urlscan.io logo urlscan.io
SecurityTrails logo

letsdefend.io Open in urlscan Pro
2606:4700:20::681a:e3d  Public Scan

Go To Rescan Add Verdict Report
URL: https://letsdefend.io/blog/how-to-analyze-rtf-template-injection-attacks/
Submission: On February 15 via manual from BY — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 9 IPs in 3 countries across 9 domains to perform 36 HTTP transactions. The main IP is 2606:4700:20::681a:e3d, located in United States and belongs to CLOUDFLARENET, US. The main domain is letsdefend.io.
TLS certificate: Issued by E1 on December 23rd 2023. Valid for: 3 months.
This is the only time letsdefend.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

27    2606:4700:20::681a:e3d (United States)

ASN13335 (CLOUDFLARENET, US)
letsdefend.io
1    2a00:1450:4001:829::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
2    2a00:1450:4001:811::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    65.9.86.15 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-86-15.ams1.r.cloudfront.net
cdn-images.mailchimp.com
1    2a00:1450:4001:801::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
2    2a00:1450:4001:82f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)
region1.analytics.google.com
1    2a00:1450:400c:c00::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
Apex Domain
Subdomains		 Transfer
27 letsdefend.io
letsdefend.io
1 MB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 45
21 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 52
143 KB
1 google.de
www.google.de — Cisco Umbrella Rank: 5654
408 B
1 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 113
252 B
1 google.com
region1.analytics.google.com — Cisco Umbrella Rank: 2400
252 B
1 gstatic.com
fonts.gstatic.com
16 KB
1 mailchimp.com
cdn-images.mailchimp.com — Cisco Umbrella Rank: 6837
2 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 48
1004 B
36 9
Domain Requested by
27 letsdefend.io 1 redirects letsdefend.io
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 www.googletagmanager.com letsdefend.io
www.googletagmanager.com
1 www.google.de letsdefend.io
1 stats.g.doubleclick.net www.googletagmanager.com
1 region1.analytics.google.com www.googletagmanager.com
1 fonts.gstatic.com fonts.googleapis.com
1 cdn-images.mailchimp.com letsdefend.io
1 fonts.googleapis.com letsdefend.io
36 9
Subject Issuer Validity Valid
letsdefend.io
E1		 2023-12-23 -
2024-03-22		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2024-01-29 -
2024-04-22		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2024-01-29 -
2024-04-22		 3 months crt.sh
cdn-images.mailchimp.com
Amazon RSA 2048 M02		 2023-06-20 -
2024-07-17		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2024-01-29 -
2024-04-22		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2024-01-09 -
2024-04-02		 3 months crt.sh
www.google.de
GTS CA 1C3		 2024-01-29 -
2024-04-22		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://letsdefend.io/blog/how-to-analyze-rtf-template-injection-attacks/
Frame ID: 0017DE56034E96001A0198F5D33BF5EE
Requests: 34 HTTP requests in this frame

Frame: https://letsdefend.io/cdn-cgi/challenge-platform/h/g/scripts/jsd/16c3caa4cd49/main.js
Frame ID: 3B4652DA7E8D53294A576971F71FED15
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

How to Analyze RTF Template Injection Attacks

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • <!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • cdn-images\.mailchimp\.com/[^>]*\.css
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

36
Requests

97 %
HTTPS

89 %
IPv6

9
Domains

9
Subdomains

9
IPs

3
Countries

1287 kB
Transfer

1991 kB
Size

5
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 29
  • https://letsdefend.io/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
  • https://letsdefend.io/cdn-cgi/challenge-platform/h/g/scripts/jsd/16c3caa4cd49/main.js

36 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
letsdefend.io/blog/how-to-analyze-rtf-template-injection-attacks/ 		103 KB
24 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://letsdefend.io/blog/how-to-analyze-rtf-template-injection-attacks/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:e3d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4904cfa87d1b314cf60aca3724823b87241b8112cfd19f170ce20aee7b95455a

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cf-cache-status
DYNAMIC
cf-ray
855e57edd8229b8f-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Thu, 15 Feb 2024 14:46:59 GMT
link
<https://letsdefend.io/blog/wp-json/>; rel="https://api.w.org/" <https://letsdefend.io/blog/wp-json/wp/v2/posts/363>; rel="alternate"; type="application/json" <https://letsdefend.io/blog/?p=363>; rel=shortlink
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BR4tEvr5uxosLBo8co9wS%2Bn7LeE%2BvqpQVOKABP4fzaFYaRs2sQcpCOH7vGoxqEB7fMyg6BGGsRW%2FP10P6%2Fu%2BFX30pIRsNFx2SjaORpOfzG5qdXJL%2FiZ537BV%2Bw0TYUpYuRZyQmT5FB8yGIM%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-pingback
https://letsdefend.io/blog/xmlrpc.php
style.min.css
letsdefend.io/blog/wp-includes/css/dist/block-library/ 		87 KB
12 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://letsdefend.io/blog/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2
Requested by
Host: letsdefend.io
URL: https://letsdefend.io/blog/how-to-analyze-rtf-template-injection-attacks/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:e3d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d7705700d24d5919255576642ad2c28bfc790390b7183a369038ff5c1e814d51

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://letsdefend.io/blog/how-to-analyze-rtf-template-injection-attacks/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 14:47:00 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Mon, 26 Sep 2022 10:33:21 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"15b64-5e9920e824626-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NO5TaP4CKtbLgWGLGekveEyAJxno9jww5bCaNANGF2J7pZkxwACVyduUSmefHUVmkJQCXMaGuMbgbfEAbPjeXhDKhGZpiHaeyJGCU5898x7CIRxqbWO5Gpl%2FAqk1DPqPUDHMnYxQdHPYqkc%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
855e57f07c809b8f-FRA
style.min.css
letsdefend.io/blog/wp-content/themes/credence/assets/css/ 		72 KB
15 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://letsdefend.io/blog/wp-content/themes/credence/assets/css/style.min.css?ver=1.1.5
Requested by
Host: letsdefend.io
URL: https://letsdefend.io/blog/how-to-analyze-rtf-template-injection-attacks/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:e3d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6aa8aa4564be108a18c85c5977720a113f935109720df28051e48b19d980ec47

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://letsdefend.io/blog/how-to-analyze-rtf-template-injection-attacks/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 14:46:59 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Mon, 26 Sep 2022 10:09:15 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"11eb5-5e991b8562b02-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2A9ekyELSeizJnSuGdjpPA6Bbw6I973%2FzPmEkyR8yvS707v4LmM%2FgBEuqfT0PmX1qVtPHUIhNRMIv9Jv%2FymotfYH32WB2DRVqpmAh1saR3sD55KEBAH3T0kXqEfrkCtglouMQwh8K%2Bun8dQ%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
855e57f07c859b8f-FRA
css
fonts.googleapis.com/ 		2 KB
1004 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto
Requested by
Host: letsdefend.io
URL: https://letsdefend.io/blog/how-to-analyze-rtf-template-injection-attacks/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
44004199012159c073f8c965213f9e0aecd633dfe1d58641d7f497d3c7423a61
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://letsdefend.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Thu, 15 Feb 2024 14:46:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Thu, 15 Feb 2024 13:04:14 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 15 Feb 2024 14:46:59 GMT
sassy-social-share-public.css
letsdefend.io/blog/wp-content/plugins/sassy-social-share/public/css/ 		9 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://letsdefend.io/blog/wp-content/plugins/sassy-social-share/public/css/sassy-social-share-public.css?ver=3.3.43
Requested by
Host: letsdefend.io
URL: https://letsdefend.io/blog/how-to-analyze-rtf-template-injection-attacks/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:e3d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
87e1ed8c94d134e4e068a17891d3dad0d122ee052bf061da0ca0e87b3da75069

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://letsdefend.io/blog/how-to-analyze-rtf-template-injection-attacks/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 14:46:59 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Mon, 26 Sep 2022 10:08:08 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"25e4-5e991b45b483e-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RiPEmsBpXqyHlxapdJOcY5VxS10Guun5%2Fm7QlaUzD%2FJxt6ja0si7EjecxPFs4Dn4NkRc9qehcAtzJdta2w9DU5w8xKFL%2FzdmBuhxwGyK6Ih%2FHZXTE%2Bklq7lala%2FQQZyR06kjCQPpju2ufdA%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
855e57f07c869b8f-FRA
wp-emoji-release.min.js
letsdefend.io/blog/wp-includes/js/ 		18 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://letsdefend.io/blog/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2
Requested by
Host: letsdefend.io
URL: https://letsdefend.io/blog/how-to-analyze-rtf-template-injection-attacks/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:e3d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://letsdefend.io/blog/how-to-analyze-rtf-template-injection-attacks/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 14:47:00 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Mon, 26 Sep 2022 10:33:21 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"48b9-5e9920e8080fc-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0Tuo27BCe3O7fZK%2F7de9DdVJ2yjQCBm%2BWw1i7gQ7jV%2BBQj6yXuIke7DBiQiqAeggJL7UMLH0H%2BzF68TvsUfu5bcv75WMAlcV0Dsu%2BRQeCP62vZLa8jbtsFMiFGA2SvqF5SWPE3TUBBAtQ7Q%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
855e57f1fef09b8f-FRA
script.min.js
letsdefend.io/blog/wp-content/plugins/cookie-law-info/lite/frontend/js/ 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://letsdefend.io/blog/wp-content/plugins/cookie-law-info/lite/frontend/js/script.min.js?ver=3.0.0
Requested by
Host: letsdefend.io
URL: https://letsdefend.io/blog/how-to-analyze-rtf-template-injection-attacks/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:e3d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ea4572b03a347e79a0374653cd73c9630ce51985420fe9da50a9254025c8f438

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://letsdefend.io/blog/how-to-analyze-rtf-template-injection-attacks/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 14:47:00 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Mon, 26 Sep 2022 10:08:01 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"4076-5e991b3e53aea-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TgN%2Bo6f67hTj6CLo3sSR4jJ3Tkft%2ByLMjWeemHa%2Bg%2BWPLxTHlkYSkLNJYtNHBHbcpa2arQ78XwiJ%2BYC3%2FytUppmCnPMOb8jwIhP0M2If6zzIXmGFDXDD%2Bf%2FAvBgsCxyE0R033hN9w%2FQCZyo%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
855e57f0ed1c9b8f-FRA
jquery.min.js
letsdefend.io/blog/wp-includes/js/jquery/ 		87 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://letsdefend.io/blog/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
Requested by
Host: letsdefend.io
URL: https://letsdefend.io/blog/how-to-analyze-rtf-template-injection-attacks/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:e3d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://letsdefend.io/blog/how-to-analyze-rtf-template-injection-attacks/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 14:47:00 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Sun, 12 Dec 2021 17:35:05 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"15db1-5d2f660737471-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ux4iBOK%2FqgfqR8NjTQNDj84MAdt00diwp0Rg9hiJqSlwyy1lvCFtFm5krJL52baTXap623jK2Pon%2Bjz6s94EFoYdOYuVV5Lm85fbSCEPqjnesFGt%2FGwATI4C33ZZYBad0xvgxAAQrde5M2E%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
855e57f0ed209b8f-FRA
jquery-migrate.min.js
letsdefend.io/blog/wp-includes/js/jquery/ 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://letsdefend.io/blog/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Requested by
Host: letsdefend.io
URL: https://letsdefend.io/blog/how-to-analyze-rtf-template-injection-attacks/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:e3d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://letsdefend.io/blog/how-to-analyze-rtf-template-injection-attacks/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 14:47:00 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Sat, 17 Apr 2021 08:20:49 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"2bd8-5c026c62e5a26-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YZ%2B%2BZ85coyIDmiOjbO958zWTepfAOHIj%2FvXO1H1MYnHlY7sxWvNxhNZy5kPj5tjEt5%2BjJpzRdkkO5RthGkc6aRTeQO0KIQYl6dZpgHdtFwsjwXgdiBf9w6u47Qkzmk73NXpuMOdRHILx%2FQw%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
855e57f0ed219b8f-FRA
js
www.googletagmanager.com/gtag/ 		138 KB
53 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-180235701-1
Requested by
Host: letsdefend.io
URL: https://letsdefend.io/blog/how-to-analyze-rtf-template-injection-attacks/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
5422c32ea5926fa7b4bc078ea890d21931c365491b901a2c8830835adf4d46c7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://letsdefend.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 14:47:00 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
53805
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 15 Feb 2024 14:47:00 GMT
chevron-right.png
letsdefend.io/blog/wp-content/themes/credence/assets/images/ 		389 B
716 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://letsdefend.io/blog/wp-content/themes/credence/assets/images/chevron-right.png
Requested by
Host: letsdefend.io
URL: https://letsdefend.io/blog/how-to-analyze-rtf-template-injection-attacks/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:e3d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1b0cbb2d7fc4361bc9d84723f607abd4979d4fc884e674b103da336522c116ce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://letsdefend.io/blog/how-to-analyze-rtf-template-injection-attacks/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 14:47:00 GMT
cf-cache-status
REVALIDATED
last-modified
Mon, 26 Sep 2022 10:09:15 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"185-5e991b8563aa3"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=puEGaPnLN0kKoAYvgsPmC%2F4MoVcFWJGWoDv1kZTZ31QuJvTueRTFTS3%2FWuGjcQDnLy8SnpXufzHXdEYwvcNlLzxhV9m%2BIlSNIlJ08Oy2IH5sAwhOhpF4sAmTDMIc%2F5JjEgpJ6A%2Fx1v55ka8%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
855e57f0ed259b8f-FRA
content-length
389
img-1050x591.png
letsdefend.io/blog/wp-content/uploads/2021/12/ 		347 KB
348 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://letsdefend.io/blog/wp-content/uploads/2021/12/img-1050x591.png
Requested by
Host: letsdefend.io
URL: https://letsdefend.io/blog/how-to-analyze-rtf-template-injection-attacks/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:e3d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b7757c19eb75dd97b0d5233d791fd140bc9480a5155bf39bbf628c0ea5bfbe50

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://letsdefend.io/blog/how-to-analyze-rtf-template-injection-attacks/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 14:47:00 GMT
cf-cache-status
MISS
last-modified
Wed, 15 Dec 2021 19:07:26 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"56ddb-5d33404381554"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3jAeAqqLgP%2FKBuFZ6kO9d%2BDyMKxdXhFbJ3KZjypb75TOI3eizwN5kHEgdEycBhdENElXZjNCsZQgXESDnZc92f%2Fv044wFkDzRRD2rcIiMP97FhgJCevttjNexAlhnCNJQMnwpZ%2FlVm93Rcc%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
855e57f0ed289b8f-FRA
content-length
355803
classic-10_7.css
cdn-images.mailchimp.com/embedcode/ 		4 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn-images.mailchimp.com/embedcode/classic-10_7.css
Requested by
Host: letsdefend.io
URL: https://letsdefend.io/blog/how-to-analyze-rtf-template-injection-attacks/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.86.15 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-86-15.ams1.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
613b1a7b4e9e279b4bcceed16041478402a795ac76653535589480190b3aa1c0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://letsdefend.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-amz-version-id
null
content-encoding
gzip
via
1.1 e10153740ff95eb4d0c9f3172baeb43e.cloudfront.net (CloudFront)
date
Thu, 15 Feb 2024 01:55:11 GMT
last-modified
Thu, 17 Dec 2015 16:52:30 GMT
server
AmazonS3
x-amz-cf-pop
AMS1-C1
age
46310
etag
W/"ae0fc9b84c30cada1784022044962394"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/css
alt-svc
h3=":443"; ma=86400
x-amz-cf-id
zsofi7UiOMuywuRJuMJuMBiSDHijZj6n8AUNDBBw7Ux0H9j-pLMp5A==
rtoc_style.css
letsdefend.io/blog/wp-content/plugins/rich-table-of-content/css/ 		23 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://letsdefend.io/blog/wp-content/plugins/rich-table-of-content/css/rtoc_style.css?ver=6.0.2
Requested by
Host: letsdefend.io
URL: https://letsdefend.io/blog/how-to-analyze-rtf-template-injection-attacks/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:e3d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
044e23c82b961f3be087ed1382e2dfa31267101920b04ec0824e45a29a6df210

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://letsdefend.io/blog/how-to-analyze-rtf-template-injection-attacks/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 14:47:00 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Mon, 26 Sep 2022 10:08:06 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"5dcc-5e991b4370633-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LdC5IPI3Nz%2BlweJgJt0Z2%2BMxOWUoO367xGjlnXZiL7S636hGKAOm64PZRgyQPFAYtg6q6DVC%2ByniDnEnJyq6DccgZpSEnGJalNuOOtgPH9lZgku9DklS9PDDlGt%2BaDT6X1W6TYTHiZn%2FXoQ%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
855e57f1cea39b8f-FRA
rtoc_common.js
letsdefend.io/blog/wp-content/plugins/rich-table-of-content/js/ 		942 B
661 B 		Script
General
Check archive.org
Download Go to
Full URL
https://letsdefend.io/blog/wp-content/plugins/rich-table-of-content/js/rtoc_common.js?ver=6.0.2
Requested by
Host: letsdefend.io
URL: https://letsdefend.io/blog/how-to-analyze-rtf-template-injection-attacks/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:e3d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5072185bb6070502d0349bc1590b5dd7c5b338d806790b16f45ef015d27365fe

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://letsdefend.io/blog/how-to-analyze-rtf-template-injection-attacks/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 14:47:00 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Mon, 26 Sep 2022 10:08:06 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"3ae-5e991b4370633-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oHfib09PmUXLlhvE57O%2F2S%2FlskIemP18Dp4oZVCxD13EUjY%2FJOwIlvsjL6hR7E27m8BN%2FNtbAMJDGJn4tsyVP8giF0EpbzOZEx%2BTOo1uxd%2FCO5v3steGlZDPpBZrhDQsugV9nEDEbT1ZDhA%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
855e57f1fee49b8f-FRA
rtoc_scroll.js
letsdefend.io/blog/wp-content/plugins/rich-table-of-content/js/ 		427 B
592 B 		Script
General
Check archive.org
Download Go to
Full URL
https://letsdefend.io/blog/wp-content/plugins/rich-table-of-content/js/rtoc_scroll.js?ver=6.0.2
Requested by
Host: letsdefend.io
URL: https://letsdefend.io/blog/how-to-analyze-rtf-template-injection-attacks/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:e3d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e31945f36829084904dd044d4304c5e2fe85b44f87a48ad9e21a09f64ddcc0c0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://letsdefend.io/blog/how-to-analyze-rtf-template-injection-attacks/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 14:47:00 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Mon, 26 Sep 2022 10:08:06 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"1ab-5e991b4370633-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZZCB2WrcYN5uHrwyQD3tF6%2BBaxhDGanG%2BgmqDw1jZWK3ms1Wk1jaiSLv%2FyKTvM4AcuyITWJ%2FF46ZQd4%2BMfPJxX6PmpuHX5AbFz%2BaoGUnjGegfpESFbb6wTzEph38MTy6X2x3Zh9MYEZTDGU%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
855e57f1feea9b8f-FRA
rtoc_highlight.js
letsdefend.io/blog/wp-content/plugins/rich-table-of-content/js/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://letsdefend.io/blog/wp-content/plugins/rich-table-of-content/js/rtoc_highlight.js?ver=6.0.2
Requested by
Host: letsdefend.io
URL: https://letsdefend.io/blog/how-to-analyze-rtf-template-injection-attacks/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:e3d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cb35bfecf09375dbe3191fe813eb7a2955be780529c11ab94c62ad33cb9d3b10

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://letsdefend.io/blog/how-to-analyze-rtf-template-injection-attacks/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 14:47:00 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Mon, 26 Sep 2022 10:08:06 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"d4d-5e991b4370633-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u1rnKXEOC2uFU%2BFrWHUGstLusoq7ij57pyt7gtepq1kEgEoNnr9tLfcxqKvh8PinO6qTLbsnDWz729aJhHG1bFK%2BV1qZV%2B5dMjonJFkTzN0VSYSlsj5UJ8r17Jl8%2FCd0Q4iTQOvfKxGc20A%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
855e57f1feec9b8f-FRA
comment-reply.min.js
letsdefend.io/blog/wp-includes/js/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://letsdefend.io/blog/wp-includes/js/comment-reply.min.js?ver=6.0.2
Requested by
Host: letsdefend.io
URL: https://letsdefend.io/blog/how-to-analyze-rtf-template-injection-attacks/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:e3d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://letsdefend.io/blog/how-to-analyze-rtf-template-injection-attacks/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 14:47:00 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Mon, 26 Sep 2022 10:33:21 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"ba5-5e9920e81c923-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U7mwFqX%2FhSzHW5iLEvldaQS8eGqpPPam3HSYlWO6WkR13KLo%2FhJWymTolnPDb6DCQAYwQnoMEV3zz30jjFckjb8Q7ykEPgQxHAeVogjL%2F8MTVH%2FmuLUas4VHpOxK9gd9F0IOV1ve4aWOS%2BY%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
855e57f1feee9b8f-FRA
index.min.js
letsdefend.io/blog/wp-content/themes/credence/assets/js/ 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://letsdefend.io/blog/wp-content/themes/credence/assets/js/index.min.js?ver=1.1.5
Requested by
Host: letsdefend.io
URL: https://letsdefend.io/blog/how-to-analyze-rtf-template-injection-attacks/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:e3d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
32d231fa9489d2a56c33cf2ee6a55af33eaf1a8e0090f40db361aed09aea8827

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://letsdefend.io/blog/how-to-analyze-rtf-template-injection-attacks/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 14:47:00 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Mon, 26 Sep 2022 10:09:15 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"2abc-5e991b8561b62-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ECvO5fqchWkFCBNInmbcIVJROJAeywxGY3D1Foqsa6Z2v9k%2BiTbz%2BTQuPqtYijQBBXJI3jJMYV2hFq7a2S2AAkRJ0MelDWkKL0ZPgpDGnCHf6SyTPVGS0QkN%2BQFuI6wRRByo0jq7P5fcNis%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
855e57f1fef19b8f-FRA
sassy-social-share-public.js
letsdefend.io/blog/wp-content/plugins/sassy-social-share/public/js/ 		117 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://letsdefend.io/blog/wp-content/plugins/sassy-social-share/public/js/sassy-social-share-public.js?ver=3.3.43
Requested by
Host: letsdefend.io
URL: https://letsdefend.io/blog/how-to-analyze-rtf-template-injection-attacks/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:e3d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
79066a1d9ef05bd56eed607049321dfdd5ba5587541268b06616dbd09b1f1549

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://letsdefend.io/blog/how-to-analyze-rtf-template-injection-attacks/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 14:47:00 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Mon, 26 Sep 2022 10:08:08 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"1d595-5e991b45b389e-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b1Rrbi3dchBKW3Bv7b6CA1LwV%2FPcOMuyFN3M9HDCmljTfTdTqB8Fr%2BRKrb%2FWoW4Kcl01P93lD2mg5VCB%2BV%2B%2BEuUTG9yy%2BmYMIQDPXIFaSaLXOlwxEdfujsDI2Kl%2BbmFewW9HLbMSoZP%2Bn4k%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
855e57f1feef9b8f-FRA
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://letsdefend.io
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Tue, 13 Feb 2024 08:48:58 GMT
x-content-type-options
nosniff
age
194282
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15744
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:48 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 12 Feb 2025 08:48:58 GMT
New-Project-300x255.jpg
letsdefend.io/blog/wp-content/uploads/2021/12/ 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://letsdefend.io/blog/wp-content/uploads/2021/12/New-Project-300x255.jpg
Requested by
Host: letsdefend.io
URL: https://letsdefend.io/blog/how-to-analyze-rtf-template-injection-attacks/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:e3d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3bc65666f23f47baf6c0f29befaa67467b8b13909340587e13b849c64dbbf6f5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://letsdefend.io/blog/how-to-analyze-rtf-template-injection-attacks/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 14:47:00 GMT
cf-cache-status
MISS
last-modified
Wed, 15 Dec 2021 19:09:32 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"2630-5d3340bba2648"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YWZgOD0Z1QkMPDRcxHzmQ%2Bd1mLtTKGirNE4Mt%2BpKHImaPOy4UFpLK7L0kapvrifube79WWIuVQJ%2Bi118DMFbx6rpo%2FY6XxcpBzQNUPcHhLb3uieEVbwRFHWIadqd2XrHEBsIjy1DG8fwgdM%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
855e57f24f5f9b8f-FRA
content-length
9776
image-7.png
letsdefend.io/blog/wp-content/uploads/2021/12/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://letsdefend.io/blog/wp-content/uploads/2021/12/image-7.png
Requested by
Host: letsdefend.io
URL: https://letsdefend.io/blog/how-to-analyze-rtf-template-injection-attacks/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:e3d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
334cbc764767a27c4e248d8a3bb0dfa8a50c019e64b58ce5ef73a04beb664459

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://letsdefend.io/blog/how-to-analyze-rtf-template-injection-attacks/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 14:47:00 GMT
cf-cache-status
MISS
last-modified
Wed, 15 Dec 2021 18:27:32 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"1e56-5d333758aaade"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nqXyWU%2BZ9HvTOZBUi95FqMBkbOcJBYFRnvTkgdn7Rx9ayjboeeLRTYeb5xcLLYbkx5ZHSJz4eFA0x%2Bjuu3xCsgZYcyGIAhJWJ0gJSMZGJ3ZA%2BXJZ83HUslcbFHDb50aJF61t73DhN1tIh1M%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
855e57f24f659b8f-FRA
content-length
7766
image-9.png
letsdefend.io/blog/wp-content/uploads/2021/12/ 		41 KB
41 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://letsdefend.io/blog/wp-content/uploads/2021/12/image-9.png
Requested by
Host: letsdefend.io
URL: https://letsdefend.io/blog/how-to-analyze-rtf-template-injection-attacks/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:e3d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e338d31d047fb9864a61aeca237d17c4c6e0d8a1ab359e7b9b5e028defca4235

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://letsdefend.io/blog/how-to-analyze-rtf-template-injection-attacks/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 14:47:00 GMT
cf-cache-status
MISS
last-modified
Wed, 15 Dec 2021 19:23:09 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"a290-5d3343c79c2b4"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a58gxL8U7BDlZ%2Fr5l2phD5VUE0k9GBuPDhtdkQ238b2IvolQPdxicaBr%2BpLYZ7v8SwFu3h%2FF5LDeAKF8cTQ%2Fj7RHFL3265b%2Bf1jj2zAzEB2FNwoaMpapQf78azYoP66XkbgrWWI%2BsgjJagU%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
855e57f24f679b8f-FRA
content-length
41616
image-1-1024x368.png
letsdefend.io/blog/wp-content/uploads/2021/12/ 		253 KB
253 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://letsdefend.io/blog/wp-content/uploads/2021/12/image-1-1024x368.png
Requested by
Host: letsdefend.io
URL: https://letsdefend.io/blog/how-to-analyze-rtf-template-injection-attacks/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:e3d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4b824b10bdf0c567e516a4f61d657d3bab7f625557b139662c9d01d73b1fa5ef

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://letsdefend.io/blog/how-to-analyze-rtf-template-injection-attacks/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 14:47:00 GMT
cf-cache-status
MISS
last-modified
Sun, 12 Dec 2021 11:52:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"3f2df-5d2f1975b5177"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a3ScZsmNxilrdUZqGvqcxlPF5mFmJnfKAC9QySPVKQhFYjqPcoEU3bGLJuVXX5J2O%2FYjerBrAw5KtsWPR7oNgnqqCa4zFuRfAreDMzsX0%2Fohd%2FelKIgeF2FLzK00SWlZ9ZXZu5WwbdV3oOQ%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
855e57f24f699b8f-FRA
content-length
258783
image.png
letsdefend.io/blog/wp-content/uploads/2021/12/ 		48 KB
48 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://letsdefend.io/blog/wp-content/uploads/2021/12/image.png
Requested by
Host: letsdefend.io
URL: https://letsdefend.io/blog/how-to-analyze-rtf-template-injection-attacks/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:e3d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9d7c26e8a3bdb97bb57c9c57f9e9d4d1c4b86fb9badd1e0bafb761e9981ce0dd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://letsdefend.io/blog/how-to-analyze-rtf-template-injection-attacks/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 14:47:00 GMT
cf-cache-status
MISS
last-modified
Sun, 12 Dec 2021 11:20:12 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"bf4b-5d2f123c0ea12"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fxId9KTIguOcl8ZxvD43C71ydPsxDNLxNNnGj0tHcX1biThgbnuvFSIdN04iq3H4QMwzZ32E6dJmQtCyCuVvavP8HWzn0Q5hlflJXIKHlPCyGZG89%2Br2RsHRgdX4dX3MQ8kJHuvmcTzQDnc%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
855e57f24f6d9b8f-FRA
content-length
48971
image-2.png
letsdefend.io/blog/wp-content/uploads/2021/12/ 		13 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://letsdefend.io/blog/wp-content/uploads/2021/12/image-2.png
Requested by
Host: letsdefend.io
URL: https://letsdefend.io/blog/how-to-analyze-rtf-template-injection-attacks/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:e3d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b9bc8d8bc5e63602a2039f224efc3bba7da583dbae96203351ebd7e11c76bb47

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://letsdefend.io/blog/how-to-analyze-rtf-template-injection-attacks/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 14:47:00 GMT
cf-cache-status
MISS
last-modified
Sun, 12 Dec 2021 12:27:28 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"351c-5d2f2144f7a17"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ecO4s21%2B7OBl1SOFn63quTwKIRuOIWLOVCNxZ0c8BlCfNIT6Qhe4%2Bqp1Gj6Waljw33SMdmn0eOGho7El0nVTmDuoA2JhhMD0jL6r6oa%2Bub9lF2Ma4fBncDF%2BoIg6LO3uKwLweHJbERIhe2s%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
855e57f24f709b8f-FRA
content-length
13596
letsdefend-social-2-1024x535.png
letsdefend.io/blog/wp-content/uploads/2022/01/ 		225 KB
225 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://letsdefend.io/blog/wp-content/uploads/2022/01/letsdefend-social-2-1024x535.png
Requested by
Host: letsdefend.io
URL: https://letsdefend.io/blog/how-to-analyze-rtf-template-injection-attacks/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:e3d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7a78917d3d2b07af64d5c5118a44ede7a96fd6ab55017dd4141f4909d8ca8ff5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://letsdefend.io/blog/how-to-analyze-rtf-template-injection-attacks/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 14:47:00 GMT
cf-cache-status
REVALIDATED
last-modified
Mon, 24 Jan 2022 20:43:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"38355-5d65a0585d99d"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mM2aB%2BXgED4WnKNuW14gvt1DKcLEPQIBtDuBasibnA4IwV5ysL%2BaS2eGND1EUVauMTANOCMAWNpxp4gQhfm8K%2BTYZQZxbIuOCB0bMVaGhWyS0HLH9OdHsXJMpLO8A6t49ReKRUntq9Cok5o%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
855e57f27fa99b8f-FRA
content-length
230229
js
www.googletagmanager.com/gtag/ 		265 KB
90 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-HSKZYXTX40&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-180235701-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
f31f9262418092e00ad634c6b73858d73dcc8de0acd2b9ffb2007121bc49918d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://letsdefend.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 14:47:00 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
91920
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 15 Feb 2024 14:47:00 GMT
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-180235701-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://letsdefend.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 15 Feb 2024 13:30:40 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
4580
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Thu, 15 Feb 2024 15:30:40 GMT
main.js
letsdefend.io/cdn-cgi/challenge-platform/h/g/scripts/jsd/16c3caa4cd49/ Frame 3B46
Redirect Chain
  • https://letsdefend.io/cdn-cgi/challenge-platform/scripts/jsd/main.js
  • https://letsdefend.io/cdn-cgi/challenge-platform/h/g/scripts/jsd/16c3caa4cd49/main.js
8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://letsdefend.io/cdn-cgi/challenge-platform/h/g/scripts/jsd/16c3caa4cd49/main.js
Requested by
Host: letsdefend.io
URL: https://letsdefend.io/blog/how-to-analyze-rtf-template-injection-attacks/
Protocol
H2
Server
2606:4700:20::681a:e3d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1ea9be212e13ee42ec252065d8139eae943b42085023bb4b4cfb6d2e584115dd
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 14:47:00 GMT
content-encoding
br
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r%2BXltTyxVZa9jFM%2BfIgpcffyODo%2Fh9mBnxobZ6V7ul%2FCxWZ0qdXVQaCuzcZCNsxvP6RS4DsCv4MoROGoR4YAm0A90BDYINCKgJBKthPQkv%2FYRuTVQEHT2b1FDEBEDimY04UScQBXBFRlQ7I%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, public
cf-ray
855e57f3793b9b8f-FRA

Redirect headers

date
Thu, 15 Feb 2024 14:47:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0%2F5maBpIhoqY8B2ENB84qIdGgyCxsB0yZZQa%2BSodI2EE120rN%2BtepKSFPn1Z6Ang4y65A6WSUIrgHRvxEGp%2FiFq4vX4VEqaDJh9ZQ2zbMxsS049kDcfLmTu%2Bz1e%2BhGxRCBv9s92B6FPJtcg%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
location
/cdn-cgi/challenge-platform/h/g/scripts/jsd/16c3caa4cd49/main.js
cache-control
max-age=300, public
cf-ray
855e57f359069b8f-FRA
collect
www.google-analytics.com/j/ 		1 B
204 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1357370009&t=pageview&_s=1&dl=https%3A%2F%2Fletsdefend.io%2Fblog%2Fhow-to-analyze-rtf-template-injection-attacks%2F&ul=en-us&de=UTF-8&dt=How%20to%20Analyze%20RTF%20Template%20Injection%20Attacks&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAACAAI~&jid=1606159840&gjid=1476569518&cid=1675903390.1708008420&tid=UA-180235701-1&_gid=2147333361.1708008420&_r=1&gtm=457e42c0za200&gcd=13l3l3l3l1&dma_cps=sypham&dma=1&jsscut=1&z=770208965
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://letsdefend.io/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 15 Feb 2024 14:47:00 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://letsdefend.io
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
region1.analytics.google.com/g/ 		0
252 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-HSKZYXTX40&gtm=45je42c0v880989509za200&_p=1708008420142&_gaz=1&gcd=13l3l3l3l1&npa=0&dma_cps=sypham&dma=1&cid=1675903390.1708008420&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_eu=AAAI&_s=1&sid=1708008420&sct=1&seg=0&dl=https%3A%2F%2Fletsdefend.io%2Fblog%2Fhow-to-analyze-rtf-template-injection-attacks%2F&dt=How%20to%20Analyze%20RTF%20Template%20Injection%20Attacks&en=page_view&_fv=1&_ss=1&tfd=1063
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-HSKZYXTX40&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://letsdefend.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Feb 2024 14:47:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://letsdefend.io
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
252 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-HSKZYXTX40&cid=1675903390.1708008420&gtm=45je42c0v880989509za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l3l1&npa=0
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-HSKZYXTX40&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://letsdefend.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Feb 2024 14:47:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://letsdefend.io
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-HSKZYXTX40&cid=1675903390.1708008420&gtm=45je42c0v880989509za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l3l1&npa=0&z=1485562159
Requested by
Host: letsdefend.io
URL: https://letsdefend.io/blog/how-to-analyze-rtf-template-injection-attacks/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://letsdefend.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Feb 2024 14:47:00 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
855e57edd8229b8f
letsdefend.io/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame 3B46 		0
495 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://letsdefend.io/cdn-cgi/challenge-platform/h/g/jsd/r/855e57edd8229b8f
Requested by
Host: letsdefend.io
URL: https://letsdefend.io/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:e3d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
Content-Type
application/json

Response headers

date
Thu, 15 Feb 2024 14:47:00 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
855e57f4dbac9b8f-FRA
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5miC1C2z5XwRC0MXCuZqWCL7iAN7VipEQcqygjkTyGzTGk4evpG9kCSPYzUg0K9nqb0sLyqXLA8qIScP7jYr7f6mIwU79om%2F8nzM%2F20uRBx2tqS7HlSPkyb9WmDpedO1QyJpiAYPTwv1GPs%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=UTF-8

Verdicts & Comments Add Verdict or Comment

58 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| _wpemojiSettings object| _ckyConfig object| _ckyStyles object| cookieyes function| _revisitCkyConsent function| revisitCkyConsent undefined| $ function| jQuery function| gtag object| dataLayer object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| rtocScrollAnimation object| rtocBackButton object| rtocBackDisplayPC object| rtocOpenText object| rtocCloseText object| twemoji object| wp object| addComment function| heateorSssLoadEvent string| heateorSssSharingAjaxUrl string| heateorSssCloseIconPath string| heateorSssPluginIconPath number| heateorSssHorizontalSharingCountEnable number| heateorSssVerticalSharingCountEnable number| heateorSssSharingOffset number| heateorSssMobileStickySharingEnabled string| heateorSssCopyLinkMessage object| heateorSssUrlCountFetched string| heateorSssSharesText string| heateorSssShareText function| heateorSssPopup function| heateorSssDetermineWhatsappShareAPI function| heateorSssMoreSharingPopup function| heateorSssFilterSharing object| heateorSssFacebookTargetUrls function| heateorSssGetSharingCounts function| heateorSssFetchFacebookShares function| heateorSssFBShareJSONCall function| heateorSssSaveFacebookShares function| heateorSssCalculateApproxCount function| heateorSssCalculateActualCount function| heateorSssCapitaliseFirstLetter function| heateorSssHideSharing function| ClipboardJS object| credtheme function| credthemeDomReady function| credthemeToggleAttribute function| credthemeMenuToggle function| credthemeFindParents object| gaplugins object| gaGlobal object| gaData function| onYouTubeIframeAPIReady

5 Cookies

Domain/Path Name / Value
.letsdefend.io/ Name: _gid
Value: GA1.2.2147333361.1708008420
.letsdefend.io/ Name: _gat_gtag_UA_180235701_1
Value: 1
.letsdefend.io/ Name: _ga_HSKZYXTX40
Value: GS1.1.1708008420.1.0.1708008420.60.0.0
.letsdefend.io/ Name: _ga
Value: GA1.1.1675903390.1708008420
.letsdefend.io/ Name: cf_clearance
Value: odmoA0bwP6_1oBouuTrLYYFBEQ0DiX2KkbVi92ajdEM-1708008420-1.0-Ac49KtTtWwFgsZfMQDPn6c/i52Hnc4ZOF4Mg5S19VfK26+y+mKqasqQqWd5hHUS+xx7NRQVW6tv9R/JQfQcyz44=

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn-images.mailchimp.com
fonts.googleapis.com
fonts.gstatic.com
letsdefend.io
region1.analytics.google.com
stats.g.doubleclick.net
www.google-analytics.com
www.google.de
www.googletagmanager.com
2001:4860:4802:34::36
2606:4700:20::681a:e3d
2a00:1450:4001:801::2003
2a00:1450:4001:811::2008
2a00:1450:4001:829::200a
2a00:1450:4001:82f::200e
2a00:1450:4001:830::2003
2a00:1450:400c:c00::9c
65.9.86.15
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
044e23c82b961f3be087ed1382e2dfa31267101920b04ec0824e45a29a6df210
1b0cbb2d7fc4361bc9d84723f607abd4979d4fc884e674b103da336522c116ce
1ea9be212e13ee42ec252065d8139eae943b42085023bb4b4cfb6d2e584115dd
32d231fa9489d2a56c33cf2ee6a55af33eaf1a8e0090f40db361aed09aea8827
334cbc764767a27c4e248d8a3bb0dfa8a50c019e64b58ce5ef73a04beb664459
3bc65666f23f47baf6c0f29befaa67467b8b13909340587e13b849c64dbbf6f5
44004199012159c073f8c965213f9e0aecd633dfe1d58641d7f497d3c7423a61
4904cfa87d1b314cf60aca3724823b87241b8112cfd19f170ce20aee7b95455a
4b824b10bdf0c567e516a4f61d657d3bab7f625557b139662c9d01d73b1fa5ef
5072185bb6070502d0349bc1590b5dd7c5b338d806790b16f45ef015d27365fe
5422c32ea5926fa7b4bc078ea890d21931c365491b901a2c8830835adf4d46c7
5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782
613b1a7b4e9e279b4bcceed16041478402a795ac76653535589480190b3aa1c0
6aa8aa4564be108a18c85c5977720a113f935109720df28051e48b19d980ec47
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
79066a1d9ef05bd56eed607049321dfdd5ba5587541268b06616dbd09b1f1549
7a78917d3d2b07af64d5c5118a44ede7a96fd6ab55017dd4141f4909d8ca8ff5
87e1ed8c94d134e4e068a17891d3dad0d122ee052bf061da0ca0e87b3da75069
9d7c26e8a3bdb97bb57c9c57f9e9d4d1c4b86fb9badd1e0bafb761e9981ce0dd
b7757c19eb75dd97b0d5233d791fd140bc9480a5155bf39bbf628c0ea5bfbe50
b9bc8d8bc5e63602a2039f224efc3bba7da583dbae96203351ebd7e11c76bb47
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
cb35bfecf09375dbe3191fe813eb7a2955be780529c11ab94c62ad33cb9d3b10
d7705700d24d5919255576642ad2c28bfc790390b7183a369038ff5c1e814d51
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789
e31945f36829084904dd044d4304c5e2fe85b44f87a48ad9e21a09f64ddcc0c0
e338d31d047fb9864a61aeca237d17c4c6e0d8a1ab359e7b9b5e028defca4235
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ea4572b03a347e79a0374653cd73c9630ce51985420fe9da50a9254025c8f438
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f31f9262418092e00ad634c6b73858d73dcc8de0acd2b9ffb2007121bc49918d
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615