www.huntress.com Open in urlscan Pro
2606:2c40::c73c:67e4 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Submission: On June 01 via manual (June 1st 2022, 9:53:23 am UTC) from ES — Scanned from ES

Summary HTTP 85 Redirects Links 25 Behaviour Indicators

Summary

This website contacted 31 IPs in 5 countries across 25 domains to perform 85 HTTP transactions. The main IP is 2606:2c40::c73c:67e4, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is www.huntress.com. The Cisco Umbrella rank of the primary domain is 940059.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on December 21st 2021. Valid for: a year.

This is the only time www.huntress.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
31	2606:2c40::c7... 2606:2c40::c73c:67e4	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
2	2001:4de0:ac1... 2001:4de0:ac18::1:a:3a	20446 (STACKPATH...) (STACKPATH-CDN)
1	2606:2800:233... 2606:2800:233:66b5:799a:7cd3:f74d:7071	15133 (EDGECAST) (EDGECAST)
1	2606:4700::68... 2606:4700::6811:f0cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2606:4700::68... 2606:4700::6813:9b53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	104.75.88.126 104.75.88.126	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:5714	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	13.226.132.40 13.226.132.40	16509 (AMAZON-02) (AMAZON-02)
4	34.96.102.137 34.96.102.137	15169 (GOOGLE) (GOOGLE)
2	2606:4700:440... 2606:4700:4400::ac40:9ad8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	92.122.146.218 92.122.146.218	16625 (AKAMAI-AS) (AKAMAI-AS)
1	108.157.4.113 108.157.4.113	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f02... 2a03:2880:f02d:100:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
1	2606:4700::68... 2606:4700::6811:45b0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:83ab	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700:440... 2606:4700:4400::6812:21ab	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:eacc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:70b0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	52.206.171.238 52.206.171.238	14618 (AMAZON-AES) (AMAZON-AES)
1	2606:4700::68... 2606:4700::6813:9a53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:4700::68... 2606:4700::6810:5705	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	108.157.4.45 108.157.4.45	16509 (AMAZON-02) (AMAZON-02)
1	143.204.98.32 143.204.98.32	16509 (AMAZON-02) (AMAZON-02)
1	104.244.42.8 104.244.42.8	13414 (TWITTER) (TWITTER)
1	2a00:1450:400... 2a00:1450:4001:803::200a	15169 (GOOGLE) (GOOGLE)
1	52.19.160.254 52.19.160.254	16509 (AMAZON-02) (AMAZON-02)
3	143.204.98.61 143.204.98.61	16509 (AMAZON-02) (AMAZON-02)
2	143.204.101.201 143.204.101.201	16509 (AMAZON-02) (AMAZON-02)
85	31

31 2606:2c40::c73c:67e4 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

www.huntress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4de0:ac18::1:a:3a (Netherlands)

ASN20446 (STACKPATH-CDN, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:233:66b5:799a:7cd3:f74d:7071 (United States)

ASN15133 (EDGECAST, US)

platform.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:f0cc (United States)

ASN13335 (CLOUDFLARENET, US)

cdn2.hubspot.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6813:9b53 (United States)

ASN13335 (CLOUDFLARENET, US)

no-cache.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.75.88.126 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-75-88-126.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
v1.addthisedge.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
m.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5714 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.226.132.40 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-132-40.dus51.r.cloudfront.net

static.userback.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.96.102.137 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 137.102.96.34.bc.googleusercontent.com

dev.visualwebsiteoptimizer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:4400::ac40:9ad8 (United States)

ASN13335 (CLOUDFLARENET, US)

3911692.fs1.hubspotusercontent-na1.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 92.122.146.218 (Milan, Italy)

ASN16625 (AKAMAI-AS, US)
PTR: a92-122-146-218.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.157.4.113 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-157-4-113.dus51.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f02d:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:45b0 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:83ab (United States)

ASN13335 (CLOUDFLARENET, US)

js.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:4400::6812:21ab (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:eacc (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsleadflows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:70b0 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.206.171.238 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-206-171-238.compute-1.amazonaws.com

api.userback.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6813:9a53 (United States)

ASN13335 (CLOUDFLARENET, US)

forms.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6810:5705 (United States)

ASN13335 (CLOUDFLARENET, US)

perf.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.157.4.45 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-157-4-45.dus51.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.98.32 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-32.fra50.r.cloudfront.net

vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.8 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.19.160.254 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-19-160-254.eu-west-1.compute.amazonaws.com

in.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 143.204.98.61 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-61.fra50.r.cloudfront.net

beacon-v2.helpscout.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 143.204.101.201 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-101-201.fra50.r.cloudfront.net

d3hb14vkzrxvla.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
31	huntress.com www.huntress.com — Cisco Umbrella Rank: 940059	2 MB
7	hubspot.com no-cache.hubspot.com — Cisco Umbrella Rank: 10045 app.hubspot.com — Cisco Umbrella Rank: 5898 cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 10595 forms.hubspot.com — Cisco Umbrella Rank: 3005 track.hubspot.com — Cisco Umbrella Rank: 2049	6 KB
4	hsforms.com perf.hsforms.com — Cisco Umbrella Rank: 8836 forms.hsforms.com — Cisco Umbrella Rank: 4421	1 KB
4	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 584 script.hotjar.com — Cisco Umbrella Rank: 713 vars.hotjar.com — Cisco Umbrella Rank: 832 in.hotjar.com — Cisco Umbrella Rank: 1585	67 KB
4	visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com — Cisco Umbrella Rank: 4989	50 KB
3	helpscout.net beacon-v2.helpscout.net — Cisco Umbrella Rank: 10418	33 KB
3	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 1967	16 KB
3	twitter.com platform.twitter.com — Cisco Umbrella Rank: 643 syndication.twitter.com — Cisco Umbrella Rank: 881	133 KB
3	userback.io static.userback.io — Cisco Umbrella Rank: 87414 api.userback.io — Cisco Umbrella Rank: 85707	150 KB
3	addthis.com s7.addthis.com — Cisco Umbrella Rank: 1401 m.addthis.com — Cisco Umbrella Rank: 1364	141 KB
2	cloudfront.net d3hb14vkzrxvla.cloudfront.net	818 B
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 144	86 KB
2	hubspotusercontent-na1.net 3911692.fs1.hubspotusercontent-na1.net	61 KB
2	jquery.com code.jquery.com — Cisco Umbrella Rank: 624	35 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 42	1 KB
1	addthisedge.com v1.addthisedge.com — Cisco Umbrella Rank: 1603	207 B
1	hsadspixel.net js.hsadspixel.net — Cisco Umbrella Rank: 3011	3 KB
1	hsleadflows.net js.hsleadflows.net — Cisco Umbrella Rank: 3970	88 KB
1	hscollectedforms.net js.hscollectedforms.net — Cisco Umbrella Rank: 4882	25 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 1960	20 KB
1	moatads.com z.moatads.com — Cisco Umbrella Rank: 341	1 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 419	2 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 206	16 KB
1	hubspot.net cdn2.hubspot.net — Cisco Umbrella Rank: 6870	2 KB
1	linkedin.com platform.linkedin.com — Cisco Umbrella Rank: 3007	159 KB
85	25

	Domain	Requested by
31	www.huntress.com	www.huntress.com
4	dev.visualwebsiteoptimizer.com	www.huntress.com dev.visualwebsiteoptimizer.com
3	track.hubspot.com
3	beacon-v2.helpscout.net	www.huntress.com beacon-v2.helpscout.net
3	perf.hsforms.com	www.huntress.com
3	js.hs-banner.com	www.huntress.com js.hs-banner.com
2	d3hb14vkzrxvla.cloudfront.net	beacon-v2.helpscout.net
2	platform.twitter.com	www.huntress.com platform.twitter.com
2	connect.facebook.net	www.huntress.com connect.facebook.net
2	3911692.fs1.hubspotusercontent-na1.net	www.huntress.com
2	static.userback.io	www.huntress.com static.userback.io
2	s7.addthis.com	www.huntress.com s7.addthis.com
2	code.jquery.com	www.huntress.com
1	forms.hsforms.com
1	in.hotjar.com	script.hotjar.com
1	fonts.googleapis.com	static.userback.io
1	syndication.twitter.com	platform.twitter.com
1	vars.hotjar.com	static.hotjar.com
1	script.hotjar.com	static.hotjar.com
1	forms.hubspot.com	js.hscollectedforms.net
1	cta-service-cms2.hubspot.com	www.huntress.com
1	m.addthis.com	s7.addthis.com
1	v1.addthisedge.com	s7.addthis.com
1	api.userback.io	static.userback.io
1	app.hubspot.com	www.huntress.com
1	js.hsadspixel.net	www.huntress.com
1	js.hsleadflows.net	www.huntress.com
1	js.hscollectedforms.net	www.huntress.com
1	js.hs-analytics.net	www.huntress.com
1	static.hotjar.com	www.huntress.com
1	z.moatads.com	s7.addthis.com
1	cdn.jsdelivr.net	www.huntress.com
1	cdnjs.cloudflare.com	www.huntress.com
1	no-cache.hubspot.com	www.huntress.com
1	cdn2.hubspot.net	www.huntress.com
1	platform.linkedin.com	www.huntress.com
85	36

This site contains links to these domains. Also see Links.

Domain
huntress.io
support.huntress.io
msrc-blog.microsoft.com
msrc.microsoft.com
twitter.com
app.any.run
billdemirkapi.me
benjamin-altpeter.de
gist.github.com
docs.microsoft.com
cyberdrain.com
doublepulsar.com
www.reddit.com
www.linkedin.com
www.facebook.com
www.youtube.com
www.bizratings.com

Subject Issuer	Validity	Valid
www.huntress.com Cloudflare Inc ECC CA-3	`2021-12-21` - `2022-12-21`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2021-07-14` - `2022-08-14`	a year	crt.sh
platform.linkedin.com DigiCert SHA2 Secure Server CA	`2021-09-10` - `2022-09-10`	a year	crt.sh
hubspot.net Cloudflare Inc ECC CA-3	`2022-05-06` - `2023-05-06`	a year	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2022-03-08` - `2023-03-07`	a year	crt.sh
odc-addthis-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2022-02-27` - `2023-02-28`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-09-21` - `2022-09-20`	a year	crt.sh
*.userback.io Amazon	`2021-09-24` - `2022-10-23`	a year	crt.sh
*.visualwebsiteoptimizer.com Starfield Secure Certificate Authority - G2	`2020-06-19` - `2022-07-06`	2 years	crt.sh
hubspotusercontent-na1.net Cloudflare Inc ECC CA-3	`2022-02-24` - `2023-02-23`	a year	crt.sh
moatads.com DigiCert SHA2 Secure Server CA	`2021-11-27` - `2022-11-29`	a year	crt.sh
*.hotjar.com Amazon	`2021-11-25` - `2022-12-23`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-03-10` - `2022-06-08`	3 months	crt.sh
*.twimg.com DigiCert TLS RSA SHA256 2020 CA1	`2021-10-20` - `2022-10-19`	a year	crt.sh
syndication.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-10-31` - `2022-10-30`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-05-04` - `2022-07-27`	3 months	crt.sh
*.helpscout.net Amazon	`2022-04-18` - `2023-05-16`	a year	crt.sh
*.cloudfront.net Amazon	`2022-02-01` - `2023-01-31`	a year	crt.sh

This page contains 5 frames:

Primary Page: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Frame ID: 3471D57765EC9253F6095B3AC85D92A4
Requests: 78 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: 48E3BAA61C379B125D2A8796AD8F1B48
Requests: 1 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: 87B9B2E5D0B97AE310B8F6C153FDAAE5
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.bbd13993eb53d3a11ac08f5e8cf9d6a4.html?origin=https%3A%2F%2Fwww.huntress.com
Frame ID: F7F0691816063552D8129ED9DA9DC811
Requests: 2 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-63c3a81830bf549dafe40b369003f751.html
Frame ID: 63ABD9C6EBA11D7A91264618FB93BF35
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Rapid Response: Microsoft Office RCE - “Follina” MSDT Attack

Detected technologies

AMP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

<link rel="amphtml"

AddThis (Widgets) Expand

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.linkedin\.com/in\.js

Moat (Analytics) Expand

Overall confidence: 100%
Detected patterns

moatads\.com

Polyfill (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/polyfill\.min\.js

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

85
Requests

99 %
HTTPS

60 %
IPv6

25
Domains

36
Subdomains

31
IPs

5
Countries

3114 kB
Transfer

6598 kB
Size

15
Cookies

25 Outgoing links

These are links going to different origins than the main page.

URL: https://huntress.io/
Title: Partner Login

Search URL Search Domain Scan URL

URL: https://support.huntress.io/
Title: Support Documentation

Search URL Search Domain Scan URL

URL: https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/
Title: https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/

Search URL Search Domain Scan URL

URL: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30190
Title: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30190

Search URL Search Domain Scan URL

URL: https://twitter.com/nao_sec/status/1530196847679401984
Title: first shared by @nao_sec

Search URL Search Domain Scan URL

URL: https://app.any.run/tasks/713f05d2-fe78-4b9d-a744-f7c133e3fafb/
Title: ANY.RUN’s dynamic analysis

Search URL Search Domain Scan URL

URL: https://twitter.com/_JohnHammond/status/1531125503725289472
Title: served a benign payload that would display a message

Search URL Search Domain Scan URL

URL: https://twitter.com/buffaloverflow/status/1531168929925713923
Title: Rich Warren shared

Search URL Search Domain Scan URL

URL: https://billdemirkapi.me/unpacking-cve-2021-40444-microsoft-office-rce/
Title: a blog from Bill Demirkapi

Search URL Search Domain Scan URL

URL: https://twitter.com/_JohnHammond/status/1531170265039781888
Title: any files with fewer than 4096 bytes would not invoke the payload

Search URL Search Domain Scan URL

URL: https://twitter.com/KyleHanslovan/status/1531138449536958465
Title: just the Preview Pane within Windows Explorer

Search URL Search Domain Scan URL

URL: https://benjamin-altpeter.de/shell-openexternal-dangers/
Title: other methods to take advantage of MSDT

Search URL Search Domain Scan URL

URL: https://twitter.com/KyleHanslovan/status/1531114931973767168
Title: its subsequent payload processes

Search URL Search Domain Scan URL

URL: https://gist.github.com/matthewB-huntress/14ab9d309f25a05fc9305a8e7f351089
Title: here

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction?view=o365-worldwide
Title: Attack Surface Reduction

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-worldwide#block-all-office-applications-from-creating-child-processes
Title: Block all Office applications from creating child processes

Search URL Search Domain Scan URL

URL: https://twitter.com/DidierStevens/status/1531033449561264128
Title: remove the file type association for ms-msdt (can be done in Windows Registry HKCR:\ms-msdt or with

Search URL Search Domain Scan URL

URL: https://cyberdrain.com/automating-with-powershell-enable-m365-activity-based-time-out-office-code-execution-fix/
Title: Kelvin Tegelaar’s PowerShell snippet

Search URL Search Domain Scan URL

URL: https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e
Title: Kevin Beaumont’s Blog & Analysis

Search URL Search Domain Scan URL

URL: https://www.reddit.com/r/msp/comments/v0tuvs/ms_office_vuln_polite_warning_about_nearterm/
Title: r/MSP Reddit Community Discussion

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/huntress-labs/

Search URL Search Domain Scan URL

URL: https://twitter.com/huntresslabs

Search URL Search Domain Scan URL

URL: https://www.facebook.com/huntresslabs

Search URL Search Domain Scan URL

URL: https://www.youtube.com/c/Huntress/featured

Search URL Search Domain Scan URL

URL: https://www.bizratings.com/Huntress-Labs-Incorporated

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

85 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request microsoft-office-remote-code-execution-follina-msdt-bug Show response
www.huntress.com/blog/ 124 KB
26 KB 213ms
76ms Document
text/html 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / HubSpot

Resource Hash

d694358d25a4e805db1c4962a3023b21a6563a4884c116a99bf2fe119cddc64c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: es-ES,es;q=0.9

Response headers

cache-control: s-maxage=14400, max-age=0
cf-ray: 71470fb34f606671-MAD
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Wed, 01 Jun 2022 09:53:17 GMT
edge-cache-tag: CT-41801818451,CT-51600661298,CT-57916149348,CT-74847633462,CG-39343107504,P-3911692,L-37647219354,L-38940492861,L-39910029162,W-38387675447,W-38395296852,W-38397117900,CW-37647184939,CW-37647184945,CW-37647219358,CW-37648091485,CW-37648262592,CW-72308060713,E-37640723000,E-37647164007,E-37647184944,E-67886983812,MENU-38387675447,MENU-38395296852,MENU-38397117900,PGS-ALL,SW-4,GC-38395296829,GC-40541068411
etag: W/"89326ec2f6b2dfdeff0663f5947a3b8a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
last-modified: Tue, 31 May 2022 23:30:38 GMT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer-when-downgrade
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5lKE%2B2tR7SW04qTy3uGJpmPcuTMYdJ20roGQ%2BbIzWEyQ3%2BSREEo2%2BxZWMloFptsomSBPH9xprhnRwdtv0xEohsgJjxs2PsuwNyhxHW8BRzf1EQbSV2lGiK4xQ0zD7NPyNABcLYiT5TQDGgfbpQg%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-hs-cache-config: BrowserCache-5s-EdgeCache-180s
x-hs-cache-control: s-maxage=14400, max-age=0
x-hs-cf-cache-status: HIT
x-hs-combine-css: Disabled
x-hs-content-id: 74847633462
x-hs-hub-id: 3911692
x-hs-prerendered: Tue, 31 May 2022 23:30:38 GMT
x-powered-by: HubSpot

GET
H2 200 module_37647219358_POWER_Blog_Post_Header.min.css
www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/37647219358/1639032908209/ 74 B
1 KB 46ms
45ms Stylesheet
text/css 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/37647219358/1639032908209/module_37647219358_POWER_Blog_Post_Header.min.css
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 24846a3f194b09919bf75cec2a1d012653257442cea9342c648d618c8bddd844

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1639032908209
date: Wed, 01 Jun 2022 09:53:17 GMT
via: 1.1 3500e6db5ae43764ed5ca43fc6d56058.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 2985
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
content-encoding: br
x-amz-request-id: 3F5FPKG4111NH9DW
x-amz-id-2: SRSiOTwCCLxoUFFqBd7QT/1zKuMC2qfV9dgvHJqnITyqNSsKRPqOHLGiTySU0qBuJelqdVKkHvc=
last-modified: Thu, 09 Dec 2021 06:55:09 GMT
server: cloudflare
etag: W/"69dec35879b2f3061c26e9b58f93b109"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=24HcW0pYoCuZ17DRa6Ac4ppXHmuPHYUi%2FVy9cwpgitlZJurQMlmRjPpD2%2FSGlpQ9l%2Fmj0BtH%2Fy8%2BH1OlAY7jfETH2OtszN6rAK0Fvjty0QE%2FQsC%2FD303jEPmK0WmYYBAbrq3DO0yFjOW9L8dDOo%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: 49upZA48BAIxdOk80QHxcPVW7u781vZq
x-amz-cf-pop: IAD89-P1
cf-ray: 71470fb3d8646671-MAD
x-amz-cf-id: hEwRvBWc-MfTVnjxmNvNqEaDH4e3BcY3qi16b_cSx_Ml0s-XcBKC9A==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 module_37648262592_POWER_Blog_Post.min.css
www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/37648262592/1649228115024/ 2 KB
1 KB 49ms
48ms Stylesheet
text/css 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/37648262592/1649228115024/module_37648262592_POWER_Blog_Post.min.css
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6a69ee8c3372833b418bb6364b4b3b746900c95bd077be380e9ba121c0f9f1e1

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1649228115024
date: Wed, 01 Jun 2022 09:53:17 GMT
via: 1.1 979084a90b32fe3f5fdc377fb6e67b76.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 2985
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
content-encoding: br
x-amz-request-id: 2J03NGVFBZTXRXEQ
x-amz-id-2: BlpwxEVs4qYoVRpHYSq9+OsXbKCPpF+keTGju9kEa/v2tVhjG5OUErbz+Jtdu/MubG+M82RfsBk=
last-modified: Wed, 06 Apr 2022 06:55:16 GMT
server: cloudflare
etag: W/"5321b460677f8b367503f906b9614ac2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=to7J8z1UgrftNLyb1E3O1v3S3mg9NYs1gMJiT%2Bxs74KWBUTFzgVVtgMjLNR%2BQiAQ6XfPxjiel%2F%2Bzy%2Fd%2BEKRX0uU73u76FeNmIyi6WLSkyfGDX%2Bjy1KBGEDbUyAuWME%2BpbWiz1YPwtfwEwpEBvHc%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: CprVW4MoarJlPQi.GVmQbPXM8vYg97WA
x-amz-cf-pop: IAD89-P1
cf-ray: 71470fb3d8666671-MAD
x-amz-cf-id: FKX_4s0Ivb03jTa03LTqP1K03J-u3IRasT8BbiUpaVJZ6ZqCxNow1w==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 module_72308060713_Blog_Related_post.min.css
www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/72308060713/1652340455542/ 991 B
1 KB 76ms
74ms Stylesheet
text/css 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/72308060713/1652340455542/module_72308060713_Blog_Related_post.min.css
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1f636be67ca5dd2c876b52162f64c68999ec15ac9542a0707082fc1bdb35b726

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1652340455542
date: Wed, 01 Jun 2022 09:53:17 GMT
via: 1.1 68261aebcfc232344da2ef3bf1d3f9ea.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 2985
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
content-encoding: br
x-amz-request-id: NA1VDTXX2B3PA24G
x-amz-id-2: WIWtjqt13ghkM/citSLYMULmvGFJkRHLCMa/A8PhJm4EpGyefQm+Uv2LIulcNUkAKBKWAn57gJA=
last-modified: Thu, 12 May 2022 07:27:36 GMT
server: cloudflare
etag: W/"5933fe28c88a2d1cd57bda0181962919"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XU6RZNm1UWvKNN5ZDViUdTPKIs52xcPWHq4Ao%2FLw8A0JQ8TAnA%2Fvn%2F6f2cWIxam2jXh%2BtR%2Bs5EmgNgAFb5621wHFhWO%2FguUGR%2FResyI5p8YzNVqyQSPsEOLN2Y0bwplHM4hYEE9Q2Fnmkn1Wqpk%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: De1.HUGpQL6_Cf4wDHFopVGIKnHhYjJp
x-amz-cf-pop: IAD89-P1
cf-ray: 71470fb3d8696671-MAD
x-amz-cf-id: gf0ojNOjKWCfrFMkwuyfhXri4fFIZBxjja_D56AaCPOZ6ZhF0kWl0Q==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 module_37648091485_POWER_Footer_Full.min.css
www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/37648091485/1641794761457/ 162 B
1002 B 53ms
52ms Stylesheet
text/css 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/37648091485/1641794761457/module_37648091485_POWER_Footer_Full.min.css
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 63be16a13fa3622f6851b62878300d9826ad06ab20d7ea95910f8c9727b8fe1d

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1641794761457
date: Wed, 01 Jun 2022 09:53:17 GMT
via: 1.1 cea67f5ca1b497624430e599aa6b7c62.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 2985
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
content-encoding: br
x-amz-request-id: AKA1Z8XKEA33YXM2
x-amz-id-2: NFk2ZLWOB1U4PLOS2cv6lvu0bK58GzPINnHtXmjXBuq33qA+M4jXd5hIBXEivm4w9/COoOar+pE=
last-modified: Mon, 10 Jan 2022 06:06:02 GMT
server: cloudflare
etag: W/"acca7405b94b9bccf54bb7cb32501b72"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LsQpsgEa9H6hINAKmKwZcqn25SUFDBNz2XInBJw3OLEtwAdYL0M%2FlUJZa7J7rIh%2Be4aU%2FjNlxS9HpW4M4fnsTPqQZmA%2FlWZ%2FaV90xCrDcOkvc5%2BHyz0VurNk8HGBLpqn5i%2FcuVscAToQkbOds3A%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: 8k.8rvhdgUP.uHixoMh9cgTMERm0Cev5
x-amz-cf-pop: IAD89-P1
cf-ray: 71470fb3d86a6671-MAD
x-amz-cf-id: nrV75uPjpzvci-pidR5ja8Z709byEYDE308Ork75WBuc5Cm5yIIXFw==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 jquery-3.6.0.min.js Show response
code.jquery.com/ 87 KB
30 KB 168ms
53ms Script
application/javascript 2001:4de0:ac18::1:a:3a
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.6.0.min.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:3a , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: nginx /
Resource Hash: ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Origin: https://www.huntress.com
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 01 Jun 2022 09:53:17 GMT
content-encoding: gzip
last-modified: Wed, 16 Feb 2022 10:50:39 GMT
server: nginx
etag: W/"620cd6ff-15d9d"
vary: Accept-Encoding
x-hw: 1654077197.dop003.ml1.t,1654077197.cds211.ml1.hn,1654077197.cds219.ml1.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30875

GET
H2 200 jquery-migrate-3.3.2.min.js Show response
code.jquery.com/ 11 KB
4 KB 229ms
115ms Script
application/javascript 2001:4de0:ac18::1:a:3a
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-migrate-3.3.2.min.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:3a , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: nginx /
Resource Hash: 029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Request headers

Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Origin: https://www.huntress.com
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 01 Jun 2022 09:53:17 GMT
content-encoding: gzip
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
server: nginx
etag: W/"611feac9-2bd8"
vary: Accept-Encoding
x-hw: 1654077197.dop003.ml1.t,1654077197.cds211.ml1.hn,1654077197.cds224.ml1.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 4165

GET
H2 200 in.js Show response
platform.linkedin.com/ 507 KB
159 KB 236ms
52ms Script
text/javascript 2606:2800:233:66b5:799a:7cd3:f74d:7071
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.linkedin.com/in.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:66b5:799a:7cd3:f74d:7071 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (mil/6C7A) /
Resource Hash: 442ca14e2177535f499cc256c1a56c4b449a91e2054f4cb86f91f658eb3ed182

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 01 Jun 2022 09:53:17 GMT
content-encoding: gzip
x-cdn-client-ip-version: IPV6
x-cdn: ECST
age: 2442
x-cache: HIT
x-cdn-proto: HTTP2
content-length: 162501
x-li-uuid: AAXgX0o8nsHUsK47lExA4Q==
server: ECAcc (mil/6C7A)
last-modified: Wed, 01 Jun 2022 09:12:35 GMT
x-li-pop: prod-lva1-x
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
accept-ranges: bytes
x-li-proto: http/1.1
x-li-fabric: prod-lva1
expires: Wed, 1 Jun 2022 10:12:35 GMT

GET
H2 200 layout.min.css
cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1654011060478/hubspot/hubspot_default/shared/responsive/ 5 KB
2 KB 161ms
86ms Stylesheet
text/css 2606:4700::6811:f0cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1654011060478/hubspot/hubspot_default/shared/responsive/layout.min.css
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f0cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fd6940e379f3a5bce837aa343f505a30625d72035166fd9ce533bf3c89a01aba

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1654011061455
date: Wed, 01 Jun 2022 09:53:17 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 66081
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uAZRQ6%2BDhQP3T%2BsbNcDHDlLwhUDCz8BztDN8uhbBdMHZpsWGELaT5sZgmwBdcNXNms97tPW6v4A7G7J6UE5skRsSaFUhG9%2FkySM5UhXjgQmQiPPv4ix5Bse%2Fb09GGW92cuVKFZf947iDI9%2BGfVM%3D"}],"group":"cf-nel","max_age":604800}
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
last-modified: Tue, 31 May 2022 15:31:02 GMT
server: cloudflare
etag: W/"9f9a6966dba1dd51f323a16b2f27584b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-cf-pop: IAD89-P1
cf-ray: 71470fb44c6086bc-MAD
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 pwr.min.css
www.huntress.com/hs-fs/hub/3911692/hub_generated/template_assets/37640723000/1653281052125/HL_Theme_2021/Coded_Files/ 249 KB
42 KB 49ms
49ms Stylesheet
text/css 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.huntress.com/hs-fs/hub/3911692/hub_generated/template_assets/37640723000/1653281052125/HL_Theme_2021/Coded_Files/pwr.min.css
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 96af1198e5efb6aaa0cc4a654068b4095799d36a1ccdce8f9f6b35d1234e3064

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1653281052853
date: Wed, 01 Jun 2022 09:53:17 GMT
via: 1.1 d591fee4e3f29cf0e3380368d25b4a40.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1866
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
content-encoding: br
x-amz-request-id: Q5GQAYD1JP0P1R2F
x-amz-id-2: II29lLep3aq1OgLDdLBm3f4ofcW/lGVv+nfT20Uvbzo5CgffgRwyMTxREx+/V38sHNXQVuiFPec=
last-modified: Mon, 23 May 2022 04:44:13 GMT
server: cloudflare
etag: W/"4a04b3d5c7ad6ca79e2e14ece1119e7f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xxvY6x4QHUkLdoV6dSo7SoVtqsdsIMTQxcUHCMS2QYMg%2B0C5wCMyeNBkuFcK5EpOaEBlr2d99hRugcPigMgVndqFDT65edUUv4ZRBeGQVZc64j3jMv2yha8arXRAQgW3rdP1ZDij6T%2FyV2SQZiU%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: _VM9zrJgidR.qBg6qO.jzyhuCXKU9Egp
x-amz-cf-pop: IAD89-P1
cf-ray: 71470fb3d86b6671-MAD
x-amz-cf-id: Ia8xob0N49PbbNHJwkyBek-vSDKbm4TIvMpdPhmM71aRelOioup4qQ==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 custom-styles.min.css
www.huntress.com/hs-fs/hub/3911692/hub_generated/template_assets/37647184944/1652445298503/HL_Theme_2021/Coded_Files/ 5 KB
2 KB 60ms
59ms Stylesheet
text/css 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.huntress.com/hs-fs/hub/3911692/hub_generated/template_assets/37647184944/1652445298503/HL_Theme_2021/Coded_Files/custom-styles.min.css
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4adb21f3fb8f2c89998efab4262933ba3eedf06ca49473157002193cf21a1c78

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1652445298563
date: Wed, 01 Jun 2022 09:53:17 GMT
via: 1.1 3d65275b81abaf880be10de6f2c71e9a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1865
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
content-encoding: br
x-amz-request-id: N1HGBV6FG2RMX293
x-amz-id-2: 5DGmODi67eFJ3IgyGFnR9VTOHSa5Ivf2pl7XVcSi6h/zn+WDKeTD4xqO5jR1h6yHDXYSFvcwJn0=
last-modified: Fri, 13 May 2022 12:34:59 GMT
server: cloudflare
etag: W/"afbac7d16ae2994b2b83e81a3da8adbd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wtaHAN9px4xe32vbsh%2F9flbSCIYqOIoh0ehmgO%2Bt0Ghn1Txu3NXgQpThamE3E6KvfUjJAe55J%2FHHbnvFpjkGILr%2FwApIyd2sxrFIhiLSuaiIwGpo0aXgSVT6i0h0lcYvfZiFpwNbgygAa4jtdrg%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: CcViKn8DI_r037oze9i.40t6YCf0i9uZ
x-amz-cf-pop: IAD89-P1
cf-ray: 71470fb3d86e6671-MAD
x-amz-cf-id: spJFexgdsYAUDl84fWB7RDFg4VkGIpbwei7hceIQOiJOYXj-xrXAFQ==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 40e39240-8f28-4247-989e-af913fc5ff6d.png
no-cache.hubspot.com/cta/default/3911692/ 1 KB
2 KB 273ms
194ms Image
image/png 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/3911692/40e39240-8f28-4247-989e-af913fc5ff6d.png

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f7bdf8f9ec125444bedd4c013d5b956636ea5b8407e0b60c991a361f65beab99

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 01 Jun 2022 09:53:18 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: QPS65MQERG2SVYGZ
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1039
x-amz-id-2: DL1kWJosq1JFeAOvSfOHxYGEpksJMwx9WS/5FxihocYs/q7Z3JOLxIQcYq9OzFi59eNEQVnpOVE=
last-modified: Wed, 21 Jul 2021 14:21:28 GMT
server: cloudflare
etag: "79b5475fbb2abb884386550a797d2e28"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gG8YumHJaNPISHK8H%2FSsr5hi2JfOGZuh2hpQ00UBRMRS6qYWBPb6HoyKqcZTNx7E1vXKmTHrd9WGDEIIdP8DdCClbbLHrYIu%2BAmnj96LJTBvV3UKOLseWhwR9iFbjEy4BhaC1mswlUduFQX6OGp7ZK3l"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: no-cache, no-store
accept-ranges: bytes
cf-ray: 71470fb6bdb7666c-MAD

GET
H2 200 current.js Show response
www.huntress.com/hs/cta/cta/ 16 KB
6 KB 56ms
56ms Script
application/javascript 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/hs/cta/cta/current.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

46b48c2cb2ba7e9deae742d0ee002166e145e11961de0bee3a58fb2cf59ec58d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 01 Jun 2022 09:53:17 GMT
via: 1.1 9c6666844f92bfc6b8685747b641abc6.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 252
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=cta-embed-js/static-1.79/bundles/current.js&cfRay=71470989105566a7-MAD
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-encoding: br
cf-ray: 71470fb55b9c6671-MAD
last-modified: Tue, 26 Apr 2022 03:48:51 UTC
server: cloudflare
etag: W/"5987c6bd527810fdff046c43530ff512"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=msgC0NCt0OWxo4vSw%2Bj6aQezgFnyxxm%2Bc2o93JQruIDdhqjRd8DmILzAwILjC2yFKMLvg8QKQHmG9sgm%2FrcTbpnN7y%2Bd0iHxt4CG2hDU7ITGFTPUDx5nuZq0GEJrEO1hfHTLswpj6Za88bCh2Is%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 4c3vhOthrOiBsQHUYobIqea6mR1gtgs.
cache-control: max-age=600
x-hs-cache-status: HIT
x-amz-cf-pop: IAD89-P2
content-type: application/javascript; charset=utf-8
x-amz-cf-id: SndER_R2jSizmJ6mjjsVLRBFrQ17sEyTRp6aoBmvaCFffb8fQbYxvg==
x-hs-target-asset: cta-embed-js/static-1.79/bundles/current.js

GET
H2 200 Huntress-1.svg
www.huntress.com/hubfs/ 17 KB
13 KB 93ms
92ms Image
image/svg+xml 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.huntress.com/hubfs/Huntress-1.svg
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e5fae83c7b1bc318026072592130f5d8ac977970ad81b79218dd442235a59b6e

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-encoding: br
x-amz-meta-cache-tag: F-39773583794,P-3911692,FLS-ALL
age: 1001754
x-amz-server-side-encryption: AES256
edge-cache-tag: F-39773583794,P-3911692,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
x-amz-request-id: 8F40AWB7WYJBWNN8
etag: W/"5eb7f12b49ec4085bccb33be62bc3fe9"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
x-amz-meta-created-unix-time-millis: 1609832613811
date: Wed, 01 Jun 2022 09:53:17 GMT
via: 1.1 d5395aef0c58da123cbcc801b71e308c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: MRS52-P2
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
x-amz-meta-index-tag: all
x-amz-id-2: uP+vjOLlcUDThmagKi21TQY1C4Uxh8BnNWAMPnMenvDJO8j32914or0Mnoxx0pz3sNKWOWFmsPQ=
last-modified: Tue, 05 Jan 2021 07:43:34 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GdiU8hL8ZDyozvpulhNd7fJ1QaIHCQCNZaUPs75pKzU%2F1RKrlG%2BOF7pctHrs%2BvbHkFgM6SpkqibSJT%2FlVvN2USy2qS%2BAGapuNbS%2B227eF6xXagaMDP7Mb%2Fcc3h6ErKBU7jQni4Z0sk%2FYoiv6QTQ%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: jsS8.Qyl076AnWtAah4sMmKUd0P8VNuI
cf-ray: 71470fb63dd86671-MAD
x-amz-cf-id: r8sRKknDhyV4Mx1Gf9PcS9nYmjaoHZlTop-A8m8UxyYm4ViJA81vXA==

GET
H2 200 addthis_widget.js Show response
s7.addthis.com/js/300/ 353 KB
114 KB 578ms
66ms Script
application/javascript 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/300/addthis_widget.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-75-88-126.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
server: nginx/1.15.8
etag: W/"5f971164-5834c"
vary: Accept-Encoding
x-distribution: 99
content-type: application/javascript
cache-control: public, max-age=600
date: Wed, 01 Jun 2022 09:53:18 GMT
x-host: s7.addthis.com
content-length: 116425

GET
H2 200 John%20Hammond.jpeg
www.huntress.com/hs-fs/hubfs/ 74 KB
74 KB 61ms
59ms Image
image/webp 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.huntress.com/hs-fs/hubfs/John%20Hammond.jpeg?width=290&name=John%20Hammond.jpeg
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2cf5fbf0146a6e2e553f3ce52a1ed5a36127f61c739a745a2b9b8a8d0e1e480a

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 01 Jun 2022 09:53:17 GMT
via: 1.1 615f410a3a080a335933e9fa08c15260.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 171530
cf-polished: origFmt=png, origSize=140876
edge-cache-tag: F-40724769622,P-3911692,FLS-ALL
content-disposition: inline; filename="John%20Hammond.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
content-length: 75390
x-amz-server-side-encryption: AES256
last-modified: Tue, 10 May 2022 02:50:51 GMT
server: cloudflare
x-cache: RefreshHit from cloudfront
etag: "f605cbc8399942d730ea6d586346326c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Eu0%2FzUxOvUTwH9RuX0%2B7PszqUEr7wSF0KVHJzM8ibTnWSqlJUAIXDvV38IVI60dclJqCwe%2B6l%2BwFksGEUsfZOdKEEvxUlOdOE3%2FBhLw9KCg2lb42psM%2ByKUSiwkqY0F0Q9L0y7k3NVxLLuaUiB0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-P1
accept-ranges: bytes
cf-ray: 71470fb63dd96671-MAD
x-amz-cf-id: UZ8EomrK_ce1ldnY5pE2tRvrQae3Ut2FQ2i-cATu1xrMyK5zsEkYpw==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 Biz-1.svg
www.huntress.com/hubfs/ 2 KB
2 KB 56ms
55ms Image
image/svg+xml 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.huntress.com/hubfs/Biz-1.svg
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8635796c350308ea6419713250a1cae02120881c6cc990f3b0562821201e7266

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-encoding: br
x-amz-meta-cache-tag: F-55369190472,P-3911692,FLS-ALL
age: 338765
x-amz-server-side-encryption: AES256
edge-cache-tag: F-55369190472,P-3911692,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
x-amz-request-id: TNEQY7V9MZQDN2NC
etag: W/"10aa3cb3029e1f043563140e89d76c8d"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
x-amz-meta-created-unix-time-millis: 1631771480774
date: Wed, 01 Jun 2022 09:53:17 GMT
via: 1.1 56eff4217adb539e7a42fbab3eee2d4c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: MAD51-C2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-meta-index-tag: all
x-amz-id-2: PqdD4nHY4ssLY60vjI4zMEMQyn+xNfziePl9+c5+v2zzFeB2ymR85X6/COutbw7oNeLHeQAeLXk=
last-modified: Thu, 16 Sep 2021 05:51:21 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tLZGgd1b8bVGCoL0gKhazGwepk%2FmGX2WsHE6lE561TL4iqZ6wosxyWejuiHDvtwhE23prFKco2Y7VnYwrMgw08zAHpF5eSluX4duDV16ZOHauMlGFkPekGMOkI0f5mzpSB0JWTjGPSEK8TR3lZk%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: pb30Lhh_yVZl.AlHg0LSscg9tyoyIBsR
cf-ray: 71470fb63ddd6671-MAD
x-amz-cf-id: LSWNhcw9id0tYgG2xJ9dOEPZrJP_7OWOvBS_gE--r-S29MGcX1FSTQ==

GET
H2 200 pwr.min.js Show response
www.huntress.com/hs-fs/hub/3911692/hub_generated/template_assets/37647164007/1637133935735/HL_Theme_2021/Coded_Files/ 152 KB
39 KB 60ms
60ms Script
application/javascript 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.huntress.com/hs-fs/hub/3911692/hub_generated/template_assets/37647164007/1637133935735/HL_Theme_2021/Coded_Files/pwr.min.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: a08b4400caa63756c56947620874d75d9d5cc728a8e835467950bc1f7a7afe7f

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1637133937943
date: Wed, 01 Jun 2022 09:53:17 GMT
via: 1.1 2ca1a2664d288773b443dc5e52a8b5b8.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 2985
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
content-encoding: br
x-amz-request-id: 4QV7RCNDFFFBG9AZ
x-amz-id-2: nKYV6zsVlW4NE6qx9GEuWId95NqO0071e/k24ZCBjGFgvnU/RxCgUlXUThd+yJYeDrGOhFHpKRc=
last-modified: Wed, 17 Nov 2021 07:25:38 GMT
server: cloudflare
etag: W/"f6ba5af59dfedb9a5e806ec21f8e0e02"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YJvjof8ATILotlZR%2FCsJgLsbN%2BfjL5p5D9PjXEj0xeTyj00gJeHj6osnI2bJ34rGS%2BD91pga7dTlXZBdisjuJszjJ%2BfE47LFdi27f7AvLfgKYAhNm3diJru0Nq79lspdGjoGBHbMsccP8sMwpe4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: GQ1VeV_WP9RlDo4Ls73CSaJMLMGGo1BD
x-amz-cf-pop: IAD89-P1
cf-ray: 71470fb60d3b6671-MAD
x-amz-cf-id: DULd49i6aEhKaldhhgIOrY1MlO6-HnNFlGzu7JTVAk64txLAQB0X-g==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 project.js Show response
www.huntress.com/hs/hsstatic/cos-i18n/static-1.53/bundles/ 1 KB
1 KB 56ms
54ms Script
application/javascript 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 01 Jun 2022 09:53:17 GMT
via: 1.1 17a71b4bf5d35b398b0fd90a5cd154a7.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 17599609
x-amz-server-side-encryption: AES256
cf-ray: 71470fb63dcb6671-MAD
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-encoding: br
last-modified: Tue, 09 Nov 2021 16:12:42 GMT
server: cloudflare
etag: W/"61ca66de658cab9587e4636894680d5d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Tj7hwiUk0sNOO3Rkrzsa93sDyM4ovykKGuajRwSTj5Fvfp3OrbeJdCi4cZYWJeThcefj3KeUekNDSK0vWSgBBO6wI3ZlIuItJehdCvJIwCxlopyAxT%2FWsmmH9u4q9xbj4JTIqRdOLpyd1xMYjTw%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
cache-control: public, max-age=31536000
x-amz-cf-pop: MAD50-C1
content-type: application/javascript
x-amz-cf-id: Qy-vw-AwwLQgxSWl6Oql-IdIQ9DvOFWgm3MD7JxXembtdboWQlyh-A==
expires: Thu, 01 Jun 2023 09:53:17 GMT

GET
H2 200 project.js Show response
www.huntress.com/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/ 2 KB
1 KB 55ms
53ms Script
application/javascript 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fb56af9f7623a55839dfb9cf019b05664a62e1b41671d925f3ed587c506443b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 01 Jun 2022 09:53:17 GMT
via: 1.1 86b86f43445d5446c8b16910b2a9b8f9.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 14929524
x-amz-server-side-encryption: AES256
cf-ray: 71470fb63dce6671-MAD
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
content-encoding: br
last-modified: Wed, 19 Aug 2020 22:24:11 GMT
server: cloudflare
etag: W/"ef84f26c310485299d6b75777414eddb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UUHfhfGgLd5jq4XoLydcy75LIVh%2Bbsi14fF1WZEN0himEVH4eTVcPY5hWSax4ohXXV7fxNtt0vgv%2FnM5lbnbM6k7RkraXYAQQ7qdHGnYlfKX6TvWMXZqK%2FNNWEz2Y5i5d9FOfirzyTuNIuxLRgQ%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: gEenO44eZUewxnIWfgj9q6LB.g9OszNv
cache-control: public, max-age=31536000
x-amz-cf-pop: MAD50-C1
content-type: application/javascript
x-amz-cf-id: USTyA3xEJjlkrtn1TvQ0LtM4aHjmzB7GtRBWUH5L0Nnx6CAdK1HPig==
expires: Thu, 01 Jun 2023 09:53:17 GMT

GET
H2 200 sticky.min.js Show response
www.huntress.com/hs-fs/hub/3911692/hub_generated/template_assets/67886983812/1646636852236/HL_Theme_2021/Coded_Files/ 3 KB
2 KB 63ms
61ms Script
application/javascript 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.huntress.com/hs-fs/hub/3911692/hub_generated/template_assets/67886983812/1646636852236/HL_Theme_2021/Coded_Files/sticky.min.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 11bcaa66e2e5486338bbf15bc2af4136962618bd84574c350c82c501d64f6868

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1646636852583
date: Wed, 01 Jun 2022 09:53:17 GMT
via: 1.1 470d4277236d0557f3e42c6bfe9dac78.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1865
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
content-encoding: br
x-amz-request-id: 0EP4ZN099PKQ08KT
x-amz-id-2: 2JvZF0ZLfTHpZ8r0xUN/wHTZ1mmeaeJu0UMTDkAV9HJdgX9Wmv9RlKTIm3eanu/PoxkQlileSIk=
last-modified: Mon, 07 Mar 2022 07:07:33 GMT
server: cloudflare
etag: W/"55ae62a2138b0ac2dad2cd6f3fc3decb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A%2BcgrV3ugnZxBJN9pDNZuaWmZ5%2FMz9j9CLMpokOp5d5EMZG1%2BfAyiCGM7OCl3kdbb6OapC5WBCJXRTD%2BTsdvrAKKcF9%2FBJcVYo7RN9pgU0Kn6UwZbr%2FXwQRRIPRg3RGIdJN8Pm2mEmfRiAYt2Yg%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: oIU6rHYsVQSZOhrGoqvW7sFAXkwuMMSC
x-amz-cf-pop: IAD89-P1
cf-ray: 71470fb63dd16671-MAD
x-amz-cf-id: hi7yC2t2-z0QVqkHUphJdXDob67xx94EQmnvi_R6m4KXBy02UmScMA==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 module_72308060713_Blog_Related_post.min.js Show response
www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/72308060713/1652340455413/ 365 B
924 B 64ms
62ms Script
application/javascript 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/72308060713/1652340455413/module_72308060713_Blog_Related_post.min.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3367498692c5f6cdc662369af915c0c2f13b7f6af9e67a522d2e7fc1b3299364

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1652340455413
date: Wed, 01 Jun 2022 09:53:17 GMT
via: 1.1 4ee1745ee3cece0fab563f5a32ba165a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1865
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
content-encoding: br
x-amz-request-id: 72V148JDJ020RM8V
x-amz-id-2: nmVyF+iKg8cxCWRKuoZPO5paCYhXMuYmkbXgbSz7BkoELrKKf3cm8DaeYRQ9IcMIMA/25lTwFWo=
last-modified: Thu, 12 May 2022 07:27:36 GMT
server: cloudflare
etag: W/"136cb371b82e4f0a84d11b654e92bb11"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Df3JwB85CE16dvfVf1r0SH7vTSV04NKt7yb7ugIDvDO21l3KGTR2BVVNAAW2oDPJHAyH%2B0In%2FLd%2Fn5qPjKg4VJzzhND1OJIfUL%2B4oe%2BGyNUE9yPZ1BTXrX5al6Awqf%2F8RrWppH7GOhHvIkdxo%2Fc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: By5VD22S9plIcLXworDDDM2qz0x5DE.a
x-amz-cf-pop: IAD89-P1
cf-ray: 71470fb63dd26671-MAD
x-amz-cf-id: OXOrczd5GtKKsc51q_C2TjVKpQVx0hP6XOQrtNxOTrb9Ex6881C2LA==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 v2.js Show response
www.huntress.com/_hcms/forms/ 585 KB
148 KB 61ms
59ms Script
application/javascript 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/_hcms/forms/v2.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

99b339bc73a2fc0d4b5d522d9ea92e14cbcc7fd6d09c01d0468ee8ff3f5d76c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 01 Jun 2022 09:53:17 GMT
via: 1.1 68d323cfd4a0f1ae252f92c083654190.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 298
x-amz-server-side-encryption: AES256
cf-ray: 71470fb63dd36671-MAD
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-encoding: br
last-modified: Thu, 26 May 2022 10:16:33 UTC
server: cloudflare
etag: W/"8e787568a774ef6576b357a500149886"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2sQWXX64hSrhGQTJqN865APZigGDso7jPml39OYoNsx4CoqgYtGpxQ2Uzl%2FSZhutpKPuHKl8zJ5Ot3RdsBsDciNqELly1Va7iyprp4t0%2FOW%2Fz2weH4MlyzVT%2B9WdG22l4MTm11Q8lbkj76IgViY%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: p6q9N0Kk3x.Xx1vsG_I4Xpq2EH4VShWu
access-control-allow-origin: *
cache-control: s-maxage=600, max-age=0
x-hs-cache-status: HIT
x-amz-cf-pop: IAD89-P2
content-type: application/javascript; charset=utf-8
x-amz-cf-id: NT_I1qoH3S4FOMyqmWjm32xc-YWVvq2uy0QZo4GVy5byq9ZKPefrMA==
x-hs-target-asset: FormsNext/static-5.502/bundles/project_with_deps.js

GET
H2 200 3911692.js Show response
www.huntress.com/hs/scriptloader/ 2 KB
1 KB 59ms
58ms Script
application/javascript 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.huntress.com/hs/scriptloader/3911692.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0082201ba45d908fa593074d0f1394488eba115e810458e389eaaa9b6855a16b

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 01 Jun 2022 09:53:17 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 6
cf-polished: origSize=2517
cf-bgj: minify
x-hubspot-correlation-id: ae363ab1-6ee1-4f87-90bf-9f991b26f64b
last-modified: Wed, 01 Jun 2022 09:53:11 GMT
server: cloudflare
x-trace: 2BA4848562B22F4AADFDA865D001D6C81BBCF59194000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3600
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2io4QMB5C4U4NjO7EmGkSNxFnRW%2BIkYCY5Oywga34mqehmt5nJjreDcvz%2Fq2QqUw1SCpVAcZNLOikuJw%2BJDtE6uhYdqiHktTk%2BB9EgNVt4TvBXFyyDi3H3ScYuL6gsYGXcayE10xn56iGnT%2BuKw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.huntress.com
cache-control: public, max-age=60
access-control-allow-credentials: true
cf-ray: 71470fb63de06671-MAD
expires: Wed, 01 Jun 2022 09:54:17 GMT

GET
H2 200 index.js Show response
www.huntress.com/hs/hsstatic/HubspotToolsMenu/static-1.128/js/ 11 KB
4 KB 91ms
90ms Script
application/javascript 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/hs/hsstatic/HubspotToolsMenu/static-1.128/js/index.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f8b8c8146d6359d62410c5da0c4573717f95f8a2e79fcdf1c3ab242a70d10488

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 01 Jun 2022 09:53:17 GMT
via: 1.1 e39311b8bbf120eef85be5222b7fadac.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 4999137
x-amz-server-side-encryption: AES256
cf-ray: 71470fb66e466671-MAD
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-encoding: br
last-modified: Fri, 25 Mar 2022 12:04:14 GMT
server: cloudflare
etag: W/"fabb1243bed29fd93cc5e0ce02ce9114"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KBTiwR3TxNh6Wbi5wCZP6CKCxvUBcmSyLWuzokhFmRNjWJ9PnNP64YFfmFmuyfgXaEvXlkEvlZshkxuwgzx%2FPIrZwBRueESlE3ukLRfF0kDB3HqWbHVtCTFNpAwF0qKTLbUN1L5LPtap6RFlRB8%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: ye98kzU383wl95_ydpYD.3IraNY6l134
cache-control: public, max-age=31536000
x-amz-cf-pop: MAD50-C1
content-type: application/javascript
x-amz-cf-id: PLa-YIi__6bYSDnPSPv9iBKKY6yMaLhpULYVB_DNTkOcDyrXb_pyrA==
expires: Thu, 01 Jun 2023 09:53:17 GMT

GET
H2 200 polyfill.min.js Show response
cdnjs.cloudflare.com/ajax/libs/js-polyfills/0.1.42/ 69 KB
16 KB 111ms
43ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/js-polyfills/0.1.42/polyfill.min.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd77c41d41a299d224e36572ee84e734bb53f2c56b3babe78619ec413d56d68a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 01 Jun 2022 09:53:17 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1170190
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 15998
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:11:50 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec6-11405"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tgNIDE7QadN4qRMhWW%2BNz58d3aETVJbeIvC0ZtqTm%2BeL%2BMRho1X9YECA8rvy9Y8Q0FtFILm7deAH1Uf6NcCSch5zZ7X3%2FxhTsmgmstOdFekkzVCRsdiGh083mjsWXilSs4O2uR%2BBO%2B0W7NY80vrHMzHI"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 71470fb6a8da6677-MAD
expires: Mon, 22 May 2023 09:53:17 GMT

GET
H2 200 lozad.min.js Show response
cdn.jsdelivr.net/npm/lozad/dist/ 3 KB
2 KB 115ms
41ms Script
application/javascript 2606:4700::6810:5714
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/lozad/dist/lozad.min.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

98e15110586a9877906d7a4ada5a789c0deaa285600027e1f3c7e925fb4b05b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 01 Jun 2022 09:53:17 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
fastly-original-body-size: 1256
age: 1053
x-jsd-version: 1.16.0
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19122-FRA, cache-mad22046-MAD
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"c17-/CtD5WDEW7iHrdmPF7CEBoqSMss"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pZTEHnm5I%2BwSYMAP%2B3xHt5vbY%2FNI2NetsmSOWue%2BZuCng%2BfhGd824%2FL%2BOL2A5MI%2BNhMcEvqXk5ZHb46z9HyTQqxdrhwTudsXtOZOyL1SnSLp6yl7ouBX8HuqzO9VQ5OIxrxEYL9RyOBStu36VdE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
cf-ray: 71470fb6abae6695-MAD

GET
H2 200 v1.js Show response
static.userback.io/widget/ 464 KB
137 KB 200ms
66ms Script
application/javascript 13.226.132.40
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.userback.io/widget/v1.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.132.40 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-132-40.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d4365ff12232598deda2e07ef83d35e91a09e074b38744f2b7990d6bf69a1b10

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 01 Jun 2022 06:51:04 GMT
content-encoding: gzip
last-modified: Mon, 16 May 2022 23:25:28 GMT
server: AmazonS3
age: 10934
etag: W/"979ca9c7b6232b40f4d3726d14014c0d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 d0be2eec997f966c9c7eb03ae2f75c30.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: cwwGydCJ-GH6mxT2MyKezc4iWdeLnSAcwt_Bu29yZOxYb9zbtvvp_w==

GET
H2 200 j.php Show response
dev.visualwebsiteoptimizer.com/ 5 KB
2 KB 163ms
94ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=620982&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fmicrosoft-office-remote-code-execution-follina-msdt-bug&f=1&r=0.4785091208069967
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gbel1 /
Resource Hash: 8c8fbd364ea7ff8c165bed74d5b0400c67a08054db1b1393bb5ab490b28c63be

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 01 Jun 2022 09:53:17 GMT
via: 1.1 google
server: gbel1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H2 200 HKNova-Regular.woff2
3911692.fs1.hubspotusercontent-na1.net/hubfs/3911692/HT_2021/fonts/HK_Nova/ 32 KB
33 KB 141ms
65ms Font
application/font-woff2 2606:4700:4400::ac40:9ad8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://3911692.fs1.hubspotusercontent-na1.net/hubfs/3911692/HT_2021/fonts/HK_Nova/HKNova-Regular.woff2
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/hs-fs/hub/3911692/hub_generated/template_assets/37640723000/1653281052125/HL_Theme_2021/Coded_Files/pwr.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9ad8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d9cdf9b8cd47c0a17356ff68e2581021800a4c86dd8d71aaf0ad5cfe025b114e

Request headers

Referer: https://www.huntress.com/
Origin: https://www.huntress.com
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-38491779608,FD-38491499040,P-3911692,FLS-ALL
age: 264905
x-amz-server-side-encryption: AES256
edge-cache-tag: F-38491779608,FD-38491499040,P-3911692,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
x-amz-request-id: 9BRKB9VN1ACDR60C
etag: "5a3239585a66868a9109bab6273f0a26"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
x-amz-meta-created-unix-time-millis: 1607406808501
date: Wed, 01 Jun 2022 09:53:17 GMT
via: 1.1 c297fc1c701a784a294131e9afa72b22.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-cf-pop: LHR50-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-meta-index-tag: all
content-length: 32892
x-amz-id-2: H5p/wCH+CxkgiYP3MdvGclHfxfpzGG1rLpWp7yTh3AiqnKKjICuFt+x9+gn3ss3/rLfYYKnH1+Y=
last-modified: Tue, 08 Dec 2020 05:53:29 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-amz-version-id: y1_7cBbebzu1P55qghtsCfIzqKHObY4N
accept-ranges: bytes
cf-ray: 71470fb6bd32d651-MAD
x-amz-cf-id: SFOH_nMUsN2miB9WsOWqNL5hvxzpXsoMnNf3d9BojA-eKJj6-6HKuw==

GET
H2 200 Blog-ThreatAnalysis_Follina%200-day.png
www.huntress.com/hubfs/ 814 KB
816 KB 71ms
70ms Image
image/webp 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.huntress.com/hubfs/Blog-ThreatAnalysis_Follina%200-day.png
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 53557947eac2a467943dff75fae4a77a36bde47bda10a75f03ccfa5167ba6909

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-74883237767,P-3911692,FLS-ALL
age: 151176
x-amz-server-side-encryption: AES256
edge-cache-tag: F-74883237767,P-3911692,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="Blog-ThreatAnalysis_Follina%200-day.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
x-amz-request-id: 56MB750PB19WWSA9
cf-bgj: imgq:85,h2pri
etag: "b63b9033119292d4e92d7ebb20521eac"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
x-amz-meta-created-unix-time-millis: 1653925620924
date: Wed, 01 Jun 2022 09:53:17 GMT
via: 1.1 e9fa09c7497a12fe8b4961214200fa70.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: MAD51-C2
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=1244775
x-cache: RefreshHit from cloudfront
x-amz-meta-index-tag: all
content-length: 833790
x-amz-id-2: CjzJ2dzQqMlV7eCB0QYAJ4ewk9E2SMnw24ZFzGDm2lgJVkCbosiTPp24Fa+nG8Ge+VxF+KHbnrw=
last-modified: Mon, 30 May 2022 15:47:02 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MXobG0hnv3H4TLfwscxEcDzGnattUpcBSVqqRuMtXhQq6XFUUOm9VwIGeSgCYb0jqjYDmAn9U4ZD9nr218MM9inukxQZN9UzeGLWGw3qnUXgBd3A%2Bkg0opzL%2BL9M4dN3RFZ%2Bg%2FAKtx1%2B%2BW361ms%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: PUHWmc5XlRNXxa3hgut7JUKa_pLPmmRv
accept-ranges: bytes
cf-ray: 71470fb66e486671-MAD
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-cf-id: mheY4ymLvQUst3OfsTxSCAjGUlcHsj7QE5ioEBVxrk3GdtchcNR1qA==

GET
H2 200 visuelt-black.woff2
3911692.fs1.hubspotusercontent-na1.net/hubfs/3911692/HT_2021/fonts/Visuelt/ 28 KB
28 KB 125ms
67ms Font
application/font-woff2 2606:4700:4400::ac40:9ad8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://3911692.fs1.hubspotusercontent-na1.net/hubfs/3911692/HT_2021/fonts/Visuelt/visuelt-black.woff2
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/hs-fs/hub/3911692/hub_generated/template_assets/37640723000/1653281052125/HL_Theme_2021/Coded_Files/pwr.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9ad8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b990552df973348baaa61af6a11d527c465edb14339f38e25d112b2a1a72ab0e

Request headers

Referer: https://www.huntress.com/
Origin: https://www.huntress.com
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-38492600914,FD-38492172814,P-3911692,FLS-ALL
age: 264905
x-amz-server-side-encryption: AES256
edge-cache-tag: F-38492600914,FD-38492172814,P-3911692,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
x-amz-request-id: 4M747F4FDXDKT33F
etag: "80407703322249fe13bbef5596e9e414"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
x-amz-meta-created-unix-time-millis: 1607408610505
date: Wed, 01 Jun 2022 09:53:17 GMT
via: 1.1 e57031b360acd70025578ff666736976.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-cf-pop: LHR50-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-meta-index-tag: all
content-length: 28504
x-amz-id-2: hZNUOQn0L1H4D22rEqoo4hSI1Jlf3MquVi6LVaOM6G+JjAzMvFPNEVdFhcU3yvYLRcXnCv7BEso=
last-modified: Tue, 08 Dec 2020 06:23:31 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-amz-version-id: zgv.hEhHVdSF2XuwUP4L0JY36hLML11L
accept-ranges: bytes
cf-ray: 71470fb6bd33d651-MAD
x-amz-cf-id: IkL0elCOE391UgL_Ip8XW0zc82Tu2XPKyrdZgS38__Zy5bosvqxv4w==

GET
H3 200 tag-4e5ae245e0308303b7081a62262a6e0c.js Show response
dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWdxdWVyeQ==/ 167 KB
47 KB 85ms
52ms Script
text/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWdxdWVyeQ==/tag-4e5ae245e0308303b7081a62262a6e0c.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/j.php?a=620982&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fmicrosoft-office-remote-code-execution-follina-msdt-bug&f=1&r=0.4785091208069967
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gbel1 /
Resource Hash: c49c0ab8d0cc4f37a75cb9a8c4f59687a4c6874da58c1b873a485cd00d82c04a

Request headers

Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Origin: https://www.huntress.com
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 01 Jun 2022 09:53:18 GMT
content-encoding: br
last-modified: Tue, 31 May 2022 12:59:32 GMT
server: gbel1
etag: "62961134-bccc"
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48332
via: 1.1 google

GET
H2 200 v.gif
dev.visualwebsiteoptimizer.com/ 35 B
214 B 126ms
126ms Image
image/gif 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=620982&d=huntress.com&u=D61DBA10AFA483FA7AC742B4189AEF04B&h=79fdf1a49e5f701617b277139e421cae&t=false&r=0.810623729916625

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

137.102.96.34.bc.googleusercontent.com

Software

gnv3c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Jun 2022 09:53:17 GMT
via: 1.1 google
x-content-type-options: nosniff
server: gnv3c
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 10 Jan 2005 00:00:01 GMT

GET
H3 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 859 B
530 B 53ms
52ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=620982&settings_type=1&vn=7.0&r=0.4666478169222881
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWdxdWVyeQ==/tag-4e5ae245e0308303b7081a62262a6e0c.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gbel1 /
Resource Hash: d77743b5e14f7329db6ae2c42c696960a49cda585f29c09035154d78880a49ed

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 01 Jun 2022 09:53:18 GMT
via: 1.1 google
server: gbel1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H2 200 moatframe.js Show response
z.moatads.com/addthismoatframe568911941483/ 2 KB
1 KB 200ms
52ms Script
application/x-javascript 92.122.146.218
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 92.122.146.218 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a92-122-146-218.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 01 Jun 2022 09:53:18 GMT
content-encoding: gzip
last-modified: Fri, 08 Nov 2019 20:13:52 GMT
server: AmazonS3
x-amz-request-id: 1889F9B3DBD6519F
etag: "f14b4e1f799b14f798a195f43cf58376"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=55268
accept-ranges: bytes
content-length: 948
x-amz-id-2: 3UIrMqGlZwY0KhvMQZfloXs4nnkFTT22BMoy01WcRw0t941ypt5C/Q39M+UifAMgZfwuQP5iPnU=

GET
H2 200 Blog-Virtual-event-exploit.png
www.huntress.com/hs-fs/hubfs/ 92 KB
93 KB 51ms
51ms Image
image/webp 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.huntress.com/hs-fs/hubfs/Blog-Virtual-event-exploit.png?width=600&name=Blog-Virtual-event-exploit.png
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9374d6c171d32b82502fa4cc8dcf759faeb35119c7bcb6d1482f693278dfc98a

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 01 Jun 2022 09:53:18 GMT
via: 1.1 cea67f5ca1b497624430e599aa6b7c62.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 171530
cf-polished: origFmt=png, origSize=178223
edge-cache-tag: F-41802000531,P-3911692,FLS-ALL
x-amz-storage-class: INTELLIGENT_TIERING
content-disposition: inline; filename="Blog-Virtual-event-exploit.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
content-length: 94422
x-amz-server-side-encryption: AES256
last-modified: Tue, 10 May 2022 19:20:11 GMT
server: cloudflare
x-cache: RefreshHit from cloudfront
etag: "f5889a79171e92fec0dbbf05c57def47"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pSA51X62WuwY%2FkI6r%2Fz9Cr%2B%2BqPMcJKwSzZcLa2IrayaSTz4rh3%2FOVDSr00vKSkJRBoADWE6cvuKiTOTrQcGYe9G9gpIynEyOYhUl2cNN7DnPmGQJFdKnYz6xLdhPnG2zfvHgJq6xitt4fv6DB0Y%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-P1
accept-ranges: bytes
cf-ray: 71470fbaa81a6671-MAD
x-amz-cf-id: V9-ItHWJYirsnhCNKnr_y56T4fD4CFrZBE00ASO9kNVjc9VzCkhBPw==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 Huntress-Blog-Assisted-Remediation-in-Action-Final.png
www.huntress.com/hs-fs/hubfs/ 158 KB
159 KB 58ms
57ms Image
image/webp 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.huntress.com/hs-fs/hubfs/Huntress-Blog-Assisted-Remediation-in-Action-Final.png?width=600&name=Huntress-Blog-Assisted-Remediation-in-Action-Final.png
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2cc396bc55397996a318aa9d4302d467c9deca7af71fb809f8da89f317693e36

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 01 Jun 2022 09:53:18 GMT
via: 1.1 de349bd2105a0a744704f391ff854e62.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 20663
cf-polished: origFmt=png, origSize=290013
edge-cache-tag: F-51604825895,P-3911692,FLS-ALL
x-amz-storage-class: INTELLIGENT_TIERING
content-disposition: inline; filename="Huntress-Blog-Assisted-Remediation-in-Action-Final.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
content-length: 162092
x-amz-server-side-encryption: AES256
last-modified: Tue, 31 May 2022 20:26:06 GMT
server: cloudflare
x-cache: RefreshHit from cloudfront
etag: "cd3f7311e23aa79c8bb954e236310d15"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uwH69b%2BOHRfJaqJy26VIoU2pjgag9fexKLwq3nW4x%2FavRd7E9TajDYc4SnV6chtV1eHo6h6TTrOyc2vXo19f0Rx4HHz%2Fu%2Blxu%2Bp2g0F7W8fBL%2BBAKT%2F7ZPnvttmnvhz18mMxFOW5dPEaaXtLqYk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-P1
accept-ranges: bytes
cf-ray: 71470fbaa81b6671-MAD
x-amz-cf-id: -iNSq8rzzQ_969SwU821ZEE5jYZHkQVIG-Ds_1CjdEwA_EJwXToRQA==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 Blog-ThreatAnalysis-BQE.png
www.huntress.com/hs-fs/hubfs/ 79 KB
79 KB 54ms
54ms Image
image/webp 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.huntress.com/hs-fs/hubfs/Blog-ThreatAnalysis-BQE.png?width=600&name=Blog-ThreatAnalysis-BQE.png
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 41a3f1ffe1c2c8ef087dc9a0574ba968422e6bcd9d4baca76eaa533b834bc8b4

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 01 Jun 2022 09:53:18 GMT
via: 1.1 2a6e657acb4fd3f6aee2e3da45e44642.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 36980
cf-polished: origFmt=png, origSize=163406
edge-cache-tag: F-57917229335,P-3911692,FLS-ALL
content-disposition: inline; filename="Blog-ThreatAnalysis-BQE.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
content-length: 80386
x-amz-server-side-encryption: AES256
last-modified: Wed, 11 May 2022 20:41:47 GMT
server: cloudflare
x-cache: RefreshHit from cloudfront
etag: "6d13ba935f82f03425acc361f9445a0e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2rXE7R8LV6TpWfV8uRdfw0WVYb7L1sCkoDkAfdsEiJQH6Whept8jLBFoUgKqY0i8cAkDW6QvC3z5ZN62pIBmnu5umYwMaN6IXMpK3P7xeswowaeoYkBGap7TpG5NXkpkKWHOYK%2BQNrgmSwOyB2Q%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-P1
accept-ranges: bytes
cf-ray: 71470fbaa81e6671-MAD
x-amz-cf-id: UU3dCHcJPorBsPgraOVi-SJLcU2r53spRU-bgFP9lCqWOioHIf3Vug==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 AGk0z-Nw863bCoqJyqzHawiKjw85aE9B9niLdyjI8nP81oRTrKc3jO2Nc8LQJsFb1HBEWOTC3ARSMY2bdKpAWlse1ZI3UO7LLPrsOmzH8A8=s940.png
www.huntress.com/hs-fs/hubfs/Imported%20sitepage%20images/ 78 KB
80 KB 73ms
72ms Image
image/webp 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.huntress.com/hs-fs/hubfs/Imported%20sitepage%20images/AGk0z-Nw863bCoqJyqzHawiKjw85aE9B9niLdyjI8nP81oRTrKc3jO2Nc8LQJsFb1HBEWOTC3ARSMY2bdKpAWlse1ZI3UO7LLPrsOmzH8A8=s940.png?width=800&name=AGk0z-Nw863bCoqJyqzHawiKjw85aE9B9niLdyjI8nP81oRTrKc3jO2Nc8LQJsFb1HBEWOTC3ARSMY2bdKpAWlse1ZI3UO7LLPrsOmzH8A8=s940.png
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 208a3e1f89faac87d6265ada98bddb6c97c8e3ad8515a49333771cd0fccba8a7

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-74852991414,FD-74854980023,P-3911692,FLS-ALL
age: 101270
x-amz-server-side-encryption: AES256
edge-cache-tag: F-74852991414,FD-74854980023,P-3911692,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="AGk0z-Nw863bCoqJyqzHawiKjw85aE9B9niLdyjI8nP81oRTrKc3jO2Nc8LQJsFb1HBEWOTC3ARSMY2bdKpAWlse1ZI3UO7LLPrsOmzH8A8=s940.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
x-amz-request-id: JYQFRB6YCVKN9PPY
cf-bgj: imgq:85,h2pri
etag: "628672b4bb3bc1cdcc09d7451d91cb87"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
x-amz-meta-created-unix-time-millis: 1653902142240
date: Wed, 01 Jun 2022 09:53:18 GMT
via: 1.1 0fb7843fe80b8fea4dc0d4946b492a40.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: MAD56-P1
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=133352
x-cache: RefreshHit from cloudfront
x-amz-meta-index-tag: all
content-length: 80368
x-amz-id-2: KgZw6+3uf/jRs54QCfucmQMyKv8PKLLJPI0DjzlhMpYwpgJTRYd4AIS8pZ69IPIf5uazFIzCMXg=
last-modified: Mon, 30 May 2022 09:15:43 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MXsPAAmcgwTwbZMWYPwFi%2FL4QGQIowJzrUmxqFkYbXBvcTstqVR81LZyHMuO6CVc5NMRigRxTbi7tZUq4NDD7%2F01jaNCpMMUYC4uJQWEcodZ4f%2Fe9KiQt8c7AaCmA8H9yYsVsLNtzcfcRaB3z18%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: xTTnfB3IlwJkere8XPfUiXqahGRWAFKD
accept-ranges: bytes
cf-ray: 71470fbac8496671-MAD
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-cf-id: _RxuncYjHTRuTE46OAK9iG5odppfBH_j1AHa_rj9wAJB_yP2I_XwLg==

GET
H2 200 AGk0z-Mh2jUKtAL6bGu7KnQBIxCBYLzG96FJhvWysAiXJhfMjqPJhB55rQrc-ObOELbgQ6YMcXD5LX4SS-1aoqsRsx-Rt_cfslfz151U1FA=s1600.png
www.huntress.com/hs-fs/hubfs/Imported%20sitepage%20images/ 178 KB
179 KB 52ms
51ms Image
image/webp 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.huntress.com/hs-fs/hubfs/Imported%20sitepage%20images/AGk0z-Mh2jUKtAL6bGu7KnQBIxCBYLzG96FJhvWysAiXJhfMjqPJhB55rQrc-ObOELbgQ6YMcXD5LX4SS-1aoqsRsx-Rt_cfslfz151U1FA=s1600.png?width=800&name=AGk0z-Mh2jUKtAL6bGu7KnQBIxCBYLzG96FJhvWysAiXJhfMjqPJhB55rQrc-ObOELbgQ6YMcXD5LX4SS-1aoqsRsx-Rt_cfslfz151U1FA=s1600.png
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: ab43689f857d368e24794db3a32682ac8f39e1502495a6d6804399b9bc004208

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 01 Jun 2022 09:53:18 GMT
via: 1.1 349b149961d8d2361c29d4be4b5847f2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 171603
cf-polished: origFmt=png, origSize=235960
edge-cache-tag: F-74853078801,FD-74854980023,P-3911692,FLS-ALL
x-amz-storage-class: INTELLIGENT_TIERING
content-disposition: inline; filename="AGk0z-Mh2jUKtAL6bGu7KnQBIxCBYLzG96FJhvWysAiXJhfMjqPJhB55rQrc-ObOELbgQ6YMcXD5LX4SS-1aoqsRsx-Rt_cfslfz151U1FA=s1600.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
content-length: 181900
x-amz-server-side-encryption: AES256
last-modified: Mon, 30 May 2022 09:26:11 GMT
server: cloudflare
x-cache: RefreshHit from cloudfront
etag: "f5e0be1efc28bfed599b83d4a083faba"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iO6vF8AM6UC4oKWGxFv1b3IAzjK0ruQiGInFagPDdqEcoZRqlVaPlLdMfubdy7nTwSMAeSsixBYFqgwAcveUu56aOon%2FfkeYvz18WYNzVHJ4caC%2BLasC3gAOUHHapWvAu4tFZXvKPVmY%2FwK5ERg%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-P1
accept-ranges: bytes
cf-ray: 71470fbac84b6671-MAD
x-amz-cf-id: fsHGwcNNblYGExAbNDBXXf4YvrPYOrQrRozxR6r7vIaP9k9rIWiYdQ==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 AGk0z-NzyeIhzJVD1QdOetaZ2sUrDFl6qNPO5AcWdKj6sBXrxC1e42aj2wED0QUnClPyvP-YY18KALWbKqCziwpSJPvjiWCn5F0q_JbyLQc=s1592.png
www.huntress.com/hs-fs/hubfs/Imported%20sitepage%20images/ 22 KB
24 KB 96ms
95ms Image
image/webp 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.huntress.com/hs-fs/hubfs/Imported%20sitepage%20images/AGk0z-NzyeIhzJVD1QdOetaZ2sUrDFl6qNPO5AcWdKj6sBXrxC1e42aj2wED0QUnClPyvP-YY18KALWbKqCziwpSJPvjiWCn5F0q_JbyLQc=s1592.png?width=800&name=AGk0z-NzyeIhzJVD1QdOetaZ2sUrDFl6qNPO5AcWdKj6sBXrxC1e42aj2wED0QUnClPyvP-YY18KALWbKqCziwpSJPvjiWCn5F0q_JbyLQc=s1592.png
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: ae12c234365e8bcc6511fedeb8dbf2d7df8ce2f3d32fd2d634abcdb54da91959

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-74852991609,FD-74854980023,P-3911692,FLS-ALL
age: 139945
x-amz-server-side-encryption: AES256
edge-cache-tag: F-74852991609,FD-74854980023,P-3911692,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="AGk0z-NzyeIhzJVD1QdOetaZ2sUrDFl6qNPO5AcWdKj6sBXrxC1e42aj2wED0QUnClPyvP-YY18KALWbKqCziwpSJPvjiWCn5F0q_JbyLQc=s1592.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
x-amz-request-id: 4YA157E5MK4DD1P6
cf-bgj: imgq:85,h2pri
etag: "accf7f30242ee5ec73adbdb93d762755"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
x-amz-meta-created-unix-time-millis: 1653902260158
date: Wed, 01 Jun 2022 09:53:18 GMT
via: 1.1 18d8826259eea2f8aa83b2a4ea085086.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: MAD51-C2
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=60762
x-cache: RefreshHit from cloudfront
x-amz-meta-index-tag: all
content-length: 22868
x-amz-id-2: LnNeYx8ORme731wIVMY3AcJfYOEogtJb1JIEZ5otN6jrKexicY3QtaXkiO5JsigSxG+OYGutpiM=
last-modified: Mon, 30 May 2022 09:17:41 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xzeWnJ%2FQ0gQYKMo8kVqtIh9u%2B7KeaDbnt7HJO7OudkcbnQ2Fnp3CuOwy1pNr7SF2R6315p3jH8JdS9qcfOGqmU6ESRFx2U9%2BIWqC7S%2BFwmEv7QtFJIk3Yc7eyWbzbJKoGVxyDHAUf0eEVWM5xz8%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: E1qk1s_IGf8_Iwsjtgeg7PsUAOJ28ztj
accept-ranges: bytes
cf-ray: 71470fbac84e6671-MAD
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-cf-id: MxCcAc7J5aR7HUfmfYDOjQOozmFw0JDcd1mnZvJLLDl-KCtT-crbKw==

GET
H2 200 AGk0z-MJoFmNdQJPwfxEz5YrwtbzKby74JE1PYdd2HNcbRZkFnm9kxt36GHjiocX_zFwUoeOypcH-KE7wjK27CVOSvLzjI2pWqVWHyPWE1c=s1600.png
www.huntress.com/hs-fs/hubfs/Imported%20sitepage%20images/ 212 KB
213 KB 55ms
54ms Image
image/webp 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.huntress.com/hs-fs/hubfs/Imported%20sitepage%20images/AGk0z-MJoFmNdQJPwfxEz5YrwtbzKby74JE1PYdd2HNcbRZkFnm9kxt36GHjiocX_zFwUoeOypcH-KE7wjK27CVOSvLzjI2pWqVWHyPWE1c=s1600.png?width=800&name=AGk0z-MJoFmNdQJPwfxEz5YrwtbzKby74JE1PYdd2HNcbRZkFnm9kxt36GHjiocX_zFwUoeOypcH-KE7wjK27CVOSvLzjI2pWqVWHyPWE1c=s1600.png
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf95112a502127623014f195fe42fdf0636238e0f70389b8fc931dab411b6272

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 01 Jun 2022 09:53:18 GMT
via: 1.1 a12c29ca3e64ac2015cf4f6c9099b8ce.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 166622
cf-polished: origFmt=png, origSize=346673
edge-cache-tag: F-74853078944,FD-74854980023,P-3911692,FLS-ALL
x-amz-storage-class: INTELLIGENT_TIERING
content-disposition: inline; filename="AGk0z-MJoFmNdQJPwfxEz5YrwtbzKby74JE1PYdd2HNcbRZkFnm9kxt36GHjiocX_zFwUoeOypcH-KE7wjK27CVOSvLzjI2pWqVWHyPWE1c=s1600.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
content-length: 217312
x-amz-server-side-encryption: AES256
last-modified: Mon, 30 May 2022 09:31:24 GMT
server: cloudflare
x-cache: RefreshHit from cloudfront
etag: "2b8047176d2ff7e1a08a2b4cab688ab6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uqEM39ESj7wPSNK0u3eGJ8rS7Elr%2BbWGgXZMMu5xrC1LDq02HWc1kUD13sdF2eylV9ADEfZL6of5H3phn%2F4hXh1M085MwcwOZuCA4aNrMe46mpcIYapFpNIMCWDm0lQ2b9B2%2BrdCTXBJKQYmSO4%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-P1
accept-ranges: bytes
cf-ray: 71470fbac8516671-MAD
x-amz-cf-id: ZvtR4HV-yqXh4zgYZ5oUtC5kVeNGdfL_IhLrvD-KNBh36Fs2nprZig==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 json Show response
www.huntress.com/_hcms/forms//embed/v3/form/3911692/0f842dff-d924-4a4a-9858-febb784ae367/ 7 KB
3 KB 198ms
197ms XHR
application/json 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/_hcms/forms//embed/v3/form/3911692/0f842dff-d924-4a4a-9858-febb784ae367/json?hutk=

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/_hcms/forms/v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4dabba4f477b98b976009a1feb6ebedcf186f9d8676989e1f0a50d0b3e654033

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept: application/json, text/javascript
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
X-Requested-With: XMLHttpRequest
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-origin-hublet: na1
date: Wed, 01 Jun 2022 09:53:18 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: f6d5656e-3582-46de-828f-cec1ad1cceac
cf-ray: 71470fbae8986671-MAD
access-control-allow-methods: OPTIONS, GET
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
x-trace: 2B460E02D2E93D993E71F43BEE94BC67F1B08EB85C000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 180
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ErM70GdNPO3V3TzSRJS0K9ng1nyDM1sNsY6YYpekIR%2BVnO7ifCCnK74JZwrYb4j1Hwl4h9S8IVAonexr%2BCKur%2Bd13jMML%2FWygRb%2BKafWyDu1%2Bwq9hjkgPv%2FjE0WeyPkyuOhukKP7mvivvSpRtPo%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json;charset=utf-8
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
access-control-allow-headers: *

GET
H2 200 hotjar-2159185.js Show response
static.hotjar.com/c/ 4 KB
2 KB 257ms
103ms Script
application/javascript 108.157.4.113
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2159185.js?sv=6

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.157.4.113 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-157-4-113.dus51.r.cloudfront.net

Software

Resource Hash

a891616286796f854fd2a7431a3965ebbb1413f75f5bbdc8e817eb3c82f8c306

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 01 Jun 2022 09:53:18 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
x-amz-cf-pop: DUS51-P2
etag: W/d4e0eb0f229cff9837decbbc16456d66
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
cross-origin-resource-policy: cross-origin
x-amz-cf-id: hM9Bz1Skcr85OHkSesyS0LtWjXGFwQfMz3ml30g-Dk5Q24z7lGWJ5A==
via: 1.1 68ce2f06efd4c9639aadce9f9d7fb096.cloudfront.net (CloudFront)

GET
H2 200 all.js Show response
connect.facebook.net/en_GB/ 3 KB
2 KB 176ms
58ms Script
application/x-javascript 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/all.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

4c3ac175639b27d0c6f61af54c079cd571adc679e34ba9ebe6047bee5243cd42

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: yvYffKB6OJWJNJOOwZe3/w==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 1687
x-fb-rlafr: 0
x-fb-debug: Tp3N4cx2h7YoxC81CVIuWG5dTU0hFevcXje9O5hoEo2mzmuKTyIknIHtV4vhvI1BFD2Hq19soFew+kiHbX70sQ==
x-fb-trip-id: 917726464
x-fb-content-md5: 9ab374a85ff3167368711d2eba578bd6
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Wed, 01 Jun 2022 09:53:18 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "995b57789fdc4fb38afa3b8f0021e355"
timing-allow-origin: *
expires: Wed, 01 Jun 2022 10:07:54 GMT

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 97 KB
29 KB 237ms
52ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (mil/6CF6) /
Resource Hash: 2b37b00f9400fedda05e3feb73c40b2a19af5fbd2d2d327c39e9476cff3dd9c8

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date: Wed, 01 Jun 2022 09:53:18 GMT
Content-Encoding: gzip
Age: 829
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: "x-cache;desc= HIT,x-tw-cdn;desc=",edge;dur=1
Content-Length: 29461
x-tw-cdn: VZ
Last-Modified: Sun, 15 May 2022 20:06:46 GMT
Server: ECS (mil/6CF6)
Etag: "f1369725ba22125b0df0251e74090aa0+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800

GET
H2 200 3911692.js Show response
js.hs-analytics.net/analytics/1654077000000/ 62 KB
20 KB 259ms
182ms Script
text/javascript 2606:4700::6811:45b0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1654077000000/3911692.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/hs/scriptloader/3911692.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:45b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 548fbd7d6ae9c307f6c00cf6b7f87f83853918ce97f13954e8b9ce3417897734

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 01 Jun 2022 09:53:18 GMT
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: 7VRGS105EFFMWHZ7
x-amz-server-side-encryption: AES256
cf-ray: 71470fbb6cc7fefc-MAD
x-amz-id-2: ntgEhX9g9r8Rt90srJ7cF3HarPt9vZcZ3crN1PxTHyMLk/jqPTCU5YllDaZfOAbIUF+1gT54gvg=
last-modified: Thu, 14 Apr 2022 15:17:41 GMT
server: cloudflare
etag: W/"bdb79f6cd9352ac52dbdb8ed0cedffde"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: null
cache-control: max-age=300, public
access-control-allow-credentials: false
content-type: text/javascript
expires: Wed, 01 Jun 2022 09:58:18 GMT

GET
H2 200 collectedforms.js Show response
js.hscollectedforms.net/ 72 KB
25 KB 126ms
50ms Script
application/javascript 2606:4700::6811:83ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hscollectedforms.net/collectedforms.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/hs/scriptloader/3911692.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:83ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8309531b6b2107c16edd77efa774374f935a7924a84c7bae72973f19b962e0e5

Request headers

Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Origin: https://www.huntress.com
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 01 Jun 2022 09:53:18 GMT
via: 1.1 cfb94084ba0615910dd15548de7c4c5e.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 1865
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=collected-forms-embed-js/static-1.278/bundles/project.js&cfRay=7146e2302aa769e5-IAD
x-cache: Hit from cloudfront
access-control-max-age: 3000
x-amz-replication-status: COMPLETED
content-encoding: br
cf-ray: 71470fbb6cb369f0-MAD
last-modified: Thu, 19 May 2022 12:56:36 UTC
server: cloudflare
etag: W/"9bdc82a581dc188ff306ce5ac3c3e170"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
x-amz-version-id: w6kD440dVLHBLSxXlQNkz9NYzxhkbh3c
access-control-allow-origin: *
cache-control: s-maxage=86400, max-age=0
x-hs-cache-status: MISS
x-amz-cf-pop: IAD89-P2
content-type: application/javascript; charset=utf-8
x-amz-cf-id: tGqyAxpCLH9_KEyWcIgfWTJe6XNm-PDnLft6PJYDX-0U3L1_Z5-0QA==
x-hs-target-asset: collected-forms-embed-js/static-1.278/bundles/project.js

GET
H2 200 3911692.js Show response
js.hs-banner.com/ 60 KB
16 KB 130ms
54ms Script
text/javascript 2606:4700:4400::6812:21ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/3911692.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/hs/scriptloader/3911692.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:21ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b72a7de5ea5adb72b4deb50850995f81c875a8610f8963b7c6621520bd0a7fd8

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 01 Jun 2022 09:53:18 GMT
content-encoding: br
cf-cache-status: HIT
age: 4
x-amz-server-side-encryption: AES256
content-type: text/javascript; charset=UTF-8
access-control-max-age: 604800
x-amz-request-id: DMQ1QDJ281ZD23GG
x-amz-id-2: DqkPPLztPVewTsRdzxa7TGvZ0ourdqZQhDJA6KcK98ErGS9tK2QcyI6bE4rMdl+nCQa5MS+W9ug=
timing-allow-origin: *
last-modified: Fri, 27 May 2022 15:47:56 GMT
server: cloudflare
etag: W/"2033f6872556311493101c65eceb4f3e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-amz-version-id: WxSqFydhKthFKF1PLYL7_0RuOWyAO0In
access-control-allow-origin: https://www.huntress.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300, public
access-control-allow-credentials: true
cf-ray: 71470fbb6f2886c6-MAD
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
expires: Wed, 01 Jun 2022 09:58:14 GMT

GET
H2 200 leadflows.js Show response
js.hsleadflows.net/ 547 KB
88 KB 132ms
57ms Script
application/javascript 2606:4700::6811:eacc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hsleadflows.net/leadflows.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/hs/scriptloader/3911692.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:eacc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a7f34d8a360138562c84cb056d4fcf2ea1f696ddc1035b23dbfe473fc577b9d2

Request headers

Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Origin: https://www.huntress.com
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 01 Jun 2022 09:53:18 GMT
via: 1.1 dbb909966903df95f63a00d4241f7b7c.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 2083
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=lead-flows-js/static-1.1090/bundle/main/lead-flows-release.js&cfRay=7146dce1f96cff34-IAD
x-cache: Hit from cloudfront
access-control-max-age: 3000
x-amz-replication-status: COMPLETED
content-encoding: br
cf-ray: 71470fbb6c65d681-MAD
last-modified: Thu, 19 May 2022 12:56:48 UTC
server: cloudflare
etag: W/"3a729bcb06fbe3ff521fc0e64855db1f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
x-amz-version-id: g4B39IYvnh_FDOMHIH7jomAsh2XchlfN
access-control-allow-origin: *
cache-control: s-maxage=86400, max-age=0
x-hs-cache-status: MISS
x-amz-cf-pop: IAD89-P2
content-type: application/javascript; charset=utf-8
x-amz-cf-id: Jvdr-NJb3ss2UqGgjBwsAkrV493cxuVIwdfE-_tlK5aMpDtvm3vASA==
x-hs-target-asset: lead-flows-js/static-1.1090/bundle/main/lead-flows-release.js

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 5 KB
3 KB 116ms
39ms Script
application/javascript 2606:4700::6811:70b0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hsadspixel.net/fb.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/hs/scriptloader/3911692.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:70b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7f77149b1beed108b3d3ad88b9170a8a27e1c6eedb0ed30c698492b4586372d3

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 01 Jun 2022 09:53:18 GMT
via: 1.1 8348c06ca24c7faf1ae00ad6facc20b2.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 587
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=adsscriptloaderstatic/static-1.280/bundles/pixels-release.js&cfRay=71470162d8d46678-IAD
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
x-amz-replication-status: COMPLETED
content-encoding: br
last-modified: Mon, 23 May 2022 07:52:59 UTC
server: cloudflare
etag: W/"b2851680cfd5ddf0808f77f92bc6969d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: LETuWsZMnftQGCDTSmAdJHQ8_upu6cZ6
cache-control: max-age=600
x-hs-cache-status: EXPIRED
x-amz-cf-pop: IAD89-P2
cf-ray: 71470fbb6c24666f-MAD
x-amz-cf-id: 2l8LmiWcL5CtrQ76s45H6ybXbBG3wYMtyRKWejGrAQFVkXNJr5ebBw==
x-hs-target-asset: adsscriptloaderstatic/static-1.280/bundles/pixels-release.js

GET
H2 204 has-permission Show response
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 0
351 B 208ms
198ms Script
text/plain 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission?portalId=3911692&callback=jsonpHandler

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/hs/hsstatic/HubspotToolsMenu/static-1.128/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-hs-worker-debug-mode: false
server: cloudflare
x-hubspot-correlation-id: 11f000c0-6216-446a-b247-13b7fbb8b0b0
x-trace: 2BDE3CD476D3514A452459482B46C3C398E9D94870000000000000000000
date: Wed, 01 Jun 2022 09:53:18 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET
cf-cache-status: DYNAMIC
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://exceptions.hubspot.com/csp/reports?cfRay=71470fbb0876666c&resource=unknown"}]}
cache-control: max-age=0
access-control-allow-credentials: true
cf-ray: 71470fbb0876666c-MAD
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

POST
H2 200 / Show response
api.userback.io/ 3 KB
2 KB 348ms
122ms XHR
application/json 52.206.171.238
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.userback.io/?loadWidgetConfig
Requested by: Host: static.userback.io
URL: https://static.userback.io/widget/v1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.206.171.238 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-206-171-238.compute-1.amazonaws.com
Software: nginx/1.20.0 / PHP/7.4.21
Resource Hash: 667c5acb915ff86fb3de037ec4b57125b565c15d3dffc36e17b88e27ae732e1b

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 01 Jun 2022 09:53:18 GMT
content-encoding: gzip
server: nginx/1.20.0
x-powered-by: PHP/7.4.21
content-type: application/json
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 _ate.track.config_resp Show response
v1.addthisedge.com/live/boost/YOUR_ID/ 27 B
207 B 83ms
76ms Script
application/javascript 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://v1.addthisedge.com/live/boost/YOUR_ID/_ate.track.config_resp
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-88-126.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 19a26d6046c4fcfe9e3efbc1fb7532f424c6b0b7590b9e193788e30bce8b9836

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 01 Jun 2022 09:53:18 GMT
content-encoding: gzip
content-disposition: attachment; filename=1.txt
cache-control: public, max-age=8, s-maxage=86400
content-length: 47
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8

GET
H2 200 300lo.json Show response
m.addthis.com/live/red_lojson/ 89 B
249 B 379ms
235ms Script
application/javascript 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://m.addthis.com/live/red_lojson/300lo.json?si=6297370ebcc5b841&bkl=0&bl=1&pdt=222&sid=6297370ebcc5b841&pub=YOUR_ID&rev=v8.28.8-wp&ln=en&pc=men&cb=0&ab=-&dp=www.huntress.com&fp=blog%2Fmicrosoft-office-remote-code-execution-follina-msdt-bug&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&colc=1654077198547&jsl=1&uvs=6297370eb8d73dde000&skipb=1&callback=addthis.cbs.jsonp__65111067372415320
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-88-126.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 7e3adef6b0eef1e2e2ef59c807aee3aceef226c652fb62c1882a25fe26ced8b1

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Jun 2022 09:53:19 GMT
cache-control: max-age=0, no-cache, no-store, no-transform
content-disposition: attachment; filename=1.txt
content-length: 89
content-type: application/javascript;charset=utf-8

GET sh.f48a1a04fe8dbf021b4cda1d.html
s7.addthis.com/static/ Frame 48E3 0
0

GET
H2 200 sh.f48a1a04fe8dbf021b4cda1d.html Show response
s7.addthis.com/static/ Frame 87B9 71 KB
26 KB 79ms
79ms Document
text/html 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-75-88-126.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

7b6bfa13f0778c40bb2a00af9819bea2f07afcb4d071e7e4f436196953a5db4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: es-ES,es;q=0.9

Response headers

cache-control: public, max-age=86313600
content-encoding: gzip
content-length: 26421
content-type: text/html
date: Wed, 01 Jun 2022 09:53:18 GMT
etag: W/"5f971164-11adc"
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
p3p: CP="NON ADM OUR DEV IND COM STA"
server: nginx/1.15.8
strict-transport-security: max-age=15724800; includeSubDomains
timing-allow-origin: *
vary: Accept-Encoding
x-host: s7.addthis.com

GET
H2 200 cta-json Show response
cta-service-cms2.hubspot.com/ctas/v2/public/cs/ 3 KB
2 KB 184ms
174ms XHR
application/json 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/cta-json?canon=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fmicrosoft-office-remote-code-execution-follina-msdt-bug&pageId=74847633462&pid=3911692&sv=cta-embed-js-static-1.79&rdy=1&cos=1&df=t&pg=40e39240-8f28-4247-989e-af913fc5ff6d&pg=40e39240-8f28-4247-989e-af913fc5ff6d

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/hs/cta/cta/current.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

59c54371f0a32e4a983aeefb0046f57bfa7ca19ed82985e3faaf9e69fb4cd1a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-origin-hublet: na1
date: Wed, 01 Jun 2022 09:53:18 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: b05bbba5-3978-43d1-af8c-7f262369033b
access-control-allow-methods: OPTIONS, GET
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-robots-tag: noindex, follow
server: cloudflare
x-trace: 2B41612DB4EED29077E458919BC7A06FB56F451662000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 180
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BbRxEcWtR39IjmMZd%2Bhs8uSYtbm5qCLNTvrNt39ulkk5zvj13pmZfujevTTgu9rIxMw6SHl1hezAgjF9TpEVjUTCk%2F%2Fvjzm3KO9qsMh2bEOsRdX7rbZYesUe0Gp5yzPCNib9jQRQwOmJ0%2FqF2eGUhrqOsxd22LNKFDI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.huntress.com
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
cf-ray: 71470fbb28f8666c-MAD
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent

GET
H2 200 json Show response
forms.hubspot.com/collected-forms/v1/config/ 115 B
1 KB 553ms
169ms XHR
application/json 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hubspot.com/collected-forms/v1/config/json?portalId=3911692&utk=

Requested by

Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5d247e1c2efc38a727967b2f5f9e99b961d0cbe2b0aa1ddcf170bd6933409403

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 01 Jun 2022 09:53:19 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: b36f540b-86c1-4cf9-a2c5-7d9d74e098b7
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 180
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M%2Bdiw0XAz8XR6e5v7onblFZpeLPTcC3WGhx1gKbeBl%2FLbYIvtuKR7vV82Gp6iJ1v1ZpLDoCo8EwgCmScHLfE0ZnJ0QC%2B51wiNIRtEq9BODKvHTTyuWN9YAx0NqQxRzp9WBzXBghT%2F4p0sjMOvS1e"}],"group":"cf-nel","max_age":604800}
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.huntress.com
x-robots-tag: none
access-control-allow-credentials: false
cf-ray: 71470fbe4edf69d6-MAD
access-control-allow-headers: *

GET
H3 200 all.js Show response
connect.facebook.net/en_GB/ 296 KB
84 KB 119ms
59ms Script
application/x-javascript 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/all.js?hash=c957087445759a13a1ff1c02dcc17311

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_GB/all.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

79abcac666c92bdc8074fa4ad772a316e38ec19910d7074c7580be305dc5e9d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Origin: https://www.huntress.com
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: SctuARgJP5GSyf+0iAJ4HA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 85676
x-fb-rlafr: 0
x-fb-debug: f/yozlY/kg2LaJW1Xy9+BqtTteZ09kKe2P40GnutEI+aW7cXoENJR8Dzi3KDLXxpJu+vGPq249c/JaJdsHhM1A==
x-fb-content-md5: 7d4a15d73fae8914cb16dbeb3a6ae059
x-frame-options: DENY
date: Wed, 01 Jun 2022 09:53:18 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "884023c87655b0a29e81e4921b0a5693"
timing-allow-origin: *
priority: u=3,i
expires: Thu, 01 Jun 2023 08:08:06 GMT

GET
H2 200 cta-loaded.js Show response
www.huntress.com/hs/cta/ctas/v2/public/cs/ 0
644 B 176ms
176ms Script
text/plain 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=3911692&pg=40e39240-8f28-4247-989e-af913fc5ff6d&lt=1654077197788&dt=1654077197791&at=1654077198771&an=1

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/hs/cta/cta/current.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-origin-hublet: na1
date: Wed, 01 Jun 2022 09:53:18 GMT
vary: Accept-Encoding
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 66c3e728-c724-421d-9463-22b13d706fcc
cf-ray: 71470fbc7cd46671-MAD
last-modified: Wed, 01 Jun 2022 09:53:18 GMT
server: cloudflare
x-trace: 2B0D8ACC6826E71F30B4CC4A10B8BD9F7C7E8F743F000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CEyl9gVna9qGJ4S09r8cSTDlpBZ4AGsAOltpTJHuhedaQ6NwQlwbeiyGJO2%2BOh3U9m1XEKcdWnJifgtSHsNp8W%2F2PUOltZFg6GHgCUAZo5w6ktCPg%2B1I9xp1%2BsALVmQrGOrRfglQCC2wV8vziEY%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
x-robots-tag: noindex, follow

GET
H2 200 cta-loaded.js Show response
www.huntress.com/hs/cta/ctas/v2/public/cs/ 0
589 B 175ms
175ms Script
text/plain 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=3911692&pg=40e39240-8f28-4247-989e-af913fc5ff6d&lt=1654077197788&dt=1654077197791&at=1654077198772&an=1

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/hs/cta/cta/current.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-origin-hublet: na1
date: Wed, 01 Jun 2022 09:53:18 GMT
vary: Accept-Encoding
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: c8ea7565-441f-4f73-81fd-9fb016a45906
cf-ray: 71470fbc7cd86671-MAD
last-modified: Wed, 01 Jun 2022 09:53:18 GMT
server: cloudflare
x-trace: 2B2F7AF4FDBF52D59D02DCBBA004E29F811079BCF0000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hJSaOazDICPMOyOdf57CgI93Spft4npEoozlq%2BaXfN2ItcN0Nb4INHin304jaonF9E5D2%2FnNMaZWL7mQHMNIglA8E%2FRJBg8lgYTPIXaJkQd5ziFYB86smdCp1JZuSbhP6NW9E9gHp1FA3rE9LI0%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
x-robots-tag: noindex, follow

GET
H2 200 counters.gif
perf.hsforms.com/embed/v3/ 35 B
545 B 220ms
145ms Image
image/gif 2606:4700::6810:5705
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-json-success&value=1

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5705 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 01 Jun 2022 09:53:18 GMT
vary: Accept-Encoding
cf-cache-status: MISS
x-hubspot-correlation-id: a0ec1f70-bb55-4e4c-840f-68649d39f151
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 35
x-robots-tag: none
last-modified: Wed, 01 Jun 2022 09:53:18 GMT
server: cloudflare
x-trace: 2BC3D2D5580BBE2D69123A3538C47596D7E689CC28000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/gif
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 71470fbceb9e1519-MAD

GET
H2 200 counters.gif
perf.hsforms.com/embed/v3/ 35 B
174 B 221ms
145ms Image
image/gif 2606:4700::6810:5705
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-render-success&value=1

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5705 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 01 Jun 2022 09:53:18 GMT
vary: Accept-Encoding
cf-cache-status: MISS
x-hubspot-correlation-id: 46b3f4b4-308e-4457-bcba-648197974ea7
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 35
x-robots-tag: none
last-modified: Wed, 01 Jun 2022 09:53:18 GMT
server: cloudflare
x-trace: 2B90FE9E8F89C323649B36934DCEC215CB9DC86F4D000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/gif
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 71470fbceb9f1519-MAD

GET
H/1.1 200
OK widget_iframe.bbd13993eb53d3a11ac08f5e8cf9d6a4.html Show response
platform.twitter.com/widgets/ Frame F7F0 319 KB
104 KB 52ms
52ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.bbd13993eb53d3a11ac08f5e8cf9d6a4.html?origin=https%3A%2F%2Fwww.huntress.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (mil/6CF1) /
Resource Hash: c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e

Request headers

Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: es-ES,es;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 480964
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 105433
Content-Type: text/html; charset=utf-8
Date: Wed, 01 Jun 2022 09:53:18 GMT
Etag: "8321d7cf58d70200c1423dfa0bca40f6+gzip"
Last-Modified: Sun, 15 May 2022 20:03:39 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (mil/6CF1)
Server-Timing: "x-cache;desc= HIT,x-tw-cdn;desc=",edge;dur=1
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ

GET
H2 200 modules.d0961e771164cd91e405.js Show response
script.hotjar.com/ 243 KB
63 KB 200ms
72ms Script
application/javascript 108.157.4.45
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.d0961e771164cd91e405.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2159185.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.157.4.45 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-157-4-45.dus51.r.cloudfront.net

Software

Resource Hash

dd6afc5ca21e20fba6c0f8063017e22fcbcf5f94d9ad50db0b5320133f0cfbb4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Tue, 31 May 2022 07:34:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 94752
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 64057
access-control-allow-origin: *
last-modified: Tue, 31 May 2022 07:33:23 GMT
etag: "1ed5739adb19197da798013ab080794d"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 7dc1e6ca5d933ea10694c61d8475b502.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: 36FxAp1cgVg0Lqwud-VtCckpURV1y-pZkZlIHyM5ZJ1d7xyi4svzdw==

GET
H2 200 box-63c3a81830bf549dafe40b369003f751.html Show response
vars.hotjar.com/ Frame 63AB 2 KB
1 KB 190ms
58ms Document
text/html 143.204.98.32
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-63c3a81830bf549dafe40b369003f751.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2159185.js?sv=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.32 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-32.fra50.r.cloudfront.net
Software: /
Resource Hash: f05ac9ba83369cd58d06d8ee2e5f8d61c040d30d044e20752153f95577627dc6

Request headers

Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: es-ES,es;q=0.9

Response headers

accept-ranges: bytes
age: 94753
cache-control: max-age=31536000
content-encoding: br
content-length: 1044
content-type: text/html
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 31 May 2022 07:34:06 GMT
etag: "e6fb1304cb60a0dea0f76f7077cb13c6"
last-modified: Tue, 31 May 2022 07:33:23 GMT
vary: Accept-Encoding
via: 1.1 58bcd6f2e1bc29fb83f080f1743cfeca.cloudfront.net (CloudFront)
x-amz-cf-id: T8cfDhauZrqMIcOO9LF5J1_GOxUq6lMwr1rsPSo_liJ3c1khn6mXSQ==
x-amz-cf-pop: FRA50-C1
x-cache: Hit from cloudfront
x-robots-tag: none

GET
H2 200 v1.css
static.userback.io/widget/ 92 KB
12 KB 61ms
60ms Stylesheet
text/css 13.226.132.40
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.userback.io/widget/v1.css
Requested by: Host: static.userback.io
URL: https://static.userback.io/widget/v1.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.132.40 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-132-40.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f495e5937d0495eefc0951070a96dc7b10d4d96d7f436afc994f17dbd54cc58b

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Tue, 31 May 2022 18:16:37 GMT
content-encoding: gzip
last-modified: Mon, 16 May 2022 23:25:28 GMT
server: AmazonS3
age: 56366
etag: W/"128e60b86505e99945a26fc5f67c9a3c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
via: 1.1 d0be2eec997f966c9c7eb03ae2f75c30.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: N5X2IUkHklcQ13kf5ypbMQoJTgR_rrIfdQ4KYpdGwso3yGYjPGF3UQ==

GET
H2 200 settings Show response
syndication.twitter.com/ Frame F7F0 331 B
474 B 277ms
160ms Fetch
application/json 104.244.42.8
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=f26a9007e41795e427563010c7e761c814dabf73

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.bbd13993eb53d3a11ac08f5e8cf9d6a4.html?origin=https%3A%2F%2Fwww.huntress.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.8 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_f /

Resource Hash

f83df770a7c9763424b29bfe7462c8f8e807d18dc0b4570f4ada501240007fda

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-response-time: 105
date: Wed, 01 Jun 2022 09:53:18 GMT
content-encoding: gzip
last-modified: Wed, 01 Jun 2022 09:53:19 GMT
server: tsa_f
vary: Origin
strict-transport-security: max-age=631138519
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
x-connection-hash: 7cc2749934a6a31e28c0d6d6b3be2a7a6588ced1b44d7043eb150c373f5c2511
content-length: 193

GET
H2 200 css2
fonts.googleapis.com/ 5 KB
1 KB 192ms
67ms Stylesheet
text/css 2a00:1450:4001:803::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Poppins:wght@300;400;500;600;700&display=swap

Requested by

Host: static.userback.io
URL: https://static.userback.io/widget/v1.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7e44d592889d9f5915ae6254f0a68a71196a5bc2540db9620b81effd976eba5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://static.userback.io/widget/v1.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 01 Jun 2022 08:04:42 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 01 Jun 2022 09:53:19 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 01 Jun 2022 09:53:19 GMT

POST
H2 200 visit-data Show response
in.hotjar.com/api/v2/client/sites/2159185/ 147 B
322 B 203ms
68ms XHR
application/json 52.19.160.254
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.hotjar.com/api/v2/client/sites/2159185/visit-data?sv=6
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.d0961e771164cd91e405.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.19.160.254 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-19-160-254.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 4c88237efbd80053668d55dfb4f84f10c756d3d69142f801bd440d5ca4c46468

Request headers

Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

date: Wed, 01 Jun 2022 09:53:19 GMT
content-encoding: br
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-cache, no-store
access-control-allow-credentials: true

OPTIONS
H2 200 view
js.hs-banner.com/cookie-banner-public/v1/activity/ Frame 0
0 202ms
136ms Preflight
application/octet-stream 2606:4700:4400::6812:21ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/cookie-banner-public/v1/activity/view
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:21ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.huntress.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://www.huntress.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-max-age: 604800
cf-cache-status: DYNAMIC
cf-ray: 71470fbf58036601-MAD
content-length: 0
content-type: application/octet-stream
date: Wed, 01 Jun 2022 09:53:19 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
timing-allow-origin: *

GET
H2 200 / Show response
beacon-v2.helpscout.net/ 458 B
714 B 189ms
57ms Script
application/javascript 143.204.98.61
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://beacon-v2.helpscout.net/
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-61.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5f24f835fafb7f57cc08914155dfc02e59ac4c233f06c4bfc14e8bf26d64e106

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 01 Jun 2022 09:52:14 GMT
content-encoding: gzip
last-modified: Fri, 27 May 2022 15:01:08 GMT
server: AmazonS3
age: 66
etag: "47df53578838fa6625607da639ae2154"
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 5721f7035c3fc934bd3f96dbb04ba1e4.cloudfront.net (CloudFront)
cache-control: max-age=120, s-maxage=120, public
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 328
x-amz-cf-id: xHxAcbhiES2HCSDh5p3PkawFWv5sB2A5io3ydonKmW1uvYb6NTINXQ==

POST
H2 204 view Show response
js.hs-banner.com/cookie-banner-public/v1/activity/ 0
137 B 157ms
156ms XHR
text/plain 2606:4700:4400::6812:21ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/cookie-banner-public/v1/activity/view
Requested by: Host: js.hs-banner.com
URL: https://js.hs-banner.com/3911692.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:21ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: application/json

Response headers

timing-allow-origin: *
date: Wed, 01 Jun 2022 09:53:19 GMT
cf-cache-status: DYNAMIC
server: cloudflare
x-hubspot-correlation-id: c61c6621-cf42-4626-b54b-57f6c22f7546
x-trace: 2BE90F597DA152CD3DE3B055C1BF61E641610BBF04000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://www.huntress.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-allow-credentials: true
cf-ray: 71470fc039f06601-MAD
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id

GET
H3 200 counters.gif
perf.hsforms.com/embed/v3/ 35 B
495 B 206ms
170ms Image
image/gif 2606:4700::6810:5705
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-with-analytics&value=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:5705 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 01 Jun 2022 09:53:19 GMT
vary: Accept-Encoding
cf-cache-status: MISS
x-hubspot-correlation-id: 7c86ef05-d5e4-4124-8dad-be912cd83ff3
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 35
x-robots-tag: none
last-modified: Wed, 01 Jun 2022 09:53:19 GMT
server: cloudflare
x-trace: 2B9B9CADC774A5EA81E40D9E493F85E2984524FF21000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/gif
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 71470fbf2b7a1505-MAD

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
460 B 174ms
165ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=0f842dff-d924-4a4a-9858-febb784ae367&fci=5896b5c0-e03b-4484-8204-fa620e168c72&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2252185681&v=1.1&a=3911692&pi=74847633462&ct=blog-post&ccu=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fmicrosoft-office-remote-code-execution-follina-msdt-bug&cpi=74847633462&cgi=39343107504&lpi=74847633462&lvi=74847633462&lvc=en&pu=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fmicrosoft-office-remote-code-execution-follina-msdt-bug&t=Rapid+Response%3A+Microsoft+Office+RCE+-+%E2%80%9CFollina%E2%80%9D+MSDT+Attack&cts=1654077199174&vi=34b7fda90f2c490509fc5d20c8de7c96&nc=true&ce=false&pt=1&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 01 Jun 2022 09:53:19 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: fc7db70c-5bec-482c-bf38-4ce55e3f9c62
cf-ray: 71470fbf0a5d666c-MAD
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FrV3TIPi0WcDoYxYaDTyHG7ZnSURcZ99L4Z2Aib99Huiv4GYAVilPtjPjiLneHzJzE9D%2B%2FAnDFBv3ZbOqG102Yjzxeb3jEg3j9V4Uxe8dev2GaOpe3bEsmcq2gyGZ9rUf25ctt7pbaVUQSmS6vOf"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
452 B 162ms
153ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%2240e39240-8f28-4247-989e-af913fc5ff6d%22%2C%2211f3d86c-bd5d-4c54-8656-c84ab64a3af1%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2252185681&v=1.1&a=3911692&pi=74847633462&ct=blog-post&ccu=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fmicrosoft-office-remote-code-execution-follina-msdt-bug&cpi=74847633462&cgi=39343107504&lpi=74847633462&lvi=74847633462&lvc=en&pu=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fmicrosoft-office-remote-code-execution-follina-msdt-bug&t=Rapid+Response%3A+Microsoft+Office+RCE+-+%E2%80%9CFollina%E2%80%9D+MSDT+Attack&cts=1654077199175&vi=34b7fda90f2c490509fc5d20c8de7c96&nc=true&ce=false&pt=1&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 01 Jun 2022 09:53:19 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 7fac642a-a6d4-4e02-a230-c1145ed598eb
cf-ray: 71470fbf0a60666c-MAD
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aZcT%2BnFoA31IO68YBCCg0aURs7W7t%2FpBzKZSKYaMsgPT32dTnZcWCqASVgusbc8DmEP3Q%2BTZM4EB4lzGQWc67IqOrisDtWG%2FNK7qgdC6FcZSqijanos%2F%2BbON9wXa7ioiLyS4J1N5rUq%2B0fLyWr%2BE"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
464 B 161ms
152ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2252185681&v=1.1&a=3911692&pi=74847633462&ct=blog-post&ccu=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fmicrosoft-office-remote-code-execution-follina-msdt-bug&cpi=74847633462&cgi=39343107504&lpi=74847633462&lvi=74847633462&lvc=en&pu=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fmicrosoft-office-remote-code-execution-follina-msdt-bug&t=Rapid+Response%3A+Microsoft+Office+RCE+-+%E2%80%9CFollina%E2%80%9D+MSDT+Attack&cts=1654077199176&vi=34b7fda90f2c490509fc5d20c8de7c96&nc=true&ce=false&pt=1&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 01 Jun 2022 09:53:19 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: ed6178ff-6f5b-4474-b18a-24c55f4aaa02
cf-ray: 71470fbf0a5b666c-MAD
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a2%2FzQn%2FoCYa81QynFOwG6fDO6BS%2FDVYwjdgUtlIbkSU3VnDH%2BkY4KzKS882%2FBblu%2BVF52HcHMknRWFzlf1mkGBXunih8gj1dFFqsq2n6GmUqwEg5snWV7nNixgyiPGQqBNF7efZNRUBaeFrKYTZo"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

GET
H2 200 counters.gif
forms.hsforms.com/embed/v3/ 35 B
202 B 159ms
150ms Image
image/gif 2606:4700::6810:5705
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5705 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 01 Jun 2022 09:53:19 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
x-hubspot-correlation-id: d7013dd9-46e8-46be-a9bf-6105435bf4b9
cf-ray: 71470fbf6fa81519-MAD
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 35
server: cloudflare
x-trace: 2B5644318C0752B5B3CABC1B581BCD20F2FBC827FB000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/gif
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none

GET
H2 200 vendor.90fe6783.js Show response
beacon-v2.helpscout.net/static/js/ 65 KB
23 KB 65ms
65ms Script
application/javascript 143.204.98.61
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://beacon-v2.helpscout.net/static/js/vendor.90fe6783.js
Requested by: Host: beacon-v2.helpscout.net
URL: https://beacon-v2.helpscout.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-61.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 74ad0cc3a8d1b4b067fbe95b5ac82afec11745572d4a1dea9e674ffdaae1f15f

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 01 Jun 2022 09:32:02 GMT
content-encoding: gzip
last-modified: Fri, 27 May 2022 15:01:09 GMT
server: AmazonS3
age: 1277
etag: "3351718f2beb7cf16b8282c044783bd5"
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 5721f7035c3fc934bd3f96dbb04ba1e4.cloudfront.net (CloudFront)
cache-control: max-age=315360000, s-maxage=7200, public
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 22710
x-amz-cf-id: Gd295qrr2TQCA5mKKeHtqcT9n7tcw1BAKHBnDuOrC2xPqz-eWKwMJg==

GET
H2 200 main.e62f983e.js Show response
beacon-v2.helpscout.net/static/js/ 25 KB
10 KB 75ms
74ms Script
application/javascript 143.204.98.61
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://beacon-v2.helpscout.net/static/js/main.e62f983e.js
Requested by: Host: beacon-v2.helpscout.net
URL: https://beacon-v2.helpscout.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-61.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c43b4b8b9145718f73a236c8f9ff27a0d23a92f890b7693a9475dbceaa352cbb

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 01 Jun 2022 09:32:02 GMT
content-encoding: gzip
last-modified: Fri, 27 May 2022 15:01:08 GMT
server: AmazonS3
age: 1277
etag: "6842ced4bf198216a846bf3dab1f73ac"
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 5721f7035c3fc934bd3f96dbb04ba1e4.cloudfront.net (CloudFront)
cache-control: max-age=315360000, s-maxage=7200, public
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 9882
x-amz-cf-id: d_x3ecfKTEohewrQ7wQiZp9IiwcHC3zEtaarGV01RNOVSKk-lxk3LA==

GET
H2 404 a2ec884d-10aa-4e68-849f-686ccbb0037c Show response
d3hb14vkzrxvla.cloudfront.net/v1/ 118 B
818 B 188ms
187ms XHR
application/json 143.204.101.201
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://d3hb14vkzrxvla.cloudfront.net/v1/a2ec884d-10aa-4e68-849f-686ccbb0037c

Requested by

Host: beacon-v2.helpscout.net
URL: https://beacon-v2.helpscout.net/static/js/vendor.90fe6783.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.101.201 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-101-201.fra50.r.cloudfront.net

Software

Resource Hash

69473b75dc9459b358c49786c03b89243f56149737ab323a6e8ca768a9a2af45

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

correlationId: 7b354ad1-a0fc-463e-9333-c1f872579fbd
Helpscout-Release: 2.2.13
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Accept: application/json, text/plain, */*
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Beacon-Device-ID: f9c78d74-d8a5-4151-84c5-92adbfd87a32
Helpscout-Origin: Beacon-Embed

Response headers

date: Wed, 01 Jun 2022 09:53:19 GMT
via: 1.1 a148356b14492df0e216c234ac2c2308.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-ratelimit-remaining-general-minute: 60
x-cache: Error from cloudfront
x-ratelimit-remaining-identify-hour: 25
x-ratelimit-limit-general-minute: 60
x-ratelimit-remaining-conversations-hour: 10
x-ratelimit-limit-identify-hour: 25
x-ratelimit-remaining-chat-tokens-hour: 25
x-ratelimit-limit-conversations-hour: 10
vary: Origin,Access-Control-Request-Method
strict-transport-security: max-age=31536000; includeSubDomains
x-ratelimit-remaining-attachments-hour: 10
access-control-allow-origin: https://www.huntress.com
access-control-expose-headers: Resource-ID
access-control-allow-credentials: true
content-type: application/json
x-amz-cf-id: HI13Q4EpdNxXo2aXMOJRioEXI7y1XzSe4q7a3FBiQS_ITzUrA-WDnA==
x-ratelimit-limit-attachments-hour: 10
x-ratelimit-limit-chat-tokens-hour: 25

OPTIONS
H2 200 a2ec884d-10aa-4e68-849f-686ccbb0037c
d3hb14vkzrxvla.cloudfront.net/v1/ Frame 0
0 194ms
63ms Preflight 143.204.101.201
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://d3hb14vkzrxvla.cloudfront.net/v1/a2ec884d-10aa-4e68-849f-686ccbb0037c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.101.201 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-101-201.fra50.r.cloudfront.net

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: beacon-device-id,correlationid,helpscout-origin,helpscout-release
Access-Control-Request-Method: GET
Origin: https://www.huntress.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: beacon-device-id, correlationid, helpscout-origin, helpscout-release
access-control-allow-methods: GET
access-control-allow-origin: https://www.huntress.com
age: 44
allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
content-length: 0
date: Wed, 01 Jun 2022 09:52:35 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Origin,Access-Control-Request-Method
via: 1.1 a148356b14492df0e216c234ac2c2308.cloudfront.net (CloudFront)
x-amz-cf-id: FuOsDTkAa0LCjtE0pWC9qX8I-tFfUtK66TFimAcPiIbgkCfvxI_lYA==
x-amz-cf-pop: FRA50-C1
x-cache: Hit from cloudfront
x-ratelimit-limit-attachments-hour: 10
x-ratelimit-limit-chat-tokens-hour: 25
x-ratelimit-limit-conversations-hour: 10
x-ratelimit-limit-general-minute: 60
x-ratelimit-limit-identify-hour: 25
x-ratelimit-remaining-attachments-hour: 10
x-ratelimit-remaining-chat-tokens-hour: 25
x-ratelimit-remaining-conversations-hour: 10
x-ratelimit-remaining-general-minute: 60
x-ratelimit-remaining-identify-hour: 25

POST
H2 200 perf Show response
www.huntress.com/_hcms/ 2 B
469 B 475ms
475ms XHR
text/plain 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.huntress.com/_hcms/perf
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-type: application/json

Response headers

cf-ray: 71470fd18dd36671-MAD
date: Wed, 01 Jun 2022 09:53:22 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-hubspot-correlation-id: 4f100710-711e-4d2d-a4e1-b8f88ec334aa
x-trace: 2BCECBCF80F1C65A1D1DAC21FD1A39E65BC1EBDC6B000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XPgppDXTKHIbXEKQlprCvMpFX%2BaJ9JQXJD68xeKmschfngF4ErcbsThgy%2BUwNNUP%2BOovCxa5zftY9sKL4jLyuCXWrMoJj5hZTclH1WFucmWOTnZIZO6aJM85GERcUrAH7IhvTU0nYm8gyGN%2Fjc0%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
access-control-allow-credentials: false
x-robots-tag: none
content-length: 2

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: s7.addthis.com
URL: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Verdicts & Comments Add Verdict or Comment

187 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

15 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.www.huntress.com/	1969-12-31 23:59:59	Name: __cfruid Value: 0a1ddf4c8fc960d8bcc2e927871c8228a9490514-1654077197
.huntress.com/	1970-01-20 12:14:59	Name: _vwo_uuid_v2 Value: D61DBA10AFA483FA7AC742B4189AEF04B\|79fdf1a49e5f701617b277139e421cae
.hubspot.com/	1970-01-20 03:27:58	Name: __cf_bm Value: tJHZSd8ci5AY_vpJhAtDndHZI0.2mcQO5wWS9yCOBzo-1654077198-0-AWy5C0NIAdRLE0vXgh8HdP8gqKEp/OPEP1UNqXkLhgYdTPQX0Jsr0NZVX+/rIZuvfmj+BSgkyflYgz46uoPoLFs=
.huntress.com/	1970-01-20 05:51:57	Name: _vis_opt_s Value: 1%7C
.huntress.com/	1969-12-31 23:59:59	Name: _vis_opt_test_cookie Value: 1
www.huntress.com/	1970-01-20 12:56:45	Name: __atuvc Value: 1%7C22
www.huntress.com/	1970-01-20 03:27:58	Name: __atuvs Value: 6297370eb8d73dde000
.addthis.com/	1970-01-20 12:56:45	Name: uvc Value: 1%7C22
.addthis.com/	1970-01-20 12:56:45	Name: loc Value: MDAwMDBFVUVTME0yMjA0MTc2MzAwMDAwMDBDSA==
.huntress.com/	1970-01-20 12:13:33	Name: _hjSessionUser_2159185 Value: eyJpZCI6IjY3OWE0MWM0LTg0Y2ItNTNlZi1hMjI5LTUwMzc2OTU5NWY5NyIsImNyZWF0ZWQiOjE2NTQwNzcxOTkwODQsImV4aXN0aW5nIjpmYWxzZX0=
.huntress.com/	1970-01-20 03:27:58	Name: _hjFirstSeen Value: 1
www.huntress.com/	1970-01-20 03:27:57	Name: _hjIncludedInSessionSample Value: 0
.huntress.com/	1970-01-20 03:27:58	Name: _hjSession_2159185 Value: eyJpZCI6ImJjYmM0NWIxLTNhOWYtNDY4Mi04MDVhLTNiOTc2MGZhZDJhMyIsImNyZWF0ZWQiOjE2NTQwNzcxOTkwOTQsImluU2FtcGxlIjpmYWxzZX0=
www.huntress.com/	1970-01-20 03:27:57	Name: _hjIncludedInPageviewSample Value: 1
.huntress.com/	1970-01-20 03:27:58	Name: _hjAbsoluteSessionInProgress Value: 0

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://d3hb14vkzrxvla.cloudfront.net/v1/a2ec884d-10aa-4e68-849f-686ccbb0037c Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

3911692.fs1.hubspotusercontent-na1.net
api.userback.io
app.hubspot.com
beacon-v2.helpscout.net
cdn.jsdelivr.net
cdn2.hubspot.net
cdnjs.cloudflare.com
code.jquery.com
connect.facebook.net
cta-service-cms2.hubspot.com
d3hb14vkzrxvla.cloudfront.net
dev.visualwebsiteoptimizer.com
fonts.googleapis.com
forms.hsforms.com
forms.hubspot.com
in.hotjar.com
js.hs-analytics.net
js.hs-banner.com
js.hsadspixel.net
js.hscollectedforms.net
js.hsleadflows.net
m.addthis.com
no-cache.hubspot.com
perf.hsforms.com
platform.linkedin.com
platform.twitter.com
s7.addthis.com
script.hotjar.com
static.hotjar.com
static.userback.io
syndication.twitter.com
track.hubspot.com
v1.addthisedge.com
vars.hotjar.com
www.huntress.com
z.moatads.com
s7.addthis.com
104.244.42.8
104.75.88.126
108.157.4.113
108.157.4.45
13.226.132.40
143.204.101.201
143.204.98.32
143.204.98.61
2001:4de0:ac18::1:a:3a
2606:2800:233:66b5:799a:7cd3:f74d:7071
2606:2800:234:59:254c:406:2366:268c
2606:2c40::c73c:67e4
2606:4700:4400::6812:21ab
2606:4700:4400::ac40:9ad8
2606:4700::6810:5705
2606:4700::6810:5714
2606:4700::6811:180e
2606:4700::6811:45b0
2606:4700::6811:70b0
2606:4700::6811:83ab
2606:4700::6811:eacc
2606:4700::6811:f0cc
2606:4700::6813:9a53
2606:4700::6813:9b53
2a00:1450:4001:803::200a
2a03:2880:f02d:100:face:b00c:0:3
34.96.102.137
52.19.160.254
52.206.171.238
92.122.146.218
0082201ba45d908fa593074d0f1394488eba115e810458e389eaaa9b6855a16b
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
11bcaa66e2e5486338bbf15bc2af4136962618bd84574c350c82c501d64f6868
19a26d6046c4fcfe9e3efbc1fb7532f424c6b0b7590b9e193788e30bce8b9836
1f636be67ca5dd2c876b52162f64c68999ec15ac9542a0707082fc1bdb35b726
208a3e1f89faac87d6265ada98bddb6c97c8e3ad8515a49333771cd0fccba8a7
24846a3f194b09919bf75cec2a1d012653257442cea9342c648d618c8bddd844
2b37b00f9400fedda05e3feb73c40b2a19af5fbd2d2d327c39e9476cff3dd9c8
2cc396bc55397996a318aa9d4302d467c9deca7af71fb809f8da89f317693e36
2cf5fbf0146a6e2e553f3ce52a1ed5a36127f61c739a745a2b9b8a8d0e1e480a
3367498692c5f6cdc662369af915c0c2f13b7f6af9e67a522d2e7fc1b3299364
41a3f1ffe1c2c8ef087dc9a0574ba968422e6bcd9d4baca76eaa533b834bc8b4
442ca14e2177535f499cc256c1a56c4b449a91e2054f4cb86f91f658eb3ed182
46b48c2cb2ba7e9deae742d0ee002166e145e11961de0bee3a58fb2cf59ec58d
4adb21f3fb8f2c89998efab4262933ba3eedf06ca49473157002193cf21a1c78
4c3ac175639b27d0c6f61af54c079cd571adc679e34ba9ebe6047bee5243cd42
4c88237efbd80053668d55dfb4f84f10c756d3d69142f801bd440d5ca4c46468
4dabba4f477b98b976009a1feb6ebedcf186f9d8676989e1f0a50d0b3e654033
53557947eac2a467943dff75fae4a77a36bde47bda10a75f03ccfa5167ba6909
548fbd7d6ae9c307f6c00cf6b7f87f83853918ce97f13954e8b9ce3417897734
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
59c54371f0a32e4a983aeefb0046f57bfa7ca19ed82985e3faaf9e69fb4cd1a5
5d247e1c2efc38a727967b2f5f9e99b961d0cbe2b0aa1ddcf170bd6933409403
5f24f835fafb7f57cc08914155dfc02e59ac4c233f06c4bfc14e8bf26d64e106
63be16a13fa3622f6851b62878300d9826ad06ab20d7ea95910f8c9727b8fe1d
667c5acb915ff86fb3de037ec4b57125b565c15d3dffc36e17b88e27ae732e1b
69473b75dc9459b358c49786c03b89243f56149737ab323a6e8ca768a9a2af45
6a69ee8c3372833b418bb6364b4b3b746900c95bd077be380e9ba121c0f9f1e1
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
74ad0cc3a8d1b4b067fbe95b5ac82afec11745572d4a1dea9e674ffdaae1f15f
79abcac666c92bdc8074fa4ad772a316e38ec19910d7074c7580be305dc5e9d3
7b6bfa13f0778c40bb2a00af9819bea2f07afcb4d071e7e4f436196953a5db4d
7e3adef6b0eef1e2e2ef59c807aee3aceef226c652fb62c1882a25fe26ced8b1
7e44d592889d9f5915ae6254f0a68a71196a5bc2540db9620b81effd976eba5b
7f77149b1beed108b3d3ad88b9170a8a27e1c6eedb0ed30c698492b4586372d3
8309531b6b2107c16edd77efa774374f935a7924a84c7bae72973f19b962e0e5
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8635796c350308ea6419713250a1cae02120881c6cc990f3b0562821201e7266
8c8fbd364ea7ff8c165bed74d5b0400c67a08054db1b1393bb5ab490b28c63be
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
9374d6c171d32b82502fa4cc8dcf759faeb35119c7bcb6d1482f693278dfc98a
96af1198e5efb6aaa0cc4a654068b4095799d36a1ccdce8f9f6b35d1234e3064
98e15110586a9877906d7a4ada5a789c0deaa285600027e1f3c7e925fb4b05b7
99b339bc73a2fc0d4b5d522d9ea92e14cbcc7fd6d09c01d0468ee8ff3f5d76c7
a08b4400caa63756c56947620874d75d9d5cc728a8e835467950bc1f7a7afe7f
a7f34d8a360138562c84cb056d4fcf2ea1f696ddc1035b23dbfe473fc577b9d2
a891616286796f854fd2a7431a3965ebbb1413f75f5bbdc8e817eb3c82f8c306
ab43689f857d368e24794db3a32682ac8f39e1502495a6d6804399b9bc004208
acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403
ae12c234365e8bcc6511fedeb8dbf2d7df8ce2f3d32fd2d634abcdb54da91959
b72a7de5ea5adb72b4deb50850995f81c875a8610f8963b7c6621520bd0a7fd8
b990552df973348baaa61af6a11d527c465edb14339f38e25d112b2a1a72ab0e
c43b4b8b9145718f73a236c8f9ff27a0d23a92f890b7693a9475dbceaa352cbb
c49c0ab8d0cc4f37a75cb9a8c4f59687a4c6874da58c1b873a485cd00d82c04a
c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e
cf95112a502127623014f195fe42fdf0636238e0f70389b8fc931dab411b6272
d4365ff12232598deda2e07ef83d35e91a09e074b38744f2b7990d6bf69a1b10
d694358d25a4e805db1c4962a3023b21a6563a4884c116a99bf2fe119cddc64c
d77743b5e14f7329db6ae2c42c696960a49cda585f29c09035154d78880a49ed
d9cdf9b8cd47c0a17356ff68e2581021800a4c86dd8d71aaf0ad5cfe025b114e
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dd6afc5ca21e20fba6c0f8063017e22fcbcf5f94d9ad50db0b5320133f0cfbb4
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5fae83c7b1bc318026072592130f5d8ac977970ad81b79218dd442235a59b6e
f05ac9ba83369cd58d06d8ee2e5f8d61c040d30d044e20752153f95577627dc6
f495e5937d0495eefc0951070a96dc7b10d4d96d7f436afc994f17dbd54cc58b
f7bdf8f9ec125444bedd4c013d5b956636ea5b8407e0b60c991a361f65beab99
f83df770a7c9763424b29bfe7462c8f8e807d18dc0b4570f4ada501240007fda
f8b8c8146d6359d62410c5da0c4573717f95f8a2e79fcdf1c3ab242a70d10488
fb56af9f7623a55839dfb9cf019b05664a62e1b41671d925f3ed587c506443b5
fd6940e379f3a5bce837aa343f505a30625d72035166fd9ce533bf3c89a01aba
fd77c41d41a299d224e36572ee84e734bb53f2c56b3babe78619ec413d56d68a
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

www.huntress.com Open in urlscan Pro 2606:2c40::c73c:67e4 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

85 Requests

99 %HTTPS

60 %IPv6

25 Domains

36 Subdomains

31 IPs

5 Countries

3114 kBTransfer

6598 kBSize

15 Cookies

25 Outgoing links

Redirected requests

85 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.huntress.com Open in urlscan Pro
2606:2c40::c73c:67e4 Public Scan

Screenshot
Live screenshot

Full Image

85
Requests

99 %
HTTPS

60 %
IPv6

25
Domains

36
Subdomains

31
IPs

5
Countries

3114 kB
Transfer

6598 kB
Size

15
Cookies

85 HTTP transactions
0 data transactions