www.netspi.com Open in urlscan Pro
34.123.201.87 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://t.co/eznxII9y9T
Effective URL:
https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/
Submission: On June 24 via manual (June 24th 2024, 2:33:12 am UTC) from KR — Scanned from GB

Summary HTTP 128 Redirects Links 32 Behaviour Indicators

Summary

This website contacted 29 IPs in 6 countries across 20 domains to perform 128 HTTP transactions. The main IP is 34.123.201.87, located in Council Bluffs, United States and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is www.netspi.com.
TLS certificate: Issued by R3 on April 11th 2024. Valid for: 3 months.

This is the only time www.netspi.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	93.184.221.165 93.184.221.165	15133 (EDGECAST) (EDGECAST)
69	34.123.201.87 34.123.201.87	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3	2a04:4e42:400... 2a04:4e42:400::485	54113 (FASTLY) (FASTLY)
15	104.16.96.80 104.16.96.80	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	188.114.97.3 188.114.97.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:830::2008	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:350... 2a02:26f0:3500:10::210:a98	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	88.221.60.75 88.221.60.75	16625 (AKAMAI-AS) (AKAMAI-AS)
1	172.217.16.194 172.217.16.194	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:810::200e	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c06::9c	15169 (GOOGLE) (GOOGLE)
2	172.217.18.3 172.217.18.3	15169 (GOOGLE) (GOOGLE)
4 6	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	192.28.144.124 192.28.144.124	15224 (OMNITURE) (OMNITURE)
3	142.250.185.100 142.250.185.100	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:81c::2003	15169 (GOOGLE) (GOOGLE)
3	104.18.37.212 104.18.37.212	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	104.16.117.43 104.16.117.43	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:225... 2600:9000:225e:800:f:7ae2:7780:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:225... 2600:9000:225e:2000:f:7ae2:7780:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:211... 2600:9000:211e:7600:4:8491:f2c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	18.172.103.101 18.172.103.101	16509 (AMAZON-02) (AMAZON-02)
1	52.223.40.198 52.223.40.198	16509 (AMAZON-02) (AMAZON-02)
1 2	54.225.185.86 54.225.185.86	14618 (AMAZON-AES) (AMAZON-AES)
1	35.244.174.68 35.244.174.68	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	54.158.99.223 54.158.99.223	14618 (AMAZON-AES) (AMAZON-AES)
128	29

1 93.184.221.165 (London, United Kingdom)

ASN15133 (EDGECAST, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

69 34.123.201.87 (Council Bluffs, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 87.201.123.34.bc.googleusercontent.com

www.netspi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a04:4e42:400::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 104.16.96.80 (None, )

ASN13335 (CLOUDFLARENET, US)

explore.netspi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 188.114.97.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)

widget.tagembed.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:830::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:10::210:a98 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 88.221.60.75 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a88-221-60-75.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.16.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s65-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c06::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.18.3 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s28-in-f3.1e100.net

www.google.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2620:1ec:21::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.144.124 (United States)

ASN15224 (OMNITURE, US)

218-vhm-543.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.185.100 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81c::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.18.37.212 (None, )

ASN13335 (CLOUDFLARENET, US)

js.zi-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.16.117.43 (None, )

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ws-assets.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:225e:800:f:7ae2:7780:93a1 (United States)

ASN16509 (AMAZON-02, US)

netspi.widget.insent.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:225e:2000:f:7ae2:7780:93a1 (United States)

ASN16509 (AMAZON-02, US)

netspi.widget.insent.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:211e:7600:4:8491:f2c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

tags.clickagy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.172.103.101 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-172-103-101.fra60.r.cloudfront.net

js.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.223.40.198 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.225.185.86 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-225-185-86.compute-1.amazonaws.com

aorta.clickagy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 68.174.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.158.99.223 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-158-99-223.compute-1.amazonaws.com

hemsync.clickagy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
84	netspi.com www.netspi.com explore.netspi.com	6 MB
7	linkedin.com 4 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 360 www.linkedin.com — Cisco Umbrella Rank: 545 px4.ads.linkedin.com — Cisco Umbrella Rank: 6416	4 KB
5	zoominfo.com ws.zoominfo.com — Cisco Umbrella Rank: 5175 ws-assets.zoominfo.com — Cisco Umbrella Rank: 14358	30 KB
4	clickagy.com 1 redirects tags.clickagy.com — Cisco Umbrella Rank: 22208 aorta.clickagy.com — Cisco Umbrella Rank: 2638 hemsync.clickagy.com — Cisco Umbrella Rank: 22784	27 KB
4	google.com region1.analytics.google.com — Cisco Umbrella Rank: 3125 www.google.com — Cisco Umbrella Rank: 5	1 KB
3	zi-scripts.com js.zi-scripts.com — Cisco Umbrella Rank: 7464	4 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 81	301 KB
3	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 381	13 KB
2	adsrvr.org js.adsrvr.org — Cisco Umbrella Rank: 1585 insight.adsrvr.org — Cisco Umbrella Rank: 1062	13 KB
2	insent.ai netspi.widget.insent.ai	23 KB
2	google.co.uk www.google.co.uk — Cisco Umbrella Rank: 3827	127 B
2	youtube.com www.youtube.com — Cisco Umbrella Rank: 96	10 KB
2	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 70 stats.g.doubleclick.net — Cisco Umbrella Rank: 136	2 KB
2	marketo.net munchkin.marketo.net — Cisco Umbrella Rank: 4512	6 KB
1	rlcdn.com idsync.rlcdn.com — Cisco Umbrella Rank: 495	98 B
1	gstatic.com www.gstatic.com	205 KB
1	mktoresp.com 218-vhm-543.mktoresp.com	318 B
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 902	14 KB
1	tagembed.com widget.tagembed.com — Cisco Umbrella Rank: 54709	1 KB
1	t.co t.co — Cisco Umbrella Rank: 726	626 B
128	20

	Domain	Requested by
69	www.netspi.com	t.co www.netspi.com
15	explore.netspi.com	www.netspi.com explore.netspi.com
5	px.ads.linkedin.com	3 redirects snap.licdn.com
4	ws.zoominfo.com	js.zi-scripts.com ws-assets.zoominfo.com
3	js.zi-scripts.com	t.co js.zi-scripts.com
3	www.google.com	www.netspi.com explore.netspi.com www.gstatic.com
3	www.googletagmanager.com	www.netspi.com www.googletagmanager.com
3	cdn.jsdelivr.net	www.netspi.com
2	aorta.clickagy.com	1 redirects tags.clickagy.com
2	netspi.widget.insent.ai	js.zi-scripts.com netspi.widget.insent.ai
2	www.google.co.uk	www.netspi.com
2	www.youtube.com	www.netspi.com www.youtube.com
2	munchkin.marketo.net	t.co munchkin.marketo.net
1	hemsync.clickagy.com	tags.clickagy.com
1	idsync.rlcdn.com
1	insight.adsrvr.org	js.adsrvr.org
1	js.adsrvr.org	www.netspi.com
1	tags.clickagy.com	www.netspi.com
1	ws-assets.zoominfo.com	js.zi-scripts.com
1	www.gstatic.com	www.google.com
1	218-vhm-543.mktoresp.com	munchkin.marketo.net
1	px4.ads.linkedin.com	www.netspi.com
1	www.linkedin.com	1 redirects
1	stats.g.doubleclick.net	www.googletagmanager.com
1	region1.analytics.google.com	www.googletagmanager.com
1	googleads.g.doubleclick.net	www.googletagmanager.com
1	snap.licdn.com	www.googletagmanager.com
1	widget.tagembed.com	www.netspi.com
1	t.co
128	29

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
www.linkedin.com
msrc.microsoft.com
github.com
sensepost.com
support.microsoft.com
learn.microsoft.com
aadinternals.com
policies.google.com
www.instagram.com
www.youtube.com

Subject Issuer	Validity	Valid
t.co DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-05-08` - `2025-05-07`	a year	crt.sh
www.netspi.com R3	`2024-04-11` - `2024-07-10`	3 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2023 Q3	`2023-09-27` - `2024-10-28`	a year	crt.sh
explore.netspi.com Cloudflare Inc ECC CA-3	`2023-08-04` - `2024-08-02`	a year	crt.sh
widget.tagembed.com E1	`2024-05-16` - `2024-08-14`	3 months	crt.sh
*.google-analytics.com WR2	`2024-06-03` - `2024-08-26`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
*.marketo.net DigiCert TLS RSA SHA256 2020 CA1	`2023-12-08` - `2024-12-11`	a year	crt.sh
*.g.doubleclick.net WR2	`2024-06-03` - `2024-08-26`	3 months	crt.sh
*.google.com WR2	`2024-06-03` - `2024-08-26`	3 months	crt.sh
*.google.co.uk WR2	`2024-06-03` - `2024-08-26`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-01-30` - `2024-07-30`	6 months	crt.sh
*.mktoresp.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-07` - `2024-10-07`	a year	crt.sh
*.gstatic.com WR2	`2024-06-03` - `2024-08-26`	3 months	crt.sh
zi-scripts.com GTS CA 1P5	`2024-05-27` - `2024-08-25`	3 months	crt.sh
zoominfo.com E5	`2024-06-17` - `2024-09-15`	3 months	crt.sh
*.widget.insent.ai Amazon RSA 2048 M03	`2024-01-30` - `2025-02-27`	a year	crt.sh
*.clickagy.com Amazon ECDSA 256 M02	`2023-09-22` - `2024-10-20`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2024-04-23` - `2025-05-25`	a year	crt.sh

This page contains 5 frames:

Primary Page: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/
Frame ID: D124086E0A380070A22A656ED7BBD172
Requests: 121 HTTP requests in this frame

Frame: https://explore.netspi.com/index.php/form/XDFrame
Frame ID: 74E1C1AC28A376ACF3FB578BC34F5050
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Let8sUpAAAAAFuNMlIvZBjr53257xxcp2WTQgO4&co=aHR0cHM6Ly93d3cubmV0c3BpLmNvbTo0NDM.&hl=en&v=KXX4ARWFlYTftefkdODAYWZh&size=invisible&cb=lm1w3o9k1tke
Frame ID: 20F9181881C40FFCEC6B65F8372DF7F1
Requests: 1 HTTP requests in this frame

Frame: https://netspi.widget.insent.ai/?project_key=LzHbVnPnSAFA8zxSQwEB&blog_url=www.netspi.com%2Fblog%2Ftechnical-blog%2Fadversary-simulation%2Fmicrosoft-outlook-remote-code-execution-cve-2024-21378%2F&event_listener=GbLfOeFyKrk7Zy5&marketo_cookies=[%22_mch-netspi.com-1719196388363-44605%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined&user_id=ab89e8db94d6f1fd69221719196390&_zitok=ab89e8db94d6f1fd69221719196390&referral_url=https%3A%2F%2Ft.co%2F
Frame ID: 82CDF901EAB655B2A7F3A667F5CF2FEF
Requests: 1 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=0tnmw1o&ref=https%3A%2F%2Fwww.netspi.com%2Fblog%2Ftechnical-blog%2Fadversary-simulation%2Fmicrosoft-outlook-remote-code-execution-cve-2024-21378%2F&upid=d0i5hby&upv=1.1.0
Frame ID: E0482DCBCA37CC8F160C677C382D85F7
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Exploiting CVE-2024-21378 – Remote Code Execution in Microsoft Outlook

Page URL History Show full URLs

https://t.co/eznxII9y9T Page URL
https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execu... Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Lightbox (JavaScript Libraries) Expand

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

Slick (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

(?:/([\d.]+))?/slick(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

128
Requests

97 %
HTTPS

39 %
IPv6

20
Domains

29
Subdomains

29
IPs

6
Countries

6918 kB
Transfer

10005 kB
Size

23
Cookies

32 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/sharer/sharer.php?u=https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=CVE-2024-21378%20%E2%80%94%20Remote%20Code%20Execution%20in%20Microsoft%20Outlook%C2%A0&url=https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/&title=CVE-2024-21378%20%E2%80%94%20Remote%20Code%20Execution%20in%20Microsoft%20Outlook%C2%A0

Search URL Search Domain Scan URL

URL: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21378
Title: CVE-2024-21378

Search URL Search Domain Scan URL

URL: https://github.com/sensepost/ruler
Title: Ruler

Search URL Search Domain Scan URL

URL: https://github.com/sensepost/ruler/pull/144
Title: https://github.com/sensepost/ruler/pull/144

Search URL Search Domain Scan URL

URL: https://sensepost.com/blog/2017/outlook-forms-and-shells/
Title: attack

Search URL Search Domain Scan URL

URL: https://twitter.com/_staaldraad
Title: Etienne Stalmans

Search URL Search Domain Scan URL

URL: https://support.microsoft.com/en-us/office/custom-form-script-is-now-disabled-by-default-bd8ea308-733f-4728-bfcc-d7cce0120e94
Title: patch

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/office/client-developer/outlook/mapi/outlook-mapi-reference
Title: forms

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/office/client-developer/outlook/mapi/mapi-programming-overview
Title: MAPI

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/openspecs/exchange_server_protocols/ms-oxoab/b4750386-66ec-4e69-abb6-208dd131c7de
Title: PidTagOfflineAddressBookName

Search URL Search Domain Scan URL

URL: https://aadinternals.com/post/phishing/
Title: Device Code phishing/vishing

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/office/vba/outlook/Concepts/Outlook-Forms/create-an-outlook-form
Title: Outlook forms

Search URL Search Domain Scan URL

URL: https://github.com/microsoft/mfcmapi
Title: MFCMAPI

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/office/client-developer/outlook/mapi/file-format-of-form-configuration-files
Title: format of form configuration files

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/office/client-developer/outlook/mapi/form-configuration-file-platforms-section
Title: file and registry entries

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/entra/identity-platform/access-tokens
Title: access tokens

Search URL Search Domain Scan URL

URL: https://github.com/NetSPI/ruler
Title: here

Search URL Search Domain Scan URL

URL: https://github.com/rvrsh3ll/TokenTactics
Title: TokenTactics

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/detect-and-remediate-outlook-rules-forms-attack?view=o365-worldwide
Title: https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/detect-and-remediate-outlook-rules-forms-attack?view=o365-worldwide

Search URL Search Domain Scan URL

URL: https://sensepost.com/blog/2016/mapi-over-http-and-mailrule-pwnage/
Title: https://sensepost.com/blog/2016/mapi-over-http-and-mailrule-pwnage/

Search URL Search Domain Scan URL

URL: https://sensepost.com/blog/2017/pass-the-hash-with-ruler/
Title: https://sensepost.com/blog/2017/pass-the-hash-with-ruler/

Search URL Search Domain Scan URL

URL: https://sensepost.com/blog/2017/outlook-home-page-another-ruler-vector/
Title: https://sensepost.com/blog/2017/outlook-home-page-another-ruler-vector/

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/office/vba/outlook/concepts/forms/how-outlook-forms-and-items-work-together
Title: https://learn.microsoft.com/en-us/office/vba/outlook/concepts/forms/how-outlook-forms-and-items-work-together

Search URL Search Domain Scan URL

URL: https://policies.google.com/privacy
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://policies.google.com/terms
Title: Terms of Service

Search URL Search Domain Scan URL

URL: https://www.facebook.com/netspi/

Search URL Search Domain Scan URL

URL: https://twitter.com/NetSPI

Search URL Search Domain Scan URL

URL: https://www.instagram.com/teamnetspi/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/netspi/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/c/NetSPILLC

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://t.co/eznxII9y9T Page URL
https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 86

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1614116&time=1719196388342&url=https%3A%2F%2Fwww.netspi.com%2Fblog%2Ftechnical-blog%2Fadversary-simulation%2Fmicrosoft-outlook-remote-code-execution-cve-2024-21378%2F HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1614116&time=1719196388342&url=https%3A%2F%2Fwww.netspi.com%2Fblog%2Ftechnical-blog%2Fadversary-simulation%2Fmicrosoft-outlook-remote-code-execution-cve-2024-21378%2F&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D1614116%26time%3D1719196388342%26url%3Dhttps%253A%252F%252Fwww.netspi.com%252Fblog%252Ftechnical-blog%252Fadversary-simulation%252Fmicrosoft-outlook-remote-code-execution-cve-2024-21378%252F%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1614116&time=1719196388342&url=https%3A%2F%2Fwww.netspi.com%2Fblog%2Ftechnical-blog%2Fadversary-simulation%2Fmicrosoft-outlook-remote-code-execution-cve-2024-21378%2F&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1614116&time=1719196388342&url=https%3A%2F%2Fwww.netspi.com%2Fblog%2Ftechnical-blog%2Fadversary-simulation%2Fmicrosoft-outlook-remote-code-execution-cve-2024-21378%2F&cookiesTest=true&liSync=true&e_ipv6=AQI9YxjIjiscKAAAAZBIFw4QP7MU7SWm6UAWRqZ0Psaf4ZSa4Low-dFNr9piz50mQX05

Request Chain 126

https://aorta.clickagy.com/pixel.gif?clkgypv=jstag&ws=1 HTTP 302
https://idsync.rlcdn.com/420246.gif?partner_uid=c:4561a4d89c6eb25ca3906bf0924cf829

128 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 eznxII9y9T
t.co/ 516 B
626 B 255ms
151ms Document
text/html 93.184.221.165
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://t.co/eznxII9y9T

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.221.165 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

tsa_f /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

cache-control: private,max-age=300
content-encoding: gzip
content-length: 254
content-type: text/html; charset=utf-8
date: Mon, 24 Jun 2024 02:33:06 GMT
expires: Mon, 24 Jun 2024 02:38:06 GMT
perf: 7402827104
server: tsa_f
strict-transport-security: max-age=0
vary: Origin
x-connection-hash: 552fa277b3c2189fa66bb80d93c986e69f7ad2d1f49535123322b0a95e3e331c
x-response-time: 115
x-transaction-id: 8e87ff5b2c30d7a5
x-xss-protection: 0

GET
H2 200 Primary Request / Show response
www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/ 153 KB
33 KB 553ms
257ms Document
text/html 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Requested by

Host: t.co
URL: https://t.co/eznxII9y9T

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx / WP Engine

Resource Hash

15ff032cf8eaa77dd4dff0a1505049306ef7cc31ce8cc7a41e562ebaab550672

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Accept-Language: en-GB,en;q=0.9;q=0.9
Referer: https://t.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

cache-control: max-age=600, must-revalidate
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Mon, 24 Jun 2024 02:33:07 GMT
link: <https://www.netspi.com/wp-json/>; rel="https://api.w.org/" <https://www.netspi.com/wp-json/wp/v2/posts/20197>; rel="alternate"; type="application/json" <https://www.netspi.com/?p=20197>; rel=shortlink
server: nginx
vary: Accept-Encoding Accept-Encoding Accept-Encoding Accept-Encoding,Cookie
x-cache: HIT: 1
x-cache-group: normal
x-cacheable: SHORT
x-powered-by: WP Engine

GET
H2 200 Blog-Feature-Images-06.webp
www.netspi.com/wp-content/uploads/2024/03/ 1008 B
1 KB 263ms
261ms Image
image/webp 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netspi.com/wp-content/uploads/2024/03/Blog-Feature-Images-06.webp

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

8c89e5d907927017585a04ac7752006a0bc18275950fab206b56c7249acada2d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:07 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 29 Apr 2024 08:40:35 GMT
server: nginx
etag: "662f5d03-3f0"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 1008

GET
H2 200 style.min.css
www.netspi.com/wp-includes/css/dist/block-library/ 111 KB
15 KB 260ms
258ms Stylesheet
text/css 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netspi.com/wp-includes/css/dist/block-library/style.min.css?ver=6.5.4

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

98cecf88a23542fa047ce46eedb650b5c5128761ed4386c0977b847094ddfa20

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:07 GMT
content-security-policy: upgrade-insecure-requests
content-encoding: br
last-modified: Mon, 29 Apr 2024 23:45:48 GMT
server: nginx
etag: W/"6630312c-1bae5"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 spectra-block-positioning.min.css
www.netspi.com/wp-content/plugins/ultimate-addons-for-gutenberg/assets/css/ 297 B
417 B 261ms
259ms Stylesheet
text/css 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netspi.com/wp-content/plugins/ultimate-addons-for-gutenberg/assets/css/spectra-block-positioning.min.css?ver=2.13.7

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

c6aef2dcf54199de0b3b6ce72c014fabb18ee5140ef0fa7633cef2e3e7bee3cc

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:07 GMT
content-security-policy: upgrade-insecure-requests
content-encoding: br
last-modified: Thu, 20 Jun 2024 15:38:26 GMT
server: nginx
etag: W/"66744cf2-129"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 custom-style-blocks.css
www.netspi.com/wp-content/uploads/uag-plugin/ 251 KB
27 KB 263ms
261ms Stylesheet
text/css 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netspi.com/wp-content/uploads/uag-plugin/custom-style-blocks.css?ver=2.13.7

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

de170502848291d287b3125a9834fde4adfbdebf364e881617ee0cc6f9f0b766

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:07 GMT
content-security-policy: upgrade-insecure-requests
content-encoding: br
last-modified: Thu, 20 Jun 2024 15:39:31 GMT
server: nginx
etag: W/"66744d33-3ec3d"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 tailwind.css
www.netspi.com/wp-content/themes/netspi/assets/css/ 69 KB
12 KB 263ms
261ms Stylesheet
text/css 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netspi.com/wp-content/themes/netspi/assets/css/tailwind.css?ver=6.5.4

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

764920374818cb70c0006a79ec9ddeae88a14035c1444e1a5fba06a5ac686c18

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:07 GMT
content-security-policy: upgrade-insecure-requests
content-encoding: br
last-modified: Tue, 07 May 2024 15:26:25 GMT
server: nginx
etag: W/"663a4821-11585"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 main.css
www.netspi.com/wp-content/themes/netspi/assets/css/ 48 KB
7 KB 263ms
261ms Stylesheet
text/css 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netspi.com/wp-content/themes/netspi/assets/css/main.css?ver=6.5.4

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

0910a64ef0a7ce51dd7b701da59fbc149daf94c97bf0fbb0d74873505cc421e5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:07 GMT
content-security-policy: upgrade-insecure-requests
content-encoding: br
last-modified: Tue, 07 May 2024 15:49:32 GMT
server: nginx
etag: W/"663a4d8c-c1b2"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 enlighterjs.min.css
www.netspi.com/wp-content/plugins/enlighter/cache/ 85 KB
10 KB 140ms
139ms Stylesheet
text/css 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netspi.com/wp-content/plugins/enlighter/cache/enlighterjs.min.css?ver=3u8ujn1bPOn/RsD

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

7b353c4eb717f25b63c61e713c91fdcc8f1822da8a5f29b474b8e8828ca762df

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:07 GMT
content-security-policy: upgrade-insecure-requests
content-encoding: br
last-modified: Mon, 29 Apr 2024 20:52:18 GMT
server: nginx
etag: W/"66300882-153e4"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 jquery.min.js Show response
www.netspi.com/wp-includes/js/jquery/ 86 KB
31 KB 261ms
260ms Script
application/javascript 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netspi.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:07 GMT
content-security-policy: upgrade-insecure-requests
content-encoding: br
last-modified: Thu, 09 Nov 2023 15:07:28 GMT
server: nginx
etag: W/"654cf5b0-15601"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 jquery-migrate.min.js Show response
www.netspi.com/wp-includes/js/jquery/ 13 KB
5 KB 139ms
137ms Script
application/javascript 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netspi.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:07 GMT
content-security-policy: upgrade-insecure-requests
content-encoding: br
last-modified: Thu, 17 Aug 2023 20:42:59 GMT
server: nginx
etag: W/"64de8653-3509"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 wonderpluginlightbox.js Show response
www.netspi.com/wp-content/plugins/wonderplugin-lightbox/engine/ 124 KB
27 KB 135ms
133ms Script
application/javascript 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netspi.com/wp-content/plugins/wonderplugin-lightbox/engine/wonderpluginlightbox.js?ver=10.4.1PRO

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

2dfcf6da1500d852571b224e77cbb2381e5e12aff0774b9d1c6f058b5c046e1b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:07 GMT
content-security-policy: upgrade-insecure-requests
content-encoding: br
last-modified: Thu, 20 Jun 2024 15:38:28 GMT
server: nginx
etag: W/"66744cf4-1ee5d"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 wonderpluginvideoembed.js Show response
www.netspi.com/wp-content/plugins/wonderplugin-video-embed/engine/ 19 KB
5 KB 263ms
262ms Script
application/javascript 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netspi.com/wp-content/plugins/wonderplugin-video-embed/engine/wonderpluginvideoembed.js?ver=2.0

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

4668869e9fa6de88c447a5d8589f5b4e1dd6bc1c384b27ad517629a0c2e86d02

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:07 GMT
content-security-policy: upgrade-insecure-requests
content-encoding: br
last-modified: Tue, 05 Mar 2024 15:29:00 GMT
server: nginx
etag: W/"65e73a3c-4c07"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 slick.css
cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/ 2 KB
1 KB 78ms
25ms Stylesheet
text/css 2a04:4e42:400::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.css

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

de1e399b07289f3b0a8d35142e363e128124a1185770e214e25e58030dad48e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 24 Jun 2024 02:33:07 GMT
x-content-type-options: nosniff
content-encoding: br
age: 10535724
x-jsd-version: 1.8.1
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 590
x-served-by: cache-fra-eddf8230085-FRA, cache-man4131-MAN
x-jsd-version-type: version
etag: W/"6f0-qUoFmzF4tK3sCeMoGs4oGaMAlaQ"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 slick-theme.css
cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/ 3 KB
1 KB 78ms
25ms Stylesheet
text/css 2a04:4e42:400::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick-theme.css

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

7adaf08052c6a6a0f8a0d0055b4f191fd07389fe41c972b69573472b2ecb406a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 24 Jun 2024 02:33:07 GMT
x-content-type-options: nosniff
content-encoding: br
age: 10611510
x-jsd-version: 1.8.1
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 928
x-served-by: cache-fra-eddf8230023-FRA, cache-man4131-MAN
x-jsd-version-type: version
etag: W/"c49-gaQ0+U8rESTzIyu4bylE+C+yOsA"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 logo-1.svg
www.netspi.com/wp-content/uploads/2024/04/ 3 KB
2 KB 263ms
262ms Image
image/svg+xml 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netspi.com/wp-content/uploads/2024/04/logo-1.svg

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

71bc82a96f363b7a9f72addb5313e652b8e32dca78fd2e2f9105226fe2e3a2b8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:07 GMT
content-security-policy: upgrade-insecure-requests
content-encoding: br
last-modified: Mon, 29 Apr 2024 08:40:27 GMT
server: nginx
etag: W/"662f5cfb-b11"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 NetSPI-Platform_Nav.webp
www.netspi.com/wp-content/uploads/2024/04/ 13 KB
13 KB 263ms
262ms Image
image/webp 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netspi.com/wp-content/uploads/2024/04/NetSPI-Platform_Nav.webp

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

7ae8dccb72b5211f2b09f34f88792b4d02fecfa68ab0cd8e4c3a5b0ed174c40b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:07 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 29 Apr 2024 08:39:48 GMT
server: nginx
etag: "662f5cd4-34ec"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 13548

GET
H2 200 Resources-Page_eBooks-Whitepapers.webp
www.netspi.com/wp-content/uploads/2024/03/ 4 KB
5 KB 129ms
129ms Image
image/webp 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netspi.com/wp-content/uploads/2024/03/Resources-Page_eBooks-Whitepapers.webp

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

76445bfca8248f1a8d9de41d21883d905d83f1e578c744847fd0e07da806debf

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:07 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 29 Apr 2024 08:40:41 GMT
server: nginx
etag: "662f5d09-11fa"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 4602

GET
H2 200 Case-Studies-Feature-Images_Chubb.webp
www.netspi.com/wp-content/uploads/2024/04/ 3 KB
4 KB 135ms
135ms Image
image/webp 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netspi.com/wp-content/uploads/2024/04/Case-Studies-Feature-Images_Chubb.webp

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

da975cc8e69cd3a9228f7c35171e7e0f1d5079b2924e28a61e3b6e8394a6250a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:07 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 29 Apr 2024 08:39:13 GMT
server: nginx
etag: "662f5cb1-d36"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 3382

GET
H2 200 Partner-Page_Nav.webp
www.netspi.com/wp-content/uploads/2024/04/ 8 KB
8 KB 263ms
259ms Image
image/webp 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netspi.com/wp-content/uploads/2024/04/Partner-Page_Nav.webp

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

43b03636aee8f083adc26a2bf456c1511d817130906129c0789dab13f5b67b93

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:07 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 29 Apr 2024 08:39:54 GMT
server: nginx
etag: "662f5cda-1eaa"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 7850

GET
H2 200 blockquote-left.svg
www.netspi.com/wp-content/themes/netspi/assets/images/ 891 B
738 B 264ms
260ms Image
image/svg+xml 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netspi.com/wp-content/themes/netspi/assets/images/blockquote-left.svg

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

37ead971317cc138d5a41bddffb409ceaea6474944ed942ead0fc5c61e96926d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:07 GMT
content-security-policy: upgrade-insecure-requests
content-encoding: br
last-modified: Mon, 29 Apr 2024 08:50:58 GMT
server: nginx
etag: W/"662f5f72-37b"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 blockquote-right.svg
www.netspi.com/wp-content/themes/netspi/assets/images/ 894 B
785 B 264ms
261ms Image
image/svg+xml 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netspi.com/wp-content/themes/netspi/assets/images/blockquote-right.svg

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

9f3eb2fb9721cdd60408efbe45d1356920959aecc925ae3db880130525d4e197

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:07 GMT
content-security-policy: upgrade-insecure-requests
content-encoding: br
last-modified: Mon, 29 Apr 2024 08:50:58 GMT
server: nginx
etag: W/"662f5f72-37e"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 CVE-Picture1-1.png
www.netspi.com/wp-content/uploads/ 87 KB
87 KB 137ms
134ms Image
image/png 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netspi.com/wp-content/uploads/CVE-Picture1-1.png

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

352118d0dd2b0e2e18ee5183af53f76efdc79bff945e6e8afc5951c7af25bfcd

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:07 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Thu, 07 Mar 2024 18:24:08 GMT
server: nginx
etag: "65ea0648-15adb"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 88795

GET
H2 200 CVE_Picture2-1.png
www.netspi.com/wp-content/uploads/ 122 KB
123 KB 141ms
138ms Image
image/png 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netspi.com/wp-content/uploads/CVE_Picture2-1.png

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

4a888699ce2313ffded2a2f968703b071f5f3dbc3d2b2f180f55eaa126a1c304

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:07 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Thu, 07 Mar 2024 18:25:31 GMT
server: nginx
etag: "65ea069b-1e9da"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 125402

GET
H2 200 CVE-Picture3-1.png
www.netspi.com/wp-content/uploads/ 15 KB
15 KB 259ms
256ms Image
image/png 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netspi.com/wp-content/uploads/CVE-Picture3-1.png

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

d6c63bff99304a37f8465efde5518019609bb134fa38f67296997028491113ba

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:07 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 06 Mar 2024 21:55:37 GMT
server: nginx
etag: "65e8e659-3afd"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 15101

GET
H2 200 CVE-Picture4-1.png
www.netspi.com/wp-content/uploads/ 96 KB
97 KB 260ms
257ms Image
image/png 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netspi.com/wp-content/uploads/CVE-Picture4-1.png

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

c01d0f8a1e4b9d4ff9a8c58590752845b2c869c71a316a75179e1364589e9888

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:07 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 06 Mar 2024 21:55:51 GMT
server: nginx
etag: "65e8e667-18150"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 98640

GET
H2 200 PCVE-icture5-1.png
www.netspi.com/wp-content/uploads/ 6 KB
7 KB 261ms
258ms Image
image/png 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netspi.com/wp-content/uploads/PCVE-icture5-1.png

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

4a8b3a91195f8b05a7c0c49fd6d44f80dcef5fb2992c5bfdd6e81ef4bbda9661

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:07 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 06 Mar 2024 21:56:04 GMT
server: nginx
etag: "65e8e674-1986"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 6534

GET
H2 200 CVE-Picture6-1.png
www.netspi.com/wp-content/uploads/ 31 KB
31 KB 139ms
136ms Image
image/png 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netspi.com/wp-content/uploads/CVE-Picture6-1.png

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

fd59795ed0b9f6cdd067ce467bc51a4cea20b7270c1a3bd75d4547d2dc709cf0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:07 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Thu, 07 Mar 2024 18:26:27 GMT
server: nginx
etag: "65ea06d3-7c4d"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 31821

GET
H2 200 CVE-Picture7-2.png
www.netspi.com/wp-content/uploads/ 5 KB
5 KB 262ms
259ms Image
image/png 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netspi.com/wp-content/uploads/CVE-Picture7-2.png

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

2cad9d2591b46b967824bab58eb645f4fab0fa77b52cc62aba4c83eb3ce08939

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:07 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 06 Mar 2024 21:57:16 GMT
server: nginx
etag: "65e8e6bc-143a"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 5178

GET
H2 200 CVE-Picture8-1.png
www.netspi.com/wp-content/uploads/ 49 KB
50 KB 261ms
258ms Image
image/png 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netspi.com/wp-content/uploads/CVE-Picture8-1.png

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

ed84ea80dc668a3a681ffd92407c96d42afcd4d2e4668dc628d77cf0600ba402

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:07 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 06 Mar 2024 21:57:25 GMT
server: nginx
etag: "65e8e6c5-c4d5"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 50389

GET
H2 200 CVE-Picture9-1.png
www.netspi.com/wp-content/uploads/ 89 KB
90 KB 262ms
260ms Image
image/png 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netspi.com/wp-content/uploads/CVE-Picture9-1.png

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

6a09d74f31ff367a46efe884a835f5702a1b2596246fb7e10ad93aff5044260b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:07 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 06 Mar 2024 21:57:37 GMT
server: nginx
etag: "65e8e6d1-165fe"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 91646

GET
H2 200 CVE-Picture10-1.jpg
www.netspi.com/wp-content/uploads/ 113 KB
113 KB 389ms
386ms Image
image/jpeg 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netspi.com/wp-content/uploads/CVE-Picture10-1.jpg

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

87456cc45555f8379e0322ff11819374e8e317b9ca2f2b1117a5c0ac93636ea3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:07 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 06 Mar 2024 21:57:45 GMT
server: nginx
etag: "65e8e6d9-1c362"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 115554

GET
H2 200 CVE-Picture11-1.png
www.netspi.com/wp-content/uploads/ 164 KB
165 KB 389ms
386ms Image
image/png 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netspi.com/wp-content/uploads/CVE-Picture11-1.png

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

298df1df7b027b5888b71c9bead72d1d8e97add0f6e4d09c03842b6905aa6b63

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:07 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 06 Mar 2024 21:57:59 GMT
server: nginx
etag: "65e8e6e7-291d7"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 168407

GET
H2 200 CVE-Picture12-1.png
www.netspi.com/wp-content/uploads/ 246 KB
246 KB 389ms
387ms Image
image/png 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netspi.com/wp-content/uploads/CVE-Picture12-1.png

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

4754ead82c6c166bcdcdae09eca73f25c0925d6574a0183497e4e6259eaaa143

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:07 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 06 Mar 2024 21:58:09 GMT
server: nginx
etag: "65e8e6f1-3d64a"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 251466

GET
H2 200 CVE-Picture13-1.png
www.netspi.com/wp-content/uploads/ 93 KB
93 KB 389ms
387ms Image
image/png 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netspi.com/wp-content/uploads/CVE-Picture13-1.png

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

e7c61612783a79ffaa72ad0174c1d864d82982dd984bcd3d1b72ba7897b88a2d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:08 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 06 Mar 2024 21:58:20 GMT
server: nginx
etag: "65e8e6fc-17347"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 95047

GET
H2 200 CVE-Picture14-1.png
www.netspi.com/wp-content/uploads/ 524 KB
525 KB 390ms
387ms Image
image/png 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netspi.com/wp-content/uploads/CVE-Picture14-1.png

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

02e8487412658b70bf81cbea1522d115254c4c367727bdef67006b5ae1639556

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:08 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 06 Mar 2024 21:58:39 GMT
server: nginx
etag: "65e8e70f-831ed"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 537069

GET
H2 200 CVE-Picture15-1.png
www.netspi.com/wp-content/uploads/ 16 KB
16 KB 387ms
385ms Image
image/png 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netspi.com/wp-content/uploads/CVE-Picture15-1.png

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

bbd895ee5af334a15651bd4fa159a1ac3e6b37a53e7bb442d2b95ebce7d49028

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:07 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Thu, 07 Mar 2024 18:27:39 GMT
server: nginx
etag: "65ea071b-3e73"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 15987

GET
H2 200 CVE-Picture16-1.png
www.netspi.com/wp-content/uploads/ 276 KB
277 KB 388ms
386ms Image
image/png 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netspi.com/wp-content/uploads/CVE-Picture16-1.png

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

881c26199cd9bba9524baf406f23232db520693b2bb438227d0cf34e06520d7b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:07 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Thu, 07 Mar 2024 18:28:33 GMT
server: nginx
etag: "65ea0751-450cb"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 282827

GET
H2 200 CVE-Picture17-2.png
www.netspi.com/wp-content/uploads/ 275 KB
276 KB 374ms
372ms Image
image/png 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netspi.com/wp-content/uploads/CVE-Picture17-2.png

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

e9be41076c0417aecf27f87dad57af5241b054880313ba9bd83642171c50c94a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:07 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Thu, 07 Mar 2024 18:31:18 GMT
server: nginx
etag: "65ea07f6-44d87"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 281991

GET
H2 200 CVE-Picture18-1.png
www.netspi.com/wp-content/uploads/ 283 KB
284 KB 389ms
387ms Image
image/png 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netspi.com/wp-content/uploads/CVE-Picture18-1.png

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

ae475f9e322de440b06bf1bc21dc92b1b168f913708f436f7c0f0b389d87882e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:08 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Thu, 07 Mar 2024 18:32:02 GMT
server: nginx
etag: "65ea0822-46d99"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 290201

GET
H2 200 CVE-Picture19-1.png
www.netspi.com/wp-content/uploads/ 216 KB
217 KB 390ms
388ms Image
image/png 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netspi.com/wp-content/uploads/CVE-Picture19-1.png

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

5139f99647d2cbc8e286465bed8e325294e80c56e93368fde7836d1529b469dd

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:08 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Thu, 07 Mar 2024 18:32:51 GMT
server: nginx
etag: "65ea0853-3612c"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 221484

GET
H2 200 CVE-Picture20-1.png
www.netspi.com/wp-content/uploads/ 199 KB
200 KB 390ms
388ms Image
image/png 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netspi.com/wp-content/uploads/CVE-Picture20-1.png

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

58aca505dc878a5c288d9d649f45ad8b6110bc8f5f82ce88091ac597fe77b327

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:08 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Thu, 07 Mar 2024 18:33:35 GMT
server: nginx
etag: "65ea087f-31d31"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 204081

GET
H2 200 CVE-Picture21-1.png
www.netspi.com/wp-content/uploads/ 377 KB
377 KB 390ms
388ms Image
image/png 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netspi.com/wp-content/uploads/CVE-Picture21-1.png

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

be42fd17de893d0e925bebaa264b81449b0130c2c2daf0102736a1a5907b4adb

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:08 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Thu, 07 Mar 2024 18:34:18 GMT
server: nginx
etag: "65ea08aa-5e33f"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 385855

GET
H2 200 Nick-Landers_SQ-1.jpg
www.netspi.com/wp-content/uploads/2024/04/ 440 KB
440 KB 390ms
388ms Image
image/jpeg 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netspi.com/wp-content/uploads/2024/04/Nick-Landers_SQ-1.jpg

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

dd7af7ff91373b2d65ba0232b11be9c0a4fda5a7652c08755b866603905ffcd3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:08 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 29 Apr 2024 08:39:50 GMT
server: nginx
etag: "662f5cd6-6de3d"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 450109

GET
H2 200 Rich-Wolferd-1.jpg
www.netspi.com/wp-content/uploads/2024/04/ 167 KB
168 KB 390ms
389ms Image
image/jpeg 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netspi.com/wp-content/uploads/2024/04/Rich-Wolferd-1.jpg

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

334278005744c8d9dfcebf1661ca6900fcd418505c762db55068b2ab88dd230a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:08 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 29 Apr 2024 08:39:59 GMT
server: nginx
etag: "662f5cdf-29cee"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 171246

GET
H2 200 061824_EXEC_Mainframe-part-1-of-3_Feature.webp
www.netspi.com/wp-content/uploads/2024/06/ 8 KB
8 KB 386ms
385ms Image
image/webp 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netspi.com/wp-content/uploads/2024/06/061824_EXEC_Mainframe-part-1-of-3_Feature.webp

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

5baaba21de0bdc959e97c49cc9980a153c27601421a3dd08cadcbd83d28b77b6

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:07 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Tue, 18 Jun 2024 17:09:24 GMT
server: nginx
etag: "6671bf44-1e9e"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 7838

GET
H2 200 Blog-Feature-Images-14.webp
www.netspi.com/wp-content/uploads/2024/03/ 2 KB
3 KB 387ms
385ms Image
image/webp 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netspi.com/wp-content/uploads/2024/03/Blog-Feature-Images-14.webp

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

c2e3ed637b25748cd5fcfeb8394b1dc37e28e18d906acc541ffb7bb98bdd89b4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:07 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 29 Apr 2024 08:40:36 GMT
server: nginx
etag: "662f5d04-940"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 2368

GET
H2 200 053024_EXEC_DORA-QA_Feature.webp
www.netspi.com/wp-content/uploads/2024/05/ 4 KB
5 KB 384ms
383ms Image
image/webp 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netspi.com/wp-content/uploads/2024/05/053024_EXEC_DORA-QA_Feature.webp

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

0fec54b070e3924fcd1b9f466d7ae81a56ef8d98156c32daf43fb9e08b96aae0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:07 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 29 May 2024 16:20:50 GMT
server: nginx
etag: "665755e2-11a0"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 4512

GET
H2 200 forms2.min.js Show response
explore.netspi.com/js/forms2/js/ 199 KB
67 KB 333ms
60ms Script
application/x-javascript 104.16.96.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://explore.netspi.com/js/forms2/js/forms2.min.js

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.96.80 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0423f69dc0e5f863d923e48c8c61298979b1c3fbdacbf6976d2b36f160bdea88

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Thu, 30 May 2024 20:57:39 GMT
server: cloudflare
age: 3375
etag: "1c00ac7-31b30-619b21e0856c0"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=14400
cf-ray: 89894fb17dd5774a-LHR
expires: Mon, 24 Jun 2024 06:33:08 GMT

GET
H2 200 logo-2.svg
www.netspi.com/wp-content/uploads/2024/04/ 3 KB
2 KB 371ms
370ms Image
image/svg+xml 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netspi.com/wp-content/uploads/2024/04/logo-2.svg

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

6c4f55f918407057b3de08e464d15b3e8f9f7c9a197b5e3c9f4ac7e0df43caa9

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:07 GMT
content-security-policy: upgrade-insecure-requests
content-encoding: br
last-modified: Mon, 29 Apr 2024 08:40:27 GMT
server: nginx
etag: W/"662f5cfb-b18"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 gdpr-cookie-consent-public.min.css
www.netspi.com/wp-content/plugins/gdpr-cookie-consent/public/css/ 46 KB
6 KB 137ms
133ms Stylesheet
text/css 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netspi.com/wp-content/plugins/gdpr-cookie-consent/public/css/gdpr-cookie-consent-public.min.css?ver=3.3.1

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

6a18781ed68182d00fc3c53f6f07a8d7fb0bdbde70c89796e7528e89c8b72856

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:07 GMT
content-security-policy: upgrade-insecure-requests
content-encoding: br
last-modified: Fri, 21 Jun 2024 14:13:38 GMT
server: nginx
etag: W/"66758a92-b95a"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 gdpr-cookie-consent-public-custom.min.css
www.netspi.com/wp-content/plugins/gdpr-cookie-consent/public/css/ 0
225 B 264ms
260ms Stylesheet
text/css 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netspi.com/wp-content/plugins/gdpr-cookie-consent/public/css/gdpr-cookie-consent-public-custom.min.css?ver=3.3.1

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:07 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Fri, 21 Jun 2024 14:13:38 GMT
server: nginx
etag: "66758a92-0"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 0

GET
H3 200 embed.min.js Show response
widget.tagembed.com/ 2 KB
1 KB 112ms
53ms Script
application/javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.tagembed.com/embed.min.js?ver=5.8

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bdaa80c8ea74a5ab9597204ffb25a47df6ac4533257c4c893f0aad079237dbfe

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3162
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"8aae96a275291c73ee9c39e4fbf7f3c1"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u0bktpyXy04ZS0DLXO7Dx9BzacnvX6lTFLdeZi8RsZbFAy3zB4N2Fek%2FzxoDqh2VVO8axBzsd9ELLwPkOkz%2BnQy1rJZaRocLzpISLodDKF5gTyGtix4sd%2F4CoWpbFHdI%2Bi731U0P"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000, must-revalidate
cf-ray: 89894fb02ee74188-LHR

GET
H2 200 spectra-block-positioning.min.js Show response
www.netspi.com/wp-content/plugins/ultimate-addons-for-gutenberg/assets/js/ 4 KB
1 KB 265ms
260ms Script
application/javascript 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netspi.com/wp-content/plugins/ultimate-addons-for-gutenberg/assets/js/spectra-block-positioning.min.js?ver=2.13.7

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

6e9effa5c94b72bad941cc517abf76c9c59d423b33418d95f5b4fbcbd1bde8f3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:07 GMT
content-security-policy: upgrade-insecure-requests
content-encoding: br
last-modified: Thu, 20 Jun 2024 15:38:26 GMT
server: nginx
etag: W/"66744cf2-117f"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 slick.min.js Show response
cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/ 42 KB
11 KB 29ms
24ms Script
application/javascript 2a04:4e42:400::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.min.js?ver=1.8.1

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 24 Jun 2024 02:33:07 GMT
x-content-type-options: nosniff
content-encoding: br
age: 12311886
x-jsd-version: 1.8.1
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 11325
x-served-by: cache-fra-eddf8230096-FRA, cache-man4131-MAN
x-jsd-version-type: version
etag: W/"a76f-O0GzvJVmhQFaNHoiOOcdsp36Dbs"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 main.js Show response
www.netspi.com/wp-content/themes/netspi/assets/js/ 92 KB
19 KB 264ms
261ms Script
application/javascript 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netspi.com/wp-content/themes/netspi/assets/js/main.js

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

7bb02736ce3a675089225f77df399ad34962fb2bd69d6c046ff28d3d4c5a0b5c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:07 GMT
content-security-policy: upgrade-insecure-requests
content-encoding: br
last-modified: Tue, 07 May 2024 14:43:26 GMT
server: nginx
etag: W/"663a3e0e-171fb"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 enlighterjs.min.js Show response
www.netspi.com/wp-content/plugins/enlighter/cache/ 62 KB
18 KB 264ms
261ms Script
application/javascript 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netspi.com/wp-content/plugins/enlighter/cache/enlighterjs.min.js?ver=3u8ujn1bPOn/RsD

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

b2d31599822dae1353d655633c6dbd9454ef2138d172798f4a91119eedd6d89d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:07 GMT
content-security-policy: upgrade-insecure-requests
content-encoding: br
last-modified: Mon, 29 Apr 2024 20:52:18 GMT
server: nginx
etag: W/"66300882-f756"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 bootstrap.bundle.js Show response
www.netspi.com/wp-content/plugins/gdpr-cookie-consent/public/js/bootstrap/ 223 KB
49 KB 262ms
258ms Script
application/javascript 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netspi.com/wp-content/plugins/gdpr-cookie-consent/public/js/bootstrap/bootstrap.bundle.js?ver=3.3.1

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

5dcb7767499a23281e3ffc82f81f58ad88d573c4d53b4f5315ae0f63eff79e9a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:07 GMT
content-security-policy: upgrade-insecure-requests
content-encoding: br
last-modified: Fri, 21 Jun 2024 14:13:38 GMT
server: nginx
etag: W/"66758a92-37b1a"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 gdpr-cookie-consent-public.min.js Show response
www.netspi.com/wp-content/plugins/gdpr-cookie-consent/public/js/ 42 KB
8 KB 262ms
259ms Script
application/javascript 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netspi.com/wp-content/plugins/gdpr-cookie-consent/public/js/gdpr-cookie-consent-public.min.js?ver=3.3.1%27%20async=%27async

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

a269d0b8e6d264b46171f71edaec6c076ccae95caf824f73607e59df38fffd04

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:07 GMT
content-security-policy: upgrade-insecure-requests
content-encoding: br
last-modified: Fri, 21 Jun 2024 14:13:38 GMT
server: nginx
etag: W/"66758a92-a85d"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 331 KB
110 KB 162ms
66ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-K2QXZJ3

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

38c5e3ed3d341dd5805148e510472f0958afa14e8a2c4a462e7ff0f7a48cb5d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:07 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 111785
x-xss-protection: 0
last-modified: Mon, 24 Jun 2024 00:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 24 Jun 2024 02:33:07 GMT

GET
H2 200 Systemia-Light.ttf
www.netspi.com/wp-content/themes/netspi/assets/fonts/ 132 KB
133 KB 360ms
359ms Font
application/octet-stream 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netspi.com/wp-content/themes/netspi/assets/fonts/Systemia-Light.ttf

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/wp-content/themes/netspi/assets/css/main.css?ver=6.5.4

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

d51720f0e2776240eb32dbee72b1f7575339298fe84e5fbd90ed6f61c746f452

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/wp-content/themes/netspi/assets/css/main.css?ver=6.5.4
Origin: https://www.netspi.com
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:07 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 29 Apr 2024 08:50:59 GMT
server: nginx
etag: "662f5f73-211d8"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 135640

GET
H2 200 Systemia-Semibold.ttf
www.netspi.com/wp-content/themes/netspi/assets/fonts/ 132 KB
132 KB 360ms
359ms Font
application/octet-stream 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netspi.com/wp-content/themes/netspi/assets/fonts/Systemia-Semibold.ttf

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/wp-content/themes/netspi/assets/css/main.css?ver=6.5.4

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

1aa235492307fc32a68f87b3b9a6dcc68dfe85ccd176d498b959e0d0e5c4f8ee

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/wp-content/themes/netspi/assets/css/main.css?ver=6.5.4
Origin: https://www.netspi.com
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:07 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 29 Apr 2024 08:50:59 GMT
server: nginx
etag: "662f5f73-20ff8"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 135160

GET
H2 200 Systemia-Medium.ttf
www.netspi.com/wp-content/themes/netspi/assets/fonts/ 132 KB
132 KB 360ms
358ms Font
application/octet-stream 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netspi.com/wp-content/themes/netspi/assets/fonts/Systemia-Medium.ttf

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/wp-content/themes/netspi/assets/css/main.css?ver=6.5.4

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

8d1429128b1d2a472af135cd0fb8be7b2dbe05e28ad5ad8f781e0e3e2e9d5660

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/wp-content/themes/netspi/assets/css/main.css?ver=6.5.4
Origin: https://www.netspi.com
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:07 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 29 Apr 2024 08:50:59 GMT
server: nginx
etag: "662f5f73-21050"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 135248

GET
H2 200 Systemia-Regular.ttf
www.netspi.com/wp-content/themes/netspi/assets/fonts/ 133 KB
133 KB 358ms
357ms Font
application/octet-stream 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netspi.com/wp-content/themes/netspi/assets/fonts/Systemia-Regular.ttf

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/wp-content/themes/netspi/assets/css/main.css?ver=6.5.4

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

12c979aea1f9805e559aedcdac73e21fcf2aff852b3afd94f281858a857f9e8d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/wp-content/themes/netspi/assets/css/main.css?ver=6.5.4
Origin: https://www.netspi.com
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:07 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 29 Apr 2024 08:50:59 GMT
server: nginx
etag: "662f5f73-21200"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 135680

GET
H2 200 RobotoMono-Regular.ttf
www.netspi.com/wp-content/themes/netspi/assets/fonts/ 123 KB
123 KB 360ms
359ms Font
application/octet-stream 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netspi.com/wp-content/themes/netspi/assets/fonts/RobotoMono-Regular.ttf

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/wp-content/themes/netspi/assets/css/main.css?ver=6.5.4

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

7432e74ff02682c6e207be405f00381569ec96aa247d232762fe721ae41b39e2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/wp-content/themes/netspi/assets/css/main.css?ver=6.5.4
Origin: https://www.netspi.com
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:07 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 29 Apr 2024 08:50:59 GMT
server: nginx
etag: "662f5f73-1ea94"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 125588

GET
H2 200 Systemia-Bold.ttf
www.netspi.com/wp-content/themes/netspi/assets/fonts/ 132 KB
132 KB 360ms
359ms Font
application/octet-stream 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netspi.com/wp-content/themes/netspi/assets/fonts/Systemia-Bold.ttf

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/wp-content/themes/netspi/assets/css/main.css?ver=6.5.4

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

88d9516344ee9330948beee567eefd7a8da9b8b58bef12556bbdbf630320cae9

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/wp-content/themes/netspi/assets/css/main.css?ver=6.5.4
Origin: https://www.netspi.com
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:07 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 29 Apr 2024 08:50:59 GMT
server: nginx
etag: "662f5f73-20e00"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 134656

GET
H2 200 Systemia-LightItalic.ttf
www.netspi.com/wp-content/themes/netspi/assets/fonts/ 137 KB
137 KB 361ms
360ms Font
application/octet-stream 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netspi.com/wp-content/themes/netspi/assets/fonts/Systemia-LightItalic.ttf

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/wp-content/themes/netspi/assets/css/main.css?ver=6.5.4

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

30f08ddbe6bd2e3916e0f76e664e0ea5194ea1ec74a9739b3a9813a94d419e27

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/wp-content/themes/netspi/assets/css/main.css?ver=6.5.4
Origin: https://www.netspi.com
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:07 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 29 Apr 2024 08:50:59 GMT
server: nginx
etag: "662f5f73-22378"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 140152

GET
H2 200 Systemia-MediumItalic.ttf
www.netspi.com/wp-content/themes/netspi/assets/fonts/ 137 KB
137 KB 361ms
360ms Font
application/octet-stream 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netspi.com/wp-content/themes/netspi/assets/fonts/Systemia-MediumItalic.ttf

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/wp-content/themes/netspi/assets/css/main.css?ver=6.5.4

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

8be8862c19534fb2c32a487868dacbdf26459eca4a1bb9076791b45fa9515d9c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/wp-content/themes/netspi/assets/css/main.css?ver=6.5.4
Origin: https://www.netspi.com
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:07 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 29 Apr 2024 08:50:59 GMT
server: nginx
etag: "662f5f73-222d0"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 139984

GET
H2 200 Systemia-Italic.ttf
www.netspi.com/wp-content/themes/netspi/assets/fonts/ 137 KB
137 KB 362ms
361ms Font
application/octet-stream 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netspi.com/wp-content/themes/netspi/assets/fonts/Systemia-Italic.ttf

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/wp-content/themes/netspi/assets/css/main.css?ver=6.5.4

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

483f198c558b3f6c26405826a1bcfca0544599f17efef831fbca54edd58b0ae3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/wp-content/themes/netspi/assets/css/main.css?ver=6.5.4
Origin: https://www.netspi.com
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:07 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 29 Apr 2024 08:50:59 GMT
server: nginx
etag: "662f5f73-222d4"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 139988

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 329 KB
107 KB 93ms
92ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-BVEZXBBWG7&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K2QXZJ3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c8d65e561e810934794f6c6b379bad7ed5504613df81bd3b48fc537b48194cfc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:08 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 109481
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 24 Jun 2024 02:33:08 GMT

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ 238 KB
85 KB 60ms
60ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-1037035167&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K2QXZJ3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

68f832ce140ffc60b80a8d000cc665b57b43d3943c36f47f67e119a3380339a4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:08 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 86757
x-xss-protection: 0
last-modified: Mon, 24 Jun 2024 00:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 24 Jun 2024 02:33:08 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 38 KB
14 KB 159ms
46ms Script
application/javascript 2a02:26f0:3500:10::210:a98
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K2QXZJ3

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:10::210:a98 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

942a9ba1fe78b402e8b52b83058dbbabde8db6b4d1debf960d6d5afe5192db52

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 18 Jun 2024 16:46:52 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=21679
accept-ranges: bytes
content-length: 14004

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 140ms
42ms Script
application/x-javascript 88.221.60.75
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: t.co
URL: https://t.co/eznxII9y9T
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.221.60.75 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a88-221-60-75.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Mon, 24 Jun 2024 02:33:08 GMT
Content-Encoding: gzip
Last-Modified: Fri, 17 Mar 2023 01:24:48 GMT
Server: AkamaiNetStorage
ETag: "cb731cc5c2bd9f31d6bfeb19f3c8b1ff:1679016288.730763"
Vary: Accept-Encoding
Content-Type: application/x-javascript
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 729

GET
H2 200 checkbox.svg
www.netspi.com/wp-content/themes/netspi/assets/images/ 185 B
399 B 384ms
384ms Image
image/svg+xml 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netspi.com/wp-content/themes/netspi/assets/images/checkbox.svg

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/wp-content/themes/netspi/assets/css/main.css?ver=6.5.4

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

39c8d9c734bbef2017f08838db55e01590493fdf7533dd1878e41ff01d345c56

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/wp-content/themes/netspi/assets/css/main.css?ver=6.5.4
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:08 GMT
content-security-policy: upgrade-insecure-requests
content-encoding: br
last-modified: Mon, 29 Apr 2024 08:50:58 GMT
server: nginx
etag: W/"662f5f72-b9"
vary: Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 getForm Show response
explore.netspi.com/index.php/form/ 22 KB
5 KB 96ms
95ms Script
application/javascript 104.16.96.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://explore.netspi.com/index.php/form/getForm?munchkinId=218-VHM-543&form=1055&url=https%3A%2F%2Fwww.netspi.com%2Fblog%2Ftechnical-blog%2Fadversary-simulation%2Fmicrosoft-outlook-remote-code-execution-cve-2024-21378%2F&callback=jQuery3710010794565767177966_1719196388173&_=1719196388174
Requested by: Host: explore.netspi.com
URL: https://explore.netspi.com/js/forms2/js/forms2.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.16.96.80 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cae0f87a3f47f57c552b0e9469bfbf46e21b2e51cabcd3e7d37e114ac8578bf6

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:08 GMT
content-encoding: gzip
server: cloudflare
cf-ray: 89894fb24e41774a-LHR
cached: true
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8

GET
H2 200 RobotoMono-Light.ttf
www.netspi.com/wp-content/themes/netspi/assets/fonts/ 126 KB
126 KB 323ms
322ms Font
application/octet-stream 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netspi.com/wp-content/themes/netspi/assets/fonts/RobotoMono-Light.ttf

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/wp-content/themes/netspi/assets/css/main.css?ver=6.5.4

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

4f1220ab0b472ddaa9c7cb0057639ca685b6fab04aa85d9e130191970fa3557c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/wp-content/themes/netspi/assets/css/main.css?ver=6.5.4
Origin: https://www.netspi.com
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:08 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 29 Apr 2024 08:50:59 GMT
server: nginx
etag: "662f5f73-1f848"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 129096

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1037035167/ 4 KB
2 KB 139ms
53ms Script
text/javascript 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1037035167/?random=1719196388263&cv=11&fst=1719196388263&bg=ffffff&guid=ON&async=1&gtm=45be46j0v9167099490z878033417za201zb78033417&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.netspi.com%2Fblog%2Ftechnical-blog%2Fadversary-simulation%2Fmicrosoft-outlook-remote-code-execution-cve-2024-21378%2F&ref=https%3A%2F%2Ft.co%2F&hn=www.googleadservices.com&frm=0&tiba=Exploiting%20CVE-2024-21378%20%E2%80%93%20Remote%20Code%20Execution%20in%20Microsoft%20Outlook&npa=0&pscdl=noapi&auid=1058935973.1719196388&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.114%7CGoogle%2520Chrome%3B126.0.6478.114&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&fdr=QA&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-1037035167&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

cafe /

Resource Hash

8872a0ef66ce9add216f4af2df1ba7067912d8bc5b294a1d335190f55d375dc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 24 Jun 2024 02:33:08 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1542
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 froogaloop2.min.js Show response
www.netspi.com/wp-content/plugins/wonderplugin-lightbox/engine/ 2 KB
1 KB 289ms
288ms Script
application/javascript 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netspi.com/wp-content/plugins/wonderplugin-lightbox/engine/froogaloop2.min.js

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/wp-content/plugins/wonderplugin-lightbox/engine/wonderpluginlightbox.js?ver=10.4.1PRO

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

fc46f44565a092c856a6d70471d942caca57598049a85ce80366c1c5831d0f3e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:08 GMT
content-security-policy: upgrade-insecure-requests
content-encoding: br
last-modified: Thu, 20 Jun 2024 15:38:28 GMT
server: nginx
etag: W/"66744cf4-6e9"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 iframe_api Show response
www.youtube.com/ 993 B
2 KB 167ms
69ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/wp-content/plugins/wonderplugin-lightbox/engine/wonderpluginlightbox.js?ver=10.4.1PRO

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a4e88216e4b2485d3a1d2a86a9ff63d2bdb82c739587057e1477d7b12235bd84

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:08 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: br
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en-GB for more info."
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server: ESF
x-frame-options: SAMEORIGIN
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
content-type: text/javascript; charset=utf-8
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: private, max-age=0
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
origin-trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
expires: Mon, 24 Jun 2024 02:33:08 GMT

GET
H2 200 mhfontello.css
www.netspi.com/wp-content/plugins/wonderplugin-lightbox/engine/icons/css/ 6 KB
2 KB 288ms
288ms Stylesheet
text/css 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netspi.com/wp-content/plugins/wonderplugin-lightbox/engine/icons/css/mhfontello.css

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

af5373fe78528cb85dcf36bc7e5d21d8938e69a51ac051daedc98c989af76f9b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:08 GMT
content-security-policy: upgrade-insecure-requests
content-encoding: br
last-modified: Thu, 20 Jun 2024 15:38:28 GMT
server: nginx
etag: W/"66744cf4-1624"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 caret-down.svg
www.netspi.com/wp-content/themes/netspi/assets/images/ 344 B
495 B 284ms
284ms Image
image/svg+xml 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netspi.com/wp-content/themes/netspi/assets/images/caret-down.svg

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/wp-content/themes/netspi/assets/css/main.css?ver=6.5.4

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

1c6b369cdacf4dc7dda9f815f22482dbdbdb33febdc504178b6bf57d77c895f1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/wp-content/themes/netspi/assets/css/main.css?ver=6.5.4
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:08 GMT
content-security-policy: upgrade-insecure-requests
content-encoding: br
last-modified: Mon, 29 Apr 2024 08:50:58 GMT
server: nginx
etag: W/"662f5f72-158"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

POST
H2 200 admin-ajax.php Show response
www.netspi.com/wp-admin/ 1 B
429 B 388ms
388ms XHR
text/html 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netspi.com/wp-admin/admin-ajax.php

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx / WP Engine

Resource Hash

5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/
X-Requested-With: XMLHttpRequest
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:08 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
content-encoding: br
server: nginx
x-powered-by: WP Engine
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.netspi.com
cache-control: no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
x-robots-tag: noindex
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/163/ 11 KB
5 KB 46ms
46ms Script
application/x-javascript 88.221.60.75
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/163/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.221.60.75 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a88-221-60-75.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Mon, 24 Jun 2024 02:33:08 GMT
Content-Encoding: gzip
Last-Modified: Fri, 06 Jan 2023 02:26:40 GMT
Server: AkamaiNetStorage
ETag: "ea7826f34518d7c2295738f39c7640fa:1672972000.238769"
Vary: Accept-Encoding
Content-Type: application/x-javascript
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4741
Expires: Wed, 02 Oct 2024 02:33:08 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
253 B 123ms
43ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-BVEZXBBWG7&gtm=45je46j0v893812811z878033417za200zb78033417&_p=1719196387792&_gaz=1&gcd=13l3l3l3l1&npa=0&dma=0&tag_exp=0&cid=2021203848.1719196388&ul=en-gb&sr=1600x1200&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.114%7CGoogle%2520Chrome%3B126.0.6478.114&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1719196388&sct=1&seg=0&dl=https%3A%2F%2Fwww.netspi.com%2Fblog%2Ftechnical-blog%2Fadversary-simulation%2Fmicrosoft-outlook-remote-code-execution-cve-2024-21378%2F&dr=https%3A%2F%2Ft.co%2F&dt=Exploiting%20CVE-2024-21378%20%E2%80%93%20Remote%20Code%20Execution%20in%20Microsoft%20Outlook&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1470&_z=sendBeacon
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-BVEZXBBWG7&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 24 Jun 2024 02:33:08 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.netspi.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
244 B 123ms
43ms Ping
text/plain 2a00:1450:400c:c06::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-BVEZXBBWG7&cid=2021203848.1719196388&gtm=45je46j0v893812811z878033417za200zb78033417&aip=1&dma=0&gcd=13l3l3l3l1&npa=0&frm=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-BVEZXBBWG7&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c06::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 24 Jun 2024 02:33:08 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.netspi.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.co.uk/ads/ 42 B
63 B 103ms
52ms Image
image/gif 172.217.18.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.uk/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-BVEZXBBWG7&cid=2021203848.1719196388&gtm=45je46j0v893812811z878033417za200zb78033417&aip=1&dma=0&gcd=13l3l3l3l1&npa=0&frm=0&z=1388384664

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.3 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 24 Jun 2024 02:33:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
813 B 204ms
132ms XHR
application/json 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=1614116&time=1719196388342&url=https%3A%2F%2Fwww.netspi.com%2Fblog%2Ftechnical-blog%2Fadversary-simulation%2Fmicrosoft-outlook-remote-code-execution-cve-2024-21378%2F
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept: *
Referer: https://www.netspi.com/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:07 GMT
content-encoding: gzip
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 6686262A810B4FF9B91A21BF77A2659C Ref B: LON04EDGE0715 Ref C: 2024-06-24T02:33:08Z
access-control-allow-methods: GET, OPTIONS
x-li-fabric: prod-lva1
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
content-type: application/json
x-li-proto: http/2
x-restli-protocol-version: 1.0.0
access-control-allow-headers: *
x-li-uuid: AAYbmZoIusmcnjj5UJA9Cw==
x-fs-uuid: 00061b999a08bac99c9e38f950903d0b

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1614116&time=1719196388342&url=https%3A%2F%2Fwww.netspi.com%2Fblog%2Ftechnical-blog%2Fadversary-simulation%2Fmicrosoft-outlook-remote-code-executi...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1614116&time=1719196388342&url=https%3A%2F%2Fwww.netspi.com%2Fblog%2Ftechnical-blog%2Fadversary-simulation%2Fmicrosoft-outlook-remote-code-executi...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D1614116%26time%3D1719196388342%26url%3Dhttps%253A%252F%252Fwww.netspi.com%252Fblo...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1614116&time=1719196388342&url=https%3A%2F%2Fwww.netspi.com%2Fblog%2Ftechnical-blog%2Fadversary-simulation%2Fmicrosoft-outlook-remote-code-executi...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1614116&time=1719196388342&url=https%3A%2F%2Fwww.netspi.com%2Fblog%2Ftechnical-blog%2Fadversary-simulation%2Fmicrosoft-outlook-remote-code-execut...

0
266 B

218ms
141ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1614116&time=1719196388342&url=https%3A%2F%2Fwww.netspi.com%2Fblog%2Ftechnical-blog%2Fadversary-simulation%2Fmicrosoft-outlook-remote-code-execution-cve-2024-21378%2F&cookiesTest=true&liSync=true&e_ipv6=AQI9YxjIjiscKAAAAZBIFw4QP7MU7SWm6UAWRqZ0Psaf4ZSa4Low-dFNr9piz50mQX05
Requested by: Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9;q=0.9
Referer: https://www.netspi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 24 Jun 2024 02:33:08 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: F1FF3BAAFD3D48FC826D148ED23ED063 Ref B: LTSEDGE0909 Ref C: 2024-06-24T02:33:09Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lva1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYbmZoSKXPICiN5UPhGLg==

Redirect headers

date: Mon, 24 Jun 2024 02:33:07 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: ADF75A128C414EE8A329B2AE02EBBE7F Ref B: LON04EDGE0710 Ref C: 2024-06-24T02:33:08Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1614116&time=1719196388342&url=https%3A%2F%2Fwww.netspi.com%2Fblog%2Ftechnical-blog%2Fadversary-simulation%2Fmicrosoft-outlook-remote-code-execution-cve-2024-21378%2F&cookiesTest=true&liSync=true&e_ipv6=AQI9YxjIjiscKAAAAZBIFw4QP7MU7SWm6UAWRqZ0Psaf4ZSa4Low-dFNr9piz50mQX05
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYbmZoO0qIFPcEvUtXc7w==

GET
H2 200 forms2.css
explore.netspi.com/js/forms2/css/ 13 KB
3 KB 59ms
59ms Stylesheet
text/css 104.16.96.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://explore.netspi.com/js/forms2/css/forms2.css

Requested by

Host: explore.netspi.com
URL: https://explore.netspi.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.96.80 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Thu, 30 May 2024 20:57:39 GMT
server: cloudflare
age: 3373
etag: "3041674-3437-619b21e0856c0"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 89894fb34ec2774a-LHR
content-length: 2623
expires: Mon, 24 Jun 2024 06:33:08 GMT

GET
H2 200 forms2-theme-simple.css
explore.netspi.com/js/forms2/css/ 826 B
342 B 57ms
57ms Stylesheet
text/css 104.16.96.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://explore.netspi.com/js/forms2/css/forms2-theme-simple.css

Requested by

Host: explore.netspi.com
URL: https://explore.netspi.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.96.80 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

14c8c62dc692fd8faa04434e3fed25e7c23d596b732f9db88f6e9f9ff5dfa61c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Thu, 30 May 2024 20:57:39 GMT
server: cloudflare
age: 3373
etag: "304166e-33a-619b21e0856c0"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 89894fb34ec3774a-LHR
content-length: 242
expires: Mon, 24 Jun 2024 06:33:08 GMT

GET
H2 200 RobotoMono-Light.ttf
explore.netspi.com/rs/218-VHM-543/images/ 116 KB
68 KB 274ms
186ms Font
text/plain 104.16.96.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://explore.netspi.com/rs/218-VHM-543/images/RobotoMono-Light.ttf

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.96.80 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

558b48dcf2c72a984cdd4523beec1c4eb44d20f76bf4ce050dc667c29797391d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/
Origin: https://www.netspi.com
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: EXPIRED
last-modified: Sat, 08 Jun 2024 01:51:59 GMT
server: cloudflare
etag: W/"1d00830-1d0c0-61a57296faea1"
vary: Accept-Encoding
content-type: text/plain
access-control-allow-origin: *
cache-control: public, max-age=60
cf-ray: 89894fb3d9cc77a8-LHR
expires: Mon, 24 Jun 2024 02:34:08 GMT

GET
H2 200 RobotoMono-Regular.ttf
explore.netspi.com/rs/218-VHM-543/images/ 112 KB
66 KB 275ms
187ms Font
text/plain 104.16.96.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://explore.netspi.com/rs/218-VHM-543/images/RobotoMono-Regular.ttf

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.96.80 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

30215394ebfc91e4a38c805ef8b39b9a781a0933e61eb5faac0206f88de0d28d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/
Origin: https://www.netspi.com
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
last-modified: Sat, 08 Jun 2024 01:51:59 GMT
server: cloudflare
etag: W/"30e0696-1bfc0-61a57296f9ef2"
vary: Accept-Encoding
content-type: text/plain
access-control-allow-origin: *
cache-control: public, max-age=60
cf-ray: 89894fb3e9cf77a8-LHR
expires: Mon, 24 Jun 2024 02:34:08 GMT

GET
H2 200 Systemia-Light.otf
explore.netspi.com/rs/218-VHM-543/images/ 115 KB
70 KB 229ms
141ms Font
text/plain 104.16.96.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://explore.netspi.com/rs/218-VHM-543/images/Systemia-Light.otf

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.96.80 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

daa0679ca63828d1fc161d6dad1b0428f3cd830e9eb057f060492abddde89809

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/
Origin: https://www.netspi.com
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: EXPIRED
last-modified: Sat, 08 Jun 2024 01:51:29 GMT
server: cloudflare
etag: W/"30e068a-1cc74-61a5727a2721a"
vary: Accept-Encoding
content-type: text/plain
access-control-allow-origin: *
cache-control: public, max-age=60
cf-ray: 89894fb3e9d077a8-LHR
expires: Mon, 24 Jun 2024 02:34:08 GMT

GET
H2 200 Systemia-Medium.otf
explore.netspi.com/rs/218-VHM-543/images/ 116 KB
71 KB 318ms
230ms Font
text/plain 104.16.96.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://explore.netspi.com/rs/218-VHM-543/images/Systemia-Medium.otf

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.96.80 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e5456d82c1ca8fd58d940b0cdd3f00bc5ce40f9cdf6313c85b644c0fdd75561f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/
Origin: https://www.netspi.com
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
last-modified: Sat, 08 Jun 2024 01:55:28 GMT
server: cloudflare
etag: W/"1d0088e-1cf4c-61a5735e48474"
vary: Accept-Encoding
content-type: text/plain
access-control-allow-origin: *
cache-control: public, max-age=60
cf-ray: 89894fb42a0177a8-LHR
expires: Mon, 24 Jun 2024 02:34:08 GMT

GET
H2 200 Systemia-Semibold.otf
explore.netspi.com/rs/218-VHM-543/images/ 118 KB
72 KB 801ms
713ms Font
text/plain 104.16.96.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://explore.netspi.com/rs/218-VHM-543/images/Systemia-Semibold.otf

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.96.80 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

42abeb2837f73ef12126eb4a384367becbdcdd183e26979969c5c66c1d5e78fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/
Origin: https://www.netspi.com
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: EXPIRED
last-modified: Sat, 08 Jun 2024 01:52:00 GMT
server: cloudflare
etag: W/"30e0697-1d64c-61a57297148bc"
vary: Accept-Encoding
content-type: text/plain
access-control-allow-origin: *
cache-control: public, max-age=60
cf-ray: 89894fb3e9d477a8-LHR
expires: Mon, 24 Jun 2024 02:34:08 GMT

GET
H2 200 Systemia-Regular.otf
explore.netspi.com/rs/218-VHM-543/images/ 115 KB
70 KB 274ms
187ms Font
text/plain 104.16.96.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://explore.netspi.com/rs/218-VHM-543/images/Systemia-Regular.otf

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.96.80 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a79a91b3cfd0550b1fb9af6a5b2188cf2371c7244bbd64c27baa9b9c83848362

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/
Origin: https://www.netspi.com
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
last-modified: Sat, 08 Jun 2024 01:51:59 GMT
server: cloudflare
etag: W/"30e0695-1cbcc-61a57296f9b0a"
vary: Accept-Encoding
content-type: text/plain
access-control-allow-origin: *
cache-control: public, max-age=60
cf-ray: 89894fb3d9cd77a8-LHR
expires: Mon, 24 Jun 2024 02:34:08 GMT

GET
H2 200 Systemia-LightItalic.otf
explore.netspi.com/rs/218-VHM-543/images/ 118 KB
72 KB 272ms
184ms Font
text/plain 104.16.96.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://explore.netspi.com/rs/218-VHM-543/images/Systemia-LightItalic.otf

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.96.80 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e62fa7ae4386e906bb1fa0eef7239af152bf0b0e04ba5894c5e17ce39f6eb1cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/
Origin: https://www.netspi.com
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: EXPIRED
last-modified: Sat, 08 Jun 2024 03:11:04 GMT
server: cloudflare
etag: W/"1d00a6a-1d66c-61a58443c77b7"
vary: Accept-Encoding
content-type: text/plain
access-control-allow-origin: *
cache-control: public, max-age=60
cf-ray: 89894fb3e9d377a8-LHR
expires: Mon, 24 Jun 2024 02:34:08 GMT

GET
H2 200 Systemia-MediumItalic.otf
explore.netspi.com/rs/218-VHM-543/images/ 118 KB
73 KB 274ms
187ms Font
text/plain 104.16.96.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://explore.netspi.com/rs/218-VHM-543/images/Systemia-MediumItalic.otf

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.96.80 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

efea194874b4eddd0c771cc4955b4a71a37b486de1ecc4c8e8edabaa136ebdd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/
Origin: https://www.netspi.com
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: EXPIRED
last-modified: Sat, 08 Jun 2024 04:30:51 GMT
server: cloudflare
etag: W/"1d00b71-1d7ec-61a596191a5a8"
vary: Accept-Encoding
content-type: text/plain
access-control-allow-origin: *
cache-control: public, max-age=60
cf-ray: 89894fb3d9ce77a8-LHR
expires: Mon, 24 Jun 2024 02:34:08 GMT

GET
H2 200 Systemia-Italic.otf
explore.netspi.com/rs/218-VHM-543/images/ 118 KB
72 KB 274ms
187ms Font
text/plain 104.16.96.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://explore.netspi.com/rs/218-VHM-543/images/Systemia-Italic.otf

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.96.80 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8f1e5e5c9a24432e438b3bb12f8fce0b57964b0e176928cec6d70be83bb4ed52

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/
Origin: https://www.netspi.com
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: EXPIRED
last-modified: Sat, 08 Jun 2024 02:42:01 GMT
server: cloudflare
etag: W/"30e0ae5-1d770-61a57dc5561b7"
vary: Accept-Encoding
content-type: text/plain
access-control-allow-origin: *
cache-control: public, max-age=60
cf-ray: 89894fb3e9d177a8-LHR
expires: Mon, 24 Jun 2024 02:34:08 GMT

POST
H/1.1 200
OK visitWebPage
218-vhm-543.mktoresp.com/webevents/ 2 B
318 B 646ms
126ms Ping
text/plain 192.28.144.124
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL: https://218-vhm-543.mktoresp.com/webevents/visitWebPage?_mchNc=1719196388363&_mchCn=&_mchId=218-VHM-543&_mchTk=_mch-netspi.com-1719196388363-44605&_mchHo=www.netspi.com&_mchPo=&_mchRu=%2Fblog%2Ftechnical-blog%2Fadversary-simulation%2Fmicrosoft-outlook-remote-code-execution-cve-2024-21378%2F&_mchPc=https%3A&_mchVr=163&_mchEcid=&_mchHa=&_mchRe=https%3A%2F%2Ft.co%2F&_mchQp=
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/163/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Mon, 24 Jun 2024 02:33:08 GMT
Content-Encoding: gzip
Server: nginx/1.20.1
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Request-Id: 9ff64568-8056-4d4a-9f8d-2a84cd84b966

GET
H3 200 /
www.google.com/pagead/1p-user-list/1037035167/ 42 B
64 B 146ms
55ms Image
image/gif 142.250.185.100
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1037035167/?random=1719196388263&cv=11&fst=1719194400000&bg=ffffff&guid=ON&async=1&gtm=45be46j0v9167099490z878033417za201zb78033417&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.netspi.com%2Fblog%2Ftechnical-blog%2Fadversary-simulation%2Fmicrosoft-outlook-remote-code-execution-cve-2024-21378%2F&ref=https%3A%2F%2Ft.co%2F&hn=www.googleadservices.com&frm=0&tiba=Exploiting%20CVE-2024-21378%20%E2%80%93%20Remote%20Code%20Execution%20in%20Microsoft%20Outlook&npa=0&pscdl=noapi&auid=1058935973.1719196388&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.114%7CGoogle%2520Chrome%3B126.0.6478.114&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&fdr=QA&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDaQooLFluwqs-lRP6a8BiylMZA8PksTeTlSA&random=2607187285&rmt_tld=0&ipr=y

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.100 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 24 Jun 2024 02:33:08 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.co.uk/pagead/1p-user-list/1037035167/ 42 B
64 B 59ms
59ms Image
image/gif 172.217.18.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.uk/pagead/1p-user-list/1037035167/?random=1719196388263&cv=11&fst=1719194400000&bg=ffffff&guid=ON&async=1&gtm=45be46j0v9167099490z878033417za201zb78033417&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.netspi.com%2Fblog%2Ftechnical-blog%2Fadversary-simulation%2Fmicrosoft-outlook-remote-code-execution-cve-2024-21378%2F&ref=https%3A%2F%2Ft.co%2F&hn=www.googleadservices.com&frm=0&tiba=Exploiting%20CVE-2024-21378%20%E2%80%93%20Remote%20Code%20Execution%20in%20Microsoft%20Outlook&npa=0&pscdl=noapi&auid=1058935973.1719196388&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.114%7CGoogle%2520Chrome%3B126.0.6478.114&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&fdr=QA&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDaQooLFluwqs-lRP6a8BiylMZA8PksTeTlSA&random=2607187285&rmt_tld=1&ipr=y

Requested by

Host: www.netspi.com
URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.3 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 24 Jun 2024 02:33:08 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET RobotoMono-Bold.tt
explore.netspi.com/rs/218-VHM-543/images/ 0
0

GET
DATA 200
OK truncated
/ 201 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 89c87d00c464781fbc9616d7d4f825e9d1bf897a450d7e49f17c72b763193d6f

Request headers

Accept-Language: en-GB,en;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H3 200 api.js Show response
www.google.com/recaptcha/ 1 KB
967 B 130ms
53ms Script
text/javascript 142.250.185.100
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?onload=captchaCallback

Requested by

Host: explore.netspi.com
URL: https://explore.netspi.com/js/forms2/js/forms2.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.100 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f4.1e100.net

Software

GSE /

Resource Hash

e973931d21e3477a632bea1564edf33d19e41f97a5d29425f5bcfb50b0d09163

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Mon, 24 Jun 2024 02:33:08 GMT

GET
H2 200 XDFrame Show response
explore.netspi.com/index.php/form/ Frame 74E1 2 KB
875 B 379ms
378ms Document
text/html 104.16.96.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://explore.netspi.com/index.php/form/XDFrame

Requested by

Host: explore.netspi.com
URL: https://explore.netspi.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.96.80 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c38e8db6a8ec20b1058d400f4c9236e5014716f0442e90298b12d63b1a88437c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9;q=0.9
Referer: https://www.netspi.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

cache-control: max-age=3600
cf-cache-status: DYNAMIC
cf-ray: 89894fb3df1b774a-LHR
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 24 Jun 2024 02:33:08 GMT
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff

GET
H2 200 www-widgetapi.js Show response
www.youtube.com/s/player/84314bef/www-widgetapi.vflset/ 24 KB
8 KB 43ms
43ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/84314bef/www-widgetapi.vflset/www-widgetapi.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/iframe_api

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a9a72654f03de616b6fd58b742dff09a02588726c80f6a1fca5809365b591930

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 23 Jun 2024 20:56:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 20176
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8237
x-xss-protection: 0
last-modified: Mon, 17 Jun 2024 04:18:28 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Mon, 23 Jun 2025 20:56:52 GMT

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/KXX4ARWFlYTftefkdODAYWZh/ 517 KB
205 KB 196ms
43ms Script
text/javascript 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/KXX4ARWFlYTftefkdODAYWZh/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?onload=captchaCallback

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4b20abde9f7eb27dc344dbbb35f59aba01e4cc70262c07c260beadef9072f25e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/
Origin: https://www.netspi.com
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 00:35:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7050
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 209238
x-xss-protection: 0
last-modified: Sat, 15 Jun 2024 04:02:13 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 24 Jun 2025 00:35:38 GMT

GET
H2 200 forms2.min.js Show response
explore.netspi.com/js/forms2/js/ Frame 74E1 199 KB
0 0ms
0ms Script
application/x-javascript 104.16.96.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://explore.netspi.com/js/forms2/js/forms2.min.js

Requested by

Host: explore.netspi.com
URL: https://explore.netspi.com/index.php/form/XDFrame

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.16.96.80 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0423f69dc0e5f863d923e48c8c61298979b1c3fbdacbf6976d2b36f160bdea88

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://explore.netspi.com/index.php/form/XDFrame
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Thu, 30 May 2024 20:57:39 GMT
server: cloudflare
age: 3375
etag: "1c00ac7-31b30-619b21e0856c0"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=14400
cf-ray: 89894fb17dd5774a-LHR
expires: Mon, 24 Jun 2024 06:33:08 GMT

GET
H3 200 anchor
www.google.com/recaptcha/api2/ Frame 20F9 0
0 150ms
66ms Document
text/html 142.250.185.100
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Let8sUpAAAAAFuNMlIvZBjr53257xxcp2WTQgO4&co=aHR0cHM6Ly93d3cubmV0c3BpLmNvbTo0NDM.&hl=en&v=KXX4ARWFlYTftefkdODAYWZh&size=invisible&cb=lm1w3o9k1tke

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/KXX4ARWFlYTftefkdODAYWZh/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.100 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f4.1e100.net

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-MSnbKCbZ1rLNWsa_xJx2Mg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9;q=0.9
Referer: https://www.netspi.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-MSnbKCbZ1rLNWsa_xJx2Mg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 24 Jun 2024 02:33:09 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
196 B 283ms
282ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Accept: *
Referer: https://www.netspi.com/
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:08 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: F736284A0F444C809CC9BBE3CF0A2FC2 Ref B: LON04EDGE0710 Ref C: 2024-06-24T02:33:09Z
linkedin-action: 1
vary: Origin
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
access-control-allow-origin: https://www.netspi.com
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYbmZoW0X5r8qmP+HgOXg==

GET
H3 200 zi-tag.js Show response
js.zi-scripts.com/ 9 KB
3 KB 115ms
57ms Script
application/javascript 104.18.37.212
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/zi-tag.js
Requested by: Host: t.co
URL: https://t.co/eznxII9y9T
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1a970fcb88957b38e49bb4ae19bdac7e5a338e802424d6762ccf00547bac00f0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:09 GMT
x-amz-version-id: .IABYDhQRwfK4422i8AaO7SJe8oWFOPg
via: 1.1 8539a9444fdb758c7be5c4643e65a12e.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
content-encoding: gzip
x-amz-cf-pop: LHR62-C2
age: 67505
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 18 Jun 2024 07:47:56 GMT
server: cloudflare
etag: W/"0f07d07f5eb912f08d3e8229b4e8f938"
vary: Accept-Encoding
content-type: application/javascript
cf-ray: 89894fbb983bbc9d-LHR
x-amz-cf-id: Aolmy17h4FSAxD15LEML-vAqSaRoP9CQF7nYS4qkXWLiAOb7LpM1ng==

GET
H2 200 favicon.png
www.netspi.com/wp-content/uploads/2024/03/ 548 B
786 B 126ms
126ms Other
image/png 34.123.201.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netspi.com/wp-content/uploads/2024/03/favicon.png

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.123.201.87 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

87.201.123.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

30a47f7bce82ac3e4f3c918dbb5b3916ba998eb62a1f4b42957fad5c5804cb65

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:09 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 29 Apr 2024 08:40:48 GMT
server: nginx
etag: "662f5d10-224"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 548

GET
H3 200 getSubscriptions Show response
js.zi-scripts.com/unified/v1/master/ 267 B
605 B 183ms
183ms Fetch
application/json 104.18.37.212
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 8cd2c24a85efe4e903a0a2d0de0ea296d9664f4dfe3fddc2d5c0c7663f2cd2ea

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
Authorization: Bearer 902c55639d1679919580
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://www.netspi.com/
visited_url: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/

Response headers

date: Mon, 24 Jun 2024 02:33:10 GMT
via: 1.1 55cf94331c5a848a09407c283669c546.cloudfront.net (CloudFront)
content-encoding: gzip
cf-cache-status: DYNAMIC
x-amz-cf-pop: LHR62-C2
x-powered-by: Express
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
apigw-requestid: Z2cj_h9OPHcEMdQ=
server: cloudflare
etag: W/"10b-MpR0PUPi6jpKRITtlCJCxXfEMbw"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cf-ray: 89894fbd8d8a9494-LHR
x-amz-cf-id: Tke_4w3jIuI1pGNFdQgXcBoQS3z-ACdrzbvwJwxtxpA_dXR99fSd6g==

OPTIONS
H3 204 getSubscriptions
js.zi-scripts.com/unified/v1/master/ Frame 0
0 242ms
204ms Preflight 104.18.37.212
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,visited_url
Access-Control-Request-Method: GET
Origin: https://www.netspi.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: *
access-control-allow-methods: *
access-control-allow-origin: *
access-control-max-age: 0
alt-svc: h3=":443"; ma=86400
apigw-requestid: Z2cj9jDIvHcEMxQ=
cf-cache-status: DYNAMIC
cf-ray: 89894fbc3cf19494-LHR
date: Mon, 24 Jun 2024 02:33:09 GMT
server: cloudflare
vary: Access-Control-Request-Headers
via: 1.1 e2b64644cdf0d895a1660adff04dfa18.cloudfront.net (CloudFront)
x-amz-cf-id: IwLxwrjbjCjyGPfqZ56vMAEUUpgahhA3zF8XyrL_vW453Yp5hHEtVg==
x-amz-cf-pop: LHR62-C2
x-cache: Miss from cloudfront
x-powered-by: Express

OPTIONS
H3 200 /
ws.zoominfo.com/pixel/Fa33QMviCG56ZRDkI7hZ/ Frame 0
0 225ms
180ms Preflight
text/html 104.16.117.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/Fa33QMviCG56ZRDkI7hZ/?iszitag=true

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: _vtok,_zitok,content-type,visited-url
Access-Control-Request-Method: GET
Origin: https://www.netspi.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
access-control-allow-origin: https://www.netspi.com
allow: GET,HEAD
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 89894fbefa4494c0-LHR
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 24 Jun 2024 02:33:10 GMT
server: cloudflare
via: 1.1 google
x-content-type-options: nosniff
x-powered-by: Express
x-robots-tag: noindex, nofollow

GET
H3 200 formcomplete.js Show response
ws-assets.zoominfo.com/ 90 KB
27 KB 142ms
85ms Script
application/javascript 104.16.117.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ws-assets.zoominfo.com/formcomplete.js
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2b1a4915e59e76e65870b9b2fe38250746fd0eaa301b836516e71bc7c6dd8ae4

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:10 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
age: 889
x-guploader-uploadid: ACJd0Npe8yOSwHdPzEvTU977Z8q9vjIdfAJRGhQW7h3MRVE5xJj1hkOGLraPOry1NSAfcDlMbob_bJfEng
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 16 May 2024 10:14:37 GMT
server: cloudflare
etag: W/"006455bd44ed289ddcc403d0ecd96ab0"
x-goog-hash: crc32c=p5SAHw==, md5=AGRVvUTtKJ3cxAPQ7NlqsA==
x-goog-generation: 1715854477710382
content-type: application/javascript
cache-control: public, max-age=3600
x-goog-stored-content-length: 91778
cf-ray: 89894fbf085577a5-LHR
expires: Mon, 24 Jun 2024 03:18:21 GMT

GET
H2 200 insent Show response
netspi.widget.insent.ai/ 80 KB
23 KB 164ms
50ms Script
binary/octet-stream 2600:9000:225e:800:f:7ae2:7780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://netspi.widget.insent.ai/insent
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:800:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c0e96c0f51eb10934d2022f7d30dbeaf05f748f85d32dfe71711f2dbb21621d8

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: Do3I7W1ZAWXrXjTz8nc5rLMLlRnTeriu
content-encoding: gzip
via: 1.1 dde951f556570d42a581084479d8b0e8.cloudfront.net (CloudFront)
date: Sun, 23 Jun 2024 22:13:49 GMT
last-modified: Wed, 18 Oct 2023 08:56:44 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
age: 15561
etag: "6c640d0008fb2a23a0ff942202f8657c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: binary/octet-stream
content-length: 23142
x-amz-cf-id: CCy_SNwd7CR0NrFuTTbu5pN1NZFOOLHOFNr1xIYPlsynNV-NKhZWoA==

GET
H3 200 / Show response
ws.zoominfo.com/pixel/Fa33QMviCG56ZRDkI7hZ/ 5 KB
2 KB 322ms
276ms Fetch
text/javascript 104.16.117.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/Fa33QMviCG56ZRDkI7hZ/?iszitag=true

Requested by

Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

7c9e51f70afae7d638258ffd315a88d9da5eaf1efab4d0392b4132c647aae265

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/javascript
visited-url: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/
Referer: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/
_vtok: MjE3LjEzOC4xOTYuMTA0
_zitok: ab89e8db94d6f1fd69221719196390
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 google
server: cloudflare
x-powered-by: Express
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: https://www.netspi.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
alt-svc: h3=":443"; ma=86400
cf-ray: 89894fc06efb88bb-LHR

OPTIONS
H3 200 forms
ws.zoominfo.com/formcomplete-v2/ Frame 0
0 172ms
172ms Preflight
text/html 104.16.117.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/formcomplete-v2/forms

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://www.netspi.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,Authorization,visitorId,_zitok
access-control-allow-origin: https://www.netspi.com
allow: POST
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 89894fbfdad294c0-LHR
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 24 Jun 2024 02:33:10 GMT
server: cloudflare
via: 1.1 google
x-content-type-options: nosniff
x-powered-by: Express
x-robots-tag: noindex, nofollow

POST
H3 200 forms Show response
ws.zoominfo.com/formcomplete-v2/ 2 B
344 B 195ms
195ms Fetch
application/json 104.16.117.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/formcomplete-v2/forms

Requested by

Host: ws-assets.zoominfo.com
URL: https://ws-assets.zoominfo.com/formcomplete.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
Authorization: bearer 343bdc548baf614fb544ade874ca71
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://www.netspi.com/
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:10 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
x-powered-by: Express
etag: W/"2-l9Fw4VUO7kr8CvBlt4zaMCqXZ0w"
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.netspi.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,Authorization, visitorId, _zitok
content-length: 2
cf-ray: 89894fc0ff4888bb-LHR
alt-svc: h3=":443"; ma=86400

GET
H2 200 /
netspi.widget.insent.ai/ Frame 82CD 0
0 126ms
43ms Document
text/html 2600:9000:225e:2000:f:7ae2:7780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://netspi.widget.insent.ai/?project_key=LzHbVnPnSAFA8zxSQwEB&blog_url=www.netspi.com%2Fblog%2Ftechnical-blog%2Fadversary-simulation%2Fmicrosoft-outlook-remote-code-execution-cve-2024-21378%2F&event_listener=GbLfOeFyKrk7Zy5&marketo_cookies=[%22_mch-netspi.com-1719196388363-44605%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined&user_id=ab89e8db94d6f1fd69221719196390&_zitok=ab89e8db94d6f1fd69221719196390&referral_url=https%3A%2F%2Ft.co%2F
Requested by: Host: netspi.widget.insent.ai
URL: https://netspi.widget.insent.ai/insent
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:2000:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

Accept-Language: en-GB,en;q=0.9;q=0.9
Referer: https://www.netspi.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

age: 18340171
cache-control: max-age=31536000
content-encoding: gzip
content-type: text/html
date: Fri, 24 Nov 2023 20:03:40 GMT
etag: W/"cea936b357d0fefbe67f396ac27ecc71"
last-modified: Wed, 18 Oct 2023 08:56:50 GMT
server: AmazonS3
vary: Accept-Encoding
via: 1.1 02cd8164e89a1598d410a9198582d47c.cloudfront.net (CloudFront)
x-amz-cf-id: NHK-BC6PQD1KiBI7RPw8Uzi_r6zKezWH6-DeDTfH06pbtarFslZcDA==
x-amz-cf-pop: FRA60-P4
x-amz-version-id: wf2lJ.cKt7e1wlMSlpAOAV_K1ZPwVE5q
x-cache: Error from cloudfront

GET
BLOB 200
OK df4d197e-931f-46e7-ae11-9aa318c3258e Show response
https://www.netspi.com/ 5 KB
0 Script
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.netspi.com/df4d197e-931f-46e7-ae11-9aa318c3258e
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7c9e51f70afae7d638258ffd315a88d9da5eaf1efab4d0392b4132c647aae265

Request headers

Accept-Language: en-GB,en;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Length: 4614
Content-Type: text/javascript

GET
H2 200 data.js Show response
tags.clickagy.com/ 79 KB
26 KB 164ms
47ms Script
text/javascript 2600:9000:211e:7600:4:8491:f2c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tags.clickagy.com/data.js?rnd=62fe5c0e6ad95

Requested by

Host: www.netspi.com
URL: blob:https://www.netspi.com/df4d197e-931f-46e7-ae11-9aa318c3258e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211e:7600:4:8491:f2c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

16372f4b218b228a8059715a7b3895a75da6d917b1832332461a7aeeb3c62658

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: wNBvgkMcNXRaYNx.VfZm7J8BpA7qbY0d
content-encoding: br
via: 1.1 1a3d61cabf9778724765b3e70befe816.cloudfront.net (CloudFront)
date: Sun, 23 Jun 2024 10:54:45 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
x-amz-cf-pop: FRA56-C2
age: 56306
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 12 Jun 2024 17:59:45 GMT
server: AmazonS3
etag: W/"b70ab2c52d3d083ca590a60b9971a6ac"
vary: Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
content-type: text/javascript
x-amz-cf-id: hwjDh_zdpbrUMukSifBdSt4Sahz-B1UIg94Ezx0-lZZHax-Xutjy-Q==

GET
H/1.1 200
OK up_loader.1.1.0.js Show response
js.adsrvr.org/ 12 KB
13 KB 139ms
45ms Script
application/x-javascript 18.172.103.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adsrvr.org/up_loader.1.1.0.js
Requested by: Host: www.netspi.com
URL: blob:https://www.netspi.com/df4d197e-931f-46e7-ae11-9aa318c3258e
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.172.103.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-172-103-101.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f4d1e641d47b4af1b6cb7936c59626f4dbab3933473009b447406034c34facb5

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sun, 23 Jun 2024 05:44:23 GMT
Via: 1.1 0e49b385c2bbe9db0820bc1551bde98a.cloudfront.net (CloudFront)
Last-Modified: Fri, 07 Jun 2024 09:20:53 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA60-P8
Age: 74928
x-amz-server-side-encryption: AES256
ETag: "a7eb6794e868fe870db350518165c868"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: application/x-javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 12320
X-Amz-Cf-Id: TfFYrUBE4mAoLoi5dr3IOHfeBnvddPdivWG7j2mnL8mppOr759F6VQ==

GET
H2 200 up
insight.adsrvr.org/track/ Frame E048 0
0 143ms
44ms Document
text/html 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://insight.adsrvr.org/track/up?adv=0tnmw1o&ref=https%3A%2F%2Fwww.netspi.com%2Fblog%2Ftechnical-blog%2Fadversary-simulation%2Fmicrosoft-outlook-remote-code-execution-cve-2024-21378%2F&upid=d0i5hby&upv=1.1.0
Requested by: Host: js.adsrvr.org
URL: https://js.adsrvr.org/up_loader.1.1.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash

Request headers

Accept-Language: en-GB,en;q=0.9;q=0.9
Referer: https://www.netspi.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

content-length: 0
content-type: text/html
date: Mon, 24 Jun 2024 02:33:10 GMT
server: Kestrel

POST
H2 200 data Show response
aorta.clickagy.com/ 57 B
504 B 381ms
124ms XHR
application/json 54.225.185.86
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://aorta.clickagy.com/data
Requested by: Host: tags.clickagy.com
URL: https://tags.clickagy.com/data.js?rnd=62fe5c0e6ad95
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.225.185.86 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-225-185-86.compute-1.amazonaws.com
Software: Aorta/20240618.1b9e0b54d /
Resource Hash: 7f584b8c9221a75e451348326fbc8c4bc6fa5023d24f1364a11134298c7c9f3f

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer: https://www.netspi.com/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Mon, 24 Jun 2024 02:33:11 GMT
content-encoding: gzip
server: Aorta/20240618.1b9e0b54d
expect: 0
access-control-max-age: 31536000
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json
access-control-allow-origin: https://www.netspi.com
access-control-expose-headers: Set-Cookie
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-aorta-region: us-east-1
x-aorta-host: cd00ee0f4c0d
access-control-allow-headers: Origin,cache-control,content-type,man,messagetype,soapaction
content-length: 82

GET
H2

451

420246.gif
idsync.rlcdn.com/
Redirect Chain

https://aorta.clickagy.com/pixel.gif?clkgypv=jstag&ws=1
https://idsync.rlcdn.com/420246.gif?partner_uid=c:4561a4d89c6eb25ca3906bf0924cf829

0
98 B

111ms
39ms

Image
text/plain

35.244.174.68
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/420246.gif?partner_uid=c:4561a4d89c6eb25ca3906bf0924cf829
Protocol: H2
Server: 35.244.174.68 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9;q=0.9
Referer: https://www.netspi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 24 Jun 2024 02:33:11 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

Redirect headers

date: Mon, 24 Jun 2024 02:33:11 GMT
server: Aorta/20240618.1b9e0b54d
expect: 0
access-control-max-age: 31536000
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json
location: https://idsync.rlcdn.com/420246.gif?partner_uid=c:4561a4d89c6eb25ca3906bf0924cf829
access-control-allow-origin: *
access-control-expose-headers: Set-Cookie
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-aorta-region: us-east-1
x-aorta-host: 0be4caf0ed1a
access-control-allow-headers: Origin,cache-control,content-type,man,messagetype,soapaction
content-length: 0

GET
H2 200 hasHashes Show response
hemsync.clickagy.com/external/ 2 B
325 B 387ms
121ms XHR
text/plain 54.158.99.223
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://hemsync.clickagy.com/external/hasHashes?clkgypv=jstag&cb=null
Requested by: Host: tags.clickagy.com
URL: https://tags.clickagy.com/data.js?rnd=62fe5c0e6ad95
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.158.99.223 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-158-99-223.compute-1.amazonaws.com
Software: /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.netspi.com/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 24 Jun 2024 02:33:11 GMT
content-encoding: gzip
vary: origin
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://www.netspi.com
access-control-expose-headers: content-length, last-modified, expires, content-type
access-control-allow-credentials: true
content-length: 28

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: explore.netspi.com
URL: https://explore.netspi.com/rs/218-VHM-543/images/RobotoMono-Bold.tt

Verdicts & Comments Add Verdict or Comment

118 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

23 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.t.co/	1970-01-21 07:03:30	Name: muc Value: 033881e6-86a8-4190-8667-feea7ad5d8f9
.netspi.com/	1970-01-20 23:42:52	Name: _gcl_au Value: 1.1.1058935973.1719196388
.netspi.com/	1969-12-31 23:59:59	Name: __gtm_referrer Value: https%3A%2F%2Ft.co%2F
.explore.netspi.com/	1970-01-20 21:33:18	Name: __cf_bm Value: OvwMvViz_cQck3CWxj6yPN_5j5Mv4hF.XUUiLrui3Nc-1719196388-1.0.1.1-7N.B3M4IzNnrbfT7d1HFPPNPLY9OEcpmu.qYknkdwxv91BNAJZtv6EL0Ijk5U3Hs4_u_GuXvjTzz7odPidoVwQ
www.netspi.com/	1970-01-21 06:18:52	Name: wpl_user_preference Value: %7B%22necessary%22%3A%22yes%22%2C%22marketing%22%3A%22no%22%2C%22analytics%22%3A%22no%22%2C%22preferences%22%3A%22no%22%2C%22unclassified%22%3A%22no%22%7D
.netspi.com/	1970-01-21 07:09:16	Name: _ga_BVEZXBBWG7 Value: GS1.1.1719196388.1.0.1719196388.60.0.0
.netspi.com/	1970-01-21 07:09:16	Name: _ga Value: GA1.1.2021203848.1719196388
.netspi.com/	1970-01-21 07:09:16	Name: _mkto_trk Value: id:218-VHM-543&token:_mch-netspi.com-1719196388363-44605
.doubleclick.net/	1970-01-20 21:33:17	Name: test_cookie Value: CheckForPermission
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: i9gHb5wQt28
.youtube.com/	1970-01-21 01:52:28	Name: VISITOR_INFO1_LIVE Value: QCpqtBF0sxo
.youtube.com/	1970-01-21 01:52:28	Name: VISITOR_PRIVACY_METADATA Value: CgJHQhIEGgAgMA%3D%3D
.linkedin.com/	1970-01-20 23:42:52	Name: li_sugr Value: 35eecb28-3632-49c4-9ef1-15216f24e570
.linkedin.com/	1970-01-21 06:18:52	Name: bcookie Value: "v=2&25803459-7372-4fe5-8655-6a430d934309"
.linkedin.com/	1970-01-20 21:34:42	Name: lidc Value: "b=VGST08:s=V:r=V:a=V:p=V:g=2946:u=1:x=1:i=1719196388:t=1719282788:v=2:sig=AQHG4IHeyBCtfz3P3tC8mauBtdN4iuYh"
.linkedin.com/	1970-01-20 22:16:28	Name: UserMatchHistory Value: AQJSO-0m2rQDUwAAAZBIFw0OCZZNolfWL-lBAAmu429NTfZucYx1t47HmRfaLDtfjwmZLKhoVhYAeg
.linkedin.com/	1970-01-20 22:16:28	Name: AnalyticsSyncHistory Value: AQL36ucJ2Rcm9wAAAZBIFw0OAFs0m-Bs8kE_X_9wKL6bt4gu554jd8FJqU6GEb7HRVJgXuuTKC21QF4roug8Qg
explore.netspi.com/	1969-12-31 23:59:59	Name: BIGipServerab62web-nginx-app_https Value: !Ole0Knir9m2HD7TagI9xdiUvaZp4gm7fTXNUbPMaenQ2bdIVXRoWRVOfbblfTskEw+NjHCse75COOWo=
.www.linkedin.com/	1970-01-21 06:18:52	Name: bscookie Value: "v=1&20240624023308453a2252-1bbf-4b10-8d13-c01fcea14f09AQGuOpWi9EvaaN25SM92xVyTe5bNZkQ6"
.linkedin.com/	1970-01-21 01:52:28	Name: li_gc Value: MTswOzE3MTkxOTYzODg7MjswMjGF6mSNJsjUlUracILFpX9i5DFWLqOte4Od1Jswaxg4pQ==
.www.netspi.com/	1970-01-21 06:18:52	Name: _zitok Value: ab89e8db94d6f1fd69221719196390
.zoominfo.com/	1970-01-20 21:33:18	Name: __cf_bm Value: WPJ72aYKLrMlwQJTpkR4sfEt_1LEwBqjfwAsh_EZHTE-1719196390-1.0.1.1-jCz_13HuWzRkQ5nydN6U3hd66tGcUMViNc44dLrquvcly_6QagJu2vi.AW2lEYF3T08acUJW4srbemsPwdwQvA
.zoominfo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: Q96mXqmDBITQEdzmhKsTXrMqxCjClIUFZlVI2sl.rng-1719196390284-0.0.1.1-604800000

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://www.netspi.com/blog/technical-blog/adversary-simulation/microsoft-outlook-remote-code-execution-cve-2024-21378/ Message: Access to font at 'https://explore.netspi.com/rs/218-VHM-543/images/RobotoMono-Bold.tt' from origin 'https://www.netspi.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://explore.netspi.com/rs/218-VHM-543/images/RobotoMono-Bold.tt Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://idsync.rlcdn.com/420246.gif?partner_uid=c:4561a4d89c6eb25ca3906bf0924cf829 Message: Failed to load resource: the server responded with a status of 451 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

218-vhm-543.mktoresp.com
aorta.clickagy.com
cdn.jsdelivr.net
explore.netspi.com
googleads.g.doubleclick.net
hemsync.clickagy.com
idsync.rlcdn.com
insight.adsrvr.org
js.adsrvr.org
js.zi-scripts.com
munchkin.marketo.net
netspi.widget.insent.ai
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
snap.licdn.com
stats.g.doubleclick.net
t.co
tags.clickagy.com
widget.tagembed.com
ws-assets.zoominfo.com
ws.zoominfo.com
www.google.co.uk
www.google.com
www.googletagmanager.com
www.gstatic.com
www.linkedin.com
www.netspi.com
www.youtube.com
explore.netspi.com
104.16.117.43
104.16.96.80
104.18.37.212
13.107.42.14
142.250.185.100
172.217.16.194
172.217.18.3
18.172.103.101
188.114.97.3
192.28.144.124
2001:4860:4802:32::36
2600:9000:211e:7600:4:8491:f2c0:93a1
2600:9000:225e:2000:f:7ae2:7780:93a1
2600:9000:225e:800:f:7ae2:7780:93a1
2620:1ec:21::14
2a00:1450:4001:810::200e
2a00:1450:4001:81c::2003
2a00:1450:4001:830::2008
2a00:1450:400c:c06::9c
2a02:26f0:3500:10::210:a98
2a04:4e42:400::485
34.123.201.87
35.244.174.68
52.223.40.198
54.158.99.223
54.225.185.86
88.221.60.75
93.184.221.165
02e8487412658b70bf81cbea1522d115254c4c367727bdef67006b5ae1639556
0423f69dc0e5f863d923e48c8c61298979b1c3fbdacbf6976d2b36f160bdea88
0910a64ef0a7ce51dd7b701da59fbc149daf94c97bf0fbb0d74873505cc421e5
0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740
0fec54b070e3924fcd1b9f466d7ae81a56ef8d98156c32daf43fb9e08b96aae0
12c979aea1f9805e559aedcdac73e21fcf2aff852b3afd94f281858a857f9e8d
14c8c62dc692fd8faa04434e3fed25e7c23d596b732f9db88f6e9f9ff5dfa61c
15ff032cf8eaa77dd4dff0a1505049306ef7cc31ce8cc7a41e562ebaab550672
16372f4b218b228a8059715a7b3895a75da6d917b1832332461a7aeeb3c62658
1a970fcb88957b38e49bb4ae19bdac7e5a338e802424d6762ccf00547bac00f0
1aa235492307fc32a68f87b3b9a6dcc68dfe85ccd176d498b959e0d0e5c4f8ee
1c6b369cdacf4dc7dda9f815f22482dbdbdb33febdc504178b6bf57d77c895f1
256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a
298df1df7b027b5888b71c9bead72d1d8e97add0f6e4d09c03842b6905aa6b63
2b1a4915e59e76e65870b9b2fe38250746fd0eaa301b836516e71bc7c6dd8ae4
2cad9d2591b46b967824bab58eb645f4fab0fa77b52cc62aba4c83eb3ce08939
2dfcf6da1500d852571b224e77cbb2381e5e12aff0774b9d1c6f058b5c046e1b
30215394ebfc91e4a38c805ef8b39b9a781a0933e61eb5faac0206f88de0d28d
30a47f7bce82ac3e4f3c918dbb5b3916ba998eb62a1f4b42957fad5c5804cb65
30f08ddbe6bd2e3916e0f76e664e0ea5194ea1ec74a9739b3a9813a94d419e27
334278005744c8d9dfcebf1661ca6900fcd418505c762db55068b2ab88dd230a
352118d0dd2b0e2e18ee5183af53f76efdc79bff945e6e8afc5951c7af25bfcd
37ead971317cc138d5a41bddffb409ceaea6474944ed942ead0fc5c61e96926d
38c5e3ed3d341dd5805148e510472f0958afa14e8a2c4a462e7ff0f7a48cb5d3
39c8d9c734bbef2017f08838db55e01590493fdf7533dd1878e41ff01d345c56
42abeb2837f73ef12126eb4a384367becbdcdd183e26979969c5c66c1d5e78fd
43b03636aee8f083adc26a2bf456c1511d817130906129c0789dab13f5b67b93
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4668869e9fa6de88c447a5d8589f5b4e1dd6bc1c384b27ad517629a0c2e86d02
4754ead82c6c166bcdcdae09eca73f25c0925d6574a0183497e4e6259eaaa143
483f198c558b3f6c26405826a1bcfca0544599f17efef831fbca54edd58b0ae3
4a888699ce2313ffded2a2f968703b071f5f3dbc3d2b2f180f55eaa126a1c304
4a8b3a91195f8b05a7c0c49fd6d44f80dcef5fb2992c5bfdd6e81ef4bbda9661
4b20abde9f7eb27dc344dbbb35f59aba01e4cc70262c07c260beadef9072f25e
4f1220ab0b472ddaa9c7cb0057639ca685b6fab04aa85d9e130191970fa3557c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
5139f99647d2cbc8e286465bed8e325294e80c56e93368fde7836d1529b469dd
5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
558b48dcf2c72a984cdd4523beec1c4eb44d20f76bf4ce050dc667c29797391d
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
58aca505dc878a5c288d9d649f45ad8b6110bc8f5f82ce88091ac597fe77b327
5baaba21de0bdc959e97c49cc9980a153c27601421a3dd08cadcbd83d28b77b6
5dcb7767499a23281e3ffc82f81f58ad88d573c4d53b4f5315ae0f63eff79e9a
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23
68f832ce140ffc60b80a8d000cc665b57b43d3943c36f47f67e119a3380339a4
6a09d74f31ff367a46efe884a835f5702a1b2596246fb7e10ad93aff5044260b
6a18781ed68182d00fc3c53f6f07a8d7fb0bdbde70c89796e7528e89c8b72856
6c4f55f918407057b3de08e464d15b3e8f9f7c9a197b5e3c9f4ac7e0df43caa9
6e9effa5c94b72bad941cc517abf76c9c59d423b33418d95f5b4fbcbd1bde8f3
71bc82a96f363b7a9f72addb5313e652b8e32dca78fd2e2f9105226fe2e3a2b8
7432e74ff02682c6e207be405f00381569ec96aa247d232762fe721ae41b39e2
76445bfca8248f1a8d9de41d21883d905d83f1e578c744847fd0e07da806debf
764920374818cb70c0006a79ec9ddeae88a14035c1444e1a5fba06a5ac686c18
7adaf08052c6a6a0f8a0d0055b4f191fd07389fe41c972b69573472b2ecb406a
7ae8dccb72b5211f2b09f34f88792b4d02fecfa68ab0cd8e4c3a5b0ed174c40b
7b353c4eb717f25b63c61e713c91fdcc8f1822da8a5f29b474b8e8828ca762df
7bb02736ce3a675089225f77df399ad34962fb2bd69d6c046ff28d3d4c5a0b5c
7c9e51f70afae7d638258ffd315a88d9da5eaf1efab4d0392b4132c647aae265
7f584b8c9221a75e451348326fbc8c4bc6fa5023d24f1364a11134298c7c9f3f
87456cc45555f8379e0322ff11819374e8e317b9ca2f2b1117a5c0ac93636ea3
881c26199cd9bba9524baf406f23232db520693b2bb438227d0cf34e06520d7b
8872a0ef66ce9add216f4af2df1ba7067912d8bc5b294a1d335190f55d375dc6
88d9516344ee9330948beee567eefd7a8da9b8b58bef12556bbdbf630320cae9
89c87d00c464781fbc9616d7d4f825e9d1bf897a450d7e49f17c72b763193d6f
8be8862c19534fb2c32a487868dacbdf26459eca4a1bb9076791b45fa9515d9c
8c89e5d907927017585a04ac7752006a0bc18275950fab206b56c7249acada2d
8cd2c24a85efe4e903a0a2d0de0ea296d9664f4dfe3fddc2d5c0c7663f2cd2ea
8d1429128b1d2a472af135cd0fb8be7b2dbe05e28ad5ad8f781e0e3e2e9d5660
8f1e5e5c9a24432e438b3bb12f8fce0b57964b0e176928cec6d70be83bb4ed52
942a9ba1fe78b402e8b52b83058dbbabde8db6b4d1debf960d6d5afe5192db52
98cecf88a23542fa047ce46eedb650b5c5128761ed4386c0977b847094ddfa20
9f3eb2fb9721cdd60408efbe45d1356920959aecc925ae3db880130525d4e197
a269d0b8e6d264b46171f71edaec6c076ccae95caf824f73607e59df38fffd04
a4e88216e4b2485d3a1d2a86a9ff63d2bdb82c739587057e1477d7b12235bd84
a79a91b3cfd0550b1fb9af6a5b2188cf2371c7244bbd64c27baa9b9c83848362
a9a72654f03de616b6fd58b742dff09a02588726c80f6a1fca5809365b591930
ae475f9e322de440b06bf1bc21dc92b1b168f913708f436f7c0f0b389d87882e
af5373fe78528cb85dcf36bc7e5d21d8938e69a51ac051daedc98c989af76f9b
b2d31599822dae1353d655633c6dbd9454ef2138d172798f4a91119eedd6d89d
bbd895ee5af334a15651bd4fa159a1ac3e6b37a53e7bb442d2b95ebce7d49028
bdaa80c8ea74a5ab9597204ffb25a47df6ac4533257c4c893f0aad079237dbfe
be42fd17de893d0e925bebaa264b81449b0130c2c2daf0102736a1a5907b4adb
c01d0f8a1e4b9d4ff9a8c58590752845b2c869c71a316a75179e1364589e9888
c0e96c0f51eb10934d2022f7d30dbeaf05f748f85d32dfe71711f2dbb21621d8
c2e3ed637b25748cd5fcfeb8394b1dc37e28e18d906acc541ffb7bb98bdd89b4
c38e8db6a8ec20b1058d400f4c9236e5014716f0442e90298b12d63b1a88437c
c6aef2dcf54199de0b3b6ce72c014fabb18ee5140ef0fa7633cef2e3e7bee3cc
c8d65e561e810934794f6c6b379bad7ed5504613df81bd3b48fc537b48194cfc
cae0f87a3f47f57c552b0e9469bfbf46e21b2e51cabcd3e7d37e114ac8578bf6
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
d51720f0e2776240eb32dbee72b1f7575339298fe84e5fbd90ed6f61c746f452
d6c63bff99304a37f8465efde5518019609bb134fa38f67296997028491113ba
da975cc8e69cd3a9228f7c35171e7e0f1d5079b2924e28a61e3b6e8394a6250a
daa0679ca63828d1fc161d6dad1b0428f3cd830e9eb057f060492abddde89809
dd7af7ff91373b2d65ba0232b11be9c0a4fda5a7652c08755b866603905ffcd3
de170502848291d287b3125a9834fde4adfbdebf364e881617ee0cc6f9f0b766
de1e399b07289f3b0a8d35142e363e128124a1185770e214e25e58030dad48e5
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5456d82c1ca8fd58d940b0cdd3f00bc5ce40f9cdf6313c85b644c0fdd75561f
e62fa7ae4386e906bb1fa0eef7239af152bf0b0e04ba5894c5e17ce39f6eb1cb
e7c61612783a79ffaa72ad0174c1d864d82982dd984bcd3d1b72ba7897b88a2d
e973931d21e3477a632bea1564edf33d19e41f97a5d29425f5bcfb50b0d09163
e9be41076c0417aecf27f87dad57af5241b054880313ba9bd83642171c50c94a
ed84ea80dc668a3a681ffd92407c96d42afcd4d2e4668dc628d77cf0600ba402
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efea194874b4eddd0c771cc4955b4a71a37b486de1ecc4c8e8edabaa136ebdd2
f4d1e641d47b4af1b6cb7936c59626f4dbab3933473009b447406034c34facb5
fc46f44565a092c856a6d70471d942caca57598049a85ce80366c1c5831d0f3e
fd59795ed0b9f6cdd067ce467bc51a4cea20b7270c1a3bd75d4547d2dc709cf0

www.netspi.com Open in urlscan Pro 34.123.201.87 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

128 Requests

97 %HTTPS

39 %IPv6

20 Domains

29 Subdomains

29 IPs

6 Countries

6918 kBTransfer

10005 kBSize

23 Cookies

32 Outgoing links

Page URL History

Redirected requests

128 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.netspi.com Open in urlscan Pro
34.123.201.87 Public Scan

Screenshot
Live screenshot

Full Image

128
Requests

97 %
HTTPS

39 %
IPv6

20
Domains

29
Subdomains

29
IPs

6
Countries

6918 kB
Transfer

10005 kB
Size

23
Cookies

128 HTTP transactions
1 data transactions