research.kudelskisecurity.com Open in urlscan Pro
2606:4700::6812:df1e Public Scan

Go To Rescan
Add Verdict Report

URL:
https://research.kudelskisecurity.com/2023/07/14/cve-2023-36884-office-and-windows-html-remote-code-execution-vulnerability/
Submission: On August 12 via api (August 12th 2023, 7:04:29 pm UTC) from US — Scanned from DE

Summary HTTP 65 Redirects Links 15 Behaviour Indicators

Summary

This website contacted 11 IPs in 2 countries across 6 domains to perform 65 HTTP transactions. The main IP is 2606:4700::6812:df1e, located in United States and belongs to CLOUDFLARENET, US. The main domain is research.kudelskisecurity.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 14th 2023. Valid for: a year.

This is the only time research.kudelskisecurity.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 5	2606:4700::68... 2606:4700::6812:df1e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
25	192.0.77.32 192.0.77.32	2635 (AUTOMATTIC) (AUTOMATTIC)
4	192.0.72.20 192.0.72.20	2635 (AUTOMATTIC) (AUTOMATTIC)
4	2a04:fa87:fff... 2a04:fa87:fffe::c000:4902	2635 (AUTOMATTIC) (AUTOMATTIC)
4	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2606:4700::68... 2606:4700::6812:cec9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
17	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
1	192.0.78.18 192.0.78.18	2635 (AUTOMATTIC) (AUTOMATTIC)
1	192.0.78.22 192.0.78.22	2635 (AUTOMATTIC) (AUTOMATTIC)
3	104.244.42.72 104.244.42.72	13414 (TWITTER) (TWITTER)
65	11

5 2606:4700::6812:df1e (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

research.kudelskisecurity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 192.0.77.32 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: wordpress.com

s0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s2.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s1.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fonts-api.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
widgets.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fonts.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 192.0.72.20 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

cybermashup.files.wordpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a04:fa87:fffe::c000:4902 (Ireland)

ASN2635 (AUTOMATTIC, US)

1.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
0.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
secure.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:cec9 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn2.hubspot.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.78.18 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

r-login.wordpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.78.22 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

public-api.wordpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.244.42.72 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
29	wp.com s0.wp.com — Cisco Umbrella Rank: 7684 s2.wp.com — Cisco Umbrella Rank: 33779 s1.wp.com — Cisco Umbrella Rank: 29348 stats.wp.com — Cisco Umbrella Rank: 2614 fonts-api.wp.com — Cisco Umbrella Rank: 16470 widgets.wp.com — Cisco Umbrella Rank: 11421 fonts.wp.com — Cisco Umbrella Rank: 17144 pixel.wp.com — Cisco Umbrella Rank: 2513	278 KB
20	twitter.com platform.twitter.com — Cisco Umbrella Rank: 1053 syndication.twitter.com — Cisco Umbrella Rank: 1269	633 KB
6	wordpress.com cybermashup.files.wordpress.com r-login.wordpress.com — Cisco Umbrella Rank: 26971 public-api.wordpress.com — Cisco Umbrella Rank: 9137	328 KB
5	kudelskisecurity.com 1 redirects research.kudelskisecurity.com	32 KB
4	gravatar.com 1.gravatar.com — Cisco Umbrella Rank: 9045 0.gravatar.com — Cisco Umbrella Rank: 8027 secure.gravatar.com — Cisco Umbrella Rank: 1876	8 KB
1	hubspot.net cdn2.hubspot.net — Cisco Umbrella Rank: 8150	2 MB
65	6

	Domain	Requested by
17	platform.twitter.com	s1.wp.com platform.twitter.com syndication.twitter.com
10	s0.wp.com	research.kudelskisecurity.com widgets.wp.com public-api.wordpress.com
5	fonts.wp.com	fonts-api.wp.com
5	s2.wp.com	research.kudelskisecurity.com
5	research.kudelskisecurity.com	1 redirects research.kudelskisecurity.com s0.wp.com
4	cybermashup.files.wordpress.com	research.kudelskisecurity.com
3	syndication.twitter.com	platform.twitter.com syndication.twitter.com
3	pixel.wp.com	research.kudelskisecurity.com
3	s1.wp.com	research.kudelskisecurity.com
2	0.gravatar.com	research.kudelskisecurity.com 0.gravatar.com
1	public-api.wordpress.com	s0.wp.com
1	r-login.wordpress.com	research.kudelskisecurity.com
1	widgets.wp.com	research.kudelskisecurity.com
1	cdn2.hubspot.net	s2.wp.com
1	fonts-api.wp.com	s0.wp.com
1	stats.wp.com	research.kudelskisecurity.com
1	secure.gravatar.com	research.kudelskisecurity.com
1	1.gravatar.com	research.kudelskisecurity.com
65	18

This site contains links to these domains. Also see Links.

Domain
msrc.microsoft.com
www.reddit.com
learn.microsoft.com
cybermashup.files.wordpress.com
www.microsoft.com
gravatar.com
twitter.com
wordpress.com
cybermashup.wordpress.com
wp.me
en.wordpress.com
subscribe.wordpress.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-14` - `2024-05-13`	a year	crt.sh
*.wp.com Sectigo ECC Domain Validation Secure Server CA	`2022-11-14` - `2023-12-15`	a year	crt.sh
*.files.wordpress.com Sectigo ECC Domain Validation Secure Server CA	`2022-11-23` - `2023-12-24`	a year	crt.sh
*.gravatar.com Sectigo ECC Domain Validation Secure Server CA	`2022-11-23` - `2023-12-24`	a year	crt.sh
hubspot.net Cloudflare Inc ECC CA-3	`2023-04-06` - `2024-04-05`	a year	crt.sh
*.twimg.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-28` - `2024-07-26`	a year	crt.sh
*.wordpress.com Sectigo ECC Domain Validation Secure Server CA	`2022-11-23` - `2023-12-24`	a year	crt.sh
syndication.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-02-05` - `2024-02-05`	a year	crt.sh

This page contains 6 frames:

Primary Page: https://research.kudelskisecurity.com/2023/07/14/cve-2023-36884-office-and-windows-html-remote-code-execution-vulnerability/
Frame ID: 5E6B966C566086671881FDB08C976B3B
Requests: 42 HTTP requests in this frame

Frame: https://widgets.wp.com/likes/master.html?ver=20230309
Frame ID: A2FF8BB5333347539F4A989B7E992A8F
Requests: 3 HTTP requests in this frame

Frame: https://r-login.wordpress.com/remote-login.php?wpcom_remote_login=key&origin=aHR0cHM6Ly9yZXNlYXJjaC5rdWRlbHNraXNlY3VyaXR5LmNvbQ%3D%3D&wpcomid=48491387&time=1691867062
Frame ID: CDB3F7CA0FFE0D53D923C0BD86DCD702
Requests: 1 HTTP requests in this frame

Frame: https://public-api.wordpress.com/wp-admin/rest-proxy/
Frame ID: C5832800249815EBC2B431D3A9D90FBA
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html?origin=https%3A%2F%2Fresearch.kudelskisecurity.com
Frame ID: B756CBE068026489A91912DFBBFAFD70
Requests: 2 HTTP requests in this frame

Frame: https://syndication.twitter.com/srv/timeline-profile/screen-name/KudelskiSec?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOltdLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2ZvbGxvd2VyX2NvdW50X3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfZm9zbnJfc29mdF9pbnRlcnZlbnRpb25zX2VuYWJsZWQiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X21peGVkX21lZGlhXzE1ODk3Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3Nob3dfYmlyZHdhdGNoX3Bpdm90c19lbmFibGVkIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19kdXBsaWNhdGVfc2NyaWJlc190b19zZXR0aW5ncyI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdXNlX3Byb2ZpbGVfaW1hZ2Vfc2hhcGVfZW5hYmxlZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdmlkZW9faGxzX2R5bmFtaWNfbWFuaWZlc3RzXzE1MDgyIjp7ImJ1Y2tldCI6InRydWVfYml0cmF0ZSIsInZlcnNpb24iOm51bGx9LCJ0ZndfbGVnYWN5X3RpbWVsaW5lX3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9mcm9udGVuZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9fQ%3D%3D&frame=false&hideBorder=true&hideFooter=true&hideHeader=true&hideScrollBar=false&lang=en&maxHeight=800px&origin=https%3A%2F%2Fresearch.kudelskisecurity.com%2F2023%2F07%2F14%2Fcve-2023-36884-office-and-windows-html-remote-code-execution-vulnerability%2F&partner=jetpack&sessionId=0b251db096fb9f2955b056c77584ca0765e42d42&showHeader=false&showReplies=false&theme=light&transparent=false&widgetsVersion=aaf4084522e3a%3A1674595607486
Frame ID: 1C67A31062314D8037436BF945EC53DF
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

CVE-2023-36884 – Office and Windows HTML Remote Code Execution Vulnerability – Kudelski Security Research

Page URL History Show full URLs

https://research.kudelskisecurity.com/2023/07/14/cve-2023-36884-office-and-windows-html-remote-code-execution-vuln... HTTP 301
https://research.kudelskisecurity.com/2023/07/14/cve-2023-36884-office-and-windows-html-remote-code-execution-vuln... Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link[^>]+s\d+\.wp\.com
/wp-(?:content|includes)/

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

65
Requests

98 %
HTTPS

40 %
IPv6

6
Domains

18
Subdomains

11
IPs

2
Countries

3319 kB
Transfer

5587 kB
Size

0
Cookies

15 Outgoing links

These are links going to different origins than the main page.

URL: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884
Title: CVE-2023-36884

Search URL Search Domain Scan URL

URL: https://www.reddit.com/r/crowdstrike/comments/14y1yei/20230712_situational_awareness_microsoft_office/
Title: confirmed

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-worldwide#block-all-office-applications-from-creating-child-processes
Title: block all office applications from creating child processes

Search URL Search Domain Scan URL

URL: https://cybermashup.files.wordpress.com/2023/07/settings-prevent-exploitation.webp

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/en-us/security/blog/2023/07/11/storm-0978-attacks-reveal-financial-and-espionage-motives/
Title: https://www.microsoft.com/en-us/security/blog/2023/07/11/storm-0978-attacks-reveal-financial-and-espionage-motives/

Search URL Search Domain Scan URL

URL: https://gravatar.com/site/signup/

Search URL Search Domain Scan URL

URL: https://twitter.com/@KudelskiSec
Title: My Tweets

Search URL Search Domain Scan URL

URL: https://wordpress.com/?ref=footer_blog
Title: Blog at WordPress.com.

Search URL Search Domain Scan URL

URL: https://wordpress.com/log-in?redirect_to=https%3A%2F%2Fr-login.wordpress.com%2Fremote-login.php%3Faction%3Dlink%26back%3Dhttps%253A%252F%252Fresearch.kudelskisecurity.com%252F2023%252F07%252F14%252Fcve-2023-36884-office-and-windows-html-remote-code-execution-vulnerability%252F
Title: Log in now.

Search URL Search Domain Scan URL

URL: https://cybermashup.wordpress.com/wp-admin/customize.php?url=https%3A%2F%2Fcybermashup.wordpress.com%2F2023%2F07%2F14%2Fcve-2023-36884-office-and-windows-html-remote-code-execution-vulnerability%2F
Title: Customize

Search URL Search Domain Scan URL

URL: https://wordpress.com/start/
Title: Sign up

Search URL Search Domain Scan URL

URL: https://wp.me/p3hsP9-4Ls
Title: Copy shortlink

Search URL Search Domain Scan URL

URL: http://en.wordpress.com/abuse/?report_url=https://research.kudelskisecurity.com/2023/07/14/cve-2023-36884-office-and-windows-html-remote-code-execution-vulnerability/
Title: Report this content

Search URL Search Domain Scan URL

URL: https://wordpress.com/read/blogs/48491387/posts/18318
Title: View post in Reader

Search URL Search Domain Scan URL

URL: https://subscribe.wordpress.com/
Title: Manage subscriptions

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://research.kudelskisecurity.com/2023/07/14/cve-2023-36884-office-and-windows-html-remote-code-execution-vulnerability HTTP 301
https://research.kudelskisecurity.com/2023/07/14/cve-2023-36884-office-and-windows-html-remote-code-execution-vulnerability/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

65 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
research.kudelskisecurity.com/2023/07/14/cve-2023-36884-office-and-windows-html-remote-code-execution-vulnerability/
Redirect Chain

https://research.kudelskisecurity.com/2023/07/14/cve-2023-36884-office-and-windows-html-remote-code-execution-vulnerability
https://research.kudelskisecurity.com/2023/07/14/cve-2023-36884-office-and-windows-html-remote-code-execution-vulnerability/

119 KB
29 KB

327ms
327ms

Document
text/html

2606:4700::6812:df1e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://research.kudelskisecurity.com/2023/07/14/cve-2023-36884-office-and-windows-html-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:df1e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cad39bb4ebdbdc5760cdff084c7efb04bf30c56b3d3c0ded11fcea7f88f0b7e9

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.gravatar.com/js/; script-src 'unsafe-inline' https://.twitter.com https://.gravatar.com/js/ 'self' https://.wp.com/; style-src https://.wp.com 'unsafe-inline' https://.gravatar.com https://.gravatar.com/; frame-src https://.wp.com https://.twitter.com https://platform.twitter.com https://r-login.wordpress.com; img-src https://.wp.com https://.gravatar.com https://syndication.twitter.com/ https://secure.gravatar.com/ https://cybermashup.files.wordpress.com https://.hubspot.net; style-src-elem https://.gravatar.com 'self' 'unsafe-inline' https://.wp.com; font-src data: https://*.wp.com/
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cf-cache-status: DYNAMIC
cf-ray: 7f5afbd38e5c91d1-FRA
content-encoding: gzip
content-security-policy: default-src 'self' https://*.gravatar.com/js/; script-src 'unsafe-inline' https://*.twitter.com https://*.gravatar.com/js/ 'self' https://*.wp.com/; style-src https://*.wp.com 'unsafe-inline' https://*.gravatar.com https://*.gravatar.com/; frame-src https://*.wp.com https://*.twitter.com https://platform.twitter.com https://r-login.wordpress.com; img-src https://*.wp.com https://*.gravatar.com https://syndication.twitter.com/ https://secure.gravatar.com/ https://cybermashup.files.wordpress.com https://*.hubspot.net; style-src-elem https://*.gravatar.com 'self' 'unsafe-inline' https://*.wp.com; font-src data: https://*.wp.com/
content-type: text/html; charset=UTF-8
date: Sat, 12 Aug 2023 19:04:22 GMT
host-header: WordPress.com
link: <https://wp.me/p3hsP9-4Ls>; rel=shortlink
permissions-policy: camera=(), fullscreen=(self), geolocation=(), microphone=(), notifications=(), speaker=()
referrer-policy: no-referrer
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding accept, content-type, cookie
x-ac: 1.hhn _dfw EXPIRED
x-content-type-options: nosniff
x-frame-options: DENY
x-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
x-pingback: https://research.kudelskisecurity.com/xmlrpc.php

Redirect headers

cf-cache-status: DYNAMIC
cf-ray: 7f5afbd1fcbd91d1-FRA
content-security-policy: default-src 'self' https://*.gravatar.com/js/; script-src 'unsafe-inline' https://*.twitter.com https://*.gravatar.com/js/ 'self' https://*.wp.com/; style-src https://*.wp.com 'unsafe-inline' https://*.gravatar.com https://*.gravatar.com/; frame-src https://*.wp.com https://*.twitter.com https://platform.twitter.com https://r-login.wordpress.com; img-src https://*.wp.com https://*.gravatar.com https://syndication.twitter.com/ https://secure.gravatar.com/ https://cybermashup.files.wordpress.com https://*.hubspot.net; style-src-elem https://*.gravatar.com 'self' 'unsafe-inline' https://*.wp.com; font-src data: https://*.wp.com/
content-type: text/html; charset=UTF-8
date: Sat, 12 Aug 2023 19:04:22 GMT
host-header: WordPress.com
location: https://research.kudelskisecurity.com/2023/07/14/cve-2023-36884-office-and-windows-html-remote-code-execution-vulnerability/
permissions-policy: camera=(), fullscreen=(self), geolocation=(), microphone=(), notifications=(), speaker=()
referrer-policy: no-referrer
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: accept, content-type, cookie
x-ac: 1.hhn _dfw MISS
x-content-type-options: nosniff
x-frame-options: DENY
x-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
x-pingback: https://research.kudelskisecurity.com/xmlrpc.php
x-redirect-by: WordPress

GET
H2 200 webfont.js Show response
s0.wp.com/wp-content/plugins/custom-fonts/js/ 12 KB
5 KB 39ms
9ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/plugins/custom-fonts/js/webfont.js
Requested by: Host: research.kudelskisecurity.com
URL: https://research.kudelskisecurity.com/2023/07/14/cve-2023-36884-office-and-windows-html-remote-code-execution-vulnerability/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 738223eb8c8c70913bf59775dc575c205070014babc8b174fd3ab8e6082ebe30

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-minify-cache: hit
x-nc: HIT hhn 1
date: Sat, 12 Aug 2023 19:04:22 GMT
content-encoding: br
x-ac: 2.hhn _dca MISS
server: nginx
x-minify: t
etag: W/12493-1684460879556.3713
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Wed, 29 May 2024 20:23:52 GMT

GET
H2 200 /
s2.wp.com/_static/ 272 KB
32 KB 47ms
22ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s2.wp.com/_static/??-eJyFkFtOwzAQRTeEPQRCVD4QS6kce2S59UuecarsHjcKoYWW/lg6nnvvPOCUhU6RMTKEKrKv1kWCA3JW+rgyhJTOj6keCQp6xWhETsS/SGqiJ7gd6d0Rf4IX+iP/1tracMRiW6UgTN0ge/kMY3XewOjTEjAWVWYgnj3+1/fWKuvffsJoUgFVOQXF7PSmnpzBlAsSXXVF47gZFiBYRO3F0zaAi9pXc16UIDS1Qo9hmegCslczFuHRKj3L4OJje6td8pXp/vXWObejqzlVFrY4c+duDyOKYhctPbDrtNpeZLeTnSAXskdRcJI9GEe8KcQW9Bk+uuG9G17f+m53+AKwvfmi&cssminify=yes
Requested by: Host: research.kudelskisecurity.com
URL: https://research.kudelskisecurity.com/2023/07/14/cve-2023-36884-office-and-windows-html-remote-code-execution-vulnerability/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 857edabb9ce74342f298daf49f36beda85987bd9da00687afe12539ecea775e5

Request headers

Referer
Origin: https://research.kudelskisecurity.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Sat, 12 Aug 2023 19:04:22 GMT
content-encoding: br
x-ac: 2.hhn _dfw BYPASS
last-modified: Thu, 10 Aug 2023 02:43:53 GMT
server: nginx
etag: W/"64d44ee9-43ed4"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Sat, 10 Aug 2024 16:38:50 GMT

GET
H2 200 /
s1.wp.com/_static/ 369 B
604 B 38ms
8ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.wp.com/_static/??/wp-content/mu-plugins/core-compat/wp-mediaelement.css,/wp-content/mu-plugins/wpcom-bbpress-premium-themes.css?m=1432920480j&cssminify=yes
Requested by: Host: research.kudelskisecurity.com
URL: https://research.kudelskisecurity.com/2023/07/14/cve-2023-36884-office-and-windows-html-remote-code-execution-vulnerability/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 9c83b89ab9d2677980617afacb833a74da3050a2d3d711176b500d7922e49ab5

Request headers

Referer
Origin: https://research.kudelskisecurity.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Sat, 12 Aug 2023 19:04:22 GMT
x-ac: 2.hhn _dfw BYPASS
last-modified: Sun, 19 Dec 2021 04:31:32 GMT
server: nginx
etag: "61beb5a4-171"
access-control-allow-methods: GET, HEAD
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
content-length: 369
expires: Fri, 10 Nov 2023 15:12:40 GMT

GET
H2 200 /
s1.wp.com/_static/ 80 KB
25 KB 37ms
9ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.wp.com/_static/??-eJx9jEEKAjEMRS9kDSOj6EI8itQSY8Y2KW2KeHsruOhCZvcf/PfglV1QMRQDe2DCCrlg4pbAtFgjD9XeEbeh1g0M59Rcjo1YKixo2YfnjyGpClxZAhAKFu5G/T/XooTqogZv3GsjuHv0XNbUgreo1CdBfw34lS7pPB2O+2l3mud5+QDV81+y&cssminify=yes
Requested by: Host: research.kudelskisecurity.com
URL: https://research.kudelskisecurity.com/2023/07/14/cve-2023-36884-office-and-windows-html-remote-code-execution-vulnerability/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: cc9a51dd9c128fcec8a07077fad5cd3cf19761680989ed17900cfa98cb813af8

Request headers

Referer
Origin: https://research.kudelskisecurity.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Sat, 12 Aug 2023 19:04:22 GMT
content-encoding: br
x-ac: 2.hhn _dfw BYPASS
last-modified: Fri, 26 May 2023 19:31:03 GMT
server: nginx
etag: W/"647108f7-13eec"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Wed, 29 May 2024 16:37:16 GMT

GET
H2 200 /
s2.wp.com/_static/ 29 KB
11 KB 46ms
22ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s2.wp.com/_static/??-eJyNjcEKAjEMRH/IGhaW3fUgforUNLRd06SYFvHvdcWLePEyzIPhDdyrQ5VG0qB0V7nHLAYrterx+mEoqluEzmRgyd8o+BAe75ol7tFsB/+bzlkQTDF7dqxR7Qt+bC1Ref2mESLrxfM2OJXjMC2HeV6mYVyfUatJNw==&cssminify=yes
Requested by: Host: research.kudelskisecurity.com
URL: https://research.kudelskisecurity.com/2023/07/14/cve-2023-36884-office-and-windows-html-remote-code-execution-vulnerability/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 9398eb3737a99ee7929995d320c3385f8374ff399152fcad64a47b55a985e5d4

Request headers

Referer
Origin: https://research.kudelskisecurity.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Sat, 12 Aug 2023 19:04:22 GMT
content-encoding: br
x-ac: 2.hhn _dfw BYPASS
last-modified: Wed, 19 Jul 2023 14:57:04 GMT
server: nginx
etag: W/"64b7f9c0-73ad"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Thu, 18 Jul 2024 15:27:48 GMT

GET
H2 200 / Show response
s0.wp.com/_static/ 128 KB
42 KB 28ms
10ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??-eJx1jlkOwjAMRC9EsBAVaj8QR0Fpa4JDNhyH5fakUpEKgi9rPDPPhntSQwyCQcBm8LEnh6pkZG3qTlE4xbXNK1jkfFHJFUMhg0VJerjMutZjgCOFAfpCbgRGpwVHlWKW/KnWnsI3uD7ATlTi+Hi+vQpzZcQ8mfZakJ/zWAL+hpQnw/Xor2tyRl8ridFT8SCRpRg9IYK+kdFCceoc/H6za7td1zbN1r4AZN9xZg==
Requested by: Host: research.kudelskisecurity.com
URL: https://research.kudelskisecurity.com/2023/07/14/cve-2023-36884-office-and-windows-html-remote-code-execution-vulnerability/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: cd64977b1dfb594bb6c578c450c7ea5f46829cc5e0d96584e38187ca02293cb1

Request headers

Referer
Origin: https://research.kudelskisecurity.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Sat, 12 Aug 2023 19:04:22 GMT
content-encoding: br
x-ac: 2.hhn _dfw BYPASS
last-modified: Tue, 18 Jul 2023 16:40:50 GMT
server: nginx
etag: W/"64b6c092-2009a"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Wed, 17 Jul 2024 16:49:23 GMT

GET
H2 200 style.css
s0.wp.com/wp-content/mu-plugins/highlander-comments/ 15 KB
3 KB 27ms
10ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/mu-plugins/highlander-comments/style.css?m=1689695215i&cssminify=yes
Requested by: Host: research.kudelskisecurity.com
URL: https://research.kudelskisecurity.com/2023/07/14/cve-2023-36884-office-and-windows-html-remote-code-execution-vulnerability/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: c59758aba315041f99301a6120932ecaf751fb3a0b35b55b65eea138912c86ea

Request headers

Referer
Origin: https://research.kudelskisecurity.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-minify-cache: hit
x-nc: HIT hhn 2
date: Sat, 12 Aug 2023 19:04:22 GMT
content-encoding: br
x-ac: 2.hhn _dfw BYPASS
server: nginx
x-minify: t
etag: W/17746-1689695224703.6353
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Wed, 17 Jul 2024 15:47:19 GMT

GET
H2 200 /
s2.wp.com/ 2 KB
894 B 30ms
9ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s2.wp.com/?custom-css=1&csblog=3hsP9&cscache=6&csrev=76
Requested by: Host: research.kudelskisecurity.com
URL: https://research.kudelskisecurity.com/2023/07/14/cve-2023-36884-office-and-windows-html-remote-code-execution-vulnerability/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: e6c34b671db5a47c2d36abf67e69153ae5ff8646fe9620bc6b4362992571af47

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
date: Sat, 12 Aug 2023 19:04:22 GMT
content-encoding: br
x-ac: 2.hhn _dca MISS
server: nginx
x-nc: HIT hhn 1
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css;charset=utf-8
access-control-allow-origin: *
host-header: WordPress.com
timing-allow-origin: *
expires: Thu, 04 Apr 2024 16:31:54 GMT

GET
H2 200 researchnegative_3.png
cybermashup.files.wordpress.com/2017/09/ 6 KB
6 KB 44ms
8ms Image
image/webp 192.0.72.20
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cybermashup.files.wordpress.com/2017/09/researchnegative_3.png

Requested by

Host: research.kudelskisecurity.com
URL: https://research.kudelskisecurity.com/2023/07/14/cve-2023-36884-office-and-windows-html-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.20 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

248fae09ad210f6bcf3f09ac80ef594e3012d25bb9bd7710d2c2255dbd41705e

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-nc: HIT hhn 20 np
date: Sat, 12 Aug 2023 19:04:22 GMT
x-content-type-options: nosniff, nosniff
last-modified: Mon, 25 Sep 2017 18:43:36 GMT
server: nginx
x-orig-src: 0_imageresize
vary: Accept, Origin
content-type: image/webp
access-control-allow-origin: https://cybermashup.wordpress.com
access-control-allow-credentials: true
accept-ranges: bytes
content-length: 6004
expires: Tue, 12 Sep 2023 12:02:09 GMT

GET
H2 200 cropped-istock-513311684.jpg
cybermashup.files.wordpress.com/2018/10/ 251 KB
252 KB 45ms
8ms Image
image/webp 192.0.72.20
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cybermashup.files.wordpress.com/2018/10/cropped-istock-513311684.jpg

Requested by

Host: research.kudelskisecurity.com
URL: https://research.kudelskisecurity.com/2023/07/14/cve-2023-36884-office-and-windows-html-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.20 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

3112fd69843bc3d3d05d13ac324257fc6da01c4beb5e37237c32dfe5b9c060ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-nc: HIT hhn 20 np
date: Sat, 12 Aug 2023 19:04:22 GMT
x-content-type-options: nosniff, nosniff
last-modified: Thu, 11 Oct 2018 22:46:23 GMT
server: nginx
x-orig-src: 0_imageresize
vary: Accept, Origin
content-type: image/webp
access-control-allow-origin: https://cybermashup.wordpress.com
access-control-allow-credentials: true
accept-ranges: bytes
content-length: 257456
expires: Fri, 08 Sep 2023 15:48:10 GMT

GET
H2 200 istock-817486068.jpg
cybermashup.files.wordpress.com/2020/06/ 41 KB
41 KB 481ms
444ms Image
image/webp 192.0.72.20
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cybermashup.files.wordpress.com/2020/06/istock-817486068.jpg?w=840

Requested by

Host: research.kudelskisecurity.com
URL: https://research.kudelskisecurity.com/2023/07/14/cve-2023-36884-office-and-windows-html-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.20 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

c2ba9876245a0044717a1612ca20aa91e8229b4b4c5903d2fcb0441e366c243b

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-nc: EXPIRED hhn 20 np
date: Sat, 12 Aug 2023 19:04:23 GMT
x-content-type-options: nosniff, nosniff
last-modified: Fri, 12 Jun 2020 22:35:01 GMT
server: nginx
x-orig-src: 0_imageresize
vary: Accept, Origin
content-type: image/webp
access-control-allow-origin: https://cybermashup.wordpress.com
access-control-allow-credentials: true
accept-ranges: bytes
content-length: 42054
expires: Fri, 15 Sep 2023 21:09:56 GMT

GET
H2 200 settings-prevent-exploitation.webp
cybermashup.files.wordpress.com/2023/07/ 25 KB
25 KB 53ms
16ms Image
image/webp 192.0.72.20
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cybermashup.files.wordpress.com/2023/07/settings-prevent-exploitation.webp

Requested by

Host: research.kudelskisecurity.com
URL: https://research.kudelskisecurity.com/2023/07/14/cve-2023-36884-office-and-windows-html-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.20 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

ffd21b00750cc1bae7f3f84238b7c5676cc3c5f078fff44db7c8e7922cc6ef04

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-nc: HIT hhn 20 np
date: Sat, 12 Aug 2023 19:04:22 GMT
x-content-type-options: nosniff, nosniff
last-modified: Fri, 14 Jul 2023 07:12:24 GMT
server: nginx
x-orig-src: 0_imageresize
vary: Accept, Origin
content-type: image/webp
access-control-allow-origin: https://cybermashup.wordpress.com
access-control-allow-credentials: true
accept-ranges: bytes
content-length: 25806
expires: Mon, 21 Aug 2023 18:06:34 GMT

GET
H2 200 ad516503a11cd5ca435acc9bb6523536
1.gravatar.com/avatar/ 439 B
695 B 35ms
6ms Image
image/png 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://1.gravatar.com/avatar/ad516503a11cd5ca435acc9bb6523536?s=25
Requested by: Host: research.kudelskisecurity.com
URL: https://research.kudelskisecurity.com/2023/07/14/cve-2023-36884-office-and-windows-html-remote-code-execution-vulnerability/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: d3ddd29db765914b449b4573e5a3c24e1982838d9f55befd894cb73333f8149a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Sat, 12 Aug 2023 19:04:22 GMT
last-modified: Sat, 01 Mar 2008 02:44:06 GMT
server: nginx
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="ad516503a11cd5ca435acc9bb6523536.png"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/ad516503a11cd5ca435acc9bb6523536?s=25>; rel="canonical"
content-length: 439
expires: Sat, 12 Aug 2023 19:09:22 GMT

GET
H2 200 email-decode.min.js Show response
research.kudelskisecurity.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
808 B 15ms
15ms Script
application/javascript 2606:4700::6812:df1e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://research.kudelskisecurity.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: research.kudelskisecurity.com
URL: https://research.kudelskisecurity.com/2023/07/14/cve-2023-36884-office-and-windows-html-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:df1e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 19:04:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Tue, 08 Aug 2023 14:42:33 GMT
server: cloudflare
content-encoding: gzip
etag: W/"64d25459-4d7"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=172800, public
cf-ray: 7f5afbd6298691d1-FRA
expires: Mon, 14 Aug 2023 19:04:22 GMT

GET
H2 200 hovercards.min.js Show response
0.gravatar.com/js/hovercards/ 13 KB
5 KB 44ms
7ms Script
application/javascript 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://0.gravatar.com/js/hovercards/hovercards.min.js?ver=202332984499da3d590658ac000c9d7e2362a2e7308ec05e4d0f5940f2d2eb6ba865f6
Requested by: Host: research.kudelskisecurity.com
URL: https://research.kudelskisecurity.com/2023/07/14/cve-2023-36884-office-and-windows-html-remote-code-execution-vulnerability/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 984499da3d590658ac000c9d7e2362a2e7308ec05e4d0f5940f2d2eb6ba865f6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 19:04:22 GMT
content-encoding: br
last-modified: Thu, 10 Aug 2023 08:40:05 GMT
server: nginx
etag: W/"64d4a265-327b"
content-type: application/javascript
cache-control: max-age=604800
expires: Sat, 19 Aug 2023 19:04:22 GMT

GET
H2 200 wpgroho.js Show response
s2.wp.com/wp-content/mu-plugins/gravatar-hovercards/ 655 B
446 B 9ms
7ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s2.wp.com/wp-content/mu-plugins/gravatar-hovercards/wpgroho.js?m=1610363240i
Requested by: Host: research.kudelskisecurity.com
URL: https://research.kudelskisecurity.com/2023/07/14/cve-2023-36884-office-and-windows-html-remote-code-execution-vulnerability/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: b6e4492d3b8358a81b80908b1f84e6bd2f64a7a46d48793af99d27bf29f4c2e8

Request headers

Referer
Origin: https://research.kudelskisecurity.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-minify-cache: hit
x-nc: HIT hhn 2
date: Sat, 12 Aug 2023 19:04:22 GMT
content-encoding: br
x-ac: 2.hhn _dfw BYPASS
server: nginx
x-minify: t
etag: W/1125-1684460931415.6394
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Thu, 30 May 2024 20:22:44 GMT

GET
H2 200 / Show response
s0.wp.com/_static/ 41 KB
11 KB 9ms
7ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??/wp-content/js/textarea-autosize.min.js,/wp-content/mu-plugins/highlander-comments/script.js?m=1663141412j
Requested by: Host: research.kudelskisecurity.com
URL: https://research.kudelskisecurity.com/2023/07/14/cve-2023-36884-office-and-windows-html-remote-code-execution-vulnerability/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 822183b6912f8ef43349d897aa66f65f840a059a488c1dae834f2e1b4d847c1c

Request headers

Referer
Origin: https://research.kudelskisecurity.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Sat, 12 Aug 2023 19:04:22 GMT
content-encoding: br
x-ac: 2.hhn _dfw
last-modified: Wed, 14 Sep 2022 07:43:47 GMT
server: nginx
etag: W/"63218633-a4f5"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Thu, 14 Sep 2023 07:43:50 GMT

GET
H2 200 db5106832b4f9a9a183f578bf18a58a1a94a0a150c75b77fb1a89bcb5292271c
secure.gravatar.com/blavatar/ 1 KB
1 KB 29ms
7ms Image
image/png 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.gravatar.com/blavatar/db5106832b4f9a9a183f578bf18a58a1a94a0a150c75b77fb1a89bcb5292271c?s=50&d=https%3A%2F%2Fs2.wp.com%2Fi%2Flogo%2Fwpcom-gray-white.png
Requested by: Host: research.kudelskisecurity.com
URL: https://research.kudelskisecurity.com/2023/07/14/cve-2023-36884-office-and-windows-html-remote-code-execution-vulnerability/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: cf809c3709e14d588323ed6e691379577c5d79827e64fed11286483a69c96f81

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Sat, 12 Aug 2023 19:04:22 GMT
last-modified: Wed, 29 Mar 2017 18:49:06 GMT
server: nginx
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="db5106832b4f9a9a183f578bf18a58a1a94a0a150c75b77fb1a89bcb5292271c.png"
accept-ranges: bytes
link: <https://www.gravatar.com/blavatar/db5106832b4f9a9a183f578bf18a58a1a94a0a150c75b77fb1a89bcb5292271c?s=50&d=https%3A%2F%2Fs2.wp.com%2Fi%2Flogo%2Fwpcom-gray-white.png>; rel="canonical"
content-length: 1051
expires: Sat, 12 Aug 2023 19:09:22 GMT

GET
H2 200 /
s0.wp.com/_static/ 32 KB
7 KB 9ms
7ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??-eJyljEsKgDAMBS9kDUUquhDPom0Qaz/BNHh9KdgTuBl4w2PgIWVzKpgKRFEU5DgTg8dCm72+DTHnCicBGex2Z2EMwM9JeKtdkgvYW+YOftTaqYkaXOOix8noQU+z8S9MR0BZ&cssminify=yes
Requested by: Host: research.kudelskisecurity.com
URL: https://research.kudelskisecurity.com/2023/07/14/cve-2023-36884-office-and-windows-html-remote-code-execution-vulnerability/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 25ee8903d79dafe188d9b51dcf4de5e43d8bfdb39c3cbd19d725fd15a5cb3000

Request headers

Referer
Origin: https://research.kudelskisecurity.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Sat, 12 Aug 2023 19:04:22 GMT
content-encoding: br
x-ac: 2.hhn _dfw BYPASS
last-modified: Fri, 26 May 2023 20:11:51 GMT
server: nginx
etag: W/"64711287-7e84"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Wed, 29 May 2024 16:14:07 GMT

GET
H2 200 / Show response
s1.wp.com/_static/ 82 KB
24 KB 8ms
6ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.wp.com/_static/??-eJydj8tuAjEMRX+oiTuUIjZVP6UKsQHPOI/GCdP+PWhKqooFlfDKj+N7bZiz8SlWihVGBaQTe8pfdtQn+DMKzWRpB44KwhMpfDZqdHQRhcot3EmfdpL8pLCyw9YORjlkIVPoZNeArItjh4wkhxetwPGO+Ug1Oz9dawgpRfjg6KHOXCsVUzmQcKRHNHaNBcG7kpqS/HK98c9pbmINVM2Lff6R6419WWC8s9stzJx9Cjfl46/o0RVCh/i9pBwP1x/ew9uw2b6uN6tLjGeO4L+4
Requested by: Host: research.kudelskisecurity.com
URL: https://research.kudelskisecurity.com/2023/07/14/cve-2023-36884-office-and-windows-html-remote-code-execution-vulnerability/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 374aaa2c2ad4660e447acf44391c87bff48aa18cb3c35d9bf99f9dc323587776

Request headers

Referer
Origin: https://research.kudelskisecurity.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Sat, 12 Aug 2023 19:04:22 GMT
content-encoding: br
x-ac: 2.hhn _dfw BYPASS
last-modified: Tue, 30 May 2023 15:57:13 GMT
server: nginx
etag: W/"64761cd9-146ab"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Wed, 29 May 2024 19:18:59 GMT

GET
H2 200 w.js Show response
stats.wp.com/ 11 KB
4 KB 35ms
7ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/w.js?63
Requested by: Host: research.kudelskisecurity.com
URL: https://research.kudelskisecurity.com/2023/07/14/cve-2023-36884-office-and-windows-html-remote-code-execution-vulnerability/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ec7c4c90e31092c6253cddb718655a1e3ac5f4f83425b1e16d54b25ff80f263f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-nc: HIT hhn
date: Sat, 12 Aug 2023 19:04:22 GMT
content-encoding: br
server: nginx
etag: W/"61dc645f-2a3d"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
expires: Fri, 10 Nov 2023 15:19:01 GMT

GET
H2 200 css
fonts-api.wp.com/ 10 KB
1 KB 98ms
82ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts-api.wp.com/css?family=Quattrocento+Sans:r%7CNoto+Sans:r,i,b,bi&subset=latin,latin-ext,latin,latin-ext

Requested by

Host: s0.wp.com
URL: https://s0.wp.com/wp-content/plugins/custom-fonts/js/webfont.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

0d1494f84aa5eb9d1fe5c36b6234a5068de47c07a3c808bec606ab9ba6ca339e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 19:04:22 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
x-xss-protection: 0
x-nc: BYPASS hhn 1
last-modified: Sat, 12 Aug 2023 19:04:22 GMT
server: nginx
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin

GET
H2 200 threat%20intel%20photo.jpg
cdn2.hubspot.net/hubfs/2539908/ 2 MB
2 MB 157ms
103ms Image
image/webp 2606:4700::6812:cec9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn2.hubspot.net/hubfs/2539908/threat%20intel%20photo.jpg
Requested by: Host: s2.wp.com
URL: https://s2.wp.com/?custom-css=1&csblog=3hsP9&cscache=6&csrev=76
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:cec9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1c539876264313ee7e6c64258b31b82e25648944fdebc7b25ebacce42413564b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s2.wp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 19:04:22 GMT
via: 1.1 d3dc7fce70a4cf01f01f6bf06755098c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-5209238836,P-2539908,FLS-ALL
x-amz-version-id: McjpX3nnmSJ7vdLZ41YLDVVMqojS1Kwc
x-amz-cf-pop: MRS52-P2
x-amz-request-id: 99HJ8PRH0BP9TVCK
cf-polished: qual=85, origFmt=jpeg, origSize=3788979
edge-cache-tag: F-5209238836,P-2539908,FLS-ALL
cache-tag: F-5209238836,P-2539908,FLS-ALL
x-cache: RefreshHit from cloudfront
content-disposition: inline; filename="threat%20intel%20photo.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
alt-svc: h3=":443"; ma=86400
content-length: 2065794
x-amz-id-2: /8dPeP26DtKMyvbmvURN/bOBclSaOwHKmQmXK+Z8Ir/A2Do30/MH76yfdBgImcmg/OAJmz/XNly7IY8S2B1XEw==
last-modified: Tue, 10 Oct 2017 04:21:42 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "968ae56e9887b085e473cbcccbd2fee5"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TH7cd2gJCPY4DcpHsnnfxIqykJ%2FdkpQ5Sw1rjWUCXDZ3x1%2F%2BrtaWOfOyMGSlLGlqLEHnsXhX7jr7uhALkhpWS0ciT8tUk9SMSOsXqcfw1kqccn1GQjt2J4HpmrKvtC%2BU83vEe%2BivW17a871NaV0%3D"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7f5afbd6ae4b2c7a-FRA
x-amz-cf-id: phjAQ0S6HjXVLpQo56KTr6IjCh7tvh4SQsxza7iek-xriWXrNZCrKw==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2

GET
DATA 200
OK truncated
/ 7 KB
7 KB Font
application/octet-stream

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 486b694c4933bf0e1a51c429bdbd97e80ac818f4005c89885800230da524d4de

Request headers

Referer
Origin: https://research.kudelskisecurity.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Type: application/octet-stream

GET
DATA 200
OK truncated
/ 14 KB
14 KB Font
application/x-font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1cfd32e37f8aba263101f06e8f702adfaef55a6601857cf5e2c6dd0b0388dcd6

Request headers

Referer
Origin: https://research.kudelskisecurity.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Type: application/x-font-woff;charset=utf-8

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 91 KB
28 KB 78ms
16ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: s1.wp.com
URL: https://s1.wp.com/_static/??-eJydj8tuAjEMRX+oiTuUIjZVP6UKsQHPOI/GCdP+PWhKqooFlfDKj+N7bZiz8SlWihVGBaQTe8pfdtQn+DMKzWRpB44KwhMpfDZqdHQRhcot3EmfdpL8pLCyw9YORjlkIVPoZNeArItjh4wkhxetwPGO+Ug1Oz9dawgpRfjg6KHOXCsVUzmQcKRHNHaNBcG7kpqS/HK98c9pbmINVM2Lff6R6419WWC8s9stzJx9Cjfl46/o0RVCh/i9pBwP1x/ew9uw2b6uN6tLjGeO4L+4
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (pab/6F9C) /
Resource Hash: 392c9fa9cd1273a2a89d1a83a69cd1f63f21d1d55e7be21e1d8f51f25145668b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Sat, 12 Aug 2023 19:04:22 GMT
Content-Encoding: gzip
Age: 1261
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 27630
Last-Modified: Tue, 24 Jan 2023 21:41:51 GMT
Server: ECS (pab/6F9C)
Etag: "9e99725b7a4cd730a934afba2a438bb5+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=1800

GET
H2 200 master.html Show response
widgets.wp.com/likes/ Frame A2FF 3 KB
1 KB 12ms
6ms Document
text/html 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.wp.com/likes/master.html?ver=20230309
Requested by: Host: research.kudelskisecurity.com
URL: https://research.kudelskisecurity.com/2023/07/14/cve-2023-36884-office-and-windows-html-remote-code-execution-vulnerability/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 32cf39fdd1cd09157852ef8193ff69bc05364c447e0fbbf2271bd963b30ebd7c

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
content-encoding: br
content-type: text/html
date: Sat, 12 Aug 2023 19:04:22 GMT
etag: W/"6408e4c4-ae1"
last-modified: Wed, 08 Mar 2023 19:40:52 GMT
server: nginx
timing-allow-origin: *
vary: Accept-Encoding
x-ac: 2.hhn _dca MISS
x-nc: HIT hhn 1

GET
H2 200 va9c4lja2NVIDdIAAoMR5MfuElaRB0zJt08.woff2
fonts.wp.com/s/quattrocentosans/v18/ 24 KB
24 KB 21ms
6ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/quattrocentosans/v18/va9c4lja2NVIDdIAAoMR5MfuElaRB0zJt08.woff2

Requested by

Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css?family=Quattrocento+Sans:r%7CNoto+Sans:r,i,b,bi&subset=latin,latin-ext,latin,latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

86380b40e3d14ed9f3e0a5ff79c04f510d7910f677a66685e2b10f8b8765797f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts-api.wp.com/
Origin: https://research.kudelskisecurity.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Sat, 12 Aug 2023 19:04:22 GMT
x-content-type-options: nosniff
last-modified: Wed, 27 Apr 2022 16:02:38 GMT
server: nginx
age: 527103
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
content-length: 24320
x-xss-protection: 0

GET
H2 200 o-0IIpQlx3QUlC5A4PNr5TRA.woff2
fonts.wp.com/s/notosans/v30/ 14 KB
14 KB 21ms
7ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/notosans/v30/o-0IIpQlx3QUlC5A4PNr5TRA.woff2

Requested by

Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css?family=Quattrocento+Sans:r%7CNoto+Sans:r,i,b,bi&subset=latin,latin-ext,latin,latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

5fc4c95920416b0ef0b5aee93a90984989183a6d29f712e725a3383309806a54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts-api.wp.com/
Origin: https://research.kudelskisecurity.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Sat, 12 Aug 2023 19:04:22 GMT
x-content-type-options: nosniff
last-modified: Thu, 27 Jul 2023 22:02:09 GMT
server: nginx
age: 1219
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
content-length: 14256
x-xss-protection: 0

GET
H2 200 o-0OIpQlx3QUlC5A4PNr4ARCQ_k.woff2
fonts.wp.com/s/notosans/v30/ 13 KB
13 KB 26ms
11ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/notosans/v30/o-0OIpQlx3QUlC5A4PNr4ARCQ_k.woff2

Requested by

Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css?family=Quattrocento+Sans:r%7CNoto+Sans:r,i,b,bi&subset=latin,latin-ext,latin,latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

aecb63436ff8e28ed766a7eb40e804e09893d2264fb5b5ca86fd660c21bab67f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts-api.wp.com/
Origin: https://research.kudelskisecurity.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Sat, 12 Aug 2023 19:04:22 GMT
x-content-type-options: nosniff
last-modified: Thu, 27 Jul 2023 22:02:05 GMT
server: nginx
age: 125
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
content-length: 13040
x-xss-protection: 0

GET
H2 200 o-0NIpQlx3QUlC5A4PNjXhFVZNyB.woff2
fonts.wp.com/s/notosans/v30/ 14 KB
14 KB 23ms
8ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/notosans/v30/o-0NIpQlx3QUlC5A4PNjXhFVZNyB.woff2

Requested by

Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css?family=Quattrocento+Sans:r%7CNoto+Sans:r,i,b,bi&subset=latin,latin-ext,latin,latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

8c2a54278c4cb87438f4a1c73242d727fc3eea82dc59abb393dd3937b17ce1d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts-api.wp.com/
Origin: https://research.kudelskisecurity.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Sat, 12 Aug 2023 19:04:22 GMT
x-content-type-options: nosniff
last-modified: Thu, 27 Jul 2023 22:02:15 GMT
server: nginx
age: 1219
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
content-length: 14100
x-xss-protection: 0

GET
H2 200 o-0TIpQlx3QUlC5A4PNr4Az5ZuyDzW0.woff2
fonts.wp.com/s/notosans/v30/ 12 KB
12 KB 22ms
8ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/notosans/v30/o-0TIpQlx3QUlC5A4PNr4Az5ZuyDzW0.woff2

Requested by

Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css?family=Quattrocento+Sans:r%7CNoto+Sans:r,i,b,bi&subset=latin,latin-ext,latin,latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

53e5b7b1233909d699bf045a93077b5536c38490a8409e7b4d0168a1a6bee45b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts-api.wp.com/
Origin: https://research.kudelskisecurity.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Sat, 12 Aug 2023 19:04:22 GMT
x-content-type-options: nosniff
last-modified: Thu, 27 Jul 2023 22:02:18 GMT
server: nginx
age: 81
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
content-length: 12688
x-xss-protection: 0

GET
H2 200 g.gif
pixel.wp.com/ 50 B
93 B 17ms
6ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?x_stats-initial-visibility=visible&v=wpcom-no-pv&rand=0.8396441606397045
Requested by: Host: research.kudelskisecurity.com
URL: https://research.kudelskisecurity.com/2023/07/14/cve-2023-36884-office-and-windows-html-remote-code-execution-vulnerability/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 12 Aug 2023 19:04:22 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 g.gif
pixel.wp.com/ 50 B
75 B 17ms
6ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?blog=48491387&v=wpcom&tz=-4&user_id=0&post=18318&subd=cybermashup&host=research.kudelskisecurity.com&ref=&rand=0.05816627806623176
Requested by: Host: research.kudelskisecurity.com
URL: https://research.kudelskisecurity.com/2023/07/14/cve-2023-36884-office-and-windows-html-remote-code-execution-vulnerability/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 12 Aug 2023 19:04:22 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 g.gif
pixel.wp.com/ 50 B
75 B 17ms
6ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?crypt=UE40eW5QN0p8M2Y%2FRE1mNzc2NTVTamdsd0xoLz9RQkM2K298TXY9bERQMXc2MjhEaVZfb2wwakRoSj0mUkp1THptM1NdbkV1WjZIcU9mVWQmPUIvMlN6Jk8wW3NYVEJ3dWZOWExuWD9VdEI3Wzc3bEdrVDlKVFF6QnRpTXldeFtCeHx%2BXW52YWs%2FamtJMnY%2FSVpRSHhXZno3d21DUnRYc3U9Q2VWbDV1QXRrbGkmbHolNHlEQnd3S3djR1FrWGlpWDdjJWgvbXA0XXFzRmpSXy5wVzBZfD9JNm03eVNwRSx1NVJKRGZMTFFOeD8lUzhRdlkmTXE3PXpFW2g0LCZ0aV9zTk9XOGNqeiVRdnRyUT9NS1kzaGcrZlkzS2wzNGVKYVBCSkpfTy9KU09XUi1IclRZT00ra1RdN0FIRm0tLDZXZVZ0eWpCSWhufmx1a2cyVGhxTDNdaS4%3D&v=wpcom-no-pv&rand=0.10575470468716319
Requested by: Host: research.kudelskisecurity.com
URL: https://research.kudelskisecurity.com/2023/07/14/cve-2023-36884-office-and-windows-html-remote-code-execution-vulnerability/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 12 Aug 2023 19:04:22 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 wp-emoji-release.min.js Show response
s2.wp.com/wp-includes/js/ 18 KB
5 KB 7ms
6ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s2.wp.com/wp-includes/js/wp-emoji-release.min.js?m=1677072837i&ver=6.3-RC3-56367
Requested by: Host: research.kudelskisecurity.com
URL: https://research.kudelskisecurity.com/2023/07/14/cve-2023-36884-office-and-windows-html-remote-code-execution-vulnerability/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Sat, 12 Aug 2023 19:04:22 GMT
content-encoding: br
x-ac: 2.hhn _dca MISS
last-modified: Fri, 19 May 2023 01:48:49 GMT
server: nginx
etag: W/"6466d581-4904"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Thu, 08 Aug 2024 19:39:56 GMT

GET
H2 200 / Show response
research.kudelskisecurity.com/2023/07/14/cve-2023-36884-office-and-windows-html-remote-code-execution-vulnerability/ 4 KB
1 KB 389ms
388ms XHR
application/json 2606:4700::6812:df1e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://research.kudelskisecurity.com/2023/07/14/cve-2023-36884-office-and-windows-html-remote-code-execution-vulnerability/?relatedposts=1

Requested by

Host: s0.wp.com
URL: https://s0.wp.com/_static/??-eJx1jlkOwjAMRC9EsBAVaj8QR0Fpa4JDNhyH5fakUpEKgi9rPDPPhntSQwyCQcBm8LEnh6pkZG3qTlE4xbXNK1jkfFHJFUMhg0VJerjMutZjgCOFAfpCbgRGpwVHlWKW/KnWnsI3uD7ATlTi+Hi+vQpzZcQ8mfZakJ/zWAL+hpQnw/Xor2tyRl8ridFT8SCRpRg9IYK+kdFCceoc/H6za7td1zbN1r4AZN9xZg==

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:df1e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6f10855896a2bbd0572959f6fd654012642dd16f0e2033fad99f4f31ca3cc358

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.gravatar.com/js/; script-src 'unsafe-inline' https://.twitter.com https://.gravatar.com/js/ 'self' https://.wp.com/; style-src https://.wp.com 'unsafe-inline' https://.gravatar.com https://.gravatar.com/; frame-src https://.wp.com https://.twitter.com https://platform.twitter.com https://r-login.wordpress.com; img-src https://.wp.com https://.gravatar.com https://syndication.twitter.com/ https://secure.gravatar.com/ https://cybermashup.files.wordpress.com https://.hubspot.net; style-src-elem https://.gravatar.com 'self' 'unsafe-inline' https://.wp.com; font-src data: https://*.wp.com/
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer
x-requested-with: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
date: Sat, 12 Aug 2023 19:04:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: DYNAMIC
x-ac: 1.hhn _dfw EXPIRED
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://*.gravatar.com/js/; script-src 'unsafe-inline' https://*.twitter.com https://*.gravatar.com/js/ 'self' https://*.wp.com/; style-src https://*.wp.com 'unsafe-inline' https://*.gravatar.com https://*.gravatar.com/; frame-src https://*.wp.com https://*.twitter.com https://platform.twitter.com https://r-login.wordpress.com; img-src https://*.wp.com https://*.gravatar.com https://syndication.twitter.com/ https://secure.gravatar.com/ https://cybermashup.files.wordpress.com https://*.hubspot.net; style-src-elem https://*.gravatar.com 'self' 'unsafe-inline' https://*.wp.com; font-src data: https://*.wp.com/
x-pingback: https://research.kudelskisecurity.com/xmlrpc.php
host-header: WordPress.com
referrer-policy: no-referrer
server: cloudflare
vary: Accept-Encoding, accept, content-type
x-frame-options: DENY
content-type: application/json; charset=utf-8
permissions-policy: camera=(), fullscreen=(self), geolocation=(), microphone=(), notifications=(), speaker=()
cf-ray: 7f5afbd6da2691d1-FRA

GET
H2 200 hovercards.min.css
0.gravatar.com/js/hovercards/ 3 KB
858 B 7ms
7ms Stylesheet
text/css 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://0.gravatar.com/js/hovercards/hovercards.min.css?ver=202332984499da3d590658ac000c9d7e2362a2e7308ec05e4d0f5940f2d2eb6ba865f6
Requested by: Host: 0.gravatar.com
URL: https://0.gravatar.com/js/hovercards/hovercards.min.js?ver=202332984499da3d590658ac000c9d7e2362a2e7308ec05e4d0f5940f2d2eb6ba865f6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 922f7310455a01a1cc789155c95eed771508f7cf31cf38b176a934147e26c7af

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 19:04:22 GMT
content-encoding: br
last-modified: Mon, 07 Aug 2023 12:03:28 GMT
server: nginx
etag: W/"64d0dd90-d4e"
content-type: text/css
cache-control: max-age=604800
expires: Sat, 19 Aug 2023 19:04:22 GMT

GET
H2 200 remote-login.php Show response
r-login.wordpress.com/ Frame CDB3 139 B
302 B 176ms
145ms Document
text/html 192.0.78.18
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://r-login.wordpress.com/remote-login.php?wpcom_remote_login=key&origin=aHR0cHM6Ly9yZXNlYXJjaC5rdWRlbHNraXNlY3VyaXR5LmNvbQ%3D%3D&wpcomid=48491387&time=1691867062

Requested by

Host: research.kudelskisecurity.com
URL: https://research.kudelskisecurity.com/2023/07/14/cve-2023-36884-office-and-windows-html-remote-code-execution-vulnerability/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.18 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

7d28cac6829ef3b2242580e0a3abac9dc48c211783dfb86ac9dce2845e502329

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, must-revalidate, max-age=0
content-encoding: br
content-type: text/html; charset=utf-8
date: Sat, 12 Aug 2023 19:04:23 GMT
expires: Wed, 11 Jan 1984 05:00:00 GMT
server: nginx
strict-transport-security: max-age=31536000
vary: Accept-Encoding Cookie
x-ac: 1.hhn _dfw MISS

GET
H2 200 rlt-proxy.js Show response
s0.wp.com/wp-content/js/ Frame A2FF 3 KB
1 KB 6ms
6ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/js/rlt-proxy.js?m=20211122
Requested by: Host: widgets.wp.com
URL: https://widgets.wp.com/likes/master.html?ver=20230309
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: f72ea1589b707feb0d369c239e89cc4ca754d70645c76e3a61ba0af9d69bba8c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://widgets.wp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-minify-cache: hit
x-nc: HIT hhn 1
date: Sat, 12 Aug 2023 19:04:22 GMT
content-encoding: br
x-ac: 2.hhn _dca MISS
server: nginx
x-minify: t
etag: W/7325-1684461116096.7104
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Thu, 30 May 2024 14:44:30 GMT

GET
H2 200 / Show response
s0.wp.com/_static/ Frame A2FF 81 KB
20 KB 7ms
6ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??/wp-content/js/postmessage.js,/wp-content/js/tannin/compat.min.js,/wp-content/js/wpcom-proxy-request.js,/wp-content/js/likes-rest-nojquery.js?m=20230308
Requested by: Host: widgets.wp.com
URL: https://widgets.wp.com/likes/master.html?ver=20230309
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: a38aca823bb17c7335f249bb6194adbc333694c11ffa76563b4cba3a033cd99c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://widgets.wp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Sat, 12 Aug 2023 19:04:22 GMT
content-encoding: br
x-ac: 2.hhn _dca MISS
last-modified: Wed, 15 Feb 2023 09:58:05 GMT
server: nginx
etag: W/"63ecacad-1430c"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Thu, 07 Mar 2024 19:41:06 GMT

GET
H2 200 / Show response
public-api.wordpress.com/wp-admin/rest-proxy/ Frame C583 8 KB
4 KB 135ms
108ms Document
text/html 192.0.78.22
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://public-api.wordpress.com/wp-admin/rest-proxy/

Requested by

Host: s0.wp.com
URL: https://s0.wp.com/_static/??/wp-content/js/postmessage.js,/wp-content/js/tannin/compat.min.js,/wp-content/js/wpcom-proxy-request.js,/wp-content/js/likes-rest-nojquery.js?m=20230308

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.22 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

82d7db2beaf0bed1398411ac2509f5fb4ca0564af181a066c77bec4b835b93bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://widgets.wp.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: br
content-type: text/html; charset=utf-8
date: Sat, 12 Aug 2023 19:04:23 GMT
p3p: CP="CAO PSA OUR"
server: nginx
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-ac: 1.hhn _dca BYPASS

GET
H/1.1 200
OK widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html Show response
platform.twitter.com/widgets/ Frame B756 320 KB
104 KB 18ms
18ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html?origin=https%3A%2F%2Fresearch.kudelskisecurity.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (pab/6FA8) /
Resource Hash: 4002d65e95f94dc87ae8ad170eb8dbc3644921032ac76dcb376537d9304a6fbf

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 820084
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 105435
Content-Type: text/html; charset=utf-8
Date: Sat, 12 Aug 2023 19:04:22 GMT
Etag: "95e1b50b0c179aefb47b5b211bb347b5+gzip"
Last-Modified: Tue, 24 Jan 2023 21:41:13 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (pab/6FA8)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H2 200 settings Show response
syndication.twitter.com/ Frame B756 869 B
659 B 139ms
110ms Fetch
application/json 104.244.42.72
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=0b251db096fb9f2955b056c77584ca0765e42d42

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html?origin=https%3A%2F%2Fresearch.kudelskisecurity.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.72 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

302da628a6afc3e93f1b86bf7c65e4d6536d8283d78266964822a76d1c645aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-response-time: 103
date: Sat, 12 Aug 2023 19:04:22 GMT
content-encoding: gzip
strict-transport-security: max-age=631138519
last-modified: Sat, 12 Aug 2023 19:04:23 GMT
server: tsa_o
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
x-transaction-id: 8987b31c3426613d
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
perf: 7626143928
x-connection-hash: ba27ff2f8b9f7e2d7e17b352c335a77f7c40616b1e7d4844c22e7493d66a30d6
content-length: 337

GET
H2 200 rlt-proxy.js Show response
s0.wp.com/wp-content/js/ Frame C583 3 KB
1 KB 6ms
6ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/js/rlt-proxy.js?m=20211122
Requested by: Host: public-api.wordpress.com
URL: https://public-api.wordpress.com/wp-admin/rest-proxy/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: f72ea1589b707feb0d369c239e89cc4ca754d70645c76e3a61ba0af9d69bba8c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public-api.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-minify-cache: hit
x-nc: HIT hhn 1
date: Sat, 12 Aug 2023 19:04:23 GMT
content-encoding: br
x-ac: 2.hhn _dca MISS
server: nginx
x-minify: t
etag: W/7325-1684461116096.7104
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Thu, 30 May 2024 14:44:30 GMT

GET
H/1.1 200
OK timeline.16b53cc33aaa562f8f41a495bf720289.js Show response
platform.twitter.com/js/ 8 KB
4 KB 16ms
16ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/timeline.16b53cc33aaa562f8f41a495bf720289.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (pab/6F9C) /
Resource Hash: 7cccd8f78bd73c79f1281052eb4c9bdf6f38386fca206da9954fdf24ab0784af

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Sat, 12 Aug 2023 19:04:23 GMT
Content-Encoding: gzip
Age: 849078
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 2964
Last-Modified: Tue, 24 Jan 2023 21:41:06 GMT
Server: ECS (pab/6F9C)
Etag: "569768187d20181e1cdea6aa19f3a4b4+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=315360000

GET
H2 200 actionbar.css
s0.wp.com/wp-content/mu-plugins/actionbar/ 14 KB
3 KB 6ms
6ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/mu-plugins/actionbar/actionbar.css?v=20210915
Requested by: Host: research.kudelskisecurity.com
URL: https://research.kudelskisecurity.com/2023/07/14/cve-2023-36884-office-and-windows-html-remote-code-execution-vulnerability/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 08049155425170644473fbebdaebcba11c6358913cf6dbe0c739a7c7c05ad04c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-minify-cache: hit
x-nc: HIT hhn 1
date: Sat, 12 Aug 2023 19:04:23 GMT
content-encoding: br
x-ac: 2.hhn _dca MISS
server: nginx
x-minify: t
etag: W/17924-1684465023341.505
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Wed, 29 May 2024 20:14:17 GMT

GET
H2 200 actionbar.js Show response
s0.wp.com/wp-content/mu-plugins/actionbar/ 7 KB
2 KB 6ms
6ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/mu-plugins/actionbar/actionbar.js?v=20220329
Requested by: Host: research.kudelskisecurity.com
URL: https://research.kudelskisecurity.com/2023/07/14/cve-2023-36884-office-and-windows-html-remote-code-execution-vulnerability/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 10e1d5be200976ab3c32ddb7076abe7c8c7ffe002556c5954d146319420e0580

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-minify-cache: hit
x-nc: HIT hhn 1
date: Sat, 12 Aug 2023 19:04:23 GMT
content-encoding: br
x-ac: 2.hhn _dca MISS
server: nginx
x-minify: t
etag: W/13421-1684461126752.7104
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Wed, 29 May 2024 20:13:45 GMT

POST
H2 403 admin-ajax.php
research.kudelskisecurity.com/wp-admin/ 6 KB
0 25ms
24ms Fetch
text/html 2606:4700::6812:df1e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://research.kudelskisecurity.com/wp-admin/admin-ajax.php

Requested by

Host: s0.wp.com
URL: https://s0.wp.com/wp-content/mu-plugins/actionbar/actionbar.js?v=20220329

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:df1e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.gravatar.com/js/; script-src 'unsafe-inline' https://.twitter.com https://.gravatar.com/js/ 'self' https://.wp.com/; style-src https://.wp.com 'unsafe-inline' https://.gravatar.com https://.gravatar.com/; frame-src https://.wp.com https://.twitter.com https://platform.twitter.com https://r-login.wordpress.com; img-src https://.wp.com https://.gravatar.com https://syndication.twitter.com/ https://secure.gravatar.com/ https://cybermashup.files.wordpress.com https://.hubspot.net; style-src-elem https://.gravatar.com 'self' 'unsafe-inline' https://.wp.com; font-src data: https://*.wp.com/
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Sat, 12 Aug 2023 19:04:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://*.gravatar.com/js/; script-src 'unsafe-inline' https://*.twitter.com https://*.gravatar.com/js/ 'self' https://*.wp.com/; style-src https://*.wp.com 'unsafe-inline' https://*.gravatar.com https://*.gravatar.com/; frame-src https://*.wp.com https://*.twitter.com https://platform.twitter.com https://r-login.wordpress.com; img-src https://*.wp.com https://*.gravatar.com https://syndication.twitter.com/ https://secure.gravatar.com/ https://cybermashup.files.wordpress.com https://*.hubspot.net; style-src-elem https://*.gravatar.com 'self' 'unsafe-inline' https://*.wp.com; font-src data: https://*.wp.com/
content-encoding: gzip
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: same-origin
referrer-policy: no-referrer
server: cloudflare
cross-origin-opener-policy: same-origin
cf-mitigated: challenge
vary: Accept-Encoding
x-frame-options: DENY
content-type: text/html; charset=UTF-8
origin-agent-cluster: ?1
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: camera=(), fullscreen=(self), geolocation=(), microphone=(), notifications=(), speaker=()
cf-ray: 7f5afbd9cccf91d1-FRA
expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H2 200 KudelskiSec Show response
syndication.twitter.com/srv/timeline-profile/screen-name/ Frame 1C67 5 KB
2 KB 138ms
138ms Document
text/html 104.244.42.72
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/srv/timeline-profile/screen-name/KudelskiSec?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOltdLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2ZvbGxvd2VyX2NvdW50X3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfZm9zbnJfc29mdF9pbnRlcnZlbnRpb25zX2VuYWJsZWQiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X21peGVkX21lZGlhXzE1ODk3Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3Nob3dfYmlyZHdhdGNoX3Bpdm90c19lbmFibGVkIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19kdXBsaWNhdGVfc2NyaWJlc190b19zZXR0aW5ncyI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdXNlX3Byb2ZpbGVfaW1hZ2Vfc2hhcGVfZW5hYmxlZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdmlkZW9faGxzX2R5bmFtaWNfbWFuaWZlc3RzXzE1MDgyIjp7ImJ1Y2tldCI6InRydWVfYml0cmF0ZSIsInZlcnNpb24iOm51bGx9LCJ0ZndfbGVnYWN5X3RpbWVsaW5lX3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9mcm9udGVuZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9fQ%3D%3D&frame=false&hideBorder=true&hideFooter=true&hideHeader=true&hideScrollBar=false&lang=en&maxHeight=800px&origin=https%3A%2F%2Fresearch.kudelskisecurity.com%2F2023%2F07%2F14%2Fcve-2023-36884-office-and-windows-html-remote-code-execution-vulnerability%2F&partner=jetpack&sessionId=0b251db096fb9f2955b056c77584ca0765e42d42&showHeader=false&showReplies=false&theme=light&transparent=false&widgetsVersion=aaf4084522e3a%3A1674595607486

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.72 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

56a744f21b61e312c975ccc4a070c73ca0cf4e0bd7a3e60655c7c8601d6162e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: must-revalidate, max-age=60
content-encoding: gzip
content-length: 1911
content-type: text/html; charset=utf-8
date: Sat, 12 Aug 2023 19:04:23 GMT
etag: "1578-LQMUzYtrqHoqCd+JCz4PhH/Iw4M"
perf: 7626143928
server: tsa_o
strict-transport-security: max-age=631138519
x-connection-hash: ba27ff2f8b9f7e2d7e17b352c335a77f7c40616b1e7d4844c22e7493d66a30d6
x-response-time: 131
x-transaction-id: 8c5610fe406bea6d
x-xss-protection: 0

GET
H/1.1 200
OK runtime-2cef2cd3029217be2b2d.js Show response
platform.twitter.com/_next/static/chunks/ Frame 1C67 4 KB
3 KB 4017ms
4017ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/runtime-2cef2cd3029217be2b2d.js
Requested by: Host: syndication.twitter.com
URL: https://syndication.twitter.com/srv/timeline-profile/screen-name/KudelskiSec?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOltdLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2ZvbGxvd2VyX2NvdW50X3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfZm9zbnJfc29mdF9pbnRlcnZlbnRpb25zX2VuYWJsZWQiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X21peGVkX21lZGlhXzE1ODk3Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3Nob3dfYmlyZHdhdGNoX3Bpdm90c19lbmFibGVkIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19kdXBsaWNhdGVfc2NyaWJlc190b19zZXR0aW5ncyI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdXNlX3Byb2ZpbGVfaW1hZ2Vfc2hhcGVfZW5hYmxlZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdmlkZW9faGxzX2R5bmFtaWNfbWFuaWZlc3RzXzE1MDgyIjp7ImJ1Y2tldCI6InRydWVfYml0cmF0ZSIsInZlcnNpb24iOm51bGx9LCJ0ZndfbGVnYWN5X3RpbWVsaW5lX3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9mcm9udGVuZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9fQ%3D%3D&frame=false&hideBorder=true&hideFooter=true&hideHeader=true&hideScrollBar=false&lang=en&maxHeight=800px&origin=https%3A%2F%2Fresearch.kudelskisecurity.com%2F2023%2F07%2F14%2Fcve-2023-36884-office-and-windows-html-remote-code-execution-vulnerability%2F&partner=jetpack&sessionId=0b251db096fb9f2955b056c77584ca0765e42d42&showHeader=false&showReplies=false&theme=light&transparent=false&widgetsVersion=aaf4084522e3a%3A1674595607486
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (pab/6FA8) /
Resource Hash: a5b37032efedf9b583cf3300674381f3cea172655df6be23f0ae1c4df8bcb665

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Sat, 12 Aug 2023 19:04:27 GMT
Content-Encoding: gzip
Age: 849092
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 2231
Last-Modified: Tue, 27 Jun 2023 19:44:59 GMT
Server: ECS (pab/6FA8)
Etag: "eb889f102ce828c998bb02a52af6f77e+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=315360000

GET
H/1.1 200
OK modules.20f98d7498a59035a762.js Show response
platform.twitter.com/_next/static/chunks/ Frame 1C67 286 KB
94 KB 65ms
17ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/modules.20f98d7498a59035a762.js
Requested by: Host: syndication.twitter.com
URL: https://syndication.twitter.com/srv/timeline-profile/screen-name/KudelskiSec?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOltdLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2ZvbGxvd2VyX2NvdW50X3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfZm9zbnJfc29mdF9pbnRlcnZlbnRpb25zX2VuYWJsZWQiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X21peGVkX21lZGlhXzE1ODk3Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3Nob3dfYmlyZHdhdGNoX3Bpdm90c19lbmFibGVkIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19kdXBsaWNhdGVfc2NyaWJlc190b19zZXR0aW5ncyI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdXNlX3Byb2ZpbGVfaW1hZ2Vfc2hhcGVfZW5hYmxlZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdmlkZW9faGxzX2R5bmFtaWNfbWFuaWZlc3RzXzE1MDgyIjp7ImJ1Y2tldCI6InRydWVfYml0cmF0ZSIsInZlcnNpb24iOm51bGx9LCJ0ZndfbGVnYWN5X3RpbWVsaW5lX3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9mcm9udGVuZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9fQ%3D%3D&frame=false&hideBorder=true&hideFooter=true&hideHeader=true&hideScrollBar=false&lang=en&maxHeight=800px&origin=https%3A%2F%2Fresearch.kudelskisecurity.com%2F2023%2F07%2F14%2Fcve-2023-36884-office-and-windows-html-remote-code-execution-vulnerability%2F&partner=jetpack&sessionId=0b251db096fb9f2955b056c77584ca0765e42d42&showHeader=false&showReplies=false&theme=light&transparent=false&widgetsVersion=aaf4084522e3a%3A1674595607486
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (pab/6FB8) /
Resource Hash: 9013a9ca40a672ee35978b117e54d8b342cb591e8951f599a2b6dfef9d9fa723

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Sat, 12 Aug 2023 19:04:23 GMT
Content-Encoding: gzip
Age: 842362
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 95842
Last-Modified: Tue, 27 Jun 2023 19:44:59 GMT
Server: ECS (pab/6FB8)
Etag: "1c54378254eefb52fea75b3c31dfe51d+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=315360000

GET
H/1.1 200
OK main-fd9ef5eb169057cda26d.js Show response
platform.twitter.com/_next/static/chunks/ Frame 1C67 90 B
683 B 64ms
15ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/main-fd9ef5eb169057cda26d.js
Requested by: Host: syndication.twitter.com
URL: https://syndication.twitter.com/srv/timeline-profile/screen-name/KudelskiSec?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOltdLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2ZvbGxvd2VyX2NvdW50X3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfZm9zbnJfc29mdF9pbnRlcnZlbnRpb25zX2VuYWJsZWQiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X21peGVkX21lZGlhXzE1ODk3Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3Nob3dfYmlyZHdhdGNoX3Bpdm90c19lbmFibGVkIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19kdXBsaWNhdGVfc2NyaWJlc190b19zZXR0aW5ncyI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdXNlX3Byb2ZpbGVfaW1hZ2Vfc2hhcGVfZW5hYmxlZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdmlkZW9faGxzX2R5bmFtaWNfbWFuaWZlc3RzXzE1MDgyIjp7ImJ1Y2tldCI6InRydWVfYml0cmF0ZSIsInZlcnNpb24iOm51bGx9LCJ0ZndfbGVnYWN5X3RpbWVsaW5lX3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9mcm9udGVuZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9fQ%3D%3D&frame=false&hideBorder=true&hideFooter=true&hideHeader=true&hideScrollBar=false&lang=en&maxHeight=800px&origin=https%3A%2F%2Fresearch.kudelskisecurity.com%2F2023%2F07%2F14%2Fcve-2023-36884-office-and-windows-html-remote-code-execution-vulnerability%2F&partner=jetpack&sessionId=0b251db096fb9f2955b056c77584ca0765e42d42&showHeader=false&showReplies=false&theme=light&transparent=false&widgetsVersion=aaf4084522e3a%3A1674595607486
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (pab/6F94) /
Resource Hash: eefd62bfe6d0ad2f3f2b7bddb8f2c46d7c8b6ed4897e3f9309968a58dc078753

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Sat, 12 Aug 2023 19:04:23 GMT
Age: 849088
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 90
Last-Modified: Tue, 27 Jun 2023 19:44:59 GMT
Server: ECS (pab/6F94)
Etag: "1d1fa0644a94523711b2bb99a8d652bc"
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=315360000
Accept-Ranges: bytes

GET
H/1.1 200
OK _app-6ed494f5458c72a92281.js Show response
platform.twitter.com/_next/static/chunks/pages/ Frame 1C67 1 KB
1 KB 3501ms
3453ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/pages/_app-6ed494f5458c72a92281.js
Requested by: Host: syndication.twitter.com
URL: https://syndication.twitter.com/srv/timeline-profile/screen-name/KudelskiSec?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOltdLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2ZvbGxvd2VyX2NvdW50X3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfZm9zbnJfc29mdF9pbnRlcnZlbnRpb25zX2VuYWJsZWQiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X21peGVkX21lZGlhXzE1ODk3Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3Nob3dfYmlyZHdhdGNoX3Bpdm90c19lbmFibGVkIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19kdXBsaWNhdGVfc2NyaWJlc190b19zZXR0aW5ncyI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdXNlX3Byb2ZpbGVfaW1hZ2Vfc2hhcGVfZW5hYmxlZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdmlkZW9faGxzX2R5bmFtaWNfbWFuaWZlc3RzXzE1MDgyIjp7ImJ1Y2tldCI6InRydWVfYml0cmF0ZSIsInZlcnNpb24iOm51bGx9LCJ0ZndfbGVnYWN5X3RpbWVsaW5lX3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9mcm9udGVuZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9fQ%3D%3D&frame=false&hideBorder=true&hideFooter=true&hideHeader=true&hideScrollBar=false&lang=en&maxHeight=800px&origin=https%3A%2F%2Fresearch.kudelskisecurity.com%2F2023%2F07%2F14%2Fcve-2023-36884-office-and-windows-html-remote-code-execution-vulnerability%2F&partner=jetpack&sessionId=0b251db096fb9f2955b056c77584ca0765e42d42&showHeader=false&showReplies=false&theme=light&transparent=false&widgetsVersion=aaf4084522e3a%3A1674595607486
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (pab/6FA8) /
Resource Hash: 729cfa84928e7a87a4a4551df25c1406da86af8f0ebd2f579460546d11722326

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Sat, 12 Aug 2023 19:04:26 GMT
Content-Encoding: gzip
Age: 849091
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 668
Last-Modified: Tue, 27 Jun 2023 19:44:59 GMT
Server: ECS (pab/6FA8)
Etag: "2856f57c62c238a564ef576bbc50ca4a+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=315360000

GET
H/1.1 200
OK %5BscreenName%5D-c33f0b02841cffc3e9b4.js Show response
platform.twitter.com/_next/static/chunks/pages/timeline-profile/screen-name/ Frame 1C67 13 KB
2 KB 66ms
18ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/pages/timeline-profile/screen-name/%5BscreenName%5D-c33f0b02841cffc3e9b4.js
Requested by: Host: syndication.twitter.com
URL: https://syndication.twitter.com/srv/timeline-profile/screen-name/KudelskiSec?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOltdLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2ZvbGxvd2VyX2NvdW50X3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfZm9zbnJfc29mdF9pbnRlcnZlbnRpb25zX2VuYWJsZWQiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X21peGVkX21lZGlhXzE1ODk3Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3Nob3dfYmlyZHdhdGNoX3Bpdm90c19lbmFibGVkIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19kdXBsaWNhdGVfc2NyaWJlc190b19zZXR0aW5ncyI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdXNlX3Byb2ZpbGVfaW1hZ2Vfc2hhcGVfZW5hYmxlZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdmlkZW9faGxzX2R5bmFtaWNfbWFuaWZlc3RzXzE1MDgyIjp7ImJ1Y2tldCI6InRydWVfYml0cmF0ZSIsInZlcnNpb24iOm51bGx9LCJ0ZndfbGVnYWN5X3RpbWVsaW5lX3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9mcm9udGVuZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9fQ%3D%3D&frame=false&hideBorder=true&hideFooter=true&hideHeader=true&hideScrollBar=false&lang=en&maxHeight=800px&origin=https%3A%2F%2Fresearch.kudelskisecurity.com%2F2023%2F07%2F14%2Fcve-2023-36884-office-and-windows-html-remote-code-execution-vulnerability%2F&partner=jetpack&sessionId=0b251db096fb9f2955b056c77584ca0765e42d42&showHeader=false&showReplies=false&theme=light&transparent=false&widgetsVersion=aaf4084522e3a%3A1674595607486
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (pab/6FB5) /
Resource Hash: bd18e405cbfb6fb5c27224b38e792c8b6542d9b7eae37aa5883808b69392dcef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Sat, 12 Aug 2023 19:04:23 GMT
Content-Encoding: gzip
Age: 849088
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 1290
Last-Modified: Tue, 27 Jun 2023 19:44:59 GMT
Server: ECS (pab/6FB5)
Etag: "e78034c651c8a81b2acd83dc7e7ad407+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=315360000

GET
H/1.1 200
OK _buildManifest.js Show response
platform.twitter.com/_next/static/vn5fUacsNpP-nIkFRlFf6/ Frame 1C67 1 KB
1 KB 65ms
17ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/vn5fUacsNpP-nIkFRlFf6/_buildManifest.js
Requested by: Host: syndication.twitter.com
URL: https://syndication.twitter.com/srv/timeline-profile/screen-name/KudelskiSec?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOltdLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2ZvbGxvd2VyX2NvdW50X3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfZm9zbnJfc29mdF9pbnRlcnZlbnRpb25zX2VuYWJsZWQiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X21peGVkX21lZGlhXzE1ODk3Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3Nob3dfYmlyZHdhdGNoX3Bpdm90c19lbmFibGVkIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19kdXBsaWNhdGVfc2NyaWJlc190b19zZXR0aW5ncyI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdXNlX3Byb2ZpbGVfaW1hZ2Vfc2hhcGVfZW5hYmxlZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdmlkZW9faGxzX2R5bmFtaWNfbWFuaWZlc3RzXzE1MDgyIjp7ImJ1Y2tldCI6InRydWVfYml0cmF0ZSIsInZlcnNpb24iOm51bGx9LCJ0ZndfbGVnYWN5X3RpbWVsaW5lX3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9mcm9udGVuZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9fQ%3D%3D&frame=false&hideBorder=true&hideFooter=true&hideHeader=true&hideScrollBar=false&lang=en&maxHeight=800px&origin=https%3A%2F%2Fresearch.kudelskisecurity.com%2F2023%2F07%2F14%2Fcve-2023-36884-office-and-windows-html-remote-code-execution-vulnerability%2F&partner=jetpack&sessionId=0b251db096fb9f2955b056c77584ca0765e42d42&showHeader=false&showReplies=false&theme=light&transparent=false&widgetsVersion=aaf4084522e3a%3A1674595607486
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (pab/6F9C) /
Resource Hash: 7a4a63c52bdfab0ab459b1b77dad4a4ce4e1f7dfdfdba0b2013ba32f0690e15f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Sat, 12 Aug 2023 19:04:23 GMT
Content-Encoding: gzip
Age: 849088
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 451
Last-Modified: Tue, 27 Jun 2023 19:44:59 GMT
Server: ECS (pab/6F9C)
Etag: "bd9a3afe8a64146469f036be13628170+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=315360000

GET _ssgManifest.js
platform.twitter.com/_next/static/vn5fUacsNpP-nIkFRlFf6/ Frame 1C67 0
0

GET
H/1.1 200
OK 2.691622e4391d1973cb65.js Show response
platform.twitter.com/_next/static/chunks/ Frame 1C67 23 KB
8 KB 16ms
16ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/2.691622e4391d1973cb65.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/_next/static/chunks/runtime-2cef2cd3029217be2b2d.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (pab/6F96) /
Resource Hash: 2adcd0a627dee2ac4ab782a00745d7678e374dc4625ddf673a88121977d77c67

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Sat, 12 Aug 2023 19:04:27 GMT
Content-Encoding: gzip
Age: 849091
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 7674
Last-Modified: Tue, 27 Jun 2023 19:44:59 GMT
Server: ECS (pab/6F96)
Etag: "942b5b928a24465d1906b4716131d896+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=315360000

GET
H/1.1 200
OK 16.142d2ae66656c89148d4.js Show response
platform.twitter.com/_next/static/chunks/ Frame 1C67 36 KB
12 KB 17ms
17ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/16.142d2ae66656c89148d4.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/_next/static/chunks/runtime-2cef2cd3029217be2b2d.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (pab/6F90) /
Resource Hash: 7ccaf896a943bdeb36d41b39bbf98d23dfe1c9a8ae55a6dacdadb2638dbebb8d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Sat, 12 Aug 2023 19:04:27 GMT
Content-Encoding: gzip
Age: 849091
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 11742
Last-Modified: Tue, 27 Jun 2023 19:44:59 GMT
Server: ECS (pab/6F90)
Etag: "83f133db31f2f224334873b637da46cb+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=315360000

GET
H/1.1 200
OK 0.5686651481f4464c5717.js Show response
platform.twitter.com/_next/static/chunks/ Frame 1C67 314 KB
104 KB 17ms
16ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/0.5686651481f4464c5717.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/_next/static/chunks/runtime-2cef2cd3029217be2b2d.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (pab/6F96) /
Resource Hash: 97faf872f051e026ad60fe49411ea63058763bb7f1b3f83db644a19bbcdc05cd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Sat, 12 Aug 2023 19:04:27 GMT
Content-Encoding: gzip
Age: 849091
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 106304
Last-Modified: Tue, 27 Jun 2023 19:44:59 GMT
Server: ECS (pab/6F96)
Etag: "b9b1dd7ae92ad3982af11fe7072b6664+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=315360000

GET
H/1.1 200
OK 4.fbbd25113f2df4fe737c.js Show response
platform.twitter.com/_next/static/chunks/ Frame 1C67 247 KB
67 KB 18ms
17ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/4.fbbd25113f2df4fe737c.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/_next/static/chunks/runtime-2cef2cd3029217be2b2d.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (pab/6FA8) /
Resource Hash: 377dcba0ba5794ca4856fc650b5ce17cd30c62787b1a784f2247a7b86d95bec8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Sat, 12 Aug 2023 19:04:27 GMT
Content-Encoding: gzip
Age: 849091
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 67792
Last-Modified: Tue, 27 Jun 2023 19:44:59 GMT
Server: ECS (pab/6FA8)
Etag: "ab046685ef0879ed66eafd971fc107a6+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=315360000

GET
H/1.1 200
OK 1.184d2a3edeaf2b598b70.js Show response
platform.twitter.com/_next/static/chunks/ Frame 1C67 132 KB
36 KB 26ms
26ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/1.184d2a3edeaf2b598b70.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/_next/static/chunks/runtime-2cef2cd3029217be2b2d.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (pab/6F8D) /
Resource Hash: 2094344b2bff06c92b1adf03e3bdb9506632a5511909448629f64d1b2bc0e004

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Sat, 12 Aug 2023 19:04:27 GMT
Content-Encoding: gzip
Age: 849092
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 35879
Last-Modified: Tue, 27 Jun 2023 19:44:59 GMT
Server: ECS (pab/6F8D)
Etag: "76a15f84c29af44712ea9a662e02ffd5+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=315360000

GET
H/1.1 200
OK 3.6dd7cdd29a2101a1c884.js Show response
platform.twitter.com/_next/static/chunks/ Frame 1C67 657 KB
162 KB 18ms
17ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/3.6dd7cdd29a2101a1c884.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/_next/static/chunks/runtime-2cef2cd3029217be2b2d.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (pab/6F93) /
Resource Hash: 94441dd203830058a19eb0892915df9cbe91edfb3673bc1c6b4512f4c7edc39f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Sat, 12 Aug 2023 19:04:27 GMT
Content-Encoding: gzip
Age: 849091
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 164892
Last-Modified: Tue, 27 Jun 2023 19:44:59 GMT
Server: ECS (pab/6F93)
Etag: "ed8ce1225c6b70140167ad888dbe53de+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=315360000

GET
H/1.1 200
OK 6.d6877f687dd7f7c5c2dc.js Show response
platform.twitter.com/_next/static/chunks/ Frame 1C67 2 KB
2 KB 19ms
19ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/6.d6877f687dd7f7c5c2dc.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/_next/static/chunks/runtime-2cef2cd3029217be2b2d.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (pab/6FA4) /
Resource Hash: 713a5085778002ac882de664c065bc7a55a26c6091d12c39a038bac7b70dcf45

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Sat, 12 Aug 2023 19:04:27 GMT
Content-Encoding: gzip
Age: 849092
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 1276
Last-Modified: Tue, 27 Jun 2023 19:44:59 GMT
Server: ECS (pab/6FA4)
Etag: "0e9ca787dfdcbf5ffeb7df678ec8f6df+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=315360000

GET
H/1.1 200
OK ondemand.Dropdown.d716bae5b8f017ef3f36.js Show response
platform.twitter.com/_next/static/chunks/ Frame 1C67 7 KB
3 KB 18ms
17ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/ondemand.Dropdown.d716bae5b8f017ef3f36.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/_next/static/chunks/runtime-2cef2cd3029217be2b2d.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (pab/6FA4) /
Resource Hash: 1c0486acafe63a074adbd08ecc9cad99ee106f3701e2b93c2a75533774f7faba

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Sat, 12 Aug 2023 19:04:27 GMT
Content-Encoding: gzip
Age: 849091
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 2822
Last-Modified: Tue, 27 Jun 2023 19:44:59 GMT
Server: ECS (pab/6FA4)
Etag: "ee85bb78f0eb1080fd5fc8c4d4cddbb8+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=315360000

GET
H2 200 jot
syndication.twitter.com/i/ Frame 1C67 43 B
150 B 113ms
113ms Image
image/gif 104.244.42.72
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot?l=%7B%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1691867067722%2C%22event_namespace%22%3A%7B%22action%22%3A%22no-results%22%2C%22client%22%3A%22tfw%22%2C%22page%22%3A%22timeline-profile%22%2C%22section%22%3A%22main%22%7D%2C%22context%22%3A%22horizon%22%2C%22client_version%22%3A%22aaf4084522e3a%3A1674595607486%22%2C%22dnt%22%3Afalse%2C%22widget_id%22%3A%22twitter-widget-0%22%2C%22widget_origin%22%3A%22https%3A%2F%2Fresearch.kudelskisecurity.com%2F2023%2F07%2F14%2Fcve-2023-36884-office-and-windows-html-remote-code-execution-vulnerability%2F%22%2C%22widget_frame%22%3A%22false%22%2C%22widget_partner%22%3A%22jetpack%22%2C%22widget_site_screen_name%22%3A%22%22%2C%22widget_site_user_id%22%3A%22%22%2C%22widget_creator_screen_name%22%3A%22%22%2C%22widget_creator_user_id%22%3A%22%22%2C%22widget_iframe_version%22%3A%22bb06567%3A1687853948269%22%2C%22widget_data_source%22%3A%22screen-name%3AKudelskiSec%22%7D&session_id=0b251db096fb9f2955b056c77584ca0765e42d42

Requested by

Host: syndication.twitter.com
URL: https://syndication.twitter.com/srv/timeline-profile/screen-name/KudelskiSec?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOltdLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2ZvbGxvd2VyX2NvdW50X3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfZm9zbnJfc29mdF9pbnRlcnZlbnRpb25zX2VuYWJsZWQiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X21peGVkX21lZGlhXzE1ODk3Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3Nob3dfYmlyZHdhdGNoX3Bpdm90c19lbmFibGVkIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19kdXBsaWNhdGVfc2NyaWJlc190b19zZXR0aW5ncyI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdXNlX3Byb2ZpbGVfaW1hZ2Vfc2hhcGVfZW5hYmxlZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdmlkZW9faGxzX2R5bmFtaWNfbWFuaWZlc3RzXzE1MDgyIjp7ImJ1Y2tldCI6InRydWVfYml0cmF0ZSIsInZlcnNpb24iOm51bGx9LCJ0ZndfbGVnYWN5X3RpbWVsaW5lX3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9mcm9udGVuZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9fQ%3D%3D&frame=false&hideBorder=true&hideFooter=true&hideHeader=true&hideScrollBar=false&lang=en&maxHeight=800px&origin=https%3A%2F%2Fresearch.kudelskisecurity.com%2F2023%2F07%2F14%2Fcve-2023-36884-office-and-windows-html-remote-code-execution-vulnerability%2F&partner=jetpack&sessionId=0b251db096fb9f2955b056c77584ca0765e42d42&showHeader=false&showReplies=false&theme=light&transparent=false&widgetsVersion=aaf4084522e3a%3A1674595607486

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.72 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/srv/timeline-profile/screen-name/KudelskiSec?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOltdLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2ZvbGxvd2VyX2NvdW50X3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfZm9zbnJfc29mdF9pbnRlcnZlbnRpb25zX2VuYWJsZWQiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X21peGVkX21lZGlhXzE1ODk3Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3Nob3dfYmlyZHdhdGNoX3Bpdm90c19lbmFibGVkIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19kdXBsaWNhdGVfc2NyaWJlc190b19zZXR0aW5ncyI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdXNlX3Byb2ZpbGVfaW1hZ2Vfc2hhcGVfZW5hYmxlZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdmlkZW9faGxzX2R5bmFtaWNfbWFuaWZlc3RzXzE1MDgyIjp7ImJ1Y2tldCI6InRydWVfYml0cmF0ZSIsInZlcnNpb24iOm51bGx9LCJ0ZndfbGVnYWN5X3RpbWVsaW5lX3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9mcm9udGVuZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9fQ%3D%3D&frame=false&hideBorder=true&hideFooter=true&hideHeader=true&hideScrollBar=false&lang=en&maxHeight=800px&origin=https%3A%2F%2Fresearch.kudelskisecurity.com%2F2023%2F07%2F14%2Fcve-2023-36884-office-and-windows-html-remote-code-execution-vulnerability%2F&partner=jetpack&sessionId=0b251db096fb9f2955b056c77584ca0765e42d42&showHeader=false&showReplies=false&theme=light&transparent=false&widgetsVersion=aaf4084522e3a%3A1674595607486
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-response-time: 106
date: Sat, 12 Aug 2023 19:04:27 GMT
strict-transport-security: max-age=631138519
last-modified: Sat, 12 Aug 2023 19:04:27 GMT
server: tsa_o
vary: Origin
content-type: image/gif
x-transaction-id: 009f032842b68a7c
cache-control: must-revalidate, max-age=600
perf: 7626143928
x-connection-hash: ba27ff2f8b9f7e2d7e17b352c335a77f7c40616b1e7d4844c22e7493d66a30d6
content-length: 43

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: platform.twitter.com
URL: https://platform.twitter.com/_next/static/vn5fUacsNpP-nIkFRlFf6/_ssgManifest.js

Verdicts & Comments Add Verdict or Comment

64 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'notifications'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'speaker'.
security	error	URL: https://research.kudelskisecurity.com/2023/07/14/cve-2023-36884-office-and-windows-html-remote-code-execution-vulnerability/(Line 190) Message: Refused to create a worker from 'blob:https://research.kudelskisecurity.com/bc4af56b-7f58-4d30-b0d9-cb60578d63fe' because it violates the following Content Security Policy directive: "script-src 'unsafe-inline' https://.twitter.com https://.gravatar.com/js/ 'self' https://*.wp.com/". Note that 'worker-src' was not explicitly set, so 'script-src' is used as a fallback.
network	error	URL: https://research.kudelskisecurity.com/wp-admin/admin-ajax.php Message: Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' https://.gravatar.com/js/; script-src 'unsafe-inline' https://.twitter.com https://.gravatar.com/js/ 'self' https://.wp.com/; style-src https://.wp.com 'unsafe-inline' https://.gravatar.com https://.gravatar.com/; frame-src https://.wp.com https://.twitter.com https://platform.twitter.com https://r-login.wordpress.com; img-src https://.wp.com https://.gravatar.com https://syndication.twitter.com/ https://secure.gravatar.com/ https://cybermashup.files.wordpress.com https://.hubspot.net; style-src-elem https://.gravatar.com 'self' 'unsafe-inline' https://.wp.com; font-src data: https://*.wp.com/
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0.gravatar.com
1.gravatar.com
cdn2.hubspot.net
cybermashup.files.wordpress.com
fonts-api.wp.com
fonts.wp.com
pixel.wp.com
platform.twitter.com
public-api.wordpress.com
r-login.wordpress.com
research.kudelskisecurity.com
s0.wp.com
s1.wp.com
s2.wp.com
secure.gravatar.com
stats.wp.com
syndication.twitter.com
widgets.wp.com
platform.twitter.com
104.244.42.72
192.0.72.20
192.0.76.3
192.0.77.32
192.0.78.18
192.0.78.22
2606:2800:234:59:254c:406:2366:268c
2606:4700::6812:cec9
2606:4700::6812:df1e
2a04:fa87:fffe::c000:4902
08049155425170644473fbebdaebcba11c6358913cf6dbe0c739a7c7c05ad04c
0d1494f84aa5eb9d1fe5c36b6234a5068de47c07a3c808bec606ab9ba6ca339e
10e1d5be200976ab3c32ddb7076abe7c8c7ffe002556c5954d146319420e0580
1c0486acafe63a074adbd08ecc9cad99ee106f3701e2b93c2a75533774f7faba
1c539876264313ee7e6c64258b31b82e25648944fdebc7b25ebacce42413564b
1cfd32e37f8aba263101f06e8f702adfaef55a6601857cf5e2c6dd0b0388dcd6
2094344b2bff06c92b1adf03e3bdb9506632a5511909448629f64d1b2bc0e004
248fae09ad210f6bcf3f09ac80ef594e3012d25bb9bd7710d2c2255dbd41705e
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
25ee8903d79dafe188d9b51dcf4de5e43d8bfdb39c3cbd19d725fd15a5cb3000
2adcd0a627dee2ac4ab782a00745d7678e374dc4625ddf673a88121977d77c67
302da628a6afc3e93f1b86bf7c65e4d6536d8283d78266964822a76d1c645aa4
3112fd69843bc3d3d05d13ac324257fc6da01c4beb5e37237c32dfe5b9c060ca
32cf39fdd1cd09157852ef8193ff69bc05364c447e0fbbf2271bd963b30ebd7c
374aaa2c2ad4660e447acf44391c87bff48aa18cb3c35d9bf99f9dc323587776
377dcba0ba5794ca4856fc650b5ce17cd30c62787b1a784f2247a7b86d95bec8
392c9fa9cd1273a2a89d1a83a69cd1f63f21d1d55e7be21e1d8f51f25145668b
4002d65e95f94dc87ae8ad170eb8dbc3644921032ac76dcb376537d9304a6fbf
486b694c4933bf0e1a51c429bdbd97e80ac818f4005c89885800230da524d4de
4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230
53e5b7b1233909d699bf045a93077b5536c38490a8409e7b4d0168a1a6bee45b
56a744f21b61e312c975ccc4a070c73ca0cf4e0bd7a3e60655c7c8601d6162e5
5fc4c95920416b0ef0b5aee93a90984989183a6d29f712e725a3383309806a54
6f10855896a2bbd0572959f6fd654012642dd16f0e2033fad99f4f31ca3cc358
713a5085778002ac882de664c065bc7a55a26c6091d12c39a038bac7b70dcf45
729cfa84928e7a87a4a4551df25c1406da86af8f0ebd2f579460546d11722326
738223eb8c8c70913bf59775dc575c205070014babc8b174fd3ab8e6082ebe30
7a4a63c52bdfab0ab459b1b77dad4a4ce4e1f7dfdfdba0b2013ba32f0690e15f
7ccaf896a943bdeb36d41b39bbf98d23dfe1c9a8ae55a6dacdadb2638dbebb8d
7cccd8f78bd73c79f1281052eb4c9bdf6f38386fca206da9954fdf24ab0784af
7d28cac6829ef3b2242580e0a3abac9dc48c211783dfb86ac9dce2845e502329
822183b6912f8ef43349d897aa66f65f840a059a488c1dae834f2e1b4d847c1c
82d7db2beaf0bed1398411ac2509f5fb4ca0564af181a066c77bec4b835b93bb
857edabb9ce74342f298daf49f36beda85987bd9da00687afe12539ecea775e5
86380b40e3d14ed9f3e0a5ff79c04f510d7910f677a66685e2b10f8b8765797f
8c2a54278c4cb87438f4a1c73242d727fc3eea82dc59abb393dd3937b17ce1d7
9013a9ca40a672ee35978b117e54d8b342cb591e8951f599a2b6dfef9d9fa723
922f7310455a01a1cc789155c95eed771508f7cf31cf38b176a934147e26c7af
9398eb3737a99ee7929995d320c3385f8374ff399152fcad64a47b55a985e5d4
94441dd203830058a19eb0892915df9cbe91edfb3673bc1c6b4512f4c7edc39f
97faf872f051e026ad60fe49411ea63058763bb7f1b3f83db644a19bbcdc05cd
984499da3d590658ac000c9d7e2362a2e7308ec05e4d0f5940f2d2eb6ba865f6
9c83b89ab9d2677980617afacb833a74da3050a2d3d711176b500d7922e49ab5
a38aca823bb17c7335f249bb6194adbc333694c11ffa76563b4cba3a033cd99c
a5b37032efedf9b583cf3300674381f3cea172655df6be23f0ae1c4df8bcb665
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
aecb63436ff8e28ed766a7eb40e804e09893d2264fb5b5ca86fd660c21bab67f
b6e4492d3b8358a81b80908b1f84e6bd2f64a7a46d48793af99d27bf29f4c2e8
bd18e405cbfb6fb5c27224b38e792c8b6542d9b7eae37aa5883808b69392dcef
c2ba9876245a0044717a1612ca20aa91e8229b4b4c5903d2fcb0441e366c243b
c59758aba315041f99301a6120932ecaf751fb3a0b35b55b65eea138912c86ea
cad39bb4ebdbdc5760cdff084c7efb04bf30c56b3d3c0ded11fcea7f88f0b7e9
cc9a51dd9c128fcec8a07077fad5cd3cf19761680989ed17900cfa98cb813af8
cd64977b1dfb594bb6c578c450c7ea5f46829cc5e0d96584e38187ca02293cb1
cf809c3709e14d588323ed6e691379577c5d79827e64fed11286483a69c96f81
d3ddd29db765914b449b4573e5a3c24e1982838d9f55befd894cb73333f8149a
e6c34b671db5a47c2d36abf67e69153ae5ff8646fe9620bc6b4362992571af47
ec7c4c90e31092c6253cddb718655a1e3ac5f4f83425b1e16d54b25ff80f263f
eefd62bfe6d0ad2f3f2b7bddb8f2c46d7c8b6ed4897e3f9309968a58dc078753
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f72ea1589b707feb0d369c239e89cc4ca754d70645c76e3a61ba0af9d69bba8c
ffd21b00750cc1bae7f3f84238b7c5676cc3c5f078fff44db7c8e7922cc6ef04

research.kudelskisecurity.com Open in urlscan Pro 2606:4700::6812:df1e Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

65 Requests

98 %HTTPS

40 %IPv6

6 Domains

18 Subdomains

11 IPs

2 Countries

3319 kBTransfer

5587 kBSize

0 Cookies

15 Outgoing links

Page URL History

Redirected requests

65 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

research.kudelskisecurity.com Open in urlscan Pro
2606:4700::6812:df1e Public Scan

Screenshot
Live screenshot

Full Image

65
Requests

98 %
HTTPS

40 %
IPv6

6
Domains

18
Subdomains

11
IPs

2
Countries

3319 kB
Transfer

5587 kB
Size

0
Cookies

65 HTTP transactions
2 data transactions