urlscan.io logo urlscan.io
SecurityTrails logo

patchstack.com Open in urlscan Pro
18.65.39.71  Public Scan

Go To Rescan Add Verdict Report
URL: https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
Submission: On March 11 via api from IN — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 3 countries across 5 domains to perform 47 HTTP transactions. The main IP is 18.65.39.71, located in United States and belongs to AMAZON-02, US. The main domain is patchstack.com.
TLS certificate: Issued by Amazon RSA 2048 M01 on February 13th 2023. Valid for: a year.
This is the only time patchstack.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
40 18.65.39.71 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a04:fa87:fff... 2635 (AUTOMATTIC)
3 2606:4700::68... 13335 (CLOUDFLAR...)
4 6 2606:4700::68... 13335 (CLOUDFLAR...)
47 5
40    18.65.39.71 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-65-39-71.ams1.r.cloudfront.net
patchstack.com
1    2a00:1450:4001:831::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googleoptimize.com
1    2a04:fa87:fffe::c000:4902 (Ireland)

ASN2635 (AUTOMATTIC, US)
secure.gravatar.com
3    2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
6    2606:4700::6810:7daf (United States)

ASN13335 (CLOUDFLARENET, US)
unpkg.com
Apex Domain
Subdomains		 Transfer
40 patchstack.com
patchstack.com
2 MB
6 unpkg.com
unpkg.com — Cisco Umbrella Rank: 754
17 KB
3 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 194
67 KB
1 gravatar.com
secure.gravatar.com — Cisco Umbrella Rank: 1806
20 KB
1 googleoptimize.com
www.googleoptimize.com — Cisco Umbrella Rank: 892
45 KB
47 5
Domain Requested by
40 patchstack.com patchstack.com
6 unpkg.com 4 redirects patchstack.com
3 cdnjs.cloudflare.com patchstack.com
1 secure.gravatar.com patchstack.com
1 www.googleoptimize.com patchstack.com
47 5
Subject Issuer Validity Valid
patchstack.com
Amazon RSA 2048 M01		 2023-02-13 -
2024-03-13		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-02-20 -
2023-05-15		 3 months crt.sh
*.gravatar.com
Sectigo ECC Domain Validation Secure Server CA		 2022-11-23 -
2023-12-24		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-08-03 -
2023-08-02		 a year crt.sh

This page contains 1 frames:

Primary Page: https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
Frame ID: FB22BCBC4840189B9CE4898AD5CA34F1
Requests: 47 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

PSA: Houzez Theme Unauthenticated Privilege Escalation Vulnerability Exploited in The Wild - Patchstackclosechevron-rightchevron-downtwitter-squarefacebook-squarelinkedin-squarebarsangle-rightcrossmenu

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • <link [^>]*href=(?:"|')[^>]*wp-content/plugins/oxygen/
  • wp-content/plugins/oxygen
Overall confidence: 100%
Detected patterns
  • <!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -
Overall confidence: 100%
Detected patterns
  • googleoptimize\.com/optimize\.js
Overall confidence: 100%
Detected patterns
  • /(?:([\d.])+/)?highlight(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

47
Requests

96 %
HTTPS

80 %
IPv6

5
Domains

5
Subdomains

5
IPs

3
Countries

1884 kB
Transfer

3110 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 26
  • https://unpkg.com/@popperjs/core@2 HTTP 302
  • https://unpkg.com/@popperjs/core@2.11.6 HTTP 302
  • https://unpkg.com/@popperjs/core@2.11.6/dist/umd/popper.min.js
Request Chain 27
  • https://unpkg.com/tippy.js@6 HTTP 302
  • https://unpkg.com/tippy.js@6.3.7 HTTP 302
  • https://unpkg.com/tippy.js@6.3.7/dist/tippy-bundle.umd.min.js

47 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/ 		164 KB
35 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.39.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-39-71.ams1.r.cloudfront.net
Software
Apache /
Resource Hash
3f674d5373e9daec3bfdd45d31899878a2445646d188d56560ad9055c9936ebe
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=0
content-encoding
gzip
content-length
34903
content-type
text/html; charset=UTF-8
date
Sat, 11 Mar 2023 21:14:33 GMT
expires
Sat, 11 Mar 2023 21:14:33 GMT
last-modified
Fri, 10 Mar 2023 08:02:46 GMT
referrer-policy
same-origin
server
Apache
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept,Accept-Encoding
via
1.1 97eaba44803576cf9f5d9993fc05ccee.cloudfront.net (CloudFront)
x-amz-cf-id
s6_1G59IthpupOYi_ALWnPiTpz0urpSnnUJQCjO6dcqrHNgQtHqJRA==
x-amz-cf-pop
AMS1-P1
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
blocks.style.build.css
patchstack.com/wp-content/cache/min/1/wp-content/plugins/structured-content/dist/ 		4 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://patchstack.com/wp-content/cache/min/1/wp-content/plugins/structured-content/dist/blocks.style.build.css?ver=1678434718
Requested by
Host: patchstack.com
URL: https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.39.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-39-71.ams1.r.cloudfront.net
Software
Apache /
Resource Hash
52a97d73800a552fd1b886a62982a7ba2f17dcd27d331f2ba99f7e95f505ae14
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Sat, 11 Mar 2023 21:14:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 97eaba44803576cf9f5d9993fc05ccee.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P1
x-cache
Miss from cloudfront
content-length
1542
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 10 Mar 2023 07:51:58 GMT
server
Apache
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
cache-control
max-age=31536000, public
accept-ranges
bytes
x-amz-cf-id
Ebo5fw7lcWO4VlfzNdhk2CvdFrNJHcpw8Ae4zqsrQOhft2w9WV8qRA==
expires
Sun, 10 Mar 2024 21:14:34 GMT
ecf.css
patchstack.com/wp-content/cache/min/1/wp-content/uploads/elegant-custom-fonts/ 		833 B
745 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://patchstack.com/wp-content/cache/min/1/wp-content/uploads/elegant-custom-fonts/ecf.css?ver=1678434718
Requested by
Host: patchstack.com
URL: https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.39.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-39-71.ams1.r.cloudfront.net
Software
Apache /
Resource Hash
d8f681d20d59065735726d85eb3d3e3536794c936818b3f797ecb13c96cf5d4f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Sat, 11 Mar 2023 21:14:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 97eaba44803576cf9f5d9993fc05ccee.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P1
x-cache
Miss from cloudfront
content-length
209
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 10 Mar 2023 07:51:58 GMT
server
Apache
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
cache-control
max-age=31536000, public
accept-ranges
bytes
x-amz-cf-id
tX_CDJgO8cxmkNpZ2GkNLvX9tLX6V0L6yrm9hAPVDL29xAG0NhSybw==
expires
Sun, 10 Mar 2024 21:14:34 GMT
style.min.css
patchstack.com/wp-includes/css/dist/block-library/ 		93 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://patchstack.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
Requested by
Host: patchstack.com
URL: https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.39.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-39-71.ams1.r.cloudfront.net
Software
Apache /
Resource Hash
c324ef26b20264369e4568dc9ef1c5cb1f325f6bc4e8b7c01f7fe93fa353276a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Sat, 11 Mar 2023 21:14:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 97eaba44803576cf9f5d9993fc05ccee.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P1
x-cache
Miss from cloudfront
content-length
12518
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 30 Jan 2023 12:35:45 GMT
server
Apache
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
cache-control
max-age=31536000, public
accept-ranges
bytes
x-amz-cf-id
kGNwzQTy3fP71N_QV7XaKdJpEVtU_WMxPoeSkl-uTjER1QJrZKXAbg==
expires
Sun, 10 Mar 2024 21:14:34 GMT
classic-themes.min.css
patchstack.com/wp-includes/css/ 		217 B
725 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://patchstack.com/wp-includes/css/classic-themes.min.css?ver=1
Requested by
Host: patchstack.com
URL: https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.39.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-39-71.ams1.r.cloudfront.net
Software
Apache /
Resource Hash
5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Sat, 11 Mar 2023 21:14:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 97eaba44803576cf9f5d9993fc05ccee.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P1
x-cache
Miss from cloudfront
content-length
189
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 30 Jan 2023 12:35:45 GMT
server
Apache
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
cache-control
max-age=31536000, public
accept-ranges
bytes
x-amz-cf-id
TLV73AFuoxQ8rmzxlj1PBYwKoLgT94vNCkaP-surYqKR-kVebJWHFA==
expires
Sun, 10 Mar 2024 21:14:34 GMT
aos.css
patchstack.com/wp-content/cache/min/1/wp-content/plugins/oxygen/component-framework/vendor/aos/ 		25 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://patchstack.com/wp-content/cache/min/1/wp-content/plugins/oxygen/component-framework/vendor/aos/aos.css?ver=1678434718
Requested by
Host: patchstack.com
URL: https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.39.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-39-71.ams1.r.cloudfront.net
Software
Apache /
Resource Hash
1aa8845fd06e475aefe733d4e55b36a92fcd487975049c8172341827ac9cc03e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Sat, 11 Mar 2023 21:14:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 97eaba44803576cf9f5d9993fc05ccee.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P1
x-cache
Miss from cloudfront
content-length
2236
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 10 Mar 2023 07:51:58 GMT
server
Apache
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
cache-control
max-age=31536000, public
accept-ranges
bytes
x-amz-cf-id
sd1sdO3B9APuU83VOncxCYjpGxtCP9S-u9i9yXjHqjNDt8uektAkWg==
expires
Sun, 10 Mar 2024 21:14:34 GMT
oxygen.css
patchstack.com/wp-content/cache/min/1/wp-content/plugins/oxygen/component-framework/ 		17 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://patchstack.com/wp-content/cache/min/1/wp-content/plugins/oxygen/component-framework/oxygen.css?ver=1678434718
Requested by
Host: patchstack.com
URL: https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.39.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-39-71.ams1.r.cloudfront.net
Software
Apache /
Resource Hash
6e53ed8c3d86f9e204995aab1066ecc8b236d842772dceb7b57b0fcfe213c811
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Sat, 11 Mar 2023 21:14:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 97eaba44803576cf9f5d9993fc05ccee.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P1
x-cache
Miss from cloudfront
content-length
4111
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 10 Mar 2023 07:51:58 GMT
server
Apache
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
cache-control
max-age=31536000, public
accept-ranges
bytes
x-amz-cf-id
aT1ZwYOBoNpNfYs3o_bEyITSTvXvgjgZ5Zqelb-6JlBxn1MBKU0Xwg==
expires
Sun, 10 Mar 2024 21:14:34 GMT
style.css
patchstack.com/wp-content/cache/min/1/wp-content/plugins/wpdevdesign-oxygen-navigator/assets/css/ 		279 B
717 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://patchstack.com/wp-content/cache/min/1/wp-content/plugins/wpdevdesign-oxygen-navigator/assets/css/style.css?ver=1678434718
Requested by
Host: patchstack.com
URL: https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.39.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-39-71.ams1.r.cloudfront.net
Software
Apache /
Resource Hash
0cf1d099c031abc93530470f82ba4c0654caf04752e3ee0d2f64940382b4c5a2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Sat, 11 Mar 2023 21:14:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 97eaba44803576cf9f5d9993fc05ccee.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P1
x-cache
Miss from cloudfront
content-length
183
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 10 Mar 2023 07:51:58 GMT
server
Apache
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
cache-control
max-age=31536000, public
accept-ranges
bytes
x-amz-cf-id
d4IVfPU8jHEE72V-hkG72aqVObTYQ5p8seT2Os_5ncc3ATJB41Adtg==
expires
Sun, 10 Mar 2024 21:14:34 GMT
aos.js
patchstack.com/wp-content/plugins/oxygen/component-framework/vendor/aos/ 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://patchstack.com/wp-content/plugins/oxygen/component-framework/vendor/aos/aos.js?ver=1
Requested by
Host: patchstack.com
URL: https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.39.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-39-71.ams1.r.cloudfront.net
Software
Apache /
Resource Hash
4460f1596174d06cca957fdaca2c71e1a377cf1d6f07ee4c75ffb3bf3fc97a03
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Sat, 11 Mar 2023 21:14:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 97eaba44803576cf9f5d9993fc05ccee.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P1
x-cache
Miss from cloudfront
content-length
4503
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 30 Jan 2023 12:34:17 GMT
server
Apache
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
max-age=31536000, public
accept-ranges
bytes
x-amz-cf-id
7tNSbZIzYMV3G5LoKr7WM6xOIySq-pzt0P7empcgy2Yf-3UsewCJEw==
expires
Sun, 10 Mar 2024 21:14:34 GMT
jquery.min.js
patchstack.com/wp-includes/js/jquery/ 		88 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://patchstack.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
Requested by
Host: patchstack.com
URL: https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.39.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-39-71.ams1.r.cloudfront.net
Software
Apache /
Resource Hash
cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Sat, 11 Mar 2023 21:14:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 97eaba44803576cf9f5d9993fc05ccee.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P1
x-cache
Miss from cloudfront
content-length
30995
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 30 Jan 2023 12:35:45 GMT
server
Apache
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
max-age=31536000, public
accept-ranges
bytes
x-amz-cf-id
w4mmJn2cJcHuz8DXa3Fiay2QL1N2nNRCuCa-JIbeELHx1CZCbT1Ekw==
expires
Sun, 10 Mar 2024 21:14:34 GMT
optimize.js
www.googleoptimize.com/ 		116 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleoptimize.com/optimize.js?id=GTM-MX6GQLP
Requested by
Host: patchstack.com
URL: https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
a42ca2a7149389313bcbd1501e8256979f1acc1454f4070a1300a3736760094a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Sat, 11 Mar 2023 21:14:33 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
46170
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Sat, 11 Mar 2023 21:14:33 GMT
default.min.css
patchstack.com/wp-content/cache/min/1/ajax/libs/highlight.js/11.5.1/styles/ 		1 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://patchstack.com/wp-content/cache/min/1/ajax/libs/highlight.js/11.5.1/styles/default.min.css?ver=1678434718
Requested by
Host: patchstack.com
URL: https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.39.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-39-71.ams1.r.cloudfront.net
Software
Apache /
Resource Hash
fbde0ac0921d86c356c41532e7319c887a23bd1b8ff00060cab447249f03c7cf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Sat, 11 Mar 2023 21:14:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 97eaba44803576cf9f5d9993fc05ccee.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P1
x-cache
Miss from cloudfront
content-length
561
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 10 Mar 2023 07:51:58 GMT
server
Apache
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
cache-control
max-age=31536000, public
accept-ranges
bytes
x-amz-cf-id
MTulJLfcJuFjckdxzmK6R5Z3ECLrq8rnU-UAEzGPIOasOf7ct2WZGg==
expires
Sun, 10 Mar 2024 21:14:34 GMT
Faktum-Regular.woff
patchstack.com/wp-content/uploads/2021/05/ 		38 KB
39 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://patchstack.com/wp-content/uploads/2021/05/Faktum-Regular.woff
Requested by
Host: patchstack.com
URL: https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.39.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-39-71.ams1.r.cloudfront.net
Software
Apache /
Resource Hash
6e5655295b678abdf0533e40aaf82cbb5cf9267b6e65e86fee3cce92ae7de700
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
Origin
https://patchstack.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Sat, 11 Mar 2023 21:14:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 97eaba44803576cf9f5d9993fc05ccee.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P1
x-cache
Miss from cloudfront
content-length
39156
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 16 Sep 2021 07:57:27 GMT
server
Apache
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
font/woff
cache-control
max-age=10368000
accept-ranges
bytes
x-amz-cf-id
jOrP-_6ktevPPSdniB-hjEsKgwwBv0B6EcEbnTzD-8WfT50LxBhbOA==
expires
Sun, 09 Jul 2023 21:14:34 GMT
Faktum-WideRegular.woff
patchstack.com/wp-content/uploads/2021/05/ 		39 KB
40 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://patchstack.com/wp-content/uploads/2021/05/Faktum-WideRegular.woff
Requested by
Host: patchstack.com
URL: https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.39.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-39-71.ams1.r.cloudfront.net
Software
Apache /
Resource Hash
7a64fec47d0797ad2e0b377b26bdc0967c377794fbe2d284abe5b4bb80ae42e2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
Origin
https://patchstack.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Sat, 11 Mar 2023 21:14:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 97eaba44803576cf9f5d9993fc05ccee.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P1
x-cache
Miss from cloudfront
content-length
39997
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 16 Sep 2021 07:57:27 GMT
server
Apache
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
font/woff
cache-control
max-age=10368000
accept-ranges
bytes
x-amz-cf-id
BIVcxe540VjbJrJfdEYq5cNCDlF41fXuq3rrKxCP0qdACEUbsHGm3Q==
expires
Sun, 09 Jul 2023 21:14:34 GMT
Faktum-WideMedium.woff
patchstack.com/wp-content/uploads/2021/05/ 		41 KB
41 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://patchstack.com/wp-content/uploads/2021/05/Faktum-WideMedium.woff
Requested by
Host: patchstack.com
URL: https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.39.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-39-71.ams1.r.cloudfront.net
Software
Apache /
Resource Hash
eabc90c688fba82b41c3e6dfc565ce341a257e4d1cb2e9e82045d8682711737b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
Origin
https://patchstack.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Sat, 11 Mar 2023 21:14:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 97eaba44803576cf9f5d9993fc05ccee.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P1
x-cache
Miss from cloudfront
content-length
41707
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 16 Sep 2021 07:57:27 GMT
server
Apache
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
font/woff
cache-control
max-age=10368000
accept-ranges
bytes
x-amz-cf-id
fglIBsNH2o3ock5cazFPm3p86YL4rkiMm8eaPXS9LYPCgD2fGdRyfg==
expires
Sun, 09 Jul 2023 21:14:34 GMT
Faktum-WideSemiBold.woff
patchstack.com/wp-content/uploads/2021/05/ 		41 KB
41 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://patchstack.com/wp-content/uploads/2021/05/Faktum-WideSemiBold.woff
Requested by
Host: patchstack.com
URL: https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.39.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-39-71.ams1.r.cloudfront.net
Software
Apache /
Resource Hash
17fe5ef946f2b68c88c30f43b185aa85998c64813381668cea4fd7935a95a790
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
Origin
https://patchstack.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Sat, 11 Mar 2023 21:14:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 97eaba44803576cf9f5d9993fc05ccee.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P1
x-cache
Miss from cloudfront
content-length
41529
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 16 Sep 2021 07:57:27 GMT
server
Apache
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
font/woff
cache-control
max-age=10368000
accept-ranges
bytes
x-amz-cf-id
2VDJ1CSno7LHOJPPMBT5eVRmWAtKFmD3zqq_AyCR02zYCYv0KkyVCA==
expires
Sun, 09 Jul 2023 21:14:34 GMT
7201.css
patchstack.com/wp-content/cache/min/1/wp-content/uploads/oxygen/css/ 		18 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://patchstack.com/wp-content/cache/min/1/wp-content/uploads/oxygen/css/7201.css?ver=1678434718
Requested by
Host: patchstack.com
URL: https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.39.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-39-71.ams1.r.cloudfront.net
Software
Apache /
Resource Hash
daff5d5612a5e61f4573f7505fffebbea08cf2eafeb9f3a1400d55dcf656b632
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Sat, 11 Mar 2023 21:14:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 97eaba44803576cf9f5d9993fc05ccee.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P1
x-cache
Miss from cloudfront
content-length
2936
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 10 Mar 2023 07:51:58 GMT
server
Apache
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
cache-control
max-age=31536000, public
accept-ranges
bytes
x-amz-cf-id
H877cuwb6PN1CZakWOuPQD7IMrDYL-6FAcrCJ0704WATXtuINMc9zQ==
expires
Sun, 10 Mar 2024 21:14:34 GMT
7215.css
patchstack.com/wp-content/cache/min/1/wp-content/uploads/oxygen/css/ 		29 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://patchstack.com/wp-content/cache/min/1/wp-content/uploads/oxygen/css/7215.css?ver=1678434719
Requested by
Host: patchstack.com
URL: https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.39.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-39-71.ams1.r.cloudfront.net
Software
Apache /
Resource Hash
012aa6aaa002263206a81950d85ba67dc3840cd90c1b53d5deb4e45c984de878
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Sat, 11 Mar 2023 21:14:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 97eaba44803576cf9f5d9993fc05ccee.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P1
x-cache
Miss from cloudfront
content-length
3963
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 10 Mar 2023 07:51:59 GMT
server
Apache
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
cache-control
max-age=31536000, public
accept-ranges
bytes
x-amz-cf-id
ytyOdDgBHZalVh5FsbFr_YO6tb8zmlpswHA3LgleXAvEfbCn7FEY7w==
expires
Sun, 10 Mar 2024 21:14:34 GMT
universal.css
patchstack.com/wp-content/cache/min/1/wp-content/uploads/oxygen/css/ 		338 KB
40 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://patchstack.com/wp-content/cache/min/1/wp-content/uploads/oxygen/css/universal.css?ver=1678434719
Requested by
Host: patchstack.com
URL: https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.39.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-39-71.ams1.r.cloudfront.net
Software
Apache /
Resource Hash
2ecf4239c2478344fdb091c031ccf0a9010cf529c02b5152340669ec94a312b8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Sat, 11 Mar 2023 21:14:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 97eaba44803576cf9f5d9993fc05ccee.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P1
x-cache
Miss from cloudfront
content-length
40421
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 10 Mar 2023 07:51:59 GMT
server
Apache
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
cache-control
max-age=31536000, public
accept-ranges
bytes
x-amz-cf-id
SGvLMVtle5wCSvIdoLlfHNfw_-uBCmjBPW-gWfd1czcuqam9YoUq4Q==
expires
Sun, 10 Mar 2024 21:14:34 GMT
logo.svg
patchstack.com/wp-content/uploads/2021/11/ 		5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://patchstack.com/wp-content/uploads/2021/11/logo.svg
Requested by
Host: patchstack.com
URL: https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.39.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-39-71.ams1.r.cloudfront.net
Software
Apache /
Resource Hash
70656995a69cdca5cc1ff5dcbf78378494de4368f2383ab78cd8eb167d43f2b0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Sat, 11 Mar 2023 21:14:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 97eaba44803576cf9f5d9993fc05ccee.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P1
x-cache
Miss from cloudfront
content-length
1815
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 12 Nov 2021 10:11:41 GMT
server
Apache
vary
Accept,Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
max-age=10368000, public
accept-ranges
bytes
x-amz-cf-id
Qr-z07pnQeqGUoxBpWocyCShk-mPcmKNlRlMrsb3lchCCILUzTvdgg==
expires
Sun, 09 Jul 2023 21:14:34 GMT
7f009046884a335084f86ff1a1acadce
secure.gravatar.com/avatar/ 		19 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.gravatar.com/avatar/7f009046884a335084f86ff1a1acadce?s=200&d=mm&r=g
Requested by
Host: patchstack.com
URL: https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
51d8feeca7862a3ded9c5e3aa88cc5e115b912ec937224a5448adb7f3ae5e1ab

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-nc
HIT hhn 2
date
Sat, 11 Mar 2023 21:14:34 GMT
last-modified
Sat, 17 Dec 2022 12:30:47 GMT
server
nginx
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=300
content-disposition
inline; filename="7f009046884a335084f86ff1a1acadce.png"
accept-ranges
bytes
link
<https://www.gravatar.com/avatar/7f009046884a335084f86ff1a1acadce?s=200&d=mm&r=g>; rel="canonical"
content-length
19738
expires
Sat, 11 Mar 2023 21:19:34 GMT
image-7.webp
patchstack.com/wp-content/uploads/2023/02/ 		63 KB
63 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://patchstack.com/wp-content/uploads/2023/02/image-7.webp
Requested by
Host: patchstack.com
URL: https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.39.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-39-71.ams1.r.cloudfront.net
Software
Apache /
Resource Hash
3e75a9dac0016e7a2ea02c5aebf07882b499fc6eb191ce5b38e11d303f7c3757
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Sat, 11 Mar 2023 21:14:34 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
via
1.1 97eaba44803576cf9f5d9993fc05ccee.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P1
x-cache
Miss from cloudfront
content-length
64056
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 27 Feb 2023 08:01:00 GMT
server
Apache
vary
Accept,Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/webp
cache-control
max-age=10368000
accept-ranges
bytes
x-amz-cf-id
iMtIdpb_oJLYivyRFhmNxLbTs-CvGHmMSjfuBOxDf89122q092YYeA==
expires
Sun, 09 Jul 2023 21:14:34 GMT
social_discord.svg
patchstack.com/wp-content/uploads/2022/12/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://patchstack.com/wp-content/uploads/2022/12/social_discord.svg
Requested by
Host: patchstack.com
URL: https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.39.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-39-71.ams1.r.cloudfront.net
Software
Apache /
Resource Hash
8a01817173eee8b82e5d4ac97b6c7168ce351346ea09cf5b6c7514957cc46bf1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Sat, 11 Mar 2023 21:14:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 97eaba44803576cf9f5d9993fc05ccee.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P1
x-cache
Miss from cloudfront
content-length
758
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 05 Dec 2022 06:11:49 GMT
server
Apache
vary
Accept,Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
max-age=10368000, public
accept-ranges
bytes
x-amz-cf-id
YUELoPKhmWJ24tUImIc1ZJmPpKjxL-uCYMknMMWgNFxYfpX4YDqOQg==
expires
Sun, 09 Jul 2023 21:14:34 GMT
Logo.svg
patchstack.com/wp-content/uploads/2022/08/ 		5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://patchstack.com/wp-content/uploads/2022/08/Logo.svg
Requested by
Host: patchstack.com
URL: https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.39.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-39-71.ams1.r.cloudfront.net
Software
Apache /
Resource Hash
01da3239bb68389cf95c71c9afeeabd54dd1bde1180831e07df206a838d08f6d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Sat, 11 Mar 2023 21:14:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 97eaba44803576cf9f5d9993fc05ccee.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P1
x-cache
Miss from cloudfront
content-length
1408
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 08 Aug 2022 05:33:17 GMT
server
Apache
vary
Accept,Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
max-age=10368000, public
accept-ranges
bytes
x-amz-cf-id
98caFnMwguS29KXuWm5zQcy-OlrdLH4dS_x2O7eGfFFx9l-622Jlfg==
expires
Sun, 09 Jul 2023 21:14:34 GMT
eufunded-1.svg
patchstack.com/wp-content/uploads/2022/08/ 		19 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://patchstack.com/wp-content/uploads/2022/08/eufunded-1.svg
Requested by
Host: patchstack.com
URL: https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.39.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-39-71.ams1.r.cloudfront.net
Software
Apache /
Resource Hash
442cc4aa9e87e997e346afff9f3e85275956ade99f0be9b6dd720dba38ddfff3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Sat, 11 Mar 2023 21:14:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 97eaba44803576cf9f5d9993fc05ccee.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P1
x-cache
Miss from cloudfront
content-length
7662
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 08 Aug 2022 05:32:32 GMT
server
Apache
vary
Accept,Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
max-age=10368000, public
accept-ranges
bytes
x-amz-cf-id
UlP1N3bg-WpePlRGxlW4N4YT26gxMXkGbtYGfpSW2p-Xfr2iW01L7Q==
expires
Sun, 09 Jul 2023 21:14:34 GMT
logo.webp
patchstack.com/wp-content/uploads/2021/01/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://patchstack.com/wp-content/uploads/2021/01/logo.webp
Requested by
Host: patchstack.com
URL: https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.39.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-39-71.ams1.r.cloudfront.net
Software
Apache /
Resource Hash
d5242ec44e2753c8403909b8686c8a0eaa84d4c5d44419e8808bae57acb9cbf8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Sat, 11 Mar 2023 21:14:34 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
via
1.1 97eaba44803576cf9f5d9993fc05ccee.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P1
x-cache
Miss from cloudfront
content-length
1168
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 16 Sep 2021 07:57:19 GMT
server
Apache
vary
Accept,Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/webp
cache-control
max-age=10368000
accept-ranges
bytes
x-amz-cf-id
HUxt36o1wtpbH8VYP0TexYfp6N5gxrkJ_KHDrcZuHaM1cBGOZsR5Vw==
expires
Sun, 09 Jul 2023 21:14:34 GMT
highlight.min.js
cdnjs.cloudflare.com/ajax/libs/highlight.js/11.5.1/ 		115 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.5.1/highlight.min.js
Requested by
Host: patchstack.com
URL: https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7d31127fbc6c7cdfef1eb59800f9ec50cedb15efa81ff571dcfa5d13a0ad90f4
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Sat, 11 Mar 2023 21:14:34 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
3135716
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
34752
last-modified
Mon, 11 Apr 2022 01:33:13 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"62538559-87c0"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bRmOKwu6E%2BvPGRRxolhAfzRR04gVhE6%2B9xr5ETPUvYpC6zkTY3bCz8qAozJfWqaxT%2BW%2F%2BIpGmU3wTNf5ImshXSGazCoWVd1VuaQOfW3MTHF7RTPIN3u%2B1yghkNcbr6BC4F5veBdpaKXSKY2ZMyGkGq%2BP"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
7a66cecbef40382e-FRA
expires
Thu, 29 Feb 2024 21:14:34 GMT
popper.min.js
unpkg.com/@popperjs/core@2.11.6/dist/umd/
Redirect Chain
  • https://unpkg.com/@popperjs/core@2
  • https://unpkg.com/@popperjs/core@2.11.6
  • https://unpkg.com/@popperjs/core@2.11.6/dist/umd/popper.min.js
20 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://unpkg.com/@popperjs/core@2.11.6/dist/umd/popper.min.js
Requested by
Host: patchstack.com
URL: https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
Protocol
H2
Server
2606:4700::6810:7daf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
051a8137b75880006ab58f47778ca713ed6c967130faba043c5cd0ed34517dc8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Sat, 11 Mar 2023 21:14:34 GMT
via
1.1 fly.io
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
3338771
last-modified
Thu, 11 Aug 2022 07:51:20 GMT
fly-request-id
01GR5R9K5FWVMDMKQ7G62HHM6K-fra
server
cloudflare
etag
W/"4e7f-YDO5/9GsCmSrp3VxzVXmgduuK5k"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
7a66cecc393f35e2-FRA

Redirect headers

date
Sat, 11 Mar 2023 21:14:34 GMT
via
1.1 fly.io
x-content-type-options
nosniff
cf-cache-status
HIT
fly-request-id
01GR5R9JSVT0N809G3PX5QFATH-fra
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
3338777
vary
Accept, Accept-Encoding
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
location
/@popperjs/core@2.11.6/dist/umd/popper.min.js
cache-control
public, max-age=31536000
cf-ray
7a66cecc090a35e2-FRA
tippy-bundle.umd.min.js
unpkg.com/tippy.js@6.3.7/dist/
Redirect Chain
  • https://unpkg.com/tippy.js@6
  • https://unpkg.com/tippy.js@6.3.7
  • https://unpkg.com/tippy.js@6.3.7/dist/tippy-bundle.umd.min.js
25 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://unpkg.com/tippy.js@6.3.7/dist/tippy-bundle.umd.min.js
Requested by
Host: patchstack.com
URL: https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
Protocol
H2
Server
2606:4700::6810:7daf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3f0fe70eb26ccf28f6887a192e29d38dd7ef7c2f079a73304ad42ddc7bed37de
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Sat, 11 Mar 2023 21:14:34 GMT
via
1.1 fly.io
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
3338776
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id
01GR5R9K8J5VAKXTXT96JJEN9R-fra
server
cloudflare
etag
W/"6475-GJFZFDM34LwIzjC4uKWaXpNTNf4"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
7a66cecc394035e2-FRA

Redirect headers

date
Sat, 11 Mar 2023 21:14:34 GMT
via
1.1 fly.io
x-content-type-options
nosniff
cf-cache-status
HIT
fly-request-id
01GR5R9RDTPK3KRBR5JDXXHPRZ-fra
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
3338771
vary
Accept, Accept-Encoding
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
location
/tippy.js@6.3.7/dist/tippy-bundle.umd.min.js
cache-control
public, max-age=31536000
cf-ray
7a66cecc090b35e2-FRA
gsap.min.js
cdnjs.cloudflare.com/ajax/libs/gsap/3.9.1/ 		63 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/gsap/3.9.1/gsap.min.js?v=12345
Requested by
Host: patchstack.com
URL: https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6dbe9c2e13cf06c6633ea3fcf6d7bd30452561202a205c75a035cd1d8b93368f
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Sat, 11 Mar 2023 21:14:34 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
179396
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
22890
last-modified
Sat, 25 Dec 2021 03:05:32 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"61c68a7c-596a"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BHB1bNedlfiA0IZWVez8nEnREp%2FeKZ5mVIcq8u4ZFZEsKDuxPP0cPD2s2C9hUK7xdJEnwc2%2BnLqeGKn74GQSqx8YmSgG3SbetLTr5hH0kYLJAaLeK7fB2YcCc2pyb545SP%2Bvbhl%2BeUhsnx91ZFpp%2FevE"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
7a66cecbef43382e-FRA
expires
Thu, 29 Feb 2024 21:14:34 GMT
ScrollTrigger.min.js
cdnjs.cloudflare.com/ajax/libs/gsap/3.9.1/ 		24 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/gsap/3.9.1/ScrollTrigger.min.js?v=12345
Requested by
Host: patchstack.com
URL: https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
068b6cce4ba0c45621e5c2947ebcc3f6701a90c841ce4f210c935f0047a19ead
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Sat, 11 Mar 2023 21:14:34 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
1280513
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
9607
last-modified
Sat, 25 Dec 2021 03:05:32 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"61c68a7c-2587"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UA8IFNE5i3ecQ9MPHGNVKNNwf8W5RCR4auKcTOw9sTIz1Ag4Pfo4cKFhaBvAu5Q2MXpvc4kvl5TSwWL%2F7QFHUOPwRNrU4LW4%2Fg%2FxoDnsiN1UrGQzHAxEaT9bhc9Zzsy6HMHcVMfDTDwbwYixN5B4O3bw"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
7a66cecbef44382e-FRA
expires
Thu, 29 Feb 2024 21:14:34 GMT
app.build.js
patchstack.com/wp-content/plugins/structured-content/dist/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://patchstack.com/wp-content/plugins/structured-content/dist/app.build.js?ver=1.5.3
Requested by
Host: patchstack.com
URL: https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.39.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-39-71.ams1.r.cloudfront.net
Software
Apache /
Resource Hash
3986673333826891a3b1d289891efd0689a800f8dbd7a897e016ed1f80e429ea
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Sat, 11 Mar 2023 21:14:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 97eaba44803576cf9f5d9993fc05ccee.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P1
x-cache
Miss from cloudfront
content-length
754
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 30 Jan 2023 12:34:54 GMT
server
Apache
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
max-age=31536000, public
accept-ranges
bytes
x-amz-cf-id
xvcG3JGonqvAav6qe0I1wGsW8xOKp-L-0pjsRkYJm29ctdyXHGSiqg==
expires
Sun, 10 Mar 2024 21:14:34 GMT
forms.js
patchstack.com/wp-content/plugins/mailchimp-for-wp/assets/js/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://patchstack.com/wp-content/plugins/mailchimp-for-wp/assets/js/forms.js?ver=4.9.0
Requested by
Host: patchstack.com
URL: https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.39.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-39-71.ams1.r.cloudfront.net
Software
Apache /
Resource Hash
12a618537a5ecc700c5cd76816ded0793c5c369fa6d786ce82b7199e34b080a3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Sat, 11 Mar 2023 21:14:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 97eaba44803576cf9f5d9993fc05ccee.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P1
x-cache
Miss from cloudfront
content-length
2588
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 30 Jan 2023 12:34:10 GMT
server
Apache
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
max-age=31536000, public
accept-ranges
bytes
x-amz-cf-id
SRiQp6xe8dYSCyqQttRMC6w68uhfysdABl787xn6JiyNOLKgxWFL_Q==
expires
Sun, 10 Mar 2024 21:14:34 GMT
lottie-player.min.js
patchstack.com/wp-content/plugins/oxyextras/components/assets/ 		337 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://patchstack.com/wp-content/plugins/oxyextras/components/assets/lottie-player.min.js?ver=1.0.1
Requested by
Host: patchstack.com
URL: https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.39.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-39-71.ams1.r.cloudfront.net
Software
Apache /
Resource Hash
da8b9c6562cee0bad877c0f9c7fbae8cb2d594e23e9ba583cfc3c63886af5191
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Sat, 11 Mar 2023 21:14:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 97eaba44803576cf9f5d9993fc05ccee.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P1
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 09 Jun 2022 14:48:42 GMT
server
Apache
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
max-age=31536000, public
accept-ranges
bytes
x-amz-cf-id
wpZ5XNKr3iUCyrDyV6GgKL8ywrLJWCPcf1SV77fdU66B6jEfsi54wA==
expires
Sun, 10 Mar 2024 21:14:34 GMT
lottie-interactivity.js
patchstack.com/wp-content/plugins/oxyextras/components/assets/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://patchstack.com/wp-content/plugins/oxyextras/components/assets/lottie-interactivity.js?ver=1.0.0
Requested by
Host: patchstack.com
URL: https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.39.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-39-71.ams1.r.cloudfront.net
Software
Apache /
Resource Hash
9f9806aff71bf183827384d70fa3069e6f3811c9ec6b36b0e20271a084b6f460
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Sat, 11 Mar 2023 21:14:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 97eaba44803576cf9f5d9993fc05ccee.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P1
x-cache
Miss from cloudfront
content-length
1659
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 09 Jun 2022 14:48:42 GMT
server
Apache
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
max-age=31536000, public
accept-ranges
bytes
x-amz-cf-id
MDMfQa2LwcC9W6tKA4eSs3Fjfp7IXkfKEz_JvFK8xhmZYwVlzpSaqg==
expires
Sun, 10 Mar 2024 21:14:34 GMT
intersectionobserver.js
patchstack.com/wp-content/plugins/oxyextras/components/assets/ 		29 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://patchstack.com/wp-content/plugins/oxyextras/components/assets/intersectionobserver.js?ver=1.0.0
Requested by
Host: patchstack.com
URL: https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.39.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-39-71.ams1.r.cloudfront.net
Software
Apache /
Resource Hash
36765572da8f1a28f7916e6ab8ca524b9434998a807098b185ec15e843bb48ae
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Sat, 11 Mar 2023 21:14:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 97eaba44803576cf9f5d9993fc05ccee.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P1
x-cache
Miss from cloudfront
content-length
8180
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 09 Jun 2022 14:48:42 GMT
server
Apache
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
max-age=31536000, public
accept-ranges
bytes
x-amz-cf-id
nzB-ugLcsQvJKBWXF1J7HSPalHYSxgPaFsMJq-aQuTSOUh7NjLEQPw==
expires
Sun, 10 Mar 2024 21:14:34 GMT
lottie-init.js
patchstack.com/wp-content/plugins/oxyextras/components/assets/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://patchstack.com/wp-content/plugins/oxyextras/components/assets/lottie-init.js?ver=1.0.0
Requested by
Host: patchstack.com
URL: https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.39.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-39-71.ams1.r.cloudfront.net
Software
Apache /
Resource Hash
9e62a5da9cceba33ccc322380461a756d5d3f84ae39bd170a952c1de5c3146a6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Sat, 11 Mar 2023 21:14:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 97eaba44803576cf9f5d9993fc05ccee.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P1
x-cache
Miss from cloudfront
content-length
1048
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 09 Jun 2022 14:48:42 GMT
server
Apache
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
max-age=31536000, public
accept-ranges
bytes
x-amz-cf-id
jfGB_xKHRzxo20DUtRhD27o5Zwj24mAMmU-FWyl-h7fOdlj7Wz_0fg==
expires
Sun, 10 Mar 2024 21:14:34 GMT
alpinejs.intersect.3.10.5.js
patchstack.com/wp-content/plugins/oxygen/component-framework/vendor/alpinejs/ 		877 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://patchstack.com/wp-content/plugins/oxygen/component-framework/vendor/alpinejs/alpinejs.intersect.3.10.5.js
Requested by
Host: patchstack.com
URL: https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.39.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-39-71.ams1.r.cloudfront.net
Software
Apache /
Resource Hash
640807dde06a6339c8e9a8813261b8a143aca409ba4ac8568fb52cb2b009b4a8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Sat, 11 Mar 2023 21:14:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 97eaba44803576cf9f5d9993fc05ccee.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P1
x-cache
Miss from cloudfront
content-length
539
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 30 Jan 2023 12:34:17 GMT
server
Apache
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
max-age=31536000, public
accept-ranges
bytes
x-amz-cf-id
ML-uKI9YwJA3nTNXooKX-GYvZDrOHtvk6HVwfKXAi8P4_6uVI2Hjmw==
expires
Sun, 10 Mar 2024 21:14:34 GMT
alpinejs.3.10.5.js
patchstack.com/wp-content/plugins/oxygen/component-framework/vendor/alpinejs/ 		39 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://patchstack.com/wp-content/plugins/oxygen/component-framework/vendor/alpinejs/alpinejs.3.10.5.js
Requested by
Host: patchstack.com
URL: https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.39.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-39-71.ams1.r.cloudfront.net
Software
Apache /
Resource Hash
5b02426e749fbc4999d6407083463b9bcb5511f073f413249a56e21643bb6bd8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Sat, 11 Mar 2023 21:14:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 97eaba44803576cf9f5d9993fc05ccee.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P1
x-cache
Miss from cloudfront
content-length
14679
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 30 Jan 2023 12:34:17 GMT
server
Apache
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
max-age=31536000, public
accept-ranges
bytes
x-amz-cf-id
dLmIC8tSzwwEoxEWUqPTYXgZ_UJWaxyWpNwoToudSyAJskRFDvuknA==
expires
Sun, 10 Mar 2024 21:14:34 GMT
surface-GUPqey7k7b4-unsplash-1024x683.jpg
patchstack.com/wp-content/uploads/2022/06/ 		110 KB
111 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://patchstack.com/wp-content/uploads/2022/06/surface-GUPqey7k7b4-unsplash-1024x683.jpg
Requested by
Host: patchstack.com
URL: https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.39.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-39-71.ams1.r.cloudfront.net
Software
Apache /
Resource Hash
09da43ac477c8766515aff8803c5d230b14b0baba45f6d5d65fcb99b9cb9a448
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Sat, 11 Mar 2023 21:14:34 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
via
1.1 97eaba44803576cf9f5d9993fc05ccee.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P1
x-cache
Miss from cloudfront
content-length
112707
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Wed, 08 Jun 2022 06:34:37 GMT
server
Apache
vary
Accept,Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/jpeg
cache-control
max-age=10368000, public
accept-ranges
bytes
x-amz-cf-id
wHzGSB9Q8JsQzlPu6ZbA-SY30sQo7nuL7XRtLb64nNfHoc9fZvG58w==
expires
Sun, 09 Jul 2023 21:14:34 GMT
Subscriber-Path-Traversal-Leading-to-Local-File-Inclusion-in-OceanWP-Theme-Patchstack-1024x539.png
patchstack.com/wp-content/uploads/2023/02/ 		513 KB
515 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://patchstack.com/wp-content/uploads/2023/02/Subscriber-Path-Traversal-Leading-to-Local-File-Inclusion-in-OceanWP-Theme-Patchstack-1024x539.png
Requested by
Host: patchstack.com
URL: https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.39.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-39-71.ams1.r.cloudfront.net
Software
Apache /
Resource Hash
90aa21b052dcdc72d57f11715edcf51d44fe1a5c37544202b663052eafe9e03e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Sat, 11 Mar 2023 21:14:34 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
via
1.1 97eaba44803576cf9f5d9993fc05ccee.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P1
x-cache
Miss from cloudfront
content-length
525660
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Tue, 28 Feb 2023 07:31:29 GMT
server
Apache
vary
Accept,Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=10368000, public
accept-ranges
bytes
x-amz-cf-id
3DoAxueKNmjJ2V-Qce8TwiMkMSd87b8rWGhdUYE0SZlHLAkNpkVO_w==
expires
Sun, 09 Jul 2023 21:14:34 GMT
patchstack-weekly-61-using-wordpress-as-headless-cms-1024x536.png
patchstack.com/wp-content/uploads/2023/02/ 		522 KB
524 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://patchstack.com/wp-content/uploads/2023/02/patchstack-weekly-61-using-wordpress-as-headless-cms-1024x536.png
Requested by
Host: patchstack.com
URL: https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.39.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-39-71.ams1.r.cloudfront.net
Software
Apache /
Resource Hash
3b26cbd5127fc44ede850029f2a4a1d084a4182a8cab4a4a62d0f0a7b0116232
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Sat, 11 Mar 2023 21:14:34 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
via
1.1 97eaba44803576cf9f5d9993fc05ccee.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P1
x-cache
Miss from cloudfront
content-length
534678
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Tue, 28 Feb 2023 10:42:33 GMT
server
Apache
vary
Accept,Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=10368000, public
accept-ranges
bytes
x-amz-cf-id
SxmUx17SPTCyxQ__85OOCXh-p7nk41feB6fwJFVPbYP5_bERlQlnHA==
expires
Sun, 09 Jul 2023 21:14:34 GMT
link-arrow.svg
patchstack.com/wp-content/uploads/2022/08/ 		191 B
706 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://patchstack.com/wp-content/uploads/2022/08/link-arrow.svg
Requested by
Host: patchstack.com
URL: https://patchstack.com/wp-content/cache/min/1/wp-content/uploads/oxygen/css/universal.css?ver=1678434719
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.39.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-39-71.ams1.r.cloudfront.net
Software
Apache /
Resource Hash
26c20102b99fba14b488f348ba46bcdc7c10e1b2ea2fa256bc377620daa140c6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://patchstack.com/wp-content/cache/min/1/wp-content/uploads/oxygen/css/universal.css?ver=1678434719
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Sat, 11 Mar 2023 21:14:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 97eaba44803576cf9f5d9993fc05ccee.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P1
x-cache
Miss from cloudfront
content-length
170
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 08 Aug 2022 05:35:14 GMT
server
Apache
vary
Accept,Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
max-age=10368000, public
accept-ranges
bytes
x-amz-cf-id
IpJjZ4HKnECZ0n_fJkGZVLQVZIXCgjPCCIqTdAboTD8bOoL5NJI1Sw==
expires
Sun, 09 Jul 2023 21:14:34 GMT
Faktum-SemiBold.woff
patchstack.com/wp-content/uploads/2021/11/ 		39 KB
39 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://patchstack.com/wp-content/uploads/2021/11/Faktum-SemiBold.woff
Requested by
Host: patchstack.com
URL: https://patchstack.com/wp-content/cache/min/1/wp-content/uploads/oxygen/css/universal.css?ver=1678434719
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.39.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-39-71.ams1.r.cloudfront.net
Software
Apache /
Resource Hash
4fb8f9059ead43cda5a1f9e01bb4fcfb7346671740e67b83dd58c2335ea8b265
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://patchstack.com/wp-content/cache/min/1/wp-content/uploads/oxygen/css/universal.css?ver=1678434719
Origin
https://patchstack.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Sat, 11 Mar 2023 21:14:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 97eaba44803576cf9f5d9993fc05ccee.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P1
x-cache
Miss from cloudfront
content-length
39802
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 05 Nov 2021 13:57:36 GMT
server
Apache
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
font/woff
cache-control
max-age=10368000
accept-ranges
bytes
x-amz-cf-id
Tfb0K0ZHH9RABNczvuzm2-ZCtTY0N75Vp63RevpKG8r8-EBOHPiTHg==
expires
Sun, 09 Jul 2023 21:14:34 GMT
Faktum-Bold.woff
patchstack.com/wp-content/uploads/2021/11/ 		37 KB
38 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://patchstack.com/wp-content/uploads/2021/11/Faktum-Bold.woff
Requested by
Host: patchstack.com
URL: https://patchstack.com/wp-content/cache/min/1/wp-content/uploads/elegant-custom-fonts/ecf.css?ver=1678434718
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.39.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-39-71.ams1.r.cloudfront.net
Software
Apache /
Resource Hash
338bddef7f37b72a80de683dd16e0373aaeb18607a006b43349ba4846b9b528b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://patchstack.com/wp-content/cache/min/1/wp-content/uploads/elegant-custom-fonts/ecf.css?ver=1678434718
Origin
https://patchstack.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Sat, 11 Mar 2023 21:14:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 97eaba44803576cf9f5d9993fc05ccee.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P1
x-cache
Miss from cloudfront
content-length
38063
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 05 Nov 2021 13:38:50 GMT
server
Apache
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
font/woff
cache-control
max-age=10368000
accept-ranges
bytes
x-amz-cf-id
nNyG3FrFhrKPo-foHcwFnQzxm1r7BjqOPVT8wA7c2zLtCTs_eA-dBQ==
expires
Sun, 09 Jul 2023 21:14:34 GMT
Logo_Hover_Animation_v2.json
patchstack.com/wp-content/uploads/2021/11/ 		19 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://patchstack.com/wp-content/uploads/2021/11/Logo_Hover_Animation_v2.json
Requested by
Host: patchstack.com
URL: https://patchstack.com/wp-content/plugins/oxyextras/components/assets/lottie-player.min.js?ver=1.0.1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.39.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-39-71.ams1.r.cloudfront.net
Software
Apache /
Resource Hash
cefad5aae60ab4750509d2ab08a970df72978efb9cfc4b8bc642a7360e7ac87e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Sat, 11 Mar 2023 21:14:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 97eaba44803576cf9f5d9993fc05ccee.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P1
x-cache
Miss from cloudfront
content-length
2343
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Tue, 16 Nov 2021 08:12:58 GMT
server
Apache
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/json; charset=utf-8
cache-control
max-age=0, public
accept-ranges
bytes
x-amz-cf-id
cNlGak5zFO6ZUR9Z6qJZwcfv33F5JDQu7u8u6Td620TskpGFZtmnPQ==
expires
Sat, 11 Mar 2023 21:14:34 GMT
Logo_Hover_Animation_v2.json
patchstack.com/wp-content/uploads/2021/11/ 		19 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://patchstack.com/wp-content/uploads/2021/11/Logo_Hover_Animation_v2.json
Requested by
Host: patchstack.com
URL: https://patchstack.com/wp-content/plugins/oxyextras/components/assets/lottie-player.min.js?ver=1.0.1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.39.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-39-71.ams1.r.cloudfront.net
Software
Apache /
Resource Hash
cefad5aae60ab4750509d2ab08a970df72978efb9cfc4b8bc642a7360e7ac87e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Sat, 11 Mar 2023 21:14:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 97eaba44803576cf9f5d9993fc05ccee.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P1
x-cache
Miss from cloudfront
content-length
2343
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Tue, 16 Nov 2021 08:12:58 GMT
server
Apache
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/json; charset=utf-8
cache-control
max-age=0, public
accept-ranges
bytes
x-amz-cf-id
f1MPlzf-FuFnqQ3IIhy39Ql6Wcpatb4SGXn3DnMueXexnRiFii7SZA==
expires
Sat, 11 Mar 2023 21:14:34 GMT

Verdicts & Comments Add Verdict or Comment

54 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| AOS undefined| $ function| jQuery object| google_tag_manager object| dataLayer object| google_optimize object| alpineIntersect object| alpine object| mc4wp object| hljs object| Popper function| tippy object| gsapVersions object| Linear object| Power0 object| Quad object| Power1 object| Cubic object| Power2 object| Quart object| Power3 object| Quint object| Power4 object| Strong object| Elastic object| Bounce object| Expo object| Circ object| Sine object| Back object| SteppedEase function| TweenLite function| TweenMax function| TimelineMax function| TimelineLite function| AttrPlugin function| EndArrayPlugin function| RoundPropsPlugin function| ModifiersPlugin function| SnapPlugin object| gsap object| CSSPlugin function| ScrollTrigger function| oxygen_init_reading_progress object| Alpine object| lottie-player object| reactiveElementVersions object| litHtmlVersions object| litElementVersions object| LottieInteractivity function| oxygen_init_lottie function| triggerScriptLoader function| loadScripts

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnjs.cloudflare.com
patchstack.com
secure.gravatar.com
unpkg.com
www.googleoptimize.com
18.65.39.71
2606:4700::6810:7daf
2606:4700::6811:180e
2a00:1450:4001:831::200e
2a04:fa87:fffe::c000:4902
012aa6aaa002263206a81950d85ba67dc3840cd90c1b53d5deb4e45c984de878
01da3239bb68389cf95c71c9afeeabd54dd1bde1180831e07df206a838d08f6d
051a8137b75880006ab58f47778ca713ed6c967130faba043c5cd0ed34517dc8
068b6cce4ba0c45621e5c2947ebcc3f6701a90c841ce4f210c935f0047a19ead
09da43ac477c8766515aff8803c5d230b14b0baba45f6d5d65fcb99b9cb9a448
0cf1d099c031abc93530470f82ba4c0654caf04752e3ee0d2f64940382b4c5a2
12a618537a5ecc700c5cd76816ded0793c5c369fa6d786ce82b7199e34b080a3
17fe5ef946f2b68c88c30f43b185aa85998c64813381668cea4fd7935a95a790
1aa8845fd06e475aefe733d4e55b36a92fcd487975049c8172341827ac9cc03e
26c20102b99fba14b488f348ba46bcdc7c10e1b2ea2fa256bc377620daa140c6
2ecf4239c2478344fdb091c031ccf0a9010cf529c02b5152340669ec94a312b8
338bddef7f37b72a80de683dd16e0373aaeb18607a006b43349ba4846b9b528b
36765572da8f1a28f7916e6ab8ca524b9434998a807098b185ec15e843bb48ae
3986673333826891a3b1d289891efd0689a800f8dbd7a897e016ed1f80e429ea
3b26cbd5127fc44ede850029f2a4a1d084a4182a8cab4a4a62d0f0a7b0116232
3e75a9dac0016e7a2ea02c5aebf07882b499fc6eb191ce5b38e11d303f7c3757
3f0fe70eb26ccf28f6887a192e29d38dd7ef7c2f079a73304ad42ddc7bed37de
3f674d5373e9daec3bfdd45d31899878a2445646d188d56560ad9055c9936ebe
442cc4aa9e87e997e346afff9f3e85275956ade99f0be9b6dd720dba38ddfff3
4460f1596174d06cca957fdaca2c71e1a377cf1d6f07ee4c75ffb3bf3fc97a03
4fb8f9059ead43cda5a1f9e01bb4fcfb7346671740e67b83dd58c2335ea8b265
51d8feeca7862a3ded9c5e3aa88cc5e115b912ec937224a5448adb7f3ae5e1ab
52a97d73800a552fd1b886a62982a7ba2f17dcd27d331f2ba99f7e95f505ae14
5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5
5b02426e749fbc4999d6407083463b9bcb5511f073f413249a56e21643bb6bd8
640807dde06a6339c8e9a8813261b8a143aca409ba4ac8568fb52cb2b009b4a8
6dbe9c2e13cf06c6633ea3fcf6d7bd30452561202a205c75a035cd1d8b93368f
6e53ed8c3d86f9e204995aab1066ecc8b236d842772dceb7b57b0fcfe213c811
6e5655295b678abdf0533e40aaf82cbb5cf9267b6e65e86fee3cce92ae7de700
70656995a69cdca5cc1ff5dcbf78378494de4368f2383ab78cd8eb167d43f2b0
7a64fec47d0797ad2e0b377b26bdc0967c377794fbe2d284abe5b4bb80ae42e2
7d31127fbc6c7cdfef1eb59800f9ec50cedb15efa81ff571dcfa5d13a0ad90f4
8a01817173eee8b82e5d4ac97b6c7168ce351346ea09cf5b6c7514957cc46bf1
90aa21b052dcdc72d57f11715edcf51d44fe1a5c37544202b663052eafe9e03e
9e62a5da9cceba33ccc322380461a756d5d3f84ae39bd170a952c1de5c3146a6
9f9806aff71bf183827384d70fa3069e6f3811c9ec6b36b0e20271a084b6f460
a42ca2a7149389313bcbd1501e8256979f1acc1454f4070a1300a3736760094a
c324ef26b20264369e4568dc9ef1c5cb1f325f6bc4e8b7c01f7fe93fa353276a
cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981
cefad5aae60ab4750509d2ab08a970df72978efb9cfc4b8bc642a7360e7ac87e
d5242ec44e2753c8403909b8686c8a0eaa84d4c5d44419e8808bae57acb9cbf8
d8f681d20d59065735726d85eb3d3e3536794c936818b3f797ecb13c96cf5d4f
da8b9c6562cee0bad877c0f9c7fbae8cb2d594e23e9ba583cfc3c63886af5191
daff5d5612a5e61f4573f7505fffebbea08cf2eafeb9f3a1400d55dcf656b632
eabc90c688fba82b41c3e6dfc565ce341a257e4d1cb2e9e82045d8682711737b
fbde0ac0921d86c356c41532e7319c887a23bd1b8ff00060cab447249f03c7cf