref: 0160YYwAAAAB/N3ZIN2EnS7Y5fPh31T8aTUlMMzBFREdFMDYxNgA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=static"}]}{"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
content-type: application/octet-stream
access-control-allow-origin: *
x-ms-request-id: e59a2604-c01e-0076-3cef-c04b2e000000
cache-control: max-age=66610
x-ms-version: 2009-09-19
akamai-cache-status: Hit from child
expires: Wed, 14 Sep 2022 10:03:18 GMT

GET
DATA 200
OK truncated
/ 195 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dc38ba12c4c74a9b7f56f1f6c64efcec67ed0ec2e9a258e15eb0d3f35198c40a

Request headers

Referer
Origin: https://docs.microsoft.com
accept-language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 latest.woff2
docs.microsoft.com/static/third-party/SegoeUI/5.32/west-european/italic/ 27 KB
28 KB 50ms
50ms Font
application/octet-stream 2a02:26f0:dc:18f::353e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://docs.microsoft.com/static/third-party/SegoeUI/5.32/west-european/italic/latest.woff2

Requested by

Host: docs.microsoft.com
URL: https://docs.microsoft.com/_themes/docs.theme/master/en-us/_themes/styles/eb5df998.site-ltr.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:dc:18f::353e Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e172a02b68f977a57a1690507df809db1e43130f0161961709a36dbd70b4d25f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://docs.microsoft.com/_themes/docs.theme/master/en-us/_themes/styles/eb5df998.site-ltr.css
Origin: https://docs.microsoft.com
accept-language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 13 Sep 2022 15:33:08 GMT
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}{"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
x-azure-ref-originshield: 0J3IUYwAAAAB/uRuxvV8QR57m9vHx8fMYRlJBMjMxMDUwNDE4MDUxADQ0ZThlNTA3LTRiYTUtNGI3MC04NzBhLTI4MDg0MzhkNmIyYg==
content-md5: KDXuKBsHfKiscoVwIAfIlA==
content-length: 27624
x-ms-lease-status: unlocked
last-modified: Wed, 17 Aug 2022 21:37:40 GMT
etag: 0x8DA8098B631A0CB
x-azure-ref: 0LrsVYwAAAAA7kbYwuyvITZ0dV3fr5WRNTUlMMzBFREdFMDYwOQA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=static"}]}{"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
content-type: application/octet-stream
access-control-allow-origin: *
x-ms-request-id: 00183186-101e-0019-1ed2-bee3fa000000
cache-control: max-age=64048
x-ms-version: 2009-09-19
akamai-cache-status: Hit from child
expires: Wed, 14 Sep 2022 09:20:36 GMT

Verdicts & Comments Add Verdict or Comment

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
docs.microsoft.com/en-us/defender-for-identity	1970-01-20 05:58:03	Name: original_req_url Value: https://docs.microsoft.com/en-us/defender-for-identity/atp-domain-dominance-alerts
.docs.microsoft.com/	1969-12-31 23:59:59	Name: ARRAffinity Value: d44c8b38f9bd698444ef5839a5809623a62ae321e453169fc86c5528a3c2e357
.docs.microsoft.com/	1969-12-31 23:59:59	Name: ARRAffinitySameSite Value: d44c8b38f9bd698444ef5839a5809623a62ae321e453169fc86c5528a3c2e357

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aka.ms
docs.microsoft.com
js.monitor.azure.com
wcpstatic.microsoft.com
23.222.48.85
2620:1ec:46::44
2620:1ec:bdf::45
2a02:26f0:dc:18f::353e
2123315cb05cbeea3c5838b24dd74a924eda65e06ecb3d2e6891fda20e02c267
30366fb3c93cabb928c6c472f03689d8569ae2a0a38aed1137fa1118333642d1
30904908eb2bc733d1d0fda1234256c534c8ab3b73923c3e523e63792bf5e40a
59751809f3469f2bae516a4a094be5186d82a307aa348c49f9cac135e878f215
5f1a0fb6921c50b15dfbdb885cd212747f009d85fd2219f7b4d6e6c9318d43b4
63c12051016796d92bcf4bc20b4881057475e6dfa4937c29c9e16054814ab47d
c688d3f2135b6b51617a306a0b1a665324402a00a6bceba475881af281503ad9
dc38ba12c4c74a9b7f56f1f6c64efcec67ed0ec2e9a258e15eb0d3f35198c40a
e172a02b68f977a57a1690507df809db1e43130f0161961709a36dbd70b4d25f
f8ae8a1dc7ce7877b9fb9299183d2ebb3befad0b6489ae785d99047ec2eb92d1

docs.microsoft.com Open in urlscan Pro 2a02:26f0:dc:18f::353e Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

9 Requests

100 %HTTPS

75 %IPv6

3 Domains

4 Subdomains

4 IPs

3 Countries

886 kBTransfer

3007 kBSize

3 Cookies

37 Outgoing links

Page URL History

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

19 JavaScript Global Variables

3 Cookies

Security Headers

Indicators

docs.microsoft.com Open in urlscan Pro
2a02:26f0:dc:18f::353e Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

100 %
HTTPS

75 %
IPv6

3
Domains

4
Subdomains

4
IPs

3
Countries

886 kB
Transfer

3007 kB
Size

3
Cookies

9 HTTP transactions
1 data transactions