www.hunters.security Open in urlscan Pro
199.60.103.227 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2
Submission: On December 02 via manual (December 2nd 2024, 12:02:01 pm UTC) from GB — Scanned from GB

Summary HTTP 115 Redirects Links 11 Behaviour Indicators

Summary

This website contacted 31 IPs in 3 countries across 27 domains to perform 115 HTTP transactions. The main IP is 199.60.103.227, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare London, LLC, US. The main domain is www.hunters.security.
TLS certificate: Issued by WE1 on November 16th 2024. Valid for: 3 months.

This is the only time www.hunters.security was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
50	199.60.103.227 199.60.103.227	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare London)
13	2606:4700:440... 2606:4700:4400::6812:297c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:81d::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6811:f9cb	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:2800:233... 2606:2800:233:66b5:799a:7cd3:f74d:7071	15133 (EDGECAST) (EDGECAST)
3	104.17.24.14 104.17.24.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.16.117.43 104.16.117.43	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	157.240.251.9 157.240.251.9	32934 (FACEBOOK) (FACEBOOK)
3	146.75.120.157 146.75.120.157	54113 (FASTLY) (FASTLY)
2	2606:4700::68... 2606:4700::6810:7674	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:8cd1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:df98	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:8b11	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700:440... 2606:4700:4400::6812:28f0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700::68... 2606:4700::6810:7574	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:afc9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2a00:1450:400... 2a00:1450:4001:81d::2008	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:f16c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.19.175.188 104.19.175.188	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:26f0:780... 2a02:26f0:780::5f65:36e3	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
4	2.16.204.72 2.16.204.72	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
1	2001:4860:480... 2001:4860:4802:32::178	15169 (GOOGLE) (GOOGLE)
2	2a04:4e42:600... 2a04:4e42:600::396	54113 (FASTLY) (FASTLY)
1 3	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a04:4e42::396 2a04:4e42::396	54113 (FASTLY) (FASTLY)
1	151.101.129.140 151.101.129.140	54113 (FASTLY) (FASTLY)
1	172.66.0.227 172.66.0.227	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.244.42.3 104.244.42.3	13414 (TWITTER) (TWITTER)
1	2a02:26f0:480... 2a02:26f0:480:22::1726:62ee	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
115	31

50 199.60.103.227 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US)

www.hunters.security	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2606:4700:4400::6812:297c (United States)

ASN13335 (CLOUDFLARENET, US)

5765386.fs1.hubspotusercontent-na1.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81d::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:f9cb (United States)

ASN13335 (CLOUDFLARENET, US)

www.unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:233:66b5:799a:7cd3:f74d:7071 (United States)

ASN15133 (EDGECAST, US)

platform.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.17.24.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.117.43 (None, )

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 157.240.251.9 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-fra5.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 146.75.120.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:7674 (United States)

ASN13335 (CLOUDFLARENET, US)

app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:8cd1 (United States)

ASN13335 (CLOUDFLARENET, US)

js-na1.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:df98 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:8b11 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsleadflows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:4400::6812:28f0 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:7574 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:afc9 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:81d::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:f16c (United States)

ASN13335 (CLOUDFLARENET, US)

api.hubapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.19.175.188 (None, )

ASN13335 (CLOUDFLARENET, US)

perf-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:780::5f65:36e3 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2.16.204.72 (Hamburg, Germany)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
PTR: a2-16-204-72.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::178 (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:600::396 (United States)

ASN54113 (FASTLY, US)

www.redditstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42::396 (United States)

ASN54113 (FASTLY, US)

pixel-config.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.129.140 (San Francisco, United States)

ASN54113 (FASTLY, US)

alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.66.0.227 (United States)

ASN13335 (CLOUDFLARENET, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.3 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:480:22::1726:62ee (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
50	hunters.security www.hunters.security	2 MB
13	hubspotusercontent-na1.net 5765386.fs1.hubspotusercontent-na1.net	415 KB
5	6sc.co j.6sc.co — Cisco Umbrella Rank: 5557 c.6sc.co — Cisco Umbrella Rank: 6739 ipv6.6sc.co — Cisco Umbrella Rank: 5633 b.6sc.co — Cisco Umbrella Rank: 3603	20 KB
5	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	529 KB
5	hubspot.com app.hubspot.com — Cisco Umbrella Rank: 5921 js.hubspot.com — Cisco Umbrella Rank: 3653 cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 3677 track.hubspot.com — Cisco Umbrella Rank: 2477 forms.hubspot.com — Cisco Umbrella Rank: 6196	29 KB
5	linkedin.com 1 redirects platform.linkedin.com — Cisco Umbrella Rank: 3945 px.ads.linkedin.com — Cisco Umbrella Rank: 333 px4.ads.linkedin.com — Cisco Umbrella Rank: 7032	163 KB
4	facebook.net connect.facebook.net — Cisco Umbrella Rank: 192	151 KB
3	twitter.com platform.twitter.com — Cisco Umbrella Rank: 1634 analytics.twitter.com — Cisco Umbrella Rank: 991	28 KB
3	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 225	14 KB
2	reddit.com pixel-config.reddit.com — Cisco Umbrella Rank: 2010 alb.reddit.com — Cisco Umbrella Rank: 1418	761 B
2	redditstatic.com www.redditstatic.com — Cisco Umbrella Rank: 1095	13 KB
2	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2343	26 KB
1	t.co t.co — Cisco Umbrella Rank: 904	628 B
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 1016	16 KB
1	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 36	21 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 831	14 KB
1	hsforms.com perf-na1.hsforms.com — Cisco Umbrella Rank: 3819	958 B
1	hubapi.com api.hubapi.com — Cisco Umbrella Rank: 3690	827 B
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2358	25 KB
1	hsleadflows.net js.hsleadflows.net — Cisco Umbrella Rank: 5955	92 KB
1	hsadspixel.net js.hsadspixel.net — Cisco Umbrella Rank: 3341	3 KB
1	hs-scripts.com js-na1.hs-scripts.com — Cisco Umbrella Rank: 6680	1006 B
1	zoominfo.com ws.zoominfo.com — Cisco Umbrella Rank: 4514	2 KB
1	unpkg.com www.unpkg.com — Cisco Umbrella Rank: 44542	4 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 29	1 KB
0	facebook.com Failed www.facebook.com Failed
0	fontawesome.com Failed kit.fontawesome.com Failed
115	27

	Domain	Requested by
50	www.hunters.security	www.hunters.security
13	5765386.fs1.hubspotusercontent-na1.net	www.hunters.security
5	www.googletagmanager.com	www.hunters.security js.hsadspixel.net www.googletagmanager.com
4	connect.facebook.net	www.hunters.security connect.facebook.net
3	px.ads.linkedin.com	1 redirects snap.licdn.com
3	cdnjs.cloudflare.com	www.hunters.security
2	b.6sc.co
2	www.redditstatic.com	www.googletagmanager.com www.redditstatic.com
2	js.hs-banner.com	js-na1.hs-scripts.com js.hs-banner.com
2	platform.twitter.com	www.hunters.security platform.twitter.com
1	ipv6.6sc.co	j.6sc.co
1	c.6sc.co	j.6sc.co
1	analytics.twitter.com
1	t.co
1	alb.reddit.com
1	pixel-config.reddit.com	www.redditstatic.com
1	px4.ads.linkedin.com
1	static.ads-twitter.com	www.googletagmanager.com
1	www.google-analytics.com	www.googletagmanager.com
1	j.6sc.co	www.hunters.security
1	snap.licdn.com	js.hsadspixel.net
1	perf-na1.hsforms.com
1	forms.hubspot.com	js.hsleadflows.net
1	track.hubspot.com
1	api.hubapi.com	js.hsadspixel.net
1	cta-service-cms2.hubspot.com	js.hubspot.com
1	js.hs-analytics.net	js-na1.hs-scripts.com
1	js.hubspot.com	js-na1.hs-scripts.com
1	js.hsleadflows.net	js-na1.hs-scripts.com
1	js.hsadspixel.net	js-na1.hs-scripts.com
1	js-na1.hs-scripts.com	www.hunters.security
1	app.hubspot.com	www.hunters.security
1	ws.zoominfo.com	www.hunters.security
1	platform.linkedin.com	www.hunters.security
1	www.unpkg.com	www.hunters.security
1	fonts.googleapis.com	www.hunters.security
0	www.facebook.com Failed
0	kit.fontawesome.com Failed	www.hunters.security
115	38

This site contains links to these domains. Also see Links.

Domain
go.hunters.security
twitter.com
www.linkedin.com
support.microsoft.com
learn.microsoft.com
github.com
www.x.com
www.youtube.com
www.instagram.com
x.com

Subject Issuer	Validity	Valid
www.hunters.security WE1	`2024-11-16` - `2025-02-14`	3 months	crt.sh
hubspotusercontent-na1.net WE1	`2024-10-27` - `2025-01-26`	3 months	crt.sh
upload.video.google.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
unpkg.com WE1	`2024-11-23` - `2025-02-21`	3 months	crt.sh
platform.linkedin.com DigiCert SHA2 Secure Server CA	`2024-06-13` - `2025-06-13`	a year	crt.sh
cdnjs.cloudflare.com WE1	`2024-11-26` - `2025-02-24`	3 months	crt.sh
zoominfo.com E6	`2024-11-12` - `2025-02-10`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-09-10` - `2024-12-09`	3 months	crt.sh
*.twimg.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-06-24` - `2025-07-25`	a year	crt.sh
hubspot.com WE1	`2024-12-01` - `2025-03-01`	3 months	crt.sh
hs-scripts.com WE1	`2024-11-24` - `2025-02-22`	3 months	crt.sh
hsadspixel.net WE1	`2024-10-10` - `2025-01-08`	3 months	crt.sh
hsleadflows.net WE1	`2024-11-27` - `2025-02-25`	3 months	crt.sh
hs-banner.com WE1	`2024-11-22` - `2025-02-20`	3 months	crt.sh
hs-analytics.net WE1	`2024-10-07` - `2025-01-05`	3 months	crt.sh
*.google-analytics.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
hubapi.com WE1	`2024-11-07` - `2025-02-05`	3 months	crt.sh
hsforms.com WE1	`2024-10-10` - `2025-01-08`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
6sc.co R10	`2024-09-23` - `2024-12-22`	3 months	crt.sh
www.redditstatic.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-10-06` - `2025-04-03`	6 months	crt.sh
ads-twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-06-25` - `2025-06-24`	a year	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-10-14` - `2025-04-14`	6 months	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2024-10-13` - `2025-04-11`	6 months	crt.sh
t.co E6	`2024-11-26` - `2025-02-24`	3 months	crt.sh
*.twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-08-19` - `2025-08-18`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2
Frame ID: 40C3EEDBD501B962225368033730AA4D
Requests: 114 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fwww.hunters.security
Frame ID: CEEDF5751E647FA6D077E73BB3FA6D05
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Unmasking VEILDrive: Threat Actors Exploit Microsoft Services for C2

Detected technologies

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.linkedin\.com/in\.js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js

Slick (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

<link [^>]+(?:/([\d.]+)/)?slick-theme\.css
(?:/([\d.]+))?/slick(?:\.min)?\.js

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

115
Requests

96 %
HTTPS

63 %
IPv6

27
Domains

38
Subdomains

31
IPs

3
Countries

4108 kB
Transfer

7719 kB
Size

26
Cookies

11 Outgoing links

These are links going to different origins than the main page.

URL: https://go.hunters.security/hunterscon-2024
Title: HuntersCON

Search URL Search Domain Scan URL

URL: https://twitter.com/share?url=https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2&via=gotosage

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/shareArticle?mini=true&url=https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2&title=Unmasking%20VEILDrive:%20Threat%20Actors%20Exploit%20Microsoft%20Services%20for%20C2&summary=Discover%20how%20the%20latest%20cybersecurity%20threat%20research%20on%20VEILDrive%20exposes%20attackers%20exploiting%20Microsoft%20services%20for%20C2,%20bypassing%20defenses,%20and%20leveraging%20SaaS%20infrastructure.

Search URL Search Domain Scan URL

URL: https://support.microsoft.com/en-gb/windows/solve-pc-problems-remotely-using-quick-assist-b077e31a-16f4-2529-1a47-21f6a9040bf3
Title: Quick Assist

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/microsoftteams/trusted-organizations-external-meetings-chat?tabs=organization-settings
Title: External Access

Search URL Search Domain Scan URL

URL: https://github.com/profesorfalken/jPowerShell
Title: jPowerShell

Search URL Search Domain Scan URL

URL: http://www.x.com/team__axon
Title: @team__axon

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/hunters-ai/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCUufMdZ-6mS4dqEFI81IRKw

Search URL Search Domain Scan URL

URL: https://www.instagram.com/lifeathunters/

Search URL Search Domain Scan URL

URL: https://x.com/hunters_ai

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 99

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2064881&time=1733140921010&url=https%3A%2F%2Fwww.hunters.security%2Fen%2Fblog%2Fveildrive-microsoft-services-malware-c2 HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2064881&time=1733140921010&url=https%3A%2F%2Fwww.hunters.security%2Fen%2Fblog%2Fveildrive-microsoft-services-malware-c2&e_ipv6=AQL3hy_gN3MkcAAAAZOHP7tidBBA8kck31evgsFooMe6C8QGzJxEHbmeE_p_cD42aFfdhoo

115 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 Primary Request veildrive-microsoft-services-malware-c2 Show response
www.hunters.security/en/blog/ 145 KB
34 KB 196ms
90ms Document
text/html 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f93fff611a9e87de73be016f193f6eeb6e3d3a19f0aface0a2fa3edac264e452

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: s-maxage=10800, max-age=0
cf-ray: 8ebb2a4c3bdf9520-LHR
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-security-policy-report-only: default-src 'self' 'unsafe-inline' 5765386.fs1.hubspotusercontent-na1.net; script-src 'self' 'unsafe-inline' *.hsadspixel.net *.hs-analytics.net js.hscta.net *.hubspot.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com *.google.com *.hunters.security.com *.googleapis.com *.twitter.com *.facebook.net *.linkedin.com *.hotjar.com unpkg.com *.cloudflare.com *.fontawesome.com *.zoominfo.com googletagmanager.com *.licdn.com googleads.g.doubleclick.net 5765386.fs1.hubspotusercontent-na1.net googletagmanager.com webthemez.com j.6sc.co google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com/analytics.js js.chilipiper.com *.cookiebot.com 'unsafe-eval';connect-src 'self' *.hubapi.com js.hscta.net *.hubspot.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com *.hunters.security.com hunters.security localhost:1442 5765386.fs1.hubspotusercontent-na1.net wss://ws.hotjar.com content.hotjar.io px.ads.linkedin.com vc.hotjar.io content.hotjar.io ws.zoominfo.com google-analytics.com c.6sc.co ipv6.6sc.co webthemez.com analytics.google.com *.google.com stats.g.doubleclick.net j.6sc.co google-analytics.com *.google.com analytics.google.com stats.g.doubleclick.net https://www.google-analytics.com metrics.hotjar.io http://localhost:1442/ www.comeet.co *.cookiebot.com; frame-src *.hubspot.com *.hs-sites.com *.hubspot.net play.hubspotvideo.com *.hsforms.net *.hsforms.com *.hunters.security.com *.google.com *.twitter.com *.facebook.com *.doubleclick.net metrics.hotjar.io demostack.app googletagmanager.com webthemez.com *.youtube.com *.zoominfo.com app.hubspot.com *.chilipiper.com *.cookiebot.com; font-src 'self' *; style-src 'self' 'unsafe-inline' *; img-src 'self' data:
content-type: text/html; charset=UTF-8
date: Mon, 02 Dec 2024 12:01:57 GMT
edge-cache-tag: CT-182226747037,CG-24463927651,P-5765386,W-67518999559,CW-113865751404,CW-114030893094,CW-127063834721,CW-177021600416,CW-97550317662,E-113857786690,E-113858768455,E-113858809947,E-113865332764,E-114002466428,E-114356373127,E-114370662982,E-126880748318,E-126882284039,E-126882549514,E-126882549552,E-126882575241,E-126882575404,E-126882575644,E-127024241524,E-127040996237,E-127041525412,E-127662486199,E-127662486200,E-127662695006,E-130719549746,E-133487975192,E-176293618185,E-177020218457,MENU-67518999559,PGS-ALL,SW-3,B-24463927651,GC-113864403970,GC-113870397194,TS-113857760160
last-modified: Fri, 29 Nov 2024 22:52:21 GMT
link: </hs/hsstatic/content-cwv-embed/static-1.1293/embed.js>; rel=preload; as=script,</hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js>; rel=preload; as=script,</hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
permissions-policy: geolocation=*
priority: u=0,i
referrer-policy: no-referrer-when-downgrade
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hl8UCRn4R12yks%2FxZUT4SkVOO7pJd9dWZ1X6EU1sDptbaJQCxJ0S1YOqYVD8Ve2wCTTqtnSIYnqzZni9Qddd2OtG5Lyxeomx%2BPnA18vLyQv4Wc%2Bo%2BakdJINO%2BTwCIk6i2AdSBoGk"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfExtPri
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: sameorigin
x-hs-cache-config: BrowserCache-5s-EdgeCache-180s
x-hs-cache-control: s-maxage=10800, max-age=0
x-hs-cf-cache-status: HIT
x-hs-content-campaign-id: eac7b83e-5b5c-4fb6-8394-9c82ca03e975
x-hs-content-id: 182226747037
x-hs-hub-id: 5765386
x-hs-prerendered: Fri, 29 Nov 2024 22:52:21 GMT

GET
H3 200 embed.js Show response
www.hunters.security/hs/hsstatic/content-cwv-embed/static-1.1293/ 13 KB
5 KB 90ms
89ms Script
application/javascript 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hs/hsstatic/content-cwv-embed/static-1.1293/embed.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cb5224674e43d02db0037517f4aa29ba5ce9ddd0672e513cc7289714ba657522

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"f667e53d5752ee2e5759f3dfaf20d330"
age: 121286
x-amz-version-id: AFGFBaAC1397GFbOapH2DRIkjQ_NaZzY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TZxOgqiH55qoTT7%2BDvq4%2F9MVi51mfFlSUj9%2FCS2QZQspSdH7RGgocXdIqQicVVMRPYFGfVrN%2FA4uKxXUPtOERGzoyZ5n9iLfx0a4aHrc9qAS5IoB%2FJArqnSQuJrwMJY6%2FHfD0MCw"}],"group":"cf-nel","max_age":604800}
expires: Tue, 02 Dec 2025 12:01:57 GMT
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: lpWOJ_zdMXFHJm5duZ2GUB55jYNuXLltjv2NHv7Zc9v-LjdXhLo2Hw==
date: Mon, 02 Dec 2024 12:01:57 GMT
content-type: application/javascript
last-modified: Mon, 23 Sep 2024 19:59:06 GMT
vary: accept-encoding
priority: u=1,i=?0
server-timing: cfExtPri
strict-transport-security: max-age=31536000
x-amz-replication-status: COMPLETED
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via: 1.1 01d9de39ec907ee6febcea913f8cbfa2.cloudfront.net (CloudFront)
cf-ray: 8ebb2a4ccd499520-LHR
x-amz-cf-pop: LHR50-P6
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 project.js Show response
www.hunters.security/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/ 2 KB
1 KB 143ms
143ms Script
application/javascript 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fb56af9f7623a55839dfb9cf019b05664a62e1b41671d925f3ed587c506443b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"ef84f26c310485299d6b75777414eddb"
age: 283414
x-amz-version-id: gEenO44eZUewxnIWfgj9q6LB.g9OszNv
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oIguqUp65gUDj8G0yQmkIlpfv3IZ53r7Rt8pwXDrzUwbbCsNtXeOBEbjGEjE5XJRNJ3jfaHXchN%2BL5Hx%2BIk%2BbX9cvzXcALa2YA1YDyN60%2FsMhSVzlKi%2BNyscBgmeQMz6ZJF4Sgrn"}],"group":"cf-nel","max_age":604800}
expires: Tue, 02 Dec 2025 12:01:57 GMT
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: -xgYbSkrxPwTYnIoK9L_AZxBwqR3mCc1rYiFHPDkCXL9Y9PnCJ2ZIg==
date: Mon, 02 Dec 2024 12:01:57 GMT
content-type: application/javascript
last-modified: Wed, 19 Aug 2020 22:24:11 GMT
vary: accept-encoding
priority: u=1,i=?0
server-timing: cfExtPri
strict-transport-security: max-age=31536000
x-amz-replication-status: COMPLETED
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via: 1.1 7e7605dff243a25ecb1590c5d7dcc7f0.cloudfront.net (CloudFront)
cf-ray: 8ebb2a4ccd509520-LHR
x-amz-cf-pop: LHR50-P6
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 project.js Show response
www.hunters.security/hs/hsstatic/cos-i18n/static-1.53/bundles/ 1 KB
1 KB 143ms
143ms Script
application/javascript 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"61ca66de658cab9587e4636894680d5d"
age: 209284
x-amz-version-id: P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Bnd5ddTypfPCUVbjzbowiPXMp17TjG4266NSdr%2BqEqXu%2FUzGrXKX5m6bu1el6oDNG6s%2By2DyoiGsHXpqXpvjWJDB1G83a6oTmczR4A8r%2BYYxZlGP9t9QM5JhNHEoLUYlRUoOKoUo"}],"group":"cf-nel","max_age":604800}
expires: Tue, 02 Dec 2025 12:01:57 GMT
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: hcSFTo_D6PCzjsNbcFYcxXx-qYjVK-tzh0fiKfqcZ_ndENb8NGD0UA==
date: Mon, 02 Dec 2024 12:01:57 GMT
content-type: application/javascript
last-modified: Tue, 09 Nov 2021 16:12:42 GMT
vary: accept-encoding
priority: u=1,i=?0
server-timing: cfExtPri
strict-transport-security: max-age=31536000
x-amz-replication-status: COMPLETED
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via: 1.1 a93ae2d95d8c99abc86774820825335a.cloudfront.net (CloudFront)
cf-ray: 8ebb2a4ccd539520-LHR
x-amz-cf-pop: LHR50-P6
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 F37JudgeBoldCompressed.woff2
5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/May%202022/Fonts/F37-Judge-Bold/ 37 KB
37 KB 245ms
186ms Font
application/font-woff2 2606:4700:4400::6812:297c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/May%202022/Fonts/F37-Judge-Bold/F37JudgeBoldCompressed.woff2
Requested by: Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 631550304df547eb64d2d7af3e6bc30bf346fdd47640adefcbe22263b36d65b4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.hunters.security
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: all
cf-cache-status: HIT
etag: "54e5c65113bb56ee4af633895983b9d3"
age: 1600965
cache-tag: F-74685838647,FD-74685881460,P-5765386,FLS-ALL
x-amz-version-id: oROJePp8ny04DPku2cFXECrZhzDxBHie
x-cache: RefreshHit from cloudfront
x-amz-cf-id: gHzuOXxdpjzPx0KvjjB8whgGnZiONWUQAwQmKnMbrZsTFEbbZRD0uw==
content-type: application/font-woff2
last-modified: Fri, 27 May 2022 11:06:03 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-74685838647,FD-74685881460,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: Q331YRKXKDXGPNAC
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
x-amz-meta-cache-tag: F-74685838647,FD-74685881460,P-5765386,FLS-ALL
content-length: 37524
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
date: Mon, 02 Dec 2024 12:01:57 GMT
vary: Accept-Encoding
x-amz-id-2: reR2TVXQqDIeAFFfX/+Rcek4/jdujRSyjZ0rw8BLisOJHAbmtSaIbFCHV2ka98zVq0jiVmKnVCPbma3bJNR8sA==
timing-allow-origin: 5765386.fs1.hubspotusercontent-na1.net
via: 1.1 95b26b715ee81beaff56d7e9f185da2e.cloudfront.net (CloudFront)
cf-ray: 8ebb2a4d490cf65e-LHR
access-control-allow-origin: *
x-amz-cf-pop: LHR3-C2
x-amz-meta-created-unix-time-millis: 1653649201795

GET
H2 200 F37JudgeBoldCompressed.woff
5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/May%202022/Fonts/F37-Judge-Bold/ 54 KB
55 KB 225ms
166ms Font
application/font-woff 2606:4700:4400::6812:297c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/May%202022/Fonts/F37-Judge-Bold/F37JudgeBoldCompressed.woff
Requested by: Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4aeece6fda59aeaf7ea1271ac3ecbe1189bd88726b444d8813de296f0ad41ad8

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.hunters.security
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"fcdb90a6762c4f6d4b1d785202df4df8"
age: 2002412
cache-tag: F-74685838648,FD-74685881460,P-5765386,FLS-ALL
x-amz-version-id: bxO6WUkxLECrzA9CObgprRT8g6V_LjJt
x-cache: Miss from cloudfront
x-amz-cf-id: Mznqcn24kKEDHw8Tjqkl4hDkn9kgVfBFBnyh6AbmGAbFJjWLelbDOg==
content-type: application/font-woff
last-modified: Fri, 27 May 2022 11:06:02 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-74685838648,FD-74685881460,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: 3JJQ87TTAVD2ZQ4A
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-74685838648,FD-74685881460,P-5765386,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
date: Mon, 02 Dec 2024 12:01:57 GMT
vary: Accept-Encoding
x-amz-id-2: Fq9MK0ht6SY4yyrVE1gN0v+1j9irConZIWb/V7VSBWVSOula78IDZ8jelc80Lm8g5S02ue//pVE=
timing-allow-origin: 5765386.fs1.hubspotusercontent-na1.net
via: 1.1 1c88a6c8b60d1139cfca12b34b1f9828.cloudfront.net (CloudFront)
cf-ray: 8ebb2a4d2895f65e-LHR
access-control-allow-origin: *
x-amz-cf-pop: MAN50-C2
x-amz-meta-created-unix-time-millis: 1653649201856

GET
H2 200 GraphikRegularWeb.woff2
5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/May%202022/Fonts/Graphik-Regular/ 30 KB
30 KB 244ms
185ms Font
application/font-woff2 2606:4700:4400::6812:297c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/May%202022/Fonts/Graphik-Regular/GraphikRegularWeb.woff2
Requested by: Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a5ef33de34661d7ae6bce5bc0b514687f2813f7ade07b4e2511611c62c7494ac

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.hunters.security
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: all
cf-cache-status: HIT
etag: "e2d3e1bd2dba862a1c76e2cc88ac1776"
age: 1285665
cache-tag: F-74688893267,FD-74688893086,P-5765386,FLS-ALL
x-amz-version-id: 9bSL54EBoxaoAARqnLg2bUn5vMLmIfW0
x-cache: Miss from cloudfront
x-amz-cf-id: kYUgs6gfHq3voRax2EbQ6c1jdKTkZU7n725RxnjGkwcPwnN25zWfHg==
content-type: application/font-woff2
last-modified: Fri, 27 May 2022 11:14:17 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-74688893267,FD-74688893086,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: XH4XNCD811RFWHD9
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
x-amz-meta-cache-tag: F-74688893267,FD-74688893086,P-5765386,FLS-ALL
content-length: 30480
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Mon, 02 Dec 2024 12:01:57 GMT
vary: Accept-Encoding
x-amz-id-2: xQ+o6BLMoUNRXA5QIUnVKURlR6lQjXbLN8lvLqdc41K2MCMnKCjHWWNcjQLfIejj1POBNLvbIIM=
timing-allow-origin: 5765386.fs1.hubspotusercontent-na1.net
via: 1.1 ed123fb341b4af39cf924aafa949d976.cloudfront.net (CloudFront)
cf-ray: 8ebb2a4d4912f65e-LHR
access-control-allow-origin: *
x-amz-cf-pop: LHR62-C4
x-amz-meta-created-unix-time-millis: 1653650056855

GET
H2 200 GraphikRegularWeb.woff
5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/May%202022/Fonts/Graphik-Regular/ 40 KB
41 KB 199ms
140ms Font
application/font-woff 2606:4700:4400::6812:297c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/May%202022/Fonts/Graphik-Regular/GraphikRegularWeb.woff
Requested by: Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ea9a85e8c7b1ba0c225aec7ced73372fd08fba0bb37faa515a47008aceb550a1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.hunters.security
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"fc1a5bae62a99fa59c23f0576cebae23"
age: 1136572
cache-tag: F-74688947978,FD-74688893086,P-5765386,FLS-ALL
x-amz-version-id: 1UScc5WOOidn3hjYnkMBOExxdbhthO8_
x-cache: RefreshHit from cloudfront
x-amz-cf-id: uuUTxGJyxz3AG341pQuhZ0M5YBH6BbwrJ52ruHYPifumHZZ9bj9p6g==
content-type: application/font-woff
last-modified: Fri, 27 May 2022 11:14:18 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-74688947978,FD-74688893086,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: DXH58FX009PKWRCK
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-74688947978,FD-74688893086,P-5765386,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Mon, 02 Dec 2024 12:01:57 GMT
vary: Accept-Encoding
x-amz-id-2: WG4cJSSzpLeTFn4Flt4Q5GSxb49oc7if+hp6kBclome+/EQMTbo8COoR3ZxLivXw5B14jqoQmjZ5UjNkBTdoUg9PppRYCm9q
timing-allow-origin: 5765386.fs1.hubspotusercontent-na1.net
via: 1.1 d6a4f7a34966a5e0069bb151bf9adb7a.cloudfront.net (CloudFront)
cf-ray: 8ebb2a4d2898f65e-LHR
access-control-allow-origin: *
x-amz-cf-pop: LHR3-C2
x-amz-meta-created-unix-time-millis: 1653650057194

GET
H2 200 GraphikMediumWeb.woff2
5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/May%202022/Fonts/Graphik-Medium/ 34 KB
35 KB 225ms
166ms Font
application/font-woff2 2606:4700:4400::6812:297c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/May%202022/Fonts/Graphik-Medium/GraphikMediumWeb.woff2
Requested by: Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bc95b09fc339140c69c5136e815b78be4ef324669185635fc3aef462e8d7df83

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.hunters.security
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: all
cf-cache-status: HIT
etag: "aa45b0c2aae2e5fe139bebd1dfdff19e"
age: 1285627
cache-tag: F-74689121951,FD-74686513451,P-5765386,FLS-ALL
x-amz-version-id: nhNd1_3PHI0s79bODgTLIoIpudYFz6ze
x-cache: RefreshHit from cloudfront
x-amz-cf-id: s_wdzN-yUMULvQfhBRA1Ln3EveGsnSXlkGUfFHuki7TvO_1UPbvP7A==
content-type: application/font-woff2
last-modified: Fri, 27 May 2022 11:18:23 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-74689121951,FD-74686513451,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: QYFNCNSQN64S8563
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
x-amz-meta-cache-tag: F-74689121951,FD-74686513451,P-5765386,FLS-ALL
content-length: 34712
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Mon, 02 Dec 2024 12:01:57 GMT
vary: Accept-Encoding
x-amz-id-2: rVVvVgCy0HKSgYlgHXnq9yoHBBCdDFoupzY+c5HTrp55u++PsWLzHFKqOPwVCEFxwjQh/qv3Vrk=
timing-allow-origin: 5765386.fs1.hubspotusercontent-na1.net
via: 1.1 ab7ef1002486648bddb0e6bc684500bc.cloudfront.net (CloudFront)
cf-ray: 8ebb2a4d288ef65e-LHR
access-control-allow-origin: *
x-amz-cf-pop: LHR62-C4
x-amz-meta-created-unix-time-millis: 1653650302473

GET
H2 200 GraphikMediumWeb.woff
5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/May%202022/Fonts/Graphik-Medium/ 45 KB
46 KB 222ms
164ms Font
application/font-woff 2606:4700:4400::6812:297c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/May%202022/Fonts/Graphik-Medium/GraphikMediumWeb.woff
Requested by: Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5ee453db69de2afe22f2abc664d11aa3b8720f3b24a8d82d2a1d2306be008e93

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.hunters.security
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"fcffb480afa2b61f3e96a65a4371050c"
age: 275266
cache-tag: F-74686513466,FD-74686513451,P-5765386,FLS-ALL
x-amz-version-id: rLgVVtHx16aoM4Ice3_nDtYzGojOWLuA
x-cache: Miss from cloudfront
x-amz-cf-id: lEdgrC45QVbS5WuO7u8PQRBG8QLAnfZQkiqP6cX29fRr9iUw3PeH7A==
content-type: application/font-woff
last-modified: Fri, 27 May 2022 11:18:23 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-74686513466,FD-74686513451,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: 1BTYMWSTKED5CWTT
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-74686513466,FD-74686513451,P-5765386,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Mon, 02 Dec 2024 12:01:57 GMT
vary: Accept-Encoding
x-amz-id-2: cT2jK4TEw2+hM4JFrwmXURMHItkOnx/zQFmZXM8y67nyxeq07LG2u3vuBfvhf6F2fSSm8DxL/EQ=
timing-allow-origin: 5765386.fs1.hubspotusercontent-na1.net
via: 1.1 9a0da3962832290b2dd219763f12257a.cloudfront.net (CloudFront)
cf-ray: 8ebb2a4d288df65e-LHR
access-control-allow-origin: *
x-amz-cf-pop: LHR3-C2
x-amz-meta-created-unix-time-millis: 1653650302463

GET
H2 200 GraphikSemiboldWeb.woff2
5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/May%202022/Fonts/Graphik-Semibold/ 34 KB
35 KB 243ms
185ms Font
application/font-woff2 2606:4700:4400::6812:297c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/May%202022/Fonts/Graphik-Semibold/GraphikSemiboldWeb.woff2
Requested by: Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6a28d627f3677c456980de2b9026548c69a9f542993b2b5b6d8608882fe1e878

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.hunters.security
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: all
cf-cache-status: HIT
etag: "e13cf054833eb8ba8d3ffc1e1c2cb82e"
age: 1061740
cache-tag: F-74689240845,FD-74689122096,P-5765386,FLS-ALL
x-amz-version-id: E4J3u.P1u8zLJOqkt22N.5.YJpbVcz61
x-cache: RefreshHit from cloudfront
x-amz-cf-id: EZ35HU0vFLdIdZuhvLuRKv0blH5yYDazhv7YjBnAiVjWm7I8YL1gaQ==
content-type: application/font-woff2
last-modified: Fri, 27 May 2022 11:21:39 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-74689240845,FD-74689122096,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: VSN6GY9FNRPE44QW
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
x-amz-meta-cache-tag: F-74689240845,FD-74689122096,P-5765386,FLS-ALL
content-length: 34772
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Mon, 02 Dec 2024 12:01:57 GMT
vary: Accept-Encoding
x-amz-id-2: 6i/yxWvXuEkmSi+Howb0WCSIHE73zcG9RQELdAETq7hnCodP+iXpBjf/shhgEXQiONwlL4//bns=
timing-allow-origin: 5765386.fs1.hubspotusercontent-na1.net
via: 1.1 1d01c9eafefacaa6322fccd6199f781c.cloudfront.net (CloudFront)
cf-ray: 8ebb2a4d289bf65e-LHR
access-control-allow-origin: *
x-amz-cf-pop: LHR3-C2
x-amz-meta-created-unix-time-millis: 1653650498635

GET
H2 200 GraphikSemiboldWeb.woff
5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/May%202022/Fonts/Graphik-Semibold/ 45 KB
46 KB 225ms
167ms Font
application/font-woff 2606:4700:4400::6812:297c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/May%202022/Fonts/Graphik-Semibold/GraphikSemiboldWeb.woff
Requested by: Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 90eefa1db290de170e8127aa6f3ad079f38762aa27b4c885670cf5d757c0f2fa

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.hunters.security
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"9f90b54a350e13f1a49e108263dc77fd"
age: 1156995
cache-tag: F-74689122130,FD-74689122096,P-5765386,FLS-ALL
x-amz-version-id: Gi5MSgpYdkr_yWE00VeiwtpigLTzp4EV
x-cache: Miss from cloudfront
x-amz-cf-id: FcjqBI0nK8q5DLa54eOh05ipRw6tjdkGUpcBmON6eOgSsmNLsIrbFw==
content-type: application/font-woff
last-modified: Fri, 27 May 2022 11:21:39 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-74689122130,FD-74689122096,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: ZY73HT0X5E0HG075
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-74689122130,FD-74689122096,P-5765386,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Mon, 02 Dec 2024 12:01:57 GMT
vary: Accept-Encoding
x-amz-id-2: utvy+8NqNc0F6aU3oxT81x6Yo0M8452lH1I4/R2aKXbf66o3cRKrl3N1mXUdgqtbD1cW7GYuKyG8O0hwXSNivTGyAYgnjqapyAmozo9vUdU=
timing-allow-origin: 5765386.fs1.hubspotusercontent-na1.net
via: 1.1 7bf85fcd0812bc8811f794ae1fccfd96.cloudfront.net (CloudFront)
cf-ray: 8ebb2a4d2894f65e-LHR
access-control-allow-origin: *
x-amz-cf-pop: LHR3-C2
x-amz-meta-created-unix-time-millis: 1653650498577

GET
H2 200 GraphikBoldWeb.woff2
5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/May%202022/Fonts/Graphik-Bold/ 36 KB
37 KB 383ms
324ms Font
application/font-woff2 2606:4700:4400::6812:297c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/May%202022/Fonts/Graphik-Bold/GraphikBoldWeb.woff2
Requested by: Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 424560f6d441470e553c5c2d0e31a7df189ddb73ea43d909714d57b16f024624

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.hunters.security
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: all
cf-cache-status: HIT
etag: "0fb4b480278277d351d7afefe46bf6e8"
age: 311734
cache-tag: F-74687526932,FD-74689491725,P-5765386,FLS-ALL
x-amz-version-id: aqs.ab3Smnu9FGL_UhGDqku4oUVVMHEq
x-cache: RefreshHit from cloudfront
x-amz-cf-id: J8PEl4l4UaF_Gkerq-F4yUjsgGe4KigVTE40aZqBLkuFbQw5NZFSiQ==
content-type: application/font-woff2
last-modified: Fri, 27 May 2022 11:23:34 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-74687526932,FD-74689491725,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: F0ZEG8E1TBFDY417
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
x-amz-meta-cache-tag: F-74687526932,FD-74689491725,P-5765386,FLS-ALL
content-length: 37044
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Mon, 02 Dec 2024 12:01:57 GMT
vary: Accept-Encoding
x-amz-id-2: WJHyTcctnusAULWJRhxxdf9KxhX7fAXLtsMtLUGFrMJ2RTqs9NHvFxal+CibXCNKVNj7E5JXsjk=
timing-allow-origin: 5765386.fs1.hubspotusercontent-na1.net
via: 1.1 812340d4e76cb03e2d09a3ae9f9fd8b8.cloudfront.net (CloudFront)
cf-ray: 8ebb2a4d2891f65e-LHR
access-control-allow-origin: *
x-amz-cf-pop: LHR3-C2
x-amz-meta-created-unix-time-millis: 1653650613120

GET
H2 200 GraphikBoldWeb.woff
5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/May%202022/Fonts/Graphik-Bold/ 48 KB
48 KB 202ms
144ms Font
application/font-woff 2606:4700:4400::6812:297c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/May%202022/Fonts/Graphik-Bold/GraphikBoldWeb.woff
Requested by: Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ef4bfee18eaf9bb02c3d3c93ce39551cff6effb9b29678a118c808b0b92489a0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.hunters.security
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"911f0d5fac02bc40cd5381f22e2fcaba"
age: 2150639
cache-tag: F-74689255197,FD-74689491725,P-5765386,FLS-ALL
x-amz-version-id: S2hh5ffEdgyJNoO5lDEhL2UBGwqv.dRz
x-cache: RefreshHit from cloudfront
x-amz-cf-id: 3Z4nCe1sg3jZ3jPJFZ65322ssjQ9ZD2aXaUEERit0haCa4GoYvEG7A==
content-type: application/font-woff
last-modified: Fri, 27 May 2022 11:23:34 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-74689255197,FD-74689491725,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: 8G4CCNYF9ZBKJRKT
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-74689255197,FD-74689491725,P-5765386,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Mon, 02 Dec 2024 12:01:57 GMT
vary: Accept-Encoding
x-amz-id-2: OPv9CcgSvQoTo5lUVXZsXWjEx4b1dkdHa7BqT5TXQd4fwygJ3SeCyk4v5gS9klb35MbjlXJNzjc=
timing-allow-origin: 5765386.fs1.hubspotusercontent-na1.net
via: 1.1 f715245c12dc1f6bdadc387db50e442c.cloudfront.net (CloudFront)
cf-ray: 8ebb2a4d2893f65e-LHR
access-control-allow-origin: *
x-amz-cf-pop: LHR3-C2
x-amz-meta-created-unix-time-millis: 1653650613108

GET
H2 200 css2
fonts.googleapis.com/ 2 KB
1 KB 129ms
48ms Stylesheet
text/css 2a00:1450:4001:81d::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto&display=swap

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

23428c6301061ebb006b127c5841235122a23672f0041d08a9518520795a1bde

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 02 Dec 2024 12:01:57 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 02 Dec 2024 12:01:57 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Mon, 02 Dec 2024 11:40:21 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H3 200 main.min.css
www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/113858768455/1730201284054/Hunters_Theme_May_2023/css/ 164 KB
38 KB 89ms
88ms Stylesheet
text/css 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/113858768455/1730201284054/Hunters_Theme_May_2023/css/main.min.css

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d46b85c9bfc0fa2045feaa27ead9491e95cc1c2a6e09f834f0ed6710eaceaefa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-request-id: b3278f3c-09d5-4097-b25d-4084d11105d8
content-encoding: gzip
cf-cache-status: HIT
etag: W/"a157f5adf5dd5c41e21b0b9a04b61c0a"
age: 1937
x-amz-version-id: iRuUDL3FKL4U7R6Ga9FXc5psP.12JJZE
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZJ2ndG3mOcDbKy%2FcgAGEQLNKEGzGjpGWJJlNX7FBbe34eaFaJC1iGInOqq5JE%2BTYzsfw2LtKVyczhYEul9nEs%2BGY3dFmNZdGFCbXQSjUwUjLdx9Ex6HPPLj8nGIKj75HABVcYBra"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: IkmTQ5GoCWKdXh-M35s1pdAFWT219vsvpCgRuYHoZEig7ZZ7hJhyNw==
x-hubspot-correlation-id: b3278f3c-09d5-4097-b25d-4084d11105d8
content-type: text/css
last-modified: Tue, 29 Oct 2024 11:28:06 GMT
priority: u=0,i=?0
server-timing: cfExtPri
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-6548769dcd-pl227
x-envoy-upstream-service-time: 268
x-amz-request-id: R7ZQ6Y0E54AK8CG4
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Mon, 02 Dec 2024 12:01:57 GMT
vary: origin, Accept-Encoding
x-amz-id-2: OZJtPauzLWzl5SYHUmX+9bLLyjSTavj3rdnNePUTwbT5EWdOWDWtS5FYzQ5wuB+XWkYIdsvfSXk=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.hunters.security
access-control-allow-credentials: false
via: 1.1 0fbab52df0695e2a561cd26eb7f9484c.cloudfront.net (CloudFront)
cf-ray: 8ebb2a4ccd589520-LHR
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1730201285365

GET
H2 200 aos.css
www.unpkg.com/aos@2.3.1/dist/ 25 KB
4 KB 135ms
74ms Stylesheet
text/css 2606:4700::6811:f9cb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.unpkg.com/aos@2.3.1/dist/aos.css

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:f9cb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1aa8845fd06e475aefe733d4e55b36a92fcd487975049c8172341827ac9cc03e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

content-encoding: br
cf-cache-status: HIT
etag: "65c5-BVfTdFS2f0LyyxAeV+UHD7EZNXA"
age: 22044312
x-content-type-options: nosniff
date: Mon, 02 Dec 2024 12:01:57 GMT
content-type: text/css; charset=utf-8
last-modified: Thu, 17 May 2018 22:11:13 GMT
fly-request-id: 01HSJMWAW7RMV2VA9FMYK8M07X-lhr
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=31536000
via: 1.1 fly.io
cf-ray: 8ebb2a4d29cbcdc2-LHR
access-control-allow-origin: *
server: cloudflare

GET
H3 200 slick-theme.css
www.hunters.security/hubfs/Theme%20-%202022/Coded_file/ 4 KB
2 KB 115ms
114ms Stylesheet
text/css 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hubfs/Theme%20-%202022/Coded_file/slick-theme.css

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

238b1cf831e99615cf4d403ccdecbc5a3a615f2f0f8e92179cc69f9ec7d60b0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"ac139110825d34d1df5de4182f5faa12"
age: 503365
cache-tag: F-69248747294,FD-69248485214,P-5765386,FLS-ALL
x-amz-version-id: z1bsZX54c1Duha0qf2GLwEA1Ju475_Hl
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TdNBA13miscbl3G%2FMObQWN0qDF6syjd02ue2sHVssb2jik9hh9U0HLAAjMLLBeA0Ey49Eg%2FOabfRicsP029bUVjYCQBwnylkBMVOMh49LZPK7Rv6dLThLCgnthsL1b2qdzLH5QPy"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: -oS0IylkoRp2LnUYJxLApcJGYTpCK_ya9r74ndIKHnxt10fyMbNf7A==
content-type: text/css
last-modified: Wed, 06 Apr 2022 12:25:58 GMT
priority: u=0,i=?0
server-timing: cfExtPri
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-69248747294,FD-69248485214,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: 89D2S7A256Z1AAES
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-69248747294,FD-69248485214,P-5765386,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
date: Mon, 02 Dec 2024 12:01:57 GMT
vary: Accept-Encoding
x-amz-id-2: ct3tAhqoZSJSNBDpzqEMJCbhD631vBlnzZNTg6ErwZJBoaoRoyQcPi6Q1QuqH50wt1DZKF+VvOs=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 2b96208e6ce6998ae8238248686b1d0a.cloudfront.net (CloudFront)
cf-ray: 8ebb2a4ccd5e9520-LHR
access-control-allow-origin: *
x-amz-cf-pop: DUB56-P2
x-amz-meta-created-unix-time-millis: 1648029640205

GET
H3 200 easy-responsive-tabs.min.css
www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/114002466428/1688126129748/Hunters_Theme_May_2023/css/ 3 KB
2 KB 137ms
135ms Stylesheet
text/css 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/114002466428/1688126129748/Hunters_Theme_May_2023/css/easy-responsive-tabs.min.css

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

10dc028779c21e5b3f1bc41e19eaccdca81a38e53e7712439d271ceb6174f534

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-request-id: 96867512-c31c-490c-a3c6-a742ce7c5a12
content-encoding: gzip
cf-cache-status: HIT
etag: W/"9b3e369494f25ea9c18f4f72ef2213ec"
x-amz-version-id: BY9GNWlAAug9FlkNRr2aEQugpO0wA3Rx
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A%2F9jCih%2BaTSziNNpPUBUnyRHUxOLmFFc%2FmLpnSW%2FkSScZIwMZ4K2SaSEjz30kPO19hB1sZjJIt2dGTs1zrJwhEPTG20hau5MtVi1R%2FKmm60iI5Zy2vt8CMmlYLiOe1hfpnABG2dz"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: noBztixQ3sXThYGG-M7WeNBEwjlrGiX5d8Vc8jN1zt40kUNJnPz-aQ==
x-hubspot-correlation-id: 96867512-c31c-490c-a3c6-a742ce7c5a12
content-type: text/css
last-modified: Fri, 30 Jun 2023 11:55:31 GMT
priority: u=0,i=?0
server-timing: cfExtPri
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-679cd85c5c-x5dn4
x-envoy-upstream-service-time: 184
x-amz-request-id: 1EQB2AKRA55KQGF3
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Mon, 02 Dec 2024 12:01:57 GMT
vary: origin, Accept-Encoding
x-amz-id-2: nY6Seu6yzcRfi2wQ2N1WSq7ymVCiVl3wsN3/WhLIxdaYbVDSGtNBFO/qKyJEmRROwoLj24OAGegjbsRbEJSQbU1h9Aj3G0CB
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.hunters.security
access-control-allow-credentials: false
via: 1.1 6946167499a4b8f515865d62f0b0b284.cloudfront.net (CloudFront)
cf-ray: 8ebb2a4ccd659520-LHR
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD61-P1
x-amz-meta-created-unix-time-millis: 1688126130469

GET
H3 200 prism.css
www.hunters.security/hubfs/hunters_theme_files/coded_files/ 6 KB
4 KB 115ms
114ms Stylesheet
text/css 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hubfs/hunters_theme_files/coded_files/prism.css

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2f352a7de3dda4ecc29be98eaf8ecf19731d7d68038058f5568e3117228b9a82

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"3dd7dff137c510bff50522c86539bb99"
age: 100677
cache-tag: F-176294964336,FD-176294964329,P-5765386,FLS-ALL
x-amz-version-id: oAon8SFHzDJTzJyzo0pdwPdI3oMcMiGJ
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5u5DP0nRZylo%2Fvparhl4rRUSSqPb4d94aswXfqK3bgwnHPISlSHVK%2BBL4D3H8XlmX4x9pJniXaKgq28AM6X9A%2F9KT08H948CmA37ZFRDKhmplsWMkoao5L2CqIZux15Gg%2B39LHab"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: n0vMrftYyAcFUU7PlNIEEJ8f_crPrMNgmHEa-qH3GruOib9kHYPtFA==
content-type: text/css
last-modified: Wed, 21 Aug 2024 20:09:19 GMT
priority: u=0,i=?0
server-timing: cfExtPri
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-176294964336,FD-176294964329,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: KQDQGSZK4P7DD565
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-176294964336,FD-176294964329,P-5765386,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Mon, 02 Dec 2024 12:01:57 GMT
vary: Accept-Encoding
x-amz-id-2: HLzICq1rS9OxjVdTpPJwaEjYlqGhdtz2dGNd/V5gSZ7Zww+5V6wBA1BhVe0vfjxoIibjii6zh+c=
strict-transport-security: max-age=31536000
x-amz-meta-access-tag: public-indexable
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 9a0da3962832290b2dd219763f12257a.cloudfront.net (CloudFront)
cf-ray: 8ebb2a4ccd679520-LHR
access-control-allow-origin: *
x-amz-cf-pop: LHR3-C2
x-amz-meta-created-unix-time-millis: 1724270958871

GET
H3 200 slick.css
www.hunters.security/hubfs/Theme%20-%202022/Coded_file/ 2 KB
2 KB 115ms
114ms Stylesheet
text/css 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hubfs/Theme%20-%202022/Coded_file/slick.css

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

de1e399b07289f3b0a8d35142e363e128124a1185770e214e25e58030dad48e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"f38b2db10e01b1572732a3191d538707"
age: 506402
cache-tag: F-69248658105,FD-69248485214,P-5765386,FLS-ALL
x-amz-version-id: lv8LwiVh7O8FnrKTBtURlNZDqFrl1rNS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ks0T3Nytvn3csztrosrwrGJA2D4RbjzRJj2bp3jOi83RMSDGsxqykEnjLwbqd50ILZ6S8TbbLeN3JFYo%2BcsIAekjmD8beUplEOhBtMysU%2FhUbB%2F2zuKS6eXDZ5gyiw1q1JEreV1g"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: hYoml8ZBkIkBogOPKB8of7lVdSZow069a2wcLGXrAWZrTyyYloV-cw==
content-type: text/css
last-modified: Wed, 23 Mar 2022 10:00:41 GMT
priority: u=0,i=?0
server-timing: cfExtPri
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-69248658105,FD-69248485214,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: PCB05QHSSJ0TWYH4
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-69248658105,FD-69248485214,P-5765386,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
date: Mon, 02 Dec 2024 12:01:57 GMT
vary: Accept-Encoding
x-amz-id-2: HtQ1/P0Lg08CSzmqLPXUgV7exJwZEv574XuDMjVj5xOHmxPyjCjH1nddsOWZf8jUQPDw39cgwmY=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 f5d0d7ef1ae798041bd732fc0f8e6dae.cloudfront.net (CloudFront)
cf-ray: 8ebb2a4ccd6d9520-LHR
access-control-allow-origin: *
x-amz-cf-pop: LHR3-C2
x-amz-meta-created-unix-time-millis: 1648029640205

GET
H3 200 jquery-1.11.2.js Show response
www.hunters.security/hs/hsstatic/jquery-libs/static-1.4/jquery/ 94 KB
33 KB 89ms
88ms Script
application/javascript 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hs/hsstatic/jquery-libs/static-1.4/jquery/jquery-1.11.2.js

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"5790ead7ad3ba27397aedfa3d263b867"
age: 121462
x-amz-version-id: null
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VDtHfiKZdDLRvfHTMn9mhFgx3bOAufaypJu3ESeDeuIrD74Jkq21yVSdnZl3nzKv7aZOjba2nDBzoAC5A6X3y%2Bj9IjFgbR6B7UJ6dhuOVzY9W9XEpyI9ce0cO63mF89mYpRdFVm9"}],"group":"cf-nel","max_age":604800}
expires: Tue, 02 Dec 2025 12:01:57 GMT
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-amz-cf-id: SjiFOVX5wzZF7-__p4h0tcRYY5uExi7Kdl1_qkd1ctvbmvYWmsK6ag==
date: Mon, 02 Dec 2024 12:01:57 GMT
content-type: application/javascript
last-modified: Thu, 08 Jan 2015 18:08:00 GMT
vary: accept-encoding
priority: u=1,i=?0
server-timing: cfExtPri
strict-transport-security: max-age=31536000
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via: 1.1 403878b7454f6fe706d117ca3ebbd716.cloudfront.net (CloudFront)
cf-ray: 8ebb2a4ccd719520-LHR
x-amz-cf-pop: LHR50-P6
server: cloudflare

GET
H3 200 jquery-migrate-1.2.1.js Show response
www.hunters.security/hs/hsstatic/jquery-libs/static-1.4/jquery-migrate/ 7 KB
4 KB 141ms
140ms Script
application/javascript 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hs/hsstatic/jquery-libs/static-1.4/jquery-migrate/jquery-migrate-1.2.1.js

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1e67d8dbcca1f6fd94e077c85c2fb40fa1c2756c99238daa8da882144260a68d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"eb05d8d73b5b13d8d84308a4751ece96"
age: 209696
x-amz-version-id: null
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=73w98md5avUpaoM4bFHomf5JZRQzZ9uRF7envzQMNFhJ776JB18un3f8awg7p4OglPWvMh%2BXiJhZkRhHUT45Xn5g9f%2Fsb0DLjbbP8z32ERN3%2FotPWJ%2FvRLu%2B%2Fwbf2G7cc3r8wPF4"}],"group":"cf-nel","max_age":604800}
expires: Tue, 02 Dec 2025 12:01:57 GMT
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: AKonbUcLKOa5EwWXbS5gG6BJgupjhO8oHR1g5lFxbFrmLMjgix_8fQ==
date: Mon, 02 Dec 2024 12:01:57 GMT
content-type: application/javascript
last-modified: Thu, 08 Jan 2015 18:08:00 GMT
vary: accept-encoding
priority: u=1,i=?0
server-timing: cfExtPri
strict-transport-security: max-age=31536000
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via: 1.1 34214b9a4887c1cdb1a08c4e2e17bcfc.cloudfront.net (CloudFront)
cf-ray: 8ebb2a4ccd749520-LHR
x-amz-cf-pop: LHR50-P6
server: cloudflare

GET
H3 200 blog.css
www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/133487975192/1725515743800/Hunters_Theme_May_2023/css/ 32 KB
9 KB 191ms
190ms Stylesheet
text/css 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/133487975192/1725515743800/Hunters_Theme_May_2023/css/blog.css

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2f6f9f7221a54fc4900e4ed44711c25b3370354baf336529033882586d75152c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-request-id: 942660aa-ed56-45c5-8c66-90d01643cc47
content-encoding: gzip
cf-cache-status: HIT
etag: W/"7fe698814a172c18a2c5ba080260505c"
x-amz-version-id: BOWJ5B2WfnjK5WqpTgULzR0J2MoyWeP_
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zRHq18%2FqMfn8FXD2cRQCbEE8P%2F3OV1%2F5LSeo5NiYo4cx1hLfL3sriVHX13v0pWiOcirjzuG1lE0uzFsrCh8Ghi0y%2FB5yejpfZmOu0VEUpnSszewZlgV8%2FlDPfAgxReOdD0UGfmha"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: Hqh8k6glTshW3N3L4-XZeZWCxFLO86Qqbhgrmfoy-wh_k2i5dNxBdA==
x-hubspot-correlation-id: 942660aa-ed56-45c5-8c66-90d01643cc47
content-type: text/css
last-modified: Thu, 05 Sep 2024 05:55:44 GMT
priority: u=0,i=?0
server-timing: cfExtPri
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-54797cf595-k2wrb
x-envoy-upstream-service-time: 207
x-amz-request-id: 9NK1G1VSKWYJ3P55
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Mon, 02 Dec 2024 12:01:57 GMT
vary: origin, Accept-Encoding
x-amz-id-2: wauFmkYyFuCg8UqwCT+MJK7ohDtLHI1y9GFRBJG8jQCexp4pQzbUZYx2s8LJJAan2iajTwMs1o0=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.hunters.security
access-control-allow-credentials: false
via: 1.1 64c95802ff188dd41dd32c313bef089c.cloudfront.net (CloudFront)
cf-ray: 8ebb2a4ccd799520-LHR
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD61-P1
x-amz-meta-created-unix-time-millis: 1725515743800

GET
H3 200 magnific-popup.min.css
www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/130719549746/1693291612591/Hunters_Theme_May_2023/css/ 5 KB
3 KB 137ms
136ms Stylesheet
text/css 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/130719549746/1693291612591/Hunters_Theme_May_2023/css/magnific-popup.min.css

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3d92e113ac3031b838001ddddf965d045f470ff748ff2e116b30378910eeaecb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-request-id: bfeedded-a067-488a-b206-447fd2f76dce
content-encoding: gzip
cf-cache-status: HIT
etag: W/"64912a79884a20761ab19de42f85218c"
x-amz-version-id: Xjt7jqVG9NhQHsz_IZzhHZq6jRGc4F63
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YGfKfs021q1WxiQ1Fn0ooxM3h0OnNlEq%2BJyYIszKltyhfgU0DeMpcusDNJ2y78Yj1KLLS%2FNoRgTMEIh5t4dd1HPFJDg5ehZ6Zo64JVwOGKukI1WsfGUDu1D%2BSf9%2BkUvvCuAlxeIh"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: 7hRx9_nTVOlo-rggpuQzs1w7Bh30RRsWEDsrlPU48s8en4nA7ktvww==
x-hubspot-correlation-id: bfeedded-a067-488a-b206-447fd2f76dce
content-type: text/css
last-modified: Tue, 29 Aug 2023 06:46:53 GMT
priority: u=0,i=?0
server-timing: cfExtPri
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-6548769dcd-nlpn7
x-envoy-upstream-service-time: 161
x-amz-request-id: NGSQAH8FV5MWTYJJ
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Mon, 02 Dec 2024 12:01:57 GMT
vary: origin, Accept-Encoding
x-amz-id-2: lczgUFSAtFIEdksf0PlRDQ2WNuI+mQxLFGwVP5fyoT07DkXeRTdOhfBtoYrUocyDk7kkh7aa4Fc=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.hunters.security
access-control-allow-credentials: false
via: 1.1 71f1cca040033ebffc591cf9392d1528.cloudfront.net (CloudFront)
cf-ray: 8ebb2a4ccd7e9520-LHR
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1693291612591

GET
H3 200 easy-responsive-tabs.min.css
www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/114002466428/1693291614672/Hunters_Theme_May_2023/css/ 3 KB
2 KB 115ms
114ms Stylesheet
text/css 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/114002466428/1693291614672/Hunters_Theme_May_2023/css/easy-responsive-tabs.min.css

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

10dc028779c21e5b3f1bc41e19eaccdca81a38e53e7712439d271ceb6174f534

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-request-id: 386e71d0-0af9-49f4-9a44-96ee6aa15786
content-encoding: gzip
cf-cache-status: HIT
etag: W/"9b3e369494f25ea9c18f4f72ef2213ec"
age: 985
x-amz-version-id: WRfDjq3ykki5RbUHXjGTj2jUB4D3Ghw8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sSyfqMFjfTG7qSQ8ckIHb2vBMdtkaDCnUDEL5B7h2JfagbyzaGCujvuLWBj00lFaDkNlOA9IlXjguTsvGH86HDOeXo3GF6%2F0RdbH52pmsOdhD6wY%2BbsjhZZlxokYBTiqiwqHj8R8"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: 1_KX9HLk5gk8d_cf3aYneQ5PvASHCioD4sai1xqJtHMBx0Rzm2aeDw==
x-hubspot-correlation-id: 386e71d0-0af9-49f4-9a44-96ee6aa15786
content-type: text/css
last-modified: Tue, 29 Aug 2023 06:46:56 GMT
priority: u=0,i=?0
server-timing: cfExtPri
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-6548769dcd-cqlxj
x-envoy-upstream-service-time: 220
x-amz-request-id: G4VEQQ71RVZPNKCF
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Mon, 02 Dec 2024 12:01:57 GMT
vary: origin, Accept-Encoding
x-amz-id-2: rLqq/NQduw37PiOYr+T2c9nGLJNvgGqXuuLL6OzFQgAIspd3/xPIrcOq2VQQuETskzYXu50eUjetZonmnY1D7EzXEGIWX4vslKgl5/CSp7s=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.hunters.security
access-control-allow-credentials: false
via: 1.1 50f5f6b4e0025748bb74dce1db44c750.cloudfront.net (CloudFront)
cf-ray: 8ebb2a4ccd7f9520-LHR
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1693291615367

GET
H3 200 style.min.css
www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/127041525412/1728555178550/Hunters_Theme_May_2023/css/ 104 KB
24 KB 139ms
138ms Stylesheet
text/css 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/127041525412/1728555178550/Hunters_Theme_May_2023/css/style.min.css

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e639f213682c84c7ed4da94c224b65a4cfa532975476b44d6b3d22ae0ef8afc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-request-id: c2510047-dfbb-40dc-b368-67e0d5dc2ca3
content-encoding: gzip
cf-cache-status: HIT
etag: W/"3f0e6ccb2f417c511a3bf11d7ae9598f"
age: 1317
x-amz-version-id: lCcO0jaM1q_hQTtMrlUAIh_oSgGTbYQJ
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lrI43HRf1po%2Bqo%2BgDlNnhF54hXB3M1CtV%2B26TO0h9U2m1vqNUWs7lKJCb7rKptJspCFKdm2WhN6IpcV2T4e1gNDSTcmqMpD3C0oneg9oL%2F9jP5U3QrVVk4cXyBT%2BJc5WuclNjm1T"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: 0BvkW5GuIJb4yuDxl2hY_zO7G3f6cIEgz07vjs6QGSZwCAHvEw8Vww==
x-hubspot-correlation-id: c2510047-dfbb-40dc-b368-67e0d5dc2ca3
content-type: text/css
last-modified: Thu, 10 Oct 2024 10:13:00 GMT
priority: u=0,i=?0
server-timing: cfExtPri
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-679cd85c5c-4hrwm
x-envoy-upstream-service-time: 179
x-amz-request-id: RRG3ZKNBF3Q259TG
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Mon, 02 Dec 2024 12:01:57 GMT
vary: origin, Accept-Encoding
x-amz-id-2: evAg01DigPgMHj2rr8Mu07/o50QB3nnlfopV9YslZSdPd3yGebvVtJlMxDMCPQusmKXX8J+DHzX7G4RqYWgLcg==
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.hunters.security
access-control-allow-credentials: false
via: 1.1 55b6418a8a2f714a67d8e4d292154ef2.cloudfront.net (CloudFront)
cf-ray: 8ebb2a4ccd809520-LHR
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1728555179664

GET
H3 200 additional_style.min.css
www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/127040996237/1704720085106/Hunters_Theme_May_2023/css/ 34 KB
8 KB 139ms
139ms Stylesheet
text/css 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/127040996237/1704720085106/Hunters_Theme_May_2023/css/additional_style.min.css

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

24af0aa554afc559dd1f59f21a2cb05e7fc668adced9605b05f5807df02585e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-request-id: 5e85986b-cd96-4a6b-a272-cc5660686df7
content-encoding: gzip
cf-cache-status: HIT
etag: W/"1a4540ab849cb164a15d24bd841a965f"
x-amz-version-id: _j1ADJ6juhLyBYdBUKdlkTK.32G8Aa2B
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t4h0P%2FPfYTWY3vhDW0YMaYrkIVfWKubp2MOXgRmtPNMD3gort1fx4vfs1yhC9ZFcqqZOAEuRIaHjGnT%2F%2BbakhddVKGiQHH4mlEJupBPlgxDkMYVLLFaeX3Q56a8uz8u37vtOnfub"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: Uzajtv1q08xlXoYgLiLWOVrsBuLdhcu-yXZlHqRtb5pNeRjzOpw9QQ==
x-hubspot-correlation-id: 5e85986b-cd96-4a6b-a272-cc5660686df7
content-type: text/css
last-modified: Mon, 08 Jan 2024 13:21:27 GMT
priority: u=0,i=?0
server-timing: cfExtPri
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-7849459c5c-dcvwg
x-envoy-upstream-service-time: 192
x-amz-request-id: A3DGKZH0TRJ51Y86
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Mon, 02 Dec 2024 12:01:57 GMT
vary: origin, Accept-Encoding
x-amz-id-2: XtipC8jGSMdWF4IBy7yb8rBwgz+Wwnm1j4yhSuV7y3QlBbNuIkrVrRIDzW3Z0cQs9dgdVdYyUwg=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.hunters.security
access-control-allow-credentials: false
via: 1.1 6b7e1e42d74fd61097787cc6c1a37c34.cloudfront.net (CloudFront)
cf-ray: 8ebb2a4ccd819520-LHR
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1704720086029

GET
H3 200 theme-overrides.min.css
www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/113858809947/1693977471236/Hunters_Theme_May_2023/css/ 13 KB
4 KB 140ms
139ms Stylesheet
text/css 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/113858809947/1693977471236/Hunters_Theme_May_2023/css/theme-overrides.min.css

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6b1d913f0ef5cc8fd8d0c483772f5d511071ccc1d441f64292fb7659616f5b79

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-request-id: 1268ed44-2d70-4e6b-b71c-213cbe314d05
content-encoding: gzip
cf-cache-status: HIT
etag: W/"55ca2988b2dcdc64c0d28ce220832d86"
age: 1317
x-amz-version-id: MwZEdO.RtzwbqpCFNnZDvkHS1VL3JhKQ
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RlP9lcXiWgRY0bww0oSBfJwfk4NBHvrWuFP5hmicJwGsXcw2xMSRsoQ9VhRZ8UD4G2Z0QZGyhYLp%2FiRdtYvgmMudjjLa0mKYZVFZty%2BoFcNPl30xYkuk%2F94gp8wAdcTguPT%2BClHk"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: QiWI1vnu2jbaEErC13LqxiMt7-8SVya3oQPk283ANj_e8AoYBad2pw==
x-hubspot-correlation-id: 1268ed44-2d70-4e6b-b71c-213cbe314d05
content-type: text/css
last-modified: Wed, 06 Sep 2023 05:17:52 GMT
priority: u=0,i=?0
server-timing: cfExtPri
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-6548769dcd-4zfkh
x-envoy-upstream-service-time: 203
x-amz-request-id: 7MD85HV0KBFCJ0WC
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Mon, 02 Dec 2024 12:01:57 GMT
vary: origin, Accept-Encoding
x-amz-id-2: vFOuf1MmsPRaq3CyDLetAjHJl13Rc5wj10VU8CnzOgQozGmUUhkwkc/e0+oCBwcT6EZAWlciPoE=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.hunters.security
access-control-allow-credentials: false
via: 1.1 e32f3698b8d39139f138de8a86d00996.cloudfront.net (CloudFront)
cf-ray: 8ebb2a4ccd839520-LHR
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD61-P1
x-amz-meta-created-unix-time-millis: 1693977471960

GET
H3 200 module_177021600416_Blog_Table_of_Content_Sidebar.min.css
www.hunters.security/hs-fs/hub/5765386/hub_generated/module_assets/177021600416/1725602140791/ 2 KB
2 KB 203ms
203ms Stylesheet
text/css 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hs-fs/hub/5765386/hub_generated/module_assets/177021600416/1725602140791/module_177021600416_Blog_Table_of_Content_Sidebar.min.css

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

35c55b14508fa6bc876713dc6ca5b0cdd84333a1294b12d9ccff89d3784e4259

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-request-id: c0f41925-78f2-442f-97e0-5f79bcdebef7
content-encoding: gzip
cf-cache-status: HIT
etag: W/"b7cf312d99a3fc2fc8be3c954b38366d"
x-amz-version-id: hV5liPpT6zRMd22GBmtfRRZZhKsfBRQ7
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6uPTi31H4IbyA9%2B%2BGb2Z%2FS1KslXXjNltxwY8BccA81BF21lbTIpNbEOPojccIyW%2B%2BA1bw5bcpbZTEHhcUwNgVTH8dozbRC1I5UQkI6Wk%2BflqVHKHFAcpUzXMexSY90%2Big1v1asmb"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: K6_B-rAslqpacLK0C87sJIWVG2CCFNygEVY4Q_jR5xZjucy-wpwNmQ==
x-hubspot-correlation-id: c0f41925-78f2-442f-97e0-5f79bcdebef7
content-type: text/css
last-modified: Fri, 06 Sep 2024 05:55:41 GMT
priority: u=0,i=?0
server-timing: cfExtPri
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-5689dcb94b-knhs5
x-envoy-upstream-service-time: 510
x-amz-request-id: 0TM2H8NSRM556MSW
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Mon, 02 Dec 2024 12:01:57 GMT
vary: origin, Accept-Encoding
x-amz-id-2: YNFr1cdmBdVW8kVSFrato69A9ihz6Prpsnejbf8QYFpp3uxWfiPs95mcoAAtsaTXBtQ/eBdTr5g=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.hunters.security
access-control-allow-credentials: false
via: 1.1 dd169cfdbbafbb3da513bede6bc6640e.cloudfront.net (CloudFront)
cf-ray: 8ebb2a4ccd879520-LHR
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1725602140791

GET
H3 200 module_127063834721_related-post-listing-blog.min.css
www.hunters.security/hs-fs/hub/5765386/hub_generated/module_assets/127063834721/1725535151579/ 669 B
2 KB 240ms
239ms Stylesheet
text/css 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hs-fs/hub/5765386/hub_generated/module_assets/127063834721/1725535151579/module_127063834721_related-post-listing-blog.min.css

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

23a2777cbbd78b114125c9276a3b42d568e17909104309e46e94dd2d93b3abd3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-request-id: 98eb2a6c-845f-4763-a435-296c968a171e
content-encoding: br
cf-cache-status: HIT
etag: W/"70d8f9f86b8f7fcd77f9fd2c13570bad"
x-amz-version-id: W5A2p7cZ_X1j2YSgonU9jjISRW1FRQ7Y
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Bp9SfU0%2BnIrjsb7axM7sHU%2FC61gxaYOivhZuQjzA%2FavTO4E85Dj9BtET9y38VBAB6BfEEL1ri3BbXteMfCTVCosq7jezBA57MVsR81UsZFu9r9cfGo52Cv97avIQFLhI1lfbq8Kj"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: r9Vd-NKxUrl7JXnZNr45OeL-Q1nctEZAOHzH2PLoedldl3j7R0adtA==
x-hubspot-correlation-id: 98eb2a6c-845f-4763-a435-296c968a171e
content-type: text/css
last-modified: Thu, 05 Sep 2024 11:19:12 GMT
priority: u=0,i=?0
server-timing: cfExtPri
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-5689dcb94b-kl97g
x-envoy-upstream-service-time: 216
x-amz-request-id: DXDG8PA8J0779PTW
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Mon, 02 Dec 2024 12:01:57 GMT
vary: origin, Accept-Encoding
x-amz-id-2: 2w+cBaBHIvoQKJfR/vs3w6M2DAP0JeveAQMeILrPRQFQAjPP2NWQdR3xxNShqZvavo7NvshtG5Y=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.hunters.security
access-control-allow-credentials: false
via: 1.1 ed8e6c4476f2632eef2c7ce856161af0.cloudfront.net (CloudFront)
cf-ray: 8ebb2a4ccd8a9520-LHR
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1725535151579

GET
H2 200 in.js Show response
platform.linkedin.com/ 510 KB
160 KB 105ms
28ms Script
text/javascript 2606:2800:233:66b5:799a:7cd3:f74d:7071
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.linkedin.com/in.js

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:66b5:799a:7cd3:f74d:7071 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (lhc/794E) /

Resource Hash

87d049fc6d16da1f81063235c0e3d31a4656800cbbdca8277d6ae56614a52aba

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

content-encoding: gzip
age: 2557
x-cdn-proto: HTTP2
x-li-fabric: prod-lva1
x-content-type-options: nosniff
expires: Mon, 02 Dec 2024 12:19:20 GMT
x-li-proto: http/1.1
x-cache: HIT
date: Mon, 02 Dec 2024 12:01:57 GMT
content-type: text/javascript; charset=UTF-8
x-cdn-client-ip-version: IPV6
vary: Accept-Encoding
last-modified: Mon, 02 Dec 2024 11:19:20 GMT
x-li-pop: prod-lva1-x
cache-control: public, max-age=3600
x-cdn: ECST
x-li-uuid: AAYoR7hMo5Ry6cTyvGUkqQ==
accept-ranges: bytes
content-length: 163630
server: ECAcc (lhc/794E)

GET
H3 200 black-logo.svg
www.hunters.security/hubfs/Imported%20images/ 2 KB
2 KB 135ms
135ms Image
image/svg+xml 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hunters.security/hubfs/Imported%20images/black-logo.svg

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

368406900c890220c314afd610820f1e635e69e4d3e0275ec060057865f563c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"88d1cec7ef908496d2e8aa6c03895c82"
age: 275264
cache-tag: F-71680581388,FD-36925193306,P-5765386,FLS-ALL
x-amz-version-id: VnnFkSmT.uR334htBJTUR8Yrxz9yrp6X
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NrtjD39BnkThQ7kmG20kpjRcv08Li4TmUIBfv5njgJsH3v65TMV7nrzPcQ4U7gLAny4D%2BvDIQxQYPMZImt5ZxNF5ZYkj22qBpY51Nor0VRCCUX4o%2B%2Bl5bAqOow33bU7yyCCuBysj"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: DhrMxw0zQL_uGWzxS-glDdrgekh0MJvxZnPTXPqnLxxOpgyLNB5MXA==
content-type: image/svg+xml
last-modified: Fri, 22 Apr 2022 05:21:19 GMT
priority: u=3,i
server-timing: cfExtPri
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-71680581388,FD-36925193306,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: A9HNAJBA7687AH8D
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-71680581388,FD-36925193306,P-5765386,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
date: Mon, 02 Dec 2024 12:01:57 GMT
vary: Accept-Encoding
x-amz-id-2: YqI2wAyxvGjCmxOMb+hcGc2nGXVd8+Kuo+LvCnh9ozPfq5PboU1T+VrPpKM767Xc6aMVgABEdT4=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 f715245c12dc1f6bdadc387db50e442c.cloudfront.net (CloudFront)
cf-ray: 8ebb2a4e6fc29520-LHR
access-control-allow-origin: *
x-amz-cf-pop: LHR3-C2
x-amz-meta-created-unix-time-millis: 1650604878426

GET
H3 200 Detect%20and%20Investigate%20Threats%20in%20Snowflake%20%282%29.jpg
www.hunters.security/hubfs/ 31 KB
32 KB 124ms
124ms Image
image/webp 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hunters.security/hubfs/Detect%20and%20Investigate%20Threats%20in%20Snowflake%20%282%29.jpg

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2e83074dd815b9adf43a1ca073b8dc0bc6eeccb0f9c008f3a06d20dec5f335d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: all
cf-cache-status: HIT
etag: "66ed83a351c121127084476f9674b6d0"
age: 22149
cache-tag: F-179140737673,P-5765386,FLS-ALL
x-amz-version-id: Maw0BuDHzbRRELulH0YPDGOu5COlFzpu
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v%2BljzxYXlXRJD1rdPZujXT65l4lMxZGFdPFCyKebDIzSVlvJRZeq2tL5%2B6GfPe5RQBVRFsRINKywy1YGsKS8tfH9EkkZszP1LEMgMQvjZGIphhXb%2BoEYsGyjqpPh7B2lpHaRY75T"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: clbI6JzuO71EXqO6owqiHF4ZPfSOKQ3QeX5psnQ3HwwwCXkMtxUylg==
content-type: image/webp
content-disposition: inline; filename="Detect%20and%20Investigate%20Threats%20in%20Snowflake%20%282%29.webp"
last-modified: Sun, 22 Sep 2024 12:00:20 GMT
priority: u=2,i
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-179140737673,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
server-timing: cfExtPri
x-amz-request-id: HMDD5QH4DH17FGXT
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
x-amz-meta-cache-tag: F-179140737673,P-5765386,FLS-ALL
content-length: 31702
x-hs-alternate-content-type: text/plain
server: cloudflare
x-amz-server-side-encryption: AES256
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
cf-polished: qual=85, origFmt=jpeg, origSize=169098
date: Mon, 02 Dec 2024 12:01:57 GMT
vary: Accept, Accept-Encoding
x-amz-id-2: vpNhcR4wI8DKo1Twv2VxNy4xUvBmnO0Ga0Kee6Klm6oVMoGaKB0wa6sQzQeKIaOHbR+MNoBIhXQ=
strict-transport-security: max-age=31536000
x-amz-meta-access-tag: public-indexable
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 253e41640534a8ebde4c0b8e13b25d54.cloudfront.net (CloudFront)
cf-ray: 8ebb2a4ceda39520-LHR
access-control-allow-origin: *
x-amz-cf-pop: LHR3-C2
x-amz-meta-created-unix-time-millis: 1727006419050

GET
H3 200 Featured%20images%20%289%29.png
www.hunters.security/hubfs/ 195 KB
197 KB 125ms
124ms Image
image/webp 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hunters.security/hubfs/Featured%20images%20%289%29.png

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3c23c888b01855d9310b1a569def2623503bcc2a81327955f0a824c6f722b278

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: all
cf-cache-status: HIT
etag: "2ac3620fd903a59ff0b19fe172b6087d"
age: 134975
cache-tag: F-164070765938,P-5765386,FLS-ALL
x-amz-version-id: IaNtUqfmHGRaI2nvOMBv6G5rNRuIfCwI
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pB8BlzHQeKQhrspF31ISM%2F5KsG6Q%2FZBYqglfoBpMDF65D6Cy4m%2BYJmtMo8hlvGLQX%2BJBjulEyXywtpsEkZXNm3bQG%2BXJbjcL6baZLdH21H7jcYEiHM8RmtZvJSU8AkqSl1ScQOMp"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: TFiO5xTMul_kXqmqVkUU9HSD0Nj44ONMGbG4jXxeBblOdXNWQrPPMQ==
content-type: image/webp
content-disposition: inline; filename="Featured%20images%20%289%29.webp"
last-modified: Wed, 10 Apr 2024 18:41:29 GMT
priority: u=2,i
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-164070765938,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
server-timing: cfExtPri
x-amz-request-id: C6EHHNKZ1ZW0QSHN
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
x-amz-meta-cache-tag: F-164070765938,P-5765386,FLS-ALL
content-length: 200090
x-hs-alternate-content-type: text/plain
server: cloudflare
x-amz-server-side-encryption: AES256
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
cf-polished: origFmt=png, origSize=298563
date: Mon, 02 Dec 2024 12:01:57 GMT
vary: Accept, Accept-Encoding
x-amz-id-2: OBswtEU40AWvq0/Y5ELoquHl2R1r7xKA2w1vxYy++soiy7IQypUpwyCpkkOqq0S/aUKHr0sBD+S0H831/vowBDFapbL0AwszBfLmvGgaYvI=
strict-transport-security: max-age=31536000
x-amz-meta-access-tag: public-indexable
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 85ca8c4198fb707d10ecc2a784a315be.cloudfront.net (CloudFront)
cf-ray: 8ebb2a4ceda79520-LHR
access-control-allow-origin: *
x-amz-cf-pop: FRA56-P7
x-amz-meta-created-unix-time-millis: 1712774488375

GET
H3 200 Featured%20images%20%287%29.png
www.hunters.security/hubfs/ 176 KB
178 KB 67ms
67ms Image
image/webp 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hunters.security/hubfs/Featured%20images%20%287%29.png

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f69bcd585affafad0635a9037adb2fcfd915699c3de54326f0efd20616e53d5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: all
cf-cache-status: HIT
etag: "78236630afaedde1b030b89a3307c3d8"
age: 86186
cache-tag: F-156189238030,P-5765386,FLS-ALL
x-amz-version-id: jvPhEmmB1qc7coTrNsEVbgDU6J5QSyXH
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3oTYXbXmG6THIum3iflESoNr3Q9IxYkDXxM1Ul3PHWTQXCoC4KPQD%2FIX3%2F1JPyROghdO4EaqVHLtHX1lmqGixBw1IuUqNV3mwPBb8pbJ4UVRIL4f%2Fb5EmK438dXXkK4L3Qvucg%2F0"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: xvI74eScO9zvbs62m4sNtZrS8kUakuUU7rnmlB1ZzSLlNaUolv2dyA==
content-type: image/webp
content-disposition: inline; filename="Featured%20images%20%287%29.webp"
last-modified: Thu, 08 Feb 2024 19:24:29 GMT
priority: u=2,i
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-156189238030,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
server-timing: cfExtPri
x-amz-request-id: 1WXQ3K3THW7YXKZR
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
x-amz-meta-cache-tag: F-156189238030,P-5765386,FLS-ALL
content-length: 180648
x-hs-alternate-content-type: text/plain
server: cloudflare
x-amz-server-side-encryption: AES256
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
cf-polished: origFmt=png, origSize=266067
date: Mon, 02 Dec 2024 12:01:57 GMT
vary: Accept, Accept-Encoding
x-amz-id-2: v9g1DK3sUAP/6+iR6aaVqjrytlLr6mfxKJsmKiY8+OX3AAcBBb4Rgxf9l5eti7MXGg11AIqL2OQ=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 95b26b715ee81beaff56d7e9f185da2e.cloudfront.net (CloudFront)
cf-ray: 8ebb2a4dded79520-LHR
access-control-allow-origin: *
x-amz-cf-pop: LHR3-C2
x-amz-meta-created-unix-time-millis: 1707420268607

GET
H3 200 Featured%20images%20%286%29.png
www.hunters.security/hubfs/ 210 KB
211 KB 102ms
102ms Image
image/webp 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hunters.security/hubfs/Featured%20images%20%286%29.png

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ede5de999081588cb095a1acf05bbed529c06278912c2318b74b6141b617ecec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: all
cf-cache-status: HIT
etag: "084a75b29c6059fa0357d14d117823e9"
age: 86186
cache-tag: F-147477662849,P-5765386,FLS-ALL
x-amz-version-id: _8t30zuhoETPchdomPCUql6RbdJTwB_r
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ueJihn8PlcpNJ%2BeebaipP8jXsbC2xPxhfxIKhQ5ereNr8HZ9GvbVp4WNFgohjdXNKiSci7mEkF9wtS6gQmDICiROk%2BcqwjrlrBnadojn4smfn1YN8%2FonzSl24wDuZr150Fw125vH"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: ng-j_RROMr1BCbpqxIecyUrLe3hp2nHdcmpWdvyTgtnjLsyfCkpdFw==
content-type: image/webp
content-disposition: inline; filename="Featured%20images%20%286%29.webp"
last-modified: Mon, 27 Nov 2023 21:17:17 GMT
priority: u=2,i
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-147477662849,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
server-timing: cfExtPri
x-amz-request-id: 1WXKD2JT5C3Z1VA5
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
x-amz-meta-cache-tag: F-147477662849,P-5765386,FLS-ALL
content-length: 214682
x-hs-alternate-content-type: text/plain
server: cloudflare
x-amz-server-side-encryption: AES256
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
cf-polished: origFmt=png, origSize=320939
date: Mon, 02 Dec 2024 12:01:57 GMT
vary: Accept, Accept-Encoding
x-amz-id-2: 9OuVxb5ROypGwMeiV/bc4nNHfpBuH7/V+udRG+vKeLYu8Fyz6WAO3MnbSBGE2TWKPcgW033kWBU=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 2f4e5a72eeac30e4d9491781ea4482a8.cloudfront.net (CloudFront)
cf-ray: 8ebb2a4dff059520-LHR
access-control-allow-origin: *
x-amz-cf-pop: LHR3-C2
x-amz-meta-created-unix-time-millis: 1701119836657

GET
H3 200 Featured%20images%20%285%29-2.png
www.hunters.security/hubfs/ 197 KB
198 KB 76ms
75ms Image
image/webp 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hunters.security/hubfs/Featured%20images%20%285%29-2.png

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b83025c6af427c862bf1f6599330a1dff8ea8effa9bd200614b5e7a6fed36c64

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: all
cf-cache-status: HIT
etag: "5e71f6e99d836fd4c727f0183a9f7de5"
age: 503205
cache-tag: F-140864712274,P-5765386,FLS-ALL
x-amz-version-id: .kW3g32t9JHA4lbGsCfqupyqElRZSFMj
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TvqKiBSTMaTuqdNijAUbh4NmuaYbkKF9jnDaq%2BQRlGFBaPYKYc%2FwlLQXzDc82u1iYJ51FX6mz5GHdGFojsdzkD18V6LO9UD3NjVxqC2MYtQKPS%2B0DHb%2Fkyk6YK7MEKxlfKvnXT%2F3"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: Jdt2pak4h-aHdsOtGpRyyLyX6N7izOhvt_Iw1YzANuWGalzIr33zfQ==
content-type: image/webp
content-disposition: inline; filename="Featured%20images%20%285%29-2.webp"
last-modified: Wed, 18 Oct 2023 21:04:33 GMT
priority: u=2,i
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-140864712274,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
server-timing: cfExtPri
x-amz-request-id: KT8XK460H9FM90JT
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
x-amz-meta-cache-tag: F-140864712274,P-5765386,FLS-ALL
content-length: 201218
x-hs-alternate-content-type: text/plain
server: cloudflare
x-amz-server-side-encryption: AES256
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
cf-polished: origFmt=png, origSize=298115
date: Mon, 02 Dec 2024 12:01:57 GMT
vary: Accept, Accept-Encoding
x-amz-id-2: c5M7gvq/nsBw9LzvsJQet5Or542Mx8w7DbFYjUBStFWsRhSScwStxjtz17TDxAgkqltmwnVLmnMiA1oXdgmovg==
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 ea9b4db0617b5a7ae75b10916cece9b2.cloudfront.net (CloudFront)
cf-ray: 8ebb2a4e5f969520-LHR
access-control-allow-origin: *
x-amz-cf-pop: DUB56-P2
x-amz-meta-created-unix-time-millis: 1697663072549

GET
H3 200 magic-mouse.min.js Show response
www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/126882284593/1693291612618/Hunters_Theme_May_2023/js/ 7 KB
4 KB 196ms
194ms Script
application/javascript 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/126882284593/1693291612618/Hunters_Theme_May_2023/js/magic-mouse.min.js

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

91f0116d893ce32487b8b683a408b135c15809c7e1b3d8d26bdb5889126f2077

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-request-id: c0a5d255-92ba-4273-9384-11c7da4eb51c
content-encoding: br
cf-cache-status: HIT
etag: W/"54c961291b27575b217ab9dc804ff844"
x-amz-version-id: nkLfko.VU99ei9urIHGN_QjnPno3EX44
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v17e2BHvaw5dGcl0XdIx0ESFQwqypinWEjlzDpMmplnGdqg6hhZxZWPzPDDBOOFGf1AVYmqE9XbADN4x0BSMexrmly8aq7Zdlix%2B2TGKq9gtXbGkNSeOrulha6aNZALSYqh8ZTof"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: RWXQ4ZrYk6i8uZsvBsrI50dtmThpANuhJ1BXClbpxw9Dwd54w_iINQ==
x-hubspot-correlation-id: c0a5d255-92ba-4273-9384-11c7da4eb51c
content-type: application/javascript; charset=utf-8
last-modified: Tue, 29 Aug 2023 06:46:53 GMT
priority: u=2,i=?0
server-timing: cfExtPri
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-5689dcb94b-k2svz
x-envoy-upstream-service-time: 202
x-amz-request-id: V6TC9SGH1RJX9VS3
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Mon, 02 Dec 2024 12:01:57 GMT
vary: origin, Accept-Encoding
x-amz-id-2: 0UTe/oVL3V7q8XYB+CgZacSFIwuWgrWh3I6GbikeZKRWvdeLzjMRbJAMrLrJRMoqjc7g547hMhQ=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.hunters.security
access-control-allow-credentials: false
via: 1.1 5eb5e19c1a78889d10ff38f1551ed2aa.cloudfront.net (CloudFront)
cf-ray: 8ebb2a4e6f989520-LHR
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1693291612886

GET
H3 200 jquery.magnific-popup.min.js Show response
cdnjs.cloudflare.com/ajax/libs/magnific-popup.js/1.1.0/ 20 KB
7 KB 82ms
53ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/magnific-popup.js/1.1.0/jquery.magnific-popup.min.js

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3fddc6d28aba3c13d64cfd4847c333ff48c71d4a5a58bd1a0494ca6ae8ac1bb4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "5eb03ed4-4ef8"
age: 219492
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ilJhiHPDj%2FSm3QgUCIvwAK4faCaaaP08jNVVXcc9VxoTe4ldVf1bZ2tUvIqovkdAMlddbKn%2FNdq1BnDtKpS5ahM%2Bwppwv3EDBvqV4mXydzgyhbCP%2F2Ve4xHWgnekasNIE87O3oYx"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Sat, 22 Nov 2025 12:01:57 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 02 Dec 2024 12:01:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 04 May 2020 16:12:04 GMT
vary: Accept-Encoding
priority: u=2,i=?0
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8ebb2a4e8acf4913-LHR
accept-ranges: bytes
access-control-allow-origin: *
content-length: 6546
server: cloudflare

GET a076d05399.js
kit.fontawesome.com/ 0
0

GET
H3 200 modernizr.min.js Show response
cdnjs.cloudflare.com/ajax/libs/modernizr/2.8.3/ 11 KB
5 KB 68ms
39ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/modernizr/2.8.3/modernizr.min.js

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d2b82e612d2a812e8be2a57300dab8923c4f2edbe7a799e7da70791b595646fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "5eb03f26-2b4c"
age: 361152
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W%2BfYJ8VIxJguwCLLYXMaAzRwuvHk7tph2BsTIYiiOhHR6UzlLveeBX0rR3ab1p8JFcNlc9B7j2ZT%2FH9RZYHmsVntm3v1zAsomQM6MqXUzaIHalBjfEGoMHWVbjllKpiSW78jXEKh"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Sat, 22 Nov 2025 12:01:57 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 02 Dec 2024 12:01:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 04 May 2020 16:13:26 GMT
vary: Accept-Encoding
priority: u=2,i=?0
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8ebb2a4e8acd4913-LHR
accept-ranges: bytes
access-control-allow-origin: *
content-length: 3980
server: cloudflare

GET
H3 200 prism-sql.min.js Show response
cdnjs.cloudflare.com/ajax/libs/prism/1.28.0/components/ 3 KB
2 KB 72ms
44ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/prism/1.28.0/components/prism-sql.min.js

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3fc5f8ce69950ec73adc972f061df42aaea78faa4864709134ea2adc083f3a33

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "625c25f1-651"
age: 1082440
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=whPiA5%2FdsdZMSbWaWNTlONo2oDmVKsmqu5%2FmQpNb6Gmi43BM44a9eIaIpMiT9A3NgIRnURg5XhNEFK0YjlPmhWxL7ESpDrSy8%2B6uU%2BmkErAZs%2F%2Bv5vBfIA9R8YmVO3%2F%2FHlghxkue"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Sat, 22 Nov 2025 12:01:57 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 02 Dec 2024 12:01:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 17 Apr 2022 14:36:33 GMT
vary: Accept-Encoding
priority: u=2,i=?0
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8ebb2a4e8ac94913-LHR
accept-ranges: bytes
access-control-allow-origin: *
content-length: 1617
server: cloudflare

GET
H3 200 Owl-carousel.min.js Show response
www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/114356373127/1693291620234/Hunters_Theme_May_2023/js/ 40 KB
12 KB 140ms
137ms Script
application/javascript 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/114356373127/1693291620234/Hunters_Theme_May_2023/js/Owl-carousel.min.js

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc507001be80bda64a1378c7f6edce7a6fe445dd6712c4eeaed70db462a7e934

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-request-id: 6ad9e6ca-6e0a-427d-846b-20f99750ac87
content-encoding: br
cf-cache-status: HIT
etag: W/"b563bf018685e7895cfd162d6dffaf88"
x-amz-version-id: v7yQPkPfKxlswQf6LteLuXRiDwl435C8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=56kYw3GMu7hZJoSa5HmRbJC%2Ft0RO8mpkGXGviTh78nC2Lqpq16EcJUl5OYQ3o2FgQKzHgT7JPwqquoejUqzOUpAVB5mLyTucb5zmCoCHg%2FiSizm3fR%2BocbfzH56TpGg4Bq0xLUlt"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: ChmQwZsQLJ-rvVgC3v5qLez3XGfVpQ3It6HoaFcKkUmdXoqPlYtwTw==
x-hubspot-correlation-id: 6ad9e6ca-6e0a-427d-846b-20f99750ac87
content-type: application/javascript; charset=utf-8
last-modified: Tue, 29 Aug 2023 06:47:01 GMT
priority: u=2,i=?0
server-timing: cfExtPri
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-6548769dcd-8sfnt
x-envoy-upstream-service-time: 198
x-amz-request-id: 3KJZFJ5T1SFDZHYJ
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Mon, 02 Dec 2024 12:01:57 GMT
vary: origin, Accept-Encoding
x-amz-id-2: gjRTN6YX0n+tjy+niI8Hq1f8NV4oCzAjJ3FU1yp2P6/c28QyIO6nNp0l1aBolfIYnCnGEZgTJu4=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.hunters.security
access-control-allow-credentials: false
via: 1.1 e21deb2f30f16d84eb8e8fda826091d4.cloudfront.net (CloudFront)
cf-ray: 8ebb2a4e6f9b9520-LHR
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD61-P1
x-amz-meta-created-unix-time-millis: 1693291620646

GET
H3 200 magnific-popup.min.js Show response
www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/127662486200/1693291616579/Hunters_Theme_May_2023/js/js_plugins/ 20 KB
9 KB 122ms
120ms Script
application/javascript 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/127662486200/1693291616579/Hunters_Theme_May_2023/js/js_plugins/magnific-popup.min.js

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3fddc6d28aba3c13d64cfd4847c333ff48c71d4a5a58bd1a0494ca6ae8ac1bb4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-request-id: 3cbbf4ce-2f41-457e-9c4d-766f855cb7f0
content-encoding: br
cf-cache-status: HIT
etag: W/"ba6cf724c8bb1cf5b084e79ff230626e"
x-amz-version-id: Al9aEv2E0deAwAfGacCRBEskazOldysU
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P%2FzJc%2BqvYIMym0dYotyPwpN0ZTMkiRaqslDC7dU70nacd3rrEthg2grxw275ls%2Be3YF%2B1ZX3mtY2iXK4WoNq0gqJOSUo3ia5CTbCoi2RBIsr3W1cSxrXaYhkujduAaglKSHwKGQR"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: eZwaskfTC2mnfOtqqIhnq3EjjKQ3gBxZiGaMgHQMj65ITJ-brJl55A==
x-hubspot-correlation-id: 3cbbf4ce-2f41-457e-9c4d-766f855cb7f0
content-type: application/javascript; charset=utf-8
last-modified: Tue, 29 Aug 2023 06:46:57 GMT
priority: u=2,i=?0
server-timing: cfExtPri
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-7849459c5c-b2s92
x-envoy-upstream-service-time: 143
x-amz-request-id: CMW0P77W8EEVFAN9
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Mon, 02 Dec 2024 12:01:57 GMT
vary: origin, Accept-Encoding
x-amz-id-2: Ymp/N0nQgjhwWQcjHK1Y+RdmV04NQBHYDB9DYrEiK1Q08CcYF2Tt5gJQ/3hLFwpoJ8DhI3n5k3W6weWS+XNKzEdrsNj6uLFxSQQvm89ht7o=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.hunters.security
access-control-allow-credentials: false
via: 1.1 263d97c176fc51d1d08116820c013de4.cloudfront.net (CloudFront)
cf-ray: 8ebb2a4e6fa09520-LHR
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1693291616579

GET
H3 200 mousewheel.min.js Show response
www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/127662695006/1693291622639/Hunters_Theme_May_2023/js/js_plugins/ 3 KB
3 KB 106ms
104ms Script
application/javascript 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/127662695006/1693291622639/Hunters_Theme_May_2023/js/js_plugins/mousewheel.min.js

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8e73a30d35c83ea6a597c3343324d2b7df097ad26e67b62efb5266ee12d317b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-request-id: 06bb7604-f373-4ac1-aaf8-eb615f015597
content-encoding: br
cf-cache-status: HIT
etag: W/"d5843dbdc71ff8014a5eafd346a262da"
x-amz-version-id: EB4B3aQyiLb5JuXTAcZzRVAQLRHIpKLi
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K7pVOwD%2Blbe%2FL7H2%2FYyu6MMyJ57zHwEN5P9%2Bkh3nKBYenyOhrMVkvd0QGnxp9idEAitXMWm8ESnp5wsJXx%2FlfoRMoQEtp2U9pqz1aKcJGsBQ137lAQEFihtfiJLGwJDrL1lu0yY6"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: 63jYkvw06PcabKvM0EjjG2m9xRjyZ8CJSqfsxzBFgajarGOwKthHaA==
x-hubspot-correlation-id: 06bb7604-f373-4ac1-aaf8-eb615f015597
content-type: application/javascript; charset=utf-8
last-modified: Tue, 29 Aug 2023 06:47:03 GMT
priority: u=2,i=?0
server-timing: cfExtPri
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-6548769dcd-mzbzs
x-envoy-upstream-service-time: 164
x-amz-request-id: 5ZV20A9MWYRYJV0X
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Mon, 02 Dec 2024 12:01:57 GMT
vary: origin, Accept-Encoding
x-amz-id-2: Vmy5aXknc7T4A7wZH+MkW3WN6RMRDzeTU/P7hFVNSxd/CImzTY3s/nFpKnvIv35NjdDcox4lbas0OWhuJhO2rrebDxgkhcCtxApwoNUFDJM=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.hunters.security
access-control-allow-credentials: false
via: 1.1 88b63cb2f8aab28c7291262ffc15282e.cloudfront.net (CloudFront)
cf-ray: 8ebb2a4e6fa29520-LHR
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1693291622639

GET
H3 200 aos.min.js Show response
www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/127662486199/1693291612611/Hunters_Theme_May_2023/js/js_plugins/ 14 KB
6 KB 133ms
131ms Script
application/javascript 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/127662486199/1693291612611/Hunters_Theme_May_2023/js/js_plugins/aos.min.js

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c29e718b023d06a8824bd6cc3d2856124f2c41af363a256936e7c7a79a4b8af

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-request-id: 507861a7-919f-482e-86eb-4fd4d7f9f507
content-encoding: br
cf-cache-status: HIT
etag: W/"ede6e7843492ab4c25dcb5ff2fb243e0"
x-amz-version-id: WX4f.toIuFDPXZmixmFRY3dgQMbUPcRt
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mTFP%2F0OGBseIkmO7kZr2ETjwi0l8KAzouAdHSTLwb%2BsWPyt%2FXjhSixl4munzaMn26BvsQg7aur5NXJNti6fbPNiQPCh%2FA6y67VSU6AP%2Bpq6ImuL5XwCFRv77nq718r0THbWSUIDJ"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: M9vaMO-JN3inW33e4LKMc0Vdm7_agP_V9QsqAIC_LbvUB_jj9a5uFA==
x-hubspot-correlation-id: 507861a7-919f-482e-86eb-4fd4d7f9f507
content-type: application/javascript; charset=utf-8
last-modified: Tue, 29 Aug 2023 06:46:53 GMT
priority: u=2,i=?0
server-timing: cfExtPri
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-679cd85c5c-n6klc
x-envoy-upstream-service-time: 190
x-amz-request-id: VKNRMY9C7SD8G6AJ
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Mon, 02 Dec 2024 12:01:57 GMT
vary: origin, Accept-Encoding
x-amz-id-2: ldLieHYObOEmv/NCk6KCdyzqFPhRpOo5UAoqS+lIXv7ol6yn7ty7MKv2LKgpzUD7TbOsp2nJniQ=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.hunters.security
access-control-allow-credentials: false
via: 1.1 ea42f57e1e0a065bc1c1c637f97d3be4.cloudfront.net (CloudFront)
cf-ray: 8ebb2a4e6fa69520-LHR
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD61-P1
x-amz-meta-created-unix-time-millis: 1693291612977

GET
H3 200 ScrollMagic.min.js Show response
www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/126882575644/1693291613854/Hunters_Theme_May_2023/js/ 17 KB
7 KB 107ms
105ms Script
application/javascript 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/126882575644/1693291613854/Hunters_Theme_May_2023/js/ScrollMagic.min.js

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

da9dad45994fa30a773ffd383f0daba950926e1c95fc807b644554825ac34bf7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-request-id: f193c6fb-67b8-4fa6-afde-dd42d77c614c
content-encoding: br
cf-cache-status: HIT
etag: W/"6ac0def42e0780c817de6097d1607a27"
x-amz-version-id: .pBAd2cfgI71wmAPubCRyFgyotetpu1F
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jhgKPzbb0KbnC49%2FJGMXrSD7lPOsIBS5iJ5j8juqjRdRoIfSTD8wqRfMVZkNA22KgkbtlnJsKMLIhUiPcGUMAyEvYqf6%2BUhhnB9CvaIxXztk8%2FJLchXJJOlaiR5fKSwcwKYQqWJx"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: OIKGi7N3dIkRBDhTqvi2F3e87nzUYjg2aRhjmg4IY-QrXwQa9WyyyQ==
x-hubspot-correlation-id: f193c6fb-67b8-4fa6-afde-dd42d77c614c
content-type: application/javascript; charset=utf-8
last-modified: Tue, 29 Aug 2023 06:46:54 GMT
priority: u=2,i=?0
server-timing: cfExtPri
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-6548769dcd-tsm68
x-envoy-upstream-service-time: 216
x-amz-request-id: 4KF5SBDV5QA6028T
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Mon, 02 Dec 2024 12:01:57 GMT
vary: origin, Accept-Encoding
x-amz-id-2: kvLbO1kw9+XQQ1tndvh0nqoPChXMF7SaflpWNwlokmnIBBJc2pQtuGdxlhrr8ms6o7spvO9QPKI=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.hunters.security
access-control-allow-credentials: false
via: 1.1 9bba1485ff47cf63bc393925f38d12fc.cloudfront.net (CloudFront)
cf-ray: 8ebb2a4e6fa79520-LHR
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD61-P1
x-amz-meta-created-unix-time-millis: 1693291613854

GET
H3 200 debug.addIndicators.min.js Show response
www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/126882549514/1693291622778/Hunters_Theme_May_2023/js/ 7 KB
4 KB 188ms
187ms Script
application/javascript 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/126882549514/1693291622778/Hunters_Theme_May_2023/js/debug.addIndicators.min.js

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5c15402dcdd0b03490883b62681c0d676af10894c7ce55218650d0f3827c6f0f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-request-id: 729b4c27-e958-4065-8a8b-4a1d2e286896
content-encoding: br
cf-cache-status: HIT
etag: W/"2ca110d3d8bfbf577de0d2339e952d19"
x-amz-version-id: G_XOawQsOWl3pTEmVM.aigCXZh2FBzqq
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t%2FHNE8QhoOY0DLFy9h%2BrSgLZViRG02d0dGHCYuLbgo4kwDvA97nI%2FzBxTWLdLbx0JUz%2Bnk4WMTzAucJ8TOVy4Yh25WmhMJHwPQ%2BkjagCl9610zaxChm0N1%2F68yLuo5bMrBY%2F%2Fe5L"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: X2vVYUtQZw6Jec9I1oBvEt-2SdBVIgJjPYnSXOvR4X-7H2oXJkp0SA==
x-hubspot-correlation-id: 729b4c27-e958-4065-8a8b-4a1d2e286896
content-type: application/javascript; charset=utf-8
last-modified: Tue, 29 Aug 2023 06:47:03 GMT
priority: u=2,i=?0
server-timing: cfExtPri
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-54797cf595-6snpn
x-envoy-upstream-service-time: 197
x-amz-request-id: 76AA1WAMM5BQSR24
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Mon, 02 Dec 2024 12:01:57 GMT
vary: origin, Accept-Encoding
x-amz-id-2: jKA/KvS896ihJY6jOTc9+5afbBzgAjgmRI6WnWVOEOLXjUs/aVUsUU3PkeIlUCxr2OPuo4yi/Tp0gz5I1jnhLgBJEfMlIlrNyfEbHwyk8Ko=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.hunters.security
access-control-allow-credentials: false
via: 1.1 b0785dd15b9c7ed21cde8fa5e473d0a2.cloudfront.net (CloudFront)
cf-ray: 8ebb2a4e6faf9520-LHR
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD61-P1
x-amz-meta-created-unix-time-millis: 1693291622778

GET
H3 200 easyResponsiveTabs.min.js Show response
www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/114370662982/1693291620440/Hunters_Theme_May_2023/js/ 6 KB
3 KB 193ms
191ms Script
application/javascript 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/114370662982/1693291620440/Hunters_Theme_May_2023/js/easyResponsiveTabs.min.js

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d5ac74ae7bad75e342eeb77f0c16005fcb01eaf5473b584030feb2f9f07e23df

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-request-id: f249fc42-3b5e-4f56-a2a1-a645b9813238
content-encoding: br
cf-cache-status: HIT
etag: W/"cb4427cd8f350ccfbe2447e487ced2f1"
x-amz-version-id: GXs4GlqPQXBqS3kFTrlfj_Tb_2NZavMh
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8W8FWU5%2BNvCaxcJtp354%2Fk0uYznCACZrzTtnF1KN3G0c%2BxXk%2BGQrWA9Q4OMs4i6IxvHBlthe9J%2BC3j1nk%2BzCmInraecXPYEnuaS3K8wvrCumw77fcx8uuFm0S2Vxqoq2UFLiQw1v"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: FqZ6LvoMOmeCRFsmkOIjK3Ym9JumjoMY0e4fGybhHwsCmsHywgVX-Q==
x-hubspot-correlation-id: f249fc42-3b5e-4f56-a2a1-a645b9813238
content-type: application/javascript; charset=utf-8
last-modified: Tue, 29 Aug 2023 06:47:01 GMT
priority: u=2,i=?0
server-timing: cfExtPri
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-lrfms
x-envoy-upstream-service-time: 199
x-amz-request-id: JGQJ39NVFEYBNHHW
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Mon, 02 Dec 2024 12:01:57 GMT
vary: origin, Accept-Encoding
x-amz-id-2: 7TD9MYby7QN/3B2ulFC8fJETpLubf00JYXDln3k1iggo1k9EF45Ae35kk2E5OeBMFO7XTAjEYQCBibQMkf9QLQ==
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.hunters.security
access-control-allow-credentials: false
via: 1.1 148f45d892bd2198be5295012ed59888.cloudfront.net (CloudFront)
cf-ray: 8ebb2a4e6fb29520-LHR
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1693291620639

GET
H3 200 slick.min.js Show response
www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/126882284039/1693291624252/Hunters_Theme_May_2023/js/ 42 KB
12 KB 111ms
109ms Script
application/javascript 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/126882284039/1693291624252/Hunters_Theme_May_2023/js/slick.min.js

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

27bebe78e3b6a4b1664dd4fa83a8cd0187f051631a06248fefa3ef3991a5a92a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-request-id: cd21928c-5ee6-4872-b175-3b23a236f207
content-encoding: br
cf-cache-status: HIT
etag: W/"efe2dc57bf7b73137e9642e586ee272b"
age: 1314
x-amz-version-id: Fb072li6tYjBxDBknsVKEvzOtP5mz1G5
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Xk6cfa5m572VCjXYdSz9TVREznma%2F6ysslEGeuClvLcIKuSn2ScG%2FdbiuFoLiUlK1uksuhFfknddxe9TiJ5WnVWaZUabweBw7vwsJKYlKV6dOYJXamUEHFytnSBChDPArUcgWnpG"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: ymNfjdraprs9clUYjSrPmOCHs4MuLhYX7S6WwHMumy1ZTRzJpNDQsw==
x-hubspot-correlation-id: cd21928c-5ee6-4872-b175-3b23a236f207
content-type: application/javascript; charset=utf-8
last-modified: Tue, 29 Aug 2023 06:47:05 GMT
priority: u=2,i=?0
server-timing: cfExtPri
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-6548769dcd-nlpn7
x-envoy-upstream-service-time: 172
x-amz-request-id: W9XRYYMCAYE5RNXG
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Mon, 02 Dec 2024 12:01:57 GMT
vary: origin, Accept-Encoding
x-amz-id-2: bYGbKtxmQFDwsIUnhshYGfszJfd8PHNc9xuv8IHgiOZpkUcpYxgBIxNrIkYw92m4NlqXoE9Gkh72JJys283IeSxiWIrSnRIO3akPxR95Eug=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.hunters.security
access-control-allow-credentials: false
via: 1.1 b4346add631a498bf6cdbf88cbc5ff12.cloudfront.net (CloudFront)
cf-ray: 8ebb2a4e6fb39520-LHR
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1693291624252

GET
H3 200 jquery.matchHeight.min.js Show response
www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/126882575404/1693291617490/Hunters_Theme_May_2023/js/ 5 KB
3 KB 114ms
112ms Script
application/javascript 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/126882575404/1693291617490/Hunters_Theme_May_2023/js/jquery.matchHeight.min.js

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

762a5cce3355f95306400b6113dd70cbb8bcf2ce3601fa27297d1899d007ec54

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-request-id: 3def2839-909d-4f5d-85b3-2d0c3576038b
content-encoding: br
cf-cache-status: HIT
etag: W/"3a5a31244d61d9cd0778b47e2d60374e"
age: 1314
x-amz-version-id: 2Pt0BYwvDy8cMMES08pnbHuhXdNpbKtt
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FreAEnPD16s78Zs0CNCuSaR4KAVIcVrQNueGY7OM6kI5PYKFsG1uoE5B9v48ly72nw4sGC0OErNDrlQnJL9O8HLclJEkhy1zJ4Xa5b9%2BrdHSGBBiEyReKQKMw1zNZ5%2FpaXoTSJ%2BB"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: CabHdZjUcfYW3M_-NTSnlEtX0UReyaWjk-Lh1Qf5ab-1tCGsvdLtCA==
x-hubspot-correlation-id: 3def2839-909d-4f5d-85b3-2d0c3576038b
content-type: application/javascript; charset=utf-8
last-modified: Tue, 29 Aug 2023 06:46:58 GMT
priority: u=2,i=?0
server-timing: cfExtPri
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-6548769dcd-kfcdw
x-envoy-upstream-service-time: 184
x-amz-request-id: NGSG03019KQ70ZZG
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Mon, 02 Dec 2024 12:01:57 GMT
vary: origin, Accept-Encoding
x-amz-id-2: L/doRMPGMLGl60Yn6fbx4KL6EZBUcZazdNw4DVQdUbSfLoT5H5tcUOU2+xx4M7sWsJJxFSGL8pk=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.hunters.security
access-control-allow-credentials: false
via: 1.1 50f5f6b4e0025748bb74dce1db44c750.cloudfront.net (CloudFront)
cf-ray: 8ebb2a4e6fb59520-LHR
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1693291617668

GET
H3 200 isotope.pkgd.min.js Show response
www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/126882549552/1693291622937/Hunters_Theme_May_2023/js/ 54 KB
15 KB 124ms
123ms Script
application/javascript 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/126882549552/1693291622937/Hunters_Theme_May_2023/js/isotope.pkgd.min.js

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e31677db4782bc8c9162fa1b42005aad15d67853f7a496e9fbb493fe2309759

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-request-id: 4c1ea54c-973a-458a-9f0a-000d59831dc7
content-encoding: br
cf-cache-status: HIT
etag: W/"d171d2b83a97424cf2f260c1fc1394e1"
x-amz-version-id: WhIw.DQXpL.ZBq74aHMGtTHmE6XKg.AO
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FaAOPGV44MNxmJgGBVePWpB4LoOH3jWgSHuNE6CHvX2l%2BDsKCaMX8vUQ4qzLq5azjbnDBaXvph6hznMENGrb0qoa29RBXnzTzUhjyMrWwxtaEB9low2d%2BTwsm4r3IPXic3ZdF3R6"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: YeaUkU9xpaGaWNfOhQNL6xdJKv1-wrPvacSKRBZGNAYtScpHXaurvg==
x-hubspot-correlation-id: 4c1ea54c-973a-458a-9f0a-000d59831dc7
content-type: application/javascript; charset=utf-8
last-modified: Tue, 29 Aug 2023 06:47:04 GMT
priority: u=2,i=?0
server-timing: cfExtPri
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-x5qbk
x-envoy-upstream-service-time: 184
x-amz-request-id: JGQW6E8XW8CY8ARB
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Mon, 02 Dec 2024 12:01:57 GMT
vary: origin, Accept-Encoding
x-amz-id-2: +VYd/vJ8WG0ozYIVBAGYP3IjdUpI/uHQdC675jwJgoCVohOKSOuOASPPG2TAOjFaX0P27IfNp5omaNsosoqwO5Gh+sjGSqco
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.hunters.security
access-control-allow-credentials: false
via: 1.1 50f5f6b4e0025748bb74dce1db44c750.cloudfront.net (CloudFront)
cf-ray: 8ebb2a4e6fb89520-LHR
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1693291623392

GET
H3 200 main.min.js Show response
www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/127024241524/1727866885819/Hunters_Theme_May_2023/js/ 13 KB
5 KB 116ms
115ms Script
application/javascript 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/127024241524/1727866885819/Hunters_Theme_May_2023/js/main.min.js

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7f46e2fe055ca798ae7242cc770d2136169c4298407ec09bdc79ac73a545adb4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-request-id: dd44df5e-7be3-4a87-9622-7c111809f9a1
content-encoding: br
cf-cache-status: HIT
etag: W/"83fd3f63889ecf4d879ff978bbc5a7b6"
age: 1314
x-amz-version-id: 8gvaeCYmSRFny4nUM7XK_SZ_ZDVl.RVk
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v%2FTGgJAGgHEreBcMmVAjtrqPFyX%2FJHzk62dqBD0hgTy%2BVvgW%2FPQxjbxxGCVdwUF2GGTc4suE%2FeuQz1vJK4qEmfPdkZVEaSJcNV%2FMEFwHDlQDlCXtrr7nybmD1mm2uhmGxY62B%2Fw%2F"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: XWIZoDLbaVCUEhb6TIyLttgYqoWAciHm55w6XwYnd8zyjRN3fHAx-g==
x-hubspot-correlation-id: dd44df5e-7be3-4a87-9622-7c111809f9a1
content-type: application/javascript; charset=utf-8
last-modified: Wed, 02 Oct 2024 11:01:27 GMT
priority: u=2,i=?0
server-timing: cfExtPri
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-6548769dcd-5f7tz
x-envoy-upstream-service-time: 183
x-amz-request-id: NGSH73ZY3CTSYTEZ
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Mon, 02 Dec 2024 12:01:57 GMT
vary: origin, Accept-Encoding
x-amz-id-2: jnNZYdvB+LF7DDMvnAR3S6VYbAxXZKbMSeAUjyNyA0YjwKCgAHG8ulEL1b3nJMoacNhmya2HTDdXbCyEZxEjBlafRoJ9zmDx
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.hunters.security
access-control-allow-credentials: false
via: 1.1 417c242b19212928b079740e6dd8f54c.cloudfront.net (CloudFront)
cf-ray: 8ebb2a4e6fba9520-LHR
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1727866886078

GET
H3 200 custom_script.min.js Show response
www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/126882575241/1693291612623/Hunters_Theme_May_2023/js/ 151 B
2 KB 124ms
123ms Script
application/javascript 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/126882575241/1693291612623/Hunters_Theme_May_2023/js/custom_script.min.js

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4fa2622bbcafa420ce5be37bca0ff1e87dacede5fba4f42641d000313b4a1d49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-request-id: edf4b918-4804-4a9f-8f2c-0f98c73448c9
content-encoding: br
cf-cache-status: HIT
etag: W/"4ca3117ba95e8789d0b706f44b545073"
age: 1314
x-amz-version-id: Wh.fFmcfNGDyyXMIXV3QBJ1mayq8w00j
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ETqYLCVZGeBUV3rvCk9tUPPyFWaHsnr7rHf9GzN4zZHnfMh59Rds5bv7Z1MLYLG4ggrVHWqZGImwxvcuOxJZAO4Cd0BvyTRc4dumj1tI0L3hbP7UM3sYa1GO69%2FX9NnjBsk%2FGwid"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: ARjon6umIb38dEc0KK-ZNqusqdm2nVgPQUhKxb-a9x9BTUQQhb7auQ==
x-hubspot-correlation-id: edf4b918-4804-4a9f-8f2c-0f98c73448c9
content-type: application/javascript; charset=utf-8
last-modified: Tue, 29 Aug 2023 06:46:53 GMT
priority: u=2,i=?0
server-timing: cfExtPri
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-6548769dcd-5xqvw
x-envoy-upstream-service-time: 142
x-amz-request-id: J94F358T352PWJX6
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Mon, 02 Dec 2024 12:01:57 GMT
vary: origin, Accept-Encoding
x-amz-id-2: hy6928Do/LH2JT2zPpHpL9WtkpbYiy3mBMMkFB9y36tG2AZqJL4KvYBIIlEJnEz+pXkC2yFA3lgFjNeOTFzBoQ==
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.hunters.security
access-control-allow-credentials: false
via: 1.1 6b7e1e42d74fd61097787cc6c1a37c34.cloudfront.net (CloudFront)
cf-ray: 8ebb2a4e6fbc9520-LHR
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1693291612737

GET
H3 200 prism.min.js Show response
www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/176293618185/1724271074702/Hunters_Theme_May_2023/js/ 575 KB
206 KB 180ms
179ms Script
application/javascript 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/176293618185/1724271074702/Hunters_Theme_May_2023/js/prism.min.js

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a300d0cca9c84237c8127d65ddf9619b1f1dd7834240d9b5fdfc9eaa25706cab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-request-id: 8e7c365f-0d29-4aea-8484-3378058d7535
content-encoding: br
cf-cache-status: HIT
etag: W/"76e9eb0938253042b85c917a887b10c2"
x-amz-version-id: hi4qftgT0n941NW2C1gYzI8P3nSN5hgh
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UV5nyVz4EBhR8LJKutP7tT2So0fqyhFMMjv9oCWJeQVCmui1l%2FOqX1zaD5fgFisKx4agTwe6rGHruj4PQb6afhIIPZ1Y8Cr9dL%2Fy%2BMZdUBZlm8yjfA%2FMo4Qy3JTtKrI1GQGqqwmJ"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: 8GeO8yeK63UyM_U2nueQpJxd-sF8nn7W0vE5JLlf7p6qVafhNTGlIw==
x-hubspot-correlation-id: 8e7c365f-0d29-4aea-8484-3378058d7535
content-type: application/javascript; charset=utf-8
last-modified: Wed, 21 Aug 2024 20:11:15 GMT
priority: u=2,i=?0
server-timing: cfExtPri
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-5689dcb94b-tvmvp
x-envoy-upstream-service-time: 292
x-amz-request-id: TSKXBBAVTZQ9SGBK
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Mon, 02 Dec 2024 12:01:57 GMT
vary: origin, Accept-Encoding
x-amz-id-2: koPNaxbMQEWrUeL1jGt3nZFu1ruVNjWJGmCoxZITVn95TsdF40R3uhgizGA9uD5XTIrKrn0PBIU=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.hunters.security
access-control-allow-credentials: false
via: 1.1 841dfa6074cf4b3b0718988f088a4ac2.cloudfront.net (CloudFront)
cf-ray: 8ebb2a4e6fbd9520-LHR
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1724271074703

GET
H3 200 module_177021600416_Blog_Table_of_Content_Sidebar.min.js Show response
www.hunters.security/hs-fs/hub/5765386/hub_generated/module_assets/177021600416/1725602140089/ 2 KB
2 KB 196ms
195ms Script
application/javascript 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hs-fs/hub/5765386/hub_generated/module_assets/177021600416/1725602140089/module_177021600416_Blog_Table_of_Content_Sidebar.min.js

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f72983748dfd73b846c63554d18da197fec40f21b43f400cc2d8d1a2339098f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-request-id: c7e5327a-bee5-4c19-937c-6839002a63ce
content-encoding: br
cf-cache-status: HIT
etag: W/"ddb217cf8b81653c720488ad63e9e9e9"
x-amz-version-id: hWykXL3FXMyTYU1Ece.FCASwbh4OR9pr
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3Boi8JkHsxyfVKcD2C%2FSA7PyZeTgjKVBlCkDsrr8NoUyEMPAGlMtuCwkjZwOfGrk5denB2K%2BkYuqJT30vGlVjqWMCe%2BvVagQMNNYbCKKPEs%2BdS7TsGgK5wqVu5h5Riueo7tAPIH6"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: Ub5bMihnfJF-t_ItEGHX-o0_f3uM2taLE5eTdp6HR_lAVgqPBSIzYQ==
x-hubspot-correlation-id: c7e5327a-bee5-4c19-937c-6839002a63ce
content-type: application/javascript; charset=utf-8
last-modified: Fri, 06 Sep 2024 05:55:41 GMT
priority: u=2,i=?0
server-timing: cfExtPri
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-5689dcb94b-knhs5
x-envoy-upstream-service-time: 166
x-amz-request-id: BP2F1QA477P7JMXK
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Mon, 02 Dec 2024 12:01:57 GMT
vary: origin, Accept-Encoding
x-amz-id-2: ZzIjZA7y/isVYgay3U8N5uKb38B4WtXD1g10PC7TsoPcyeMmwzaaqhija+ME+zR1qJL+25mS6bI=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.hunters.security
access-control-allow-credentials: false
via: 1.1 bc330e83c319e99d19922ed79166586a.cloudfront.net (CloudFront)
cf-ray: 8ebb2a4e6fc09520-LHR
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD61-P1
x-amz-meta-created-unix-time-millis: 1725602140089

GET
H3 200 index.js Show response
www.hunters.security/hs/hsstatic/HubspotToolsMenu/static-1.354/js/ 12 KB
5 KB 101ms
100ms Script
application/javascript 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hs/hsstatic/HubspotToolsMenu/static-1.354/js/index.js

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

42c7e51d284cd7256caf3bfebf641141876657ea0d6e5588ac7e69dce1e9cf7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"3ef0deda0631561665e95645daf500a2"
age: 110265
x-amz-version-id: O3iI8Pl3bd7LIBbSsE98q3XHW8vfw5hp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Kky6oOeiaROUcYQZH0AaxfUiPr0SuKe50557k0xIH%2FxeqwwaRlaevQkn1s0fTUwEaEB%2FVjpD%2BCmWECGjqXZvNFbEQEkhHbDNDo8lppUMU%2Br3Wn72GBLvzJvLq8RyFiYz54Ng%2Fz4V"}],"group":"cf-nel","max_age":604800}
expires: Tue, 02 Dec 2025 12:01:57 GMT
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: esAVPsWwJ69Z7RH_Ugmqn-pV40dbsADj_qut__IbFZqO1OAekKkL5g==
date: Mon, 02 Dec 2024 12:01:57 GMT
content-type: application/javascript
last-modified: Wed, 21 Aug 2024 20:24:20 GMT
vary: accept-encoding
priority: u=3,i=?0
server-timing: cfExtPri
strict-transport-security: max-age=31536000
x-amz-replication-status: COMPLETED
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via: 1.1 49810345bf6ae2e25866372144f1838c.cloudfront.net (CloudFront)
cf-ray: 8ebb2a4e6fc59520-LHR
x-amz-cf-pop: LHR50-P6
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 GraphikSemiboldWeb.woff2
www.hunters.security/hubfs/May%202022/Fonts/Graphik-Semibold/ 34 KB
36 KB 80ms
80ms Font
application/font-woff2 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hubfs/May%202022/Fonts/Graphik-Semibold/GraphikSemiboldWeb.woff2

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6a28d627f3677c456980de2b9026548c69a9f542993b2b5b6d8608882fe1e878

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.hunters.security
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: all
cf-cache-status: HIT
etag: "e13cf054833eb8ba8d3ffc1e1c2cb82e"
age: 506401
cache-tag: F-74689240845,FD-74689122096,P-5765386,FLS-ALL
x-amz-version-id: E4J3u.P1u8zLJOqkt22N.5.YJpbVcz61
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VX1cfZGXm73RLvZGpB3BVt2BsmyZKFfwbKz37aNplRDSdgRkZtGTwkasXFdHI%2FH2%2FjZQM5t9T4byQTXDTdi2fYdo%2F%2F7ahm3D9UfKSY6ek77444gs193oz%2FtyYEn56OF5uIL1l21p"}],"group":"cf-nel","max_age":604800}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=01ztu.JcZ6LjYSVbJ_ZBtgCAIV0g1W05iumyPSxlfsU-1733140917-1.0.1.1-sMld2vwt7QjMN38iYNtudVHg.h54W8sjZFn.JlUKL8.vDgZjoPa7GL0qphyX32RvC.F7BwR66H0BuQGhkRSyGqLNmjim_93vdavVcxFQUFhKfeyQ8UEtjIx8MCj4Blr9wLbDuxRpSI0tFCIjifg3dwuV8oMWm_.9SPkLgpqngX8"}],"group":"cf-csp-endpoint","max_age":86400}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-amz-cf-id: s6wiH67jvNGqnzAOO09GX2-5o1gT-FjrVlyABPCmXSf-WGOvZiqUiw==
content-type: application/font-woff2
last-modified: Fri, 27 May 2022 11:21:39 GMT
priority: u=0,i=?0
server-timing: cfExtPri
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-74689240845,FD-74689122096,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: RPSX3AGNTDEPD84E
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
x-amz-meta-cache-tag: F-74689240845,FD-74689122096,P-5765386,FLS-ALL
content-length: 34772
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Mon, 02 Dec 2024 12:01:57 GMT
vary: Accept-Encoding
x-amz-id-2: X/dXqYiSaNd7TZdTA4oO7fz8lamP7k89FYziWKkLrWUzbhNTRjYuy+TcyCExaDwdJH7Gl1bKuK4=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
content-security-policy-report-only: script-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=01ztu.JcZ6LjYSVbJ_ZBtgCAIV0g1W05iumyPSxlfsU-1733140917-1.0.1.1-sMld2vwt7QjMN38iYNtudVHg.h54W8sjZFn.JlUKL8.vDgZjoPa7GL0qphyX32RvC.F7BwR66H0BuQGhkRSyGqLNmjim_93vdavVcxFQUFhKfeyQ8UEtjIx8MCj4Blr9wLbDuxRpSI0tFCIjifg3dwuV8oMWm_.9SPkLgpqngX8; report-to cf-csp-endpoint
via: 1.1 78c7e5b1be457bfecc477642c3ddd802.cloudfront.net (CloudFront)
cf-ray: 8ebb2a4f28ca9520-LHR
access-control-allow-origin: *
x-amz-cf-pop: LHR3-C2
x-amz-meta-created-unix-time-millis: 1653650498635

GET
H3 200 GraphikRegularWeb.woff2
www.hunters.security/hubfs/May%202022/Fonts/Graphik-Regular/ 30 KB
31 KB 74ms
73ms Font
application/font-woff2 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hubfs/May%202022/Fonts/Graphik-Regular/GraphikRegularWeb.woff2

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a5ef33de34661d7ae6bce5bc0b514687f2813f7ade07b4e2511611c62c7494ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.hunters.security
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: all
cf-cache-status: HIT
etag: "e2d3e1bd2dba862a1c76e2cc88ac1776"
age: 506400
cache-tag: F-74688893267,FD-74688893086,P-5765386,FLS-ALL
x-amz-version-id: 9bSL54EBoxaoAARqnLg2bUn5vMLmIfW0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Af02E0W0z5FFn1w%2FsulnziuEIiQlhkzxdmh7EcGlxc1yx2whygsYzu6Vs5wpEG9VQGn0EHme41jtbTuTpTfy0RBGjscQPqxD2lJNH4PkS%2F85lgSiffQPXJWxhM5VTjDf5RNHQr80"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: o5l3BnzwHyYiHUkpPnBpOW2PG-3mX5Y1wu_Kx6NRcuZ6anUsbsndNw==
content-type: application/font-woff2
last-modified: Fri, 27 May 2022 11:14:17 GMT
priority: u=0,i=?0
server-timing: cfExtPri
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-74688893267,FD-74688893086,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: 4Q0H3ZK6S68H8TZ2
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
x-amz-meta-cache-tag: F-74688893267,FD-74688893086,P-5765386,FLS-ALL
content-length: 30480
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Mon, 02 Dec 2024 12:01:57 GMT
vary: Accept-Encoding
x-amz-id-2: 0QZQMhCCozB6tDnd+4DjWR8M8rL6P0z+rgyCMGrdmBQthRM7zE9cUe4HdOosggpam7iOtSCdiNzBHbz8FOEDnMuV+EIwZnNU
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 07b994ddf00f39c9e5b18a963a695fd4.cloudfront.net (CloudFront)
cf-ray: 8ebb2a4f28cc9520-LHR
access-control-allow-origin: *
x-amz-cf-pop: LHR3-C2
x-amz-meta-created-unix-time-millis: 1653650056855

GET
H3 200 GraphikBoldWeb.woff2
www.hunters.security/hubfs/May%202022/Fonts/Graphik-Bold/ 36 KB
37 KB 69ms
69ms Font
application/font-woff2 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hubfs/May%202022/Fonts/Graphik-Bold/GraphikBoldWeb.woff2

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

424560f6d441470e553c5c2d0e31a7df189ddb73ea43d909714d57b16f024624

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.hunters.security
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: all
cf-cache-status: HIT
etag: "0fb4b480278277d351d7afefe46bf6e8"
age: 478723
cache-tag: F-74687526932,FD-74689491725,P-5765386,FLS-ALL
x-amz-version-id: aqs.ab3Smnu9FGL_UhGDqku4oUVVMHEq
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5Q4lar24X51jdYhGQqyTmarzB6wGgvcGVioONyIytc7r3dZRhmUxUly8EWfZcphyo97AIoUQvDnfVC9kl9r9UAYHRdgAb3sUSLZDieAS%2BkbNPAEn4G%2BYFwzYEg0l5bz%2FMQ7XO5Bt"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-amz-cf-id: WDb4P6jaDOI40JPiMMExtfAf2AuP_0Ca8BzkJXyDM3FaRDGhk0PCwg==
content-type: application/font-woff2
last-modified: Fri, 27 May 2022 11:23:34 GMT
priority: u=0,i=?0
server-timing: cfExtPri
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-74687526932,FD-74689491725,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: 7V592M1MZABJZY9W
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
x-amz-meta-cache-tag: F-74687526932,FD-74689491725,P-5765386,FLS-ALL
content-length: 37044
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Mon, 02 Dec 2024 12:01:57 GMT
vary: Accept-Encoding
x-amz-id-2: 5IGUYGNhF/cobFlKUOxIn3OHzgA7hrf2r/JNgsT5lurYrnQeK56xraOUjaCRu1WErdtyQwrzmnJSN6l3k84xXQ==
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 85b9b6c170ed4eb5bc514443bb4ade54.cloudfront.net (CloudFront)
cf-ray: 8ebb2a4f28ce9520-LHR
access-control-allow-origin: *
x-amz-cf-pop: LHR3-C2
x-amz-meta-created-unix-time-millis: 1653650613120

GET
H3 200 F37JudgeBoldCompressed.woff2
www.hunters.security/hubfs/May%202022/Fonts/F37-Judge-Bold/ 37 KB
38 KB 81ms
81ms Font
application/font-woff2 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hubfs/May%202022/Fonts/F37-Judge-Bold/F37JudgeBoldCompressed.woff2

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

631550304df547eb64d2d7af3e6bc30bf346fdd47640adefcbe22263b36d65b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.hunters.security
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: all
cf-cache-status: HIT
etag: "54e5c65113bb56ee4af633895983b9d3"
age: 503189
cache-tag: F-74685838647,FD-74685881460,P-5765386,FLS-ALL
x-amz-version-id: oROJePp8ny04DPku2cFXECrZhzDxBHie
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LmJ9kcyvFOij7dFv4Lrqe1FA68YGRQ8KyHxwEaFHR69dQOgosuresVEnYbqZYAuHHNRnXMzfC2mRCBoBhTyXGi4XIikTAuQcK%2FSHef1yi%2Bi3oOVQexPKYRMR9AC6PNJBevmwY8NC"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: w5YRYgbEu1fMo7WYxG2daHHGbUzMLskLS_ufzF_85dItkwKQ6jXmeg==
content-type: application/font-woff2
last-modified: Fri, 27 May 2022 11:06:03 GMT
priority: u=0,i=?0
server-timing: cfExtPri
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-74685838647,FD-74685881460,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: AV9BFACHP5R7K0KY
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
x-amz-meta-cache-tag: F-74685838647,FD-74685881460,P-5765386,FLS-ALL
content-length: 37524
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
date: Mon, 02 Dec 2024 12:01:57 GMT
vary: Accept-Encoding
x-amz-id-2: 1hamtWY1SetaEVnBtyagxwg1Ohz7/q0OWraJZdTNri+a1MsZiVrUfzsqlAJstJkKti2nOai5oTN8iDrs8Is5KXHleL4RDHKJ
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 837e05286966afb674520787a1bffcca.cloudfront.net (CloudFront)
cf-ray: 8ebb2a4f28d09520-LHR
access-control-allow-origin: *
x-amz-cf-pop: DUB56-P2
x-amz-meta-created-unix-time-millis: 1653649201795

GET
H3 200 linkedin-icon.svg
www.hunters.security/hubfs/March2022/ 643 B
2 KB 85ms
85ms Image
image/svg+xml 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hunters.security/hubfs/March2022/linkedin-icon.svg

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d7802c74a8e2285615d0ee35e104175b11653884c111470744907827543cbb29

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"e0c606f3ed38d3b0e235a9d79e2d50d5"
age: 505914
cache-tag: F-69884653457,FD-69047889517,P-5765386,FLS-ALL
x-amz-version-id: RGaoSmCKiksnnaxFoSo.9rmpZKMbOr0i
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DJdGRXq8PfS3IFctOn8A%2BK2kKU4ZlpCaSRwT%2BHDXWrIHFBlU%2FPyQdV9LICZ1plpHFHiWo5nbSVg9V%2FYyg%2FItf34koFzzggYTxifamPAZzYvibHkkuBqAVYGTI%2F7Wn4zZJmc5HAhA"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: _0uZUVtc5HbD56DeOvAYehK1cGSyZCPCZJj1AOE5xIfeXu7huDNrZQ==
content-type: image/svg+xml
last-modified: Thu, 31 Mar 2022 06:41:54 GMT
priority: u=3,i
server-timing: cfExtPri
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-69884653457,FD-69047889517,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: PEV10YTAKNDDH3YH
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-69884653457,FD-69047889517,P-5765386,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
date: Mon, 02 Dec 2024 12:01:57 GMT
vary: Accept-Encoding
x-amz-id-2: vb4S/9xN4tNW/NHYxvVMSo1VGEwTuztdO2sbXWqsWzS2Cv4kygIBYvyvEsh7MoBCutPm74Z8FcM=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 ab76bbd6b801f08301c49a66004b9188.cloudfront.net (CloudFront)
cf-ray: 8ebb2a4fc9829520-LHR
access-control-allow-origin: *
x-amz-cf-pop: LHR3-C2
x-amz-meta-created-unix-time-millis: 1648708913834

GET
H3 200 youtube-icon.svg
www.hunters.security/hubfs/july2022/ 1 KB
2 KB 62ms
61ms Image
image/svg+xml 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hunters.security/hubfs/july2022/youtube-icon.svg

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6ca76596a4a51aff45954e24a6dd4e1f148f7f0b16c578e1c919f5e1106a04df

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"485d3d8fd140c1a3d379056d6f87c309"
age: 505913
cache-tag: F-80602868852,FD-79786790955,P-5765386,FLS-ALL
x-amz-version-id: 7SVwuijW7.9ZxDGZl7_ajMufvWc9s565
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mwNRs9fk319%2FAhUHc2CZGhHvcXWGCFFHawvwFEFea1kswLQjpoxLoBcRjduYs%2FSihDma4bCpMRqQewtj5dHoGgq51LmiODEgA7SWPikYefwvXcaa6iJGEshatTTDXwgqf2B67Ojf"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: BkQZ8_EHzP1T-HYOvOGh86aShQnx_K8uxWP0o-ro9mq--h4qAyUMPA==
content-type: image/svg+xml
last-modified: Sat, 30 Jul 2022 06:30:12 GMT
priority: u=3,i
server-timing: cfExtPri
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-80602868852,FD-79786790955,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: PEV43BARV8KZKKZR
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-80602868852,FD-79786790955,P-5765386,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Mon, 02 Dec 2024 12:01:57 GMT
vary: Accept-Encoding
x-amz-id-2: YeclfkBr+kcdnzhXt3a0RwsFx30WsgA4VQpb2riU0z03159on2yCId12pJ+13xb3dig9VxEl+vU=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 78c7e5b1be457bfecc477642c3ddd802.cloudfront.net (CloudFront)
cf-ray: 8ebb2a4fc9839520-LHR
access-control-allow-origin: *
x-amz-cf-pop: LHR3-C2
x-amz-meta-created-unix-time-millis: 1659162611609

GET
H3 200 instagram-icon.svg
www.hunters.security/hubfs/March2022/ 2 KB
2 KB 68ms
67ms Image
image/svg+xml 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hunters.security/hubfs/March2022/instagram-icon.svg

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8ec0979e7bb7143c393e8a431924cbe84a42fa6ad659f0b83530c88b5a349a04

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"6d9f00570997ce78863203323d206105"
age: 186366
cache-tag: F-69883107502,FD-69047889517,P-5765386,FLS-ALL
x-amz-version-id: ohnkeFx5GZM_tWLIt9ZBHORho_g_4kmz
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fGk67nJUZLbuXRcMwfU39ZeQORDOW%2F%2Fld9SFOQZD8iXadXQMRgtsjLDBP0uCZuKx771vQntDGLKiyPIX7Ra29MZdRmsq%2BOGcpt%2FA6ZFE5sePOb6BDpV%2B8yzcUujoixARxs8cW2cI"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-amz-cf-id: Qyl2dI4vkbPv_K_8BO4JTW6d0AkFv5ORcmIIKjHqLh4-BL-5RLFhrA==
content-type: image/svg+xml
last-modified: Thu, 31 Mar 2022 06:41:54 GMT
priority: u=3,i
server-timing: cfExtPri
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-69883107502,FD-69047889517,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: V6WE5DA11WZJKMJE
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-69883107502,FD-69047889517,P-5765386,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
date: Mon, 02 Dec 2024 12:01:57 GMT
vary: Accept-Encoding
x-amz-id-2: 1TxfTtw/hqYsuTBslgpTZrDU/jcC/CVwGGGduEdEUoi8Rs0dEYDnImoWM5rxFRL24Oowx0cO3NcsBsHmbTHrXHoQvnbIM6D53YLxnYlIZXo=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 9a0da3962832290b2dd219763f12257a.cloudfront.net (CloudFront)
cf-ray: 8ebb2a4fc9849520-LHR
access-control-allow-origin: *
x-amz-cf-pop: LHR3-C2
x-amz-meta-created-unix-time-millis: 1648708913835

GET
H3 200 twitter-icon.svg
www.hunters.security/hubfs/March2022/ 927 B
2 KB 75ms
74ms Image
image/svg+xml 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hunters.security/hubfs/March2022/twitter-icon.svg

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0d5f628bd87bce595cf9c4a7bf72985cbea5bffab1a535a266f70acc04fd2590

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"59c767f187bf12c75ce744733bfa4597"
age: 504028
cache-tag: F-69885227289,FD-69047889517,P-5765386,FLS-ALL
x-amz-version-id: OzvZViA9VWh6aRDHSIlYEgB3BdAss8oJ
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TTZJao9aMI2AXMW6gGGrT68SGOTvqFYZQZdP67olaxOInXbFzCZK0G0pTykQGfm9fRqtJsnS1Nhudr3R7kyhrUcQ0Ddou%2Bhkpm%2FGoikuG5JmmUdMMvv8xd8Ivf6l%2FxquR1zKPsc2"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: yB3jJsWyDWsHOjPHOhkGFR1Isco0afTCXv6Riq4NdYSts8mc2zo6Zw==
content-type: image/svg+xml
last-modified: Thu, 31 Mar 2022 06:41:54 GMT
priority: u=3,i
server-timing: cfExtPri
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-69885227289,FD-69047889517,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: N6ZGMPCERWR5RFFA
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-69885227289,FD-69047889517,P-5765386,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
date: Mon, 02 Dec 2024 12:01:57 GMT
vary: Accept-Encoding
x-amz-id-2: miEuWfCz6SiHNpXpIX1AJ0u8MM65wYELTKsIoXTDZdq5VfMtmOQVt53d2v5BnqcWbEaluy0gIUM=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 d96c6a517450b169095d23aff6d646a4.cloudfront.net (CloudFront)
cf-ray: 8ebb2a4fc9859520-LHR
access-control-allow-origin: *
x-amz-cf-pop: LHR3-C2
x-amz-meta-created-unix-time-millis: 1648708913852

GET
H3 200 VqKHtlHBiv3Lc8dabqWd Show response
ws.zoominfo.com/pixel/ 3 KB
2 KB 337ms
308ms Script
text/javascript 104.16.117.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/VqKHtlHBiv3Lc8dabqWd

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

acac35527291e61e046c500d86c076f7e943494bf7b469987d5efd76a0c93218

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: noindex, nofollow
content-encoding: gzip
cf-cache-status: DYNAMIC
access-control-allow-credentials: true
x-content-type-options: nosniff
via: 1.1 google
cf-ray: 8ebb2a50be5163f3-LHR
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Mon, 02 Dec 2024 12:01:58 GMT
content-type: text/javascript
vary: Accept-Encoding
x-powered-by: Express
server: cloudflare
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url

GET
H3 200 sdk.js Show response
connect.facebook.net/en_GB/ 3 KB
2 KB 75ms
37ms Script
application/x-javascript 157.240.251.9
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/sdk.js

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.251.9 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-fra5.fbcdn.net

Software

Resource Hash

37bfe43c77cc27808686236fd20413c24f0df7da65368ac7a92fdfc3fbbf25db

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

content-md5: 876hq/uLt88w6ojFaGcTpA==
access-control-expose-headers: X-FB-Content-MD5
content-encoding: gzip
etag: "34b9613abb01d0dac953184a341514bb"
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Mon, 02 Dec 2024 12:20:34 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 02 Dec 2024 12:01:57 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-content-md5: d14863e257c8f96e1ce1ff0ce58e48c0
cache-control: public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=34, rtx=0, c=23, mss=1232, tbw=4414, tp=9, tpl=0, uplat=1, ullat=-1
x-fb-debug: dvh9B3pBWQb//FwlTkGhELfNc8zfV43GcuKeHjjULVGBnGRlk1RU8qM3WzbQUWzLKxYaldlVWU2tVSFLwJaOPg==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
access-control-allow-origin: *
content-length: 1687
origin-agent-cluster: ?1

GET
H2 200 widgets.js Show response
platform.twitter.com/ 91 KB
27 KB 118ms
38ms Script
application/javascript 146.75.120.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

content-encoding: gzip
etag: "824beb891744db98ccbd3a456e59e0f7+gzip"
access-control-allow-methods: GET
x-cache: HIT, HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
date: Mon, 02 Dec 2024 12:01:57 GMT
last-modified: Mon, 11 Dec 2023 17:20:28 GMT
vary: Accept-Encoding
x-served-by: cache-iad-kcgs7200137-IAD, cache-fra-etou8220095-FRA
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=1800
tw-cdn: FT
accept-ranges: bytes
access-control-allow-origin: *
content-length: 27597
x-amz-server-side-encryption: AES256

GET
H2 204 has-permission-json Show response
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 0
1 KB 223ms
173ms XHR
text/plain 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission-json?portalId=5765386

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/hs/hsstatic/HubspotToolsMenu/static-1.354/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	no-sniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-request-id: ba2cf148-f237-4535-be17-156bafdb788d
cf-cache-status: DYNAMIC
x-hs-worker-debug-mode: false
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
access-control-allow-methods: GET
x-content-type-options: no-sniff
x-evy-trace-listener: listener_https
date: Mon, 02 Dec 2024 12:01:58 GMT
x-hubspot-correlation-id: ba2cf148-f237-4535-be17-156bafdb788d
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
reporting-endpoints: default="https://send.hsbrowserreports.com/csp/reports?cfRay=8ebb2a50dc5f9405&resource=unknown"
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-856d8787d5-rm6ps
x-envoy-upstream-service-time: 5
access-control-allow-credentials: true
cf-ray: 8ebb2a50dc5f9405-LHR
access-control-allow-origin: https://www.hunters.security
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 slider-arrow-svg.svg
5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/Theme%20-%202022/Images/ 167 B
596 B 125ms
76ms Image
image/svg+xml 2606:4700:4400::6812:297c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/Theme%20-%202022/Images/slider-arrow-svg.svg
Requested by: Host: www.hunters.security
URL: https://www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/133487975192/1725515743800/Hunters_Theme_May_2023/css/blog.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ae83cab298fa07ba817359c389252d7333d46894358eafa3ab6183084f6620ae

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"fee26a843c7fdd1c9f17c6adfc9f0450"
age: 79038
cache-tag: F-69508665731,FD-67529050204,P-5765386,FLS-ALL
x-amz-version-id: bL.jHGbyNSCIRNfrCyGqYcUzyUsUcKl.
x-cache: Miss from cloudfront
x-amz-cf-id: aZV-BxYhFe0Tfup7Fcx8UbAG93bDqRoji0nktPDCiMzyqVqYRFNYkQ==
content-type: image/svg+xml
last-modified: Sat, 26 Mar 2022 05:09:58 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-69508665731,FD-67529050204,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: M6EGR8XDRCD8FWQC
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-69508665731,FD-67529050204,P-5765386,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
date: Mon, 02 Dec 2024 12:01:57 GMT
vary: Accept-Encoding
x-amz-id-2: 2WgHEICgJ1y32d2/khHPRwc2Ozqhr4vktmeFMae/gRj8jtogZ8PzP25v2udSgWqVSqiTCKFhaSQ=
timing-allow-origin: 5765386.fs1.hubspotusercontent-na1.net
via: 1.1 f5d0d7ef1ae798041bd732fc0f8e6dae.cloudfront.net (CloudFront)
cf-ray: 8ebb2a50e93e93e5-LHR
access-control-allow-origin: *
x-amz-cf-pop: LHR3-C2
x-amz-meta-created-unix-time-millis: 1648271397518

GET
H2 200 ajax-loader.gif
5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/Theme%20-%202022/Coded_file/ 3 KB
3 KB 134ms
86ms Image
image/gif 2606:4700:4400::6812:297c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/Theme%20-%202022/Coded_file/ajax-loader.gif
Requested by: Host: www.hunters.security
URL: https://www.hunters.security/hubfs/Theme%20-%202022/Coded_file/slick-theme.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 568d7b83659993469a2d729ad98daba3a7de2568f74d670d18ae618f118fe353

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/

Response headers

x-robots-tag: all
cf-cache-status: HIT
etag: "c5cd7f5300576ab4c88202b42f6ded62"
age: 88290
cache-tag: F-70405709719,FD-69248485214,P-5765386,FLS-ALL
x-amz-version-id: MAvWa1A2j0obAl2z4.DuLXjNnKAy1Xp5
x-cache: RefreshHit from cloudfront
x-amz-cf-id: 2Ga2EgGcmJgslASMfVf9J-C9_At91PcSq4o3abNrvum9R_Dg13jmKg==
content-type: image/gif
last-modified: Wed, 06 Apr 2022 12:24:29 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-70405709719,FD-69248485214,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: HGKEJSE6SP2BSW42
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
x-amz-meta-cache-tag: F-70405709719,FD-69248485214,P-5765386,FLS-ALL
content-length: 2592
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
cf-bgj: imgq:85,h2pri
access-control-allow-methods: GET
cf-polished: origSize=4178
date: Mon, 02 Dec 2024 12:01:57 GMT
vary: Accept-Encoding
x-amz-id-2: iE8jwtXtc/rszGaArR/FtMOD0KUUS5FeM7PPFqozp1nKF8MxEOcUxqHZEI/0MYvHCZA+f985amw=
timing-allow-origin: 5765386.fs1.hubspotusercontent-na1.net
via: 1.1 ab76bbd6b801f08301c49a66004b9188.cloudfront.net (CloudFront)
cf-ray: 8ebb2a50e94393e5-LHR
access-control-allow-origin: *
x-amz-cf-pop: LHR3-C2
x-amz-meta-created-unix-time-millis: 1649247868407

GET
H2 200 right-arrow.svg
5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/March2022/ 272 B
1 KB 116ms
74ms Image
image/svg+xml 2606:4700:4400::6812:297c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/March2022/right-arrow.svg
Requested by: Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e2856b09b8551910e6cb03f10c7c59245716b78864f205ee433fb3109f15fcbd

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"fe17677dc5e5a558797d8f08f625efaf"
age: 1061739
cache-tag: F-69047833408,FD-69047889517,P-5765386,FLS-ALL
x-amz-version-id: BCXBoPsgYqnM0oNdz5UfoKeTAiJIuz9.
x-cache: Miss from cloudfront
x-amz-cf-id: uGAWwlP93MugUF-yIBvWrrX9bKtTbfU0aDJSM7j6S01tgH19zTVEhA==
content-type: image/svg+xml
last-modified: Mon, 21 Mar 2022 05:24:26 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-69047833408,FD-69047889517,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: EQEBPPCR9VBFXQ56
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-69047833408,FD-69047889517,P-5765386,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
date: Mon, 02 Dec 2024 12:01:57 GMT
vary: Accept-Encoding
x-amz-id-2: IkVzHalkDwUuBNK8lNwzImIUuRz4YnlaAheqblKEFkkwmQvsnLFznQ4UF9TL04gpCESRdtx1+7U=
timing-allow-origin: 5765386.fs1.hubspotusercontent-na1.net
via: 1.1 e11502649b2fdd9cb3960f027c8c1ea2.cloudfront.net (CloudFront)
cf-ray: 8ebb2a50e94693e5-LHR
access-control-allow-origin: *
x-amz-cf-pop: LHR3-C2
x-amz-meta-created-unix-time-millis: 1647840265758

GET
H3 200 sdk.js Show response
connect.facebook.net/en_GB/ 248 KB
74 KB 38ms
38ms Script
application/x-javascript 157.240.251.9
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/sdk.js?hash=23a3c82c66b7f4947eb8f6d53d447e80

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_GB/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.251.9 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-fra5.fbcdn.net

Software

Resource Hash

630938f4cb96514df23151bcb2b6598503d40e482e3cb04d8d41e4c095f0cbba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.hunters.security
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

content-md5: UVM4oUqgMrF3Lf7zhnf1XQ==
access-control-expose-headers: X-FB-Content-MD5
content-encoding: gzip
etag: "715a671fe421eafbdaa95dc4eb30fc66"
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Tue, 02 Dec 2025 11:44:58 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 02 Dec 2024 12:01:57 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-content-md5: ecd921aed98357bd48e959e1a8f2eb8e
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: UNKNOWN; q=-1, rtt=-1, rtx=0, c=20, mss=1232, tbw=1826, tp=5, tpl=0, uplat=1, ullat=-1
x-fb-debug: hQ+lymyvwt5k8XO2QQMJm7DGHJCXqlFAy9wV79mzyAS7ykmA9bk2bhtBR/Li48m1n8/Pw8aMUE5xcCYCIV2gmA==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
access-control-allow-origin: *
content-length: 75128
origin-agent-cluster: ?1

GET
H2 200 widget_iframe.2f70fb173b9000da126c79afe2098f02.html
platform.twitter.com/widgets/ Frame CEED 0
0 111ms
36ms Document
text/html 146.75.120.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fwww.hunters.security
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: public, max-age=315360000
content-encoding: gzip
content-length: 105429
content-type: text/html; charset=utf-8
date: Mon, 02 Dec 2024 12:01:58 GMT
etag: "81267302efdfb3e4524a22631a8fc99e+gzip"
last-modified: Mon, 11 Dec 2023 17:19:49 GMT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
tw-cdn: FT
vary: Accept-Encoding
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
x-served-by: cache-iad-kiad7000164-IAD, cache-fra-etou8220026-FRA

GET
H3 200 Youtube%20Profile%20Picture-2.png
www.hunters.security/hubfs/ 1 MB
1 MB 79ms
78ms Other
image/webp 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hubfs/Youtube%20Profile%20Picture-2.png

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55d014846b34bef181c9b239e103c4c61f28f8917aae9540c4ba3ebdfd1d604d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: all
cf-cache-status: HIT
etag: "1ce024c6f60f588abacbda5deb823052"
age: 275255
cache-tag: F-75057322131,P-5765386,FLS-ALL
x-amz-version-id: S6lAdoIj9aqykg7msQHTGVsWLzb1qvj.
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XRVr1%2BXLkhnhT7x9%2B7ZpIBtarGlgS2wlbbSZV8LwD33UWoPc4EwjKMx9jMqeGbW7%2BP6ZJHncxpTjhzt2Cp%2BnGORKG1R3c4EsL27OR9fl%2FpuMC5bKdsKyfRnvBmQP%2FpBkxH6XwUFU"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: hHTi_gWTfFxwSO4IF-8IB8P2nzZLaJ8rEQuFmwPJp9wBoD5_Zzwt6g==
content-type: image/webp
content-disposition: inline; filename="Youtube%20Profile%20Picture-2.webp"
last-modified: Wed, 01 Jun 2022 08:54:53 GMT
priority: u=1,i
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-75057322131,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
server-timing: cfExtPri
x-amz-request-id: J4V84BS84EXAXCBA
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
x-amz-meta-cache-tag: F-75057322131,P-5765386,FLS-ALL
content-length: 1116226
x-hs-alternate-content-type: text/plain
server: cloudflare
x-amz-server-side-encryption: AES256
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
cf-polished: origFmt=png, origSize=1690575
date: Mon, 02 Dec 2024 12:01:58 GMT
vary: Accept, Accept-Encoding
x-amz-id-2: 5SNHQm/GUipHmbwVC0UHTda78CZBIltIYodA0WFRmbNDWgJc6QrkLdwzWs5tNK1PQHdXrZ2ggJA=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 d96c6a517450b169095d23aff6d646a4.cloudfront.net (CloudFront)
cf-ray: 8ebb2a52bd7a9520-LHR
access-control-allow-origin: *
x-amz-cf-pop: LHR3-C2
x-amz-meta-created-unix-time-millis: 1654073692057

GET
H2 200 5765386.js Show response
js-na1.hs-scripts.com/ 2 KB
1006 B 265ms
211ms Script
application/javascript 2606:4700::6810:8cd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js-na1.hs-scripts.com/5765386.js?_=1733140917394

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/hs/hsstatic/jquery-libs/static-1.4/jquery/jquery-1.11.2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:8cd1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dd9d0187fcb52f680b97b2e0d3b71bfd2f65d59afa66b24a1e0980b2d53f8dd1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

access-control-max-age: 3600
content-encoding: gzip
cf-cache-status: MISS
access-control-allow-credentials: true
x-content-type-options: nosniff
cf-ray: 8ebb2a5f89e0946b-LHR
accept-ranges: bytes
access-control-allow-origin: https://www.hunters.security
content-length: 673
date: Mon, 02 Dec 2024 12:02:00 GMT
x-hubspot-correlation-id: edb5f360-e2f8-4640-9045-658038d1c8d1
content-type: application/javascript;charset=utf-8
vary: origin, Accept-Encoding
server: cloudflare
last-modified: Mon, 02 Dec 2024 12:02:00 GMT

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 6 KB
3 KB 93ms
39ms Script
application/javascript 2606:4700::6811:df98
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsadspixel.net/fb.js

Requested by

Host: js-na1.hs-scripts.com
URL: https://js-na1.hs-scripts.com/5765386.js?_=1733140917394

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:df98 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b5a102aed533390e53f0c3da4a28fd5a0c882afb2d67abd36ae78e418f2d9e5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-evy-trace-virtual-host: all
x-request-id: 352219d8-c2b6-48e8-937c-69bf978725e8
content-encoding: gzip
cf-cache-status: HIT
etag: W/"55c50075baa1fb358695bac6a8ac3254"
x-amz-version-id: kgaFlO84ZW6ILlAzIV38LNI2_mvTYgv6
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
age: 212
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-hs-cache-status: HIT
x-amz-cf-id: tktzsZpIqfyEN9xvHJZJ_V_O2xtXrkXU43bgg0h4vbb6q-kajDPzxg==
date: Mon, 02 Dec 2024 12:02:00 GMT
x-hubspot-correlation-id: 352219d8-c2b6-48e8-937c-69bf978725e8
content-type: application/javascript; charset=utf-8
last-modified: Wed, 27 Nov 2024 18:45:45 UTC
vary: accept-encoding
x-evy-trace-listener: listener_https
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-856d8787d5-qg7nx
x-envoy-upstream-service-time: 0
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.833/bundles/pixels-release.js&cfRay=8ea713c41e54d66a-AMS
via: 1.1 d0d53eedec01ac540f737b5fafb16436.cloudfront.net (CloudFront)
cf-ray: 8ebb2a613d0b53a5-LHR
x-evy-trace-route-configuration: listener_https/all
x-hs-target-asset: adsscriptloaderstatic/static-1.833/bundles/pixels-release.js
x-amz-cf-pop: IAD12-P3
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 leadflows.js Show response
js.hsleadflows.net/ 550 KB
92 KB 90ms
40ms Script
application/javascript 2606:4700::6812:8b11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsleadflows.net/leadflows.js

Requested by

Host: js-na1.hs-scripts.com
URL: https://js-na1.hs-scripts.com/5765386.js?_=1733140917394

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:8b11 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d44882ab82adeef2856a0d52fb54bb70e472be45d50aa3a16b4cb39223391a99

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.hunters.security
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-request-id: d10342b7-0a66-4609-9cd7-eeb6a3b5062a
content-encoding: gzip
cf-cache-status: HIT
etag: W/"ce26171eff05376a1b746efbb809f7f6"
x-amz-version-id: 1P48dmUoAxkQ57N6qBxgDzS3oBmZAXBF
cache-tag: staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
age: 1168
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: VMZn_KmALq_lgxbvRXBj6pfG150HefPw3y82kAoHFRC2SmhfZHwiTQ==
x-hubspot-correlation-id: d10342b7-0a66-4609-9cd7-eeb6a3b5062a
content-type: application/javascript; charset=utf-8
last-modified: Thu, 21 Nov 2024 16:54:39 UTC
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=86400, max-age=0
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-856d8787d5-4sfgq
x-envoy-upstream-service-time: 1
x-hs-target-asset: lead-flows-js/static-1.1724/bundle/main/lead-flows-release.js
server: cloudflare
x-evy-trace-virtual-host: all
x-amz-server-side-encryption: AES256
x-hs-cache-status: HIT
date: Mon, 02 Dec 2024 12:02:00 GMT
vary: accept-encoding
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1724/bundle/main/lead-flows-release.js&cfRay=8e67d47ca93d4141-CDG
via: 1.1 0e373c2690d6d18d0c88347ad35ba498.cloudfront.net (CloudFront)
cf-ray: 8ebb2a613fbf653f-LHR
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD55-P7

GET
H2 200 banner.js Show response
js.hs-banner.com/v2/5765386/ 71 KB
26 KB 206ms
156ms Script
text/javascript 2606:4700:4400::6812:28f0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/5765386/banner.js
Requested by: Host: js-na1.hs-scripts.com
URL: https://js-na1.hs-scripts.com/5765386.js?_=1733140917394
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:28f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4a3785ea58861126bbf6837513df3a08ba5d7f1c243f07ea9c5278e60129c696

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-evy-trace-virtual-host: all
access-control-max-age: 604800
x-request-id: ed890c25-e800-4c99-bd93-826ab5eaabaf
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
content-encoding: gzip
cf-cache-status: REVALIDATED
etag: W/"342514a021e20c929dada450d5138447"
x-amz-version-id: I6i0WPvVWWWlrGUbq4LBLHp07F4mff10
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
expires: Mon, 02 Dec 2024 12:07:00 GMT
x-evy-trace-listener: listener_https
date: Mon, 02 Dec 2024 12:02:00 GMT
x-hubspot-correlation-id: ed890c25-e800-4c99-bd93-826ab5eaabaf
content-type: text/javascript; charset=UTF-8
last-modified: Mon, 25 Nov 2024 21:19:53 GMT
vary: origin, Accept-Encoding
x-amz-id-2: xFr8K3Tlfv+5H2RqYajtyu34YjH/X7oSTyEqpXTKMlSrgakm2I3Apcb1YHxE3dqwl5wV+/3YCrg=
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=300,public
timing-allow-origin: *
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-8586d94f84-5w7l2
x-envoy-upstream-service-time: 121
access-control-allow-credentials: true
x-amz-request-id: R1TZZ43TPTXDWAVA
cf-ray: 8ebb2a612810ef33-LHR
access-control-allow-origin: https://www.hunters.security
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 web-interactives-embed.js Show response
js.hubspot.com/ 84 KB
25 KB 204ms
154ms Script
application/javascript 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hubspot.com/web-interactives-embed.js

Requested by

Host: js-na1.hs-scripts.com
URL: https://js-na1.hs-scripts.com/5765386.js?_=1733140917394

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d6f514ddc18e496f04ad9fad4afcec13d365dfa49efa5dac94d6fff64b95a623

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.hunters.security
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-request-id: a37f97e7-1ca5-487d-be6a-fdd61e88ef41
content-encoding: gzip
cf-cache-status: EXPIRED
x-amz-version-id: mNXUuIIWhVdVPzPqyp_sjRXwZmR0sDd4
etag: W/"224467cc4ce3a08f302186b8a1ce03c9"
cache-tag: staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ljJlqecO8ocw52b3DG2LXok5BhOWpOXGJv4exef6y52XyDC%2BWDZIU6intJdJp9%2FOIVnFGSgZPanqPA%2BDH3R7Zd7Jo2GWTUlP9KEdJHmKfP6wpF2y%2BXm3FOT2pA9QpoaUHP%2BXNmtgHtZKuBdD"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: 8D2liNosAimuOxGpkfofQdIxOdxPszw8g0IJ967jO2-QCZ66243sdQ==
x-hubspot-correlation-id: a37f97e7-1ca5-487d-be6a-fdd61e88ef41
content-type: application/javascript; charset=utf-8
last-modified: Mon, 02 Dec 2024 10:47:31 UTC
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-856d8787d5-fngld
x-envoy-upstream-service-time: 44
x-hs-target-asset: web-interactives-embed/static-2.1869/bundles/project.js
server: cloudflare
x-evy-trace-virtual-host: all
x-amz-server-side-encryption: AES256
access-control-max-age: 3000
access-control-allow-methods: GET
x-hs-cache-status: MISS
date: Mon, 02 Dec 2024 12:02:00 GMT
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method,accept-encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.1869/bundles/project.js&cfRay=8ebabf8abe19777a-CDG
via: 1.1 c13d71f8919c23db6bbd1c08a4dfb350.cloudfront.net (CloudFront)
cf-ray: 8ebb2a612a70ef58-LHR
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD12-P3

GET
H2 200 5765386.js Show response
js.hs-analytics.net/analytics/1733140800000/ 68 KB
25 KB 272ms
207ms Script
text/javascript 2606:4700::6811:afc9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1733140800000/5765386.js
Requested by: Host: js-na1.hs-scripts.com
URL: https://js-na1.hs-scripts.com/5765386.js?_=1733140917394
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:afc9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3095aa418e3bde20e82b26f0275c80a63e0146955a0b77db3bac05fc66dd22e2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-amz-server-side-encryption: AES256
x-request-id: 024ae12e-d222-4e22-88f2-ffb92e815e45
content-encoding: gzip
cf-cache-status: MISS
etag: W/"c6971cf97f6ec42dcddf2a0c02a51e91"
x-amz-version-id: null
expires: Mon, 02 Dec 2024 12:07:00 GMT
x-evy-trace-listener: listener_https
date: Mon, 02 Dec 2024 12:02:00 GMT
x-hubspot-correlation-id: 024ae12e-d222-4e22-88f2-ffb92e815e45
content-type: text/javascript
last-modified: Mon, 25 Nov 2024 21:19:56 GMT
vary: origin, Accept-Encoding
x-amz-id-2: mpOPXsQmAV3UASJyLNhF6eBszkTyym40JSCoOBc3jUGMHuTPyhjjkXs7/+pGxuRH/D/CdPgQtrU=
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=300,public
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-8586d94f84-ttmxb
x-envoy-upstream-service-time: 31
access-control-allow-credentials: false
x-amz-request-id: Q76P5MPASRVRV76Q
cf-ray: 8ebb2a614a6c60ea-LHR
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 combinedConfigs Show response
cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/ 61 B
1 KB 132ms
131ms Fetch
application/json 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=5765386&currentUrl=https%3A%2F%2Fwww.hunters.security%2Fen%2Fblog%2Fveildrive-microsoft-services-malware-c2&contentId=182226747037

Requested by

Host: js.hubspot.com
URL: https://js.hubspot.com/web-interactives-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

027f9fef93a2d620715de7311a5bf674cb3df18a352d2a0a7266c147c157333f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: noindex, follow
access-control-max-age: 180
x-request-id: 9bc3c99e-8563-4352-9fd7-f2031a80b3d6
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6DbogLqcTwDBTizJRO0PqjPmlNgC7rL%2FES5p7g8Qeds8vHN%2FKrLazlWy0B%2FwoFgmlFR%2FTuncuzVUOHjm%2FoIAn3I5tHkh1%2FEDNIR0AdZu6Jm3BNnVgPjhqBS43jYh3eD%2BWABV5N%2Fy2Ui7f2psiigVL9%2FN8cxVAvEbGOI%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
access-control-allow-methods: OPTIONS, GET
x-evy-trace-listener: listener_https
date: Mon, 02 Dec 2024 12:02:00 GMT
x-hubspot-correlation-id: 9bc3c99e-8563-4352-9fd7-f2031a80b3d6
content-type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-97cpg
x-envoy-upstream-service-time: 11
access-control-allow-credentials: true
cf-ray: 8ebb2a623e49ef58-LHR
access-control-allow-origin: https://www.hunters.security
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 cf-location Show response
js.hs-banner.com/v2/ 2 B
145 B 120ms
71ms Fetch
text/plain 2606:4700:4400::6812:28f0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/cf-location
Requested by: Host: js.hs-banner.com
URL: https://js.hs-banner.com/v2/5765386/banner.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:28f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b4043b0b8297e379bc559ab33b6ae9c7a9b4ef6519d3baee53270f0c0dd3d960

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

cache-control: private, max-age=1500
cf-ray: 8ebb2a629f6b9580-LHR
access-control-allow-origin: *
content-length: 2
date: Mon, 02 Dec 2024 12:02:00 GMT
content-type: text/plain;charset=UTF-8
vary: Accept-Encoding
server: cloudflare

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 347 KB
119 KB 136ms
57ms Script
application/javascript 2a00:1450:4001:81d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WQ56X32

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ca5f58ab6b87c19e12c7132167c31c2e01cc7c9e3e22ed55c982fc4364bf6bd3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires: Mon, 02 Dec 2024 12:02:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 02 Dec 2024 12:02:00 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 120703
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 json Show response
api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/ 180 B
827 B 204ms
153ms XHR
application/json 2606:4700::6812:f16c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=5765386

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:f16c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5398d974b05c83fecc308ce8af06d5ca69ecfe557e9d7f45a6999d07c5bcd82b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

access-control-max-age: 180
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e7MxkE2v3KqL9aRi9bqV1qzWkwkHcKuon6Vqc3VQvmq64kyUFK5SChRZI3mAqpDaia24%2FQ4xPyEG6wBBuBMS9sq5oOeuUjZmkbQhMRhpL77SLFBOuD%2BX3XG5QI8UQm7cz%2BjEqNfW0OAJ8g2s"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-content-type-options: nosniff
date: Mon, 02 Dec 2024 12:02:00 GMT
x-hubspot-correlation-id: c57c87be-9890-47a8-bbf5-34c1f7ed0e47
content-type: application/json;charset=utf-8
vary: origin, Accept-Encoding
access-control-allow-headers: *
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials: false
cf-ray: 8ebb2a6298666100-LHR
access-control-allow-origin: https://www.hunters.security
server: cloudflare

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
612 B 144ms
144ms Image
image/gif 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-gb&bfp=3511443875&v=1.1&a=5765386&pi=182226747037&ct=blog-post&ccu=https%3A%2F%2Fwww.hunters.security%2Fen%2Fblog%2Fveildrive-microsoft-services-malware-c2&cpi=182226747037&cgi=24463927651&lpi=182226747037&lvi=182226747037&lvc=en&pu=https%3A%2F%2Fwww.hunters.security%2Fen%2Fblog%2Fveildrive-microsoft-services-malware-c2&t=Unmasking+VEILDrive%3A+Threat+Actors+Exploit+Microsoft+Services+for+C2&cts=1733140920733&vi=3cb56f287fe98028fb6568b82b7a9627&nc=true&u=27445923.3cb56f287fe98028fb6568b82b7a9627.1733140920731.1733140920731.1733140920731.1&b=27445923.1.1733140920732&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: none
x-request-id: 02c233e8-ffc3-4126-a152-56b6c5c07789
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rGd85beUL43ZJpm1mByw9iz%2B3iVjTaFXHw6gha%2BrC3cAP%2B5%2Bg4TGd5%2Fs5EvPLikVWjf6tMmAagMcIXKhUbMopeKGf1349bMOZoUINSsIG1b6fJMfzPh8YOW6suQkNf7E4H4BzSLXG4QldtN28sJ7"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
p3p: CP="NOI CUR ADM OUR NOR STA NID"
date: Mon, 02 Dec 2024 12:02:00 GMT
x-hubspot-correlation-id: 02c233e8-ffc3-4126-a152-56b6c5c07789
content-type: image/gif
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: no-cache, no-store, no-transform
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-c658cb6d4-8fjmw
x-envoy-upstream-service-time: 3
access-control-allow-credentials: false
cf-ray: 8ebb2a62ac0e9405-LHR
x-evy-trace-route-configuration: listener_https/all
content-length: 45
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 json Show response
forms.hubspot.com/lead-flows-config/v1/config/ 178 B
1 KB 151ms
151ms XHR
application/json 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=5765386&utk=3cb56f287fe98028fb6568b82b7a9627&__hstc=27445923.3cb56f287fe98028fb6568b82b7a9627.1733140920731.1733140920731.1733140920731.1&__hssc=27445923.1.1733140920732&contentId=182226747037&currentUrl=https%3A%2F%2Fwww.hunters.security%2Fen%2Fblog%2Fveildrive-microsoft-services-malware-c2

Requested by

Host: js.hsleadflows.net
URL: https://js.hsleadflows.net/leadflows.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f59a623cd50863ff5033fdee18254f11967274ff1a09b4a3668ed65fa8a47975

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: none
access-control-max-age: 180
x-request-id: 1828c6ca-26c2-4f0c-bd0d-d2ebdf0784e0
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mALiYlaDYFlyJpnzzyNw2y9JujMzj4z9gdQqr8ziZtHi6btt5Ir3aItoRSS7j9HYJFaklmZNKdIf9RZCU8P2BLiOpHjQ8BbnGF6fjY0qd1s7s0YAtyr9nnVZSiByrEnQBofFfH6pQabfyw27%2FEAp"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-evy-trace-listener: listener_https
date: Mon, 02 Dec 2024 12:02:00 GMT
x-hubspot-correlation-id: 1828c6ca-26c2-4f0c-bd0d-d2ebdf0784e0
content-type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-kf895
x-envoy-upstream-service-time: 24
access-control-allow-credentials: false
cf-ray: 8ebb2a62e8cbef58-LHR
access-control-allow-origin: https://www.hunters.security
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 counters.gif
perf-na1.hsforms.com/embed/v3/ 35 B
958 B 159ms
133ms Image
image/gif 104.19.175.188
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf-na1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: none
x-request-id: 3489c6d9-24f5-4f09-9e37-f174eefa99a0
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: MISS
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
server-timing: cfExtPri
date: Mon, 02 Dec 2024 12:02:00 GMT
x-hubspot-correlation-id: 3489c6d9-24f5-4f09-9e37-f174eefa99a0
content-type: image/gif
vary: origin, Accept-Encoding
last-modified: Mon, 02 Dec 2024 12:02:00 GMT
priority: u=3,i
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-q5dzg
x-envoy-upstream-service-time: 2
access-control-allow-credentials: false
cf-ray: 8ebb2a633aceef4e-LHR
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 35
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 282 KB
98 KB 58ms
57ms Script
application/javascript 2a00:1450:4001:81d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-650970809

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4d8d24f7bc28c29ed4285b69a442654d891c980cf924a7a376fc2286f4dc8ae8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Mon, 02 Dec 2024 12:02:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 02 Dec 2024 12:02:00 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 99519
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 40 KB
14 KB 126ms
39ms Script
application/javascript 2a02:26f0:780::5f65:36e3
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:780::5f65:36e3 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

Software

Resource Hash

8a27dc7b44ebe886390bfa0a9beeea36ea5a3f37479f0e0836b6c9b80d9b35ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

cache-control: max-age=56470
content-encoding: gzip
x-cdn: AKAM
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 14628
date: Mon, 02 Dec 2024 12:02:00 GMT
last-modified: Thu, 22 Aug 2024 10:43:55 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
x-amz-server-side-encryption: AES256

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 352 KB
118 KB 65ms
65ms Script
application/javascript 2a00:1450:4001:81d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-C3M9VW2XNJ&l=dataLayer&cx=c&gtm=45He4bk0v831148865za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WQ56X32

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

24d9020bc026028ec01c6070649daacb53b18061e84efae062e3d413857967fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Mon, 02 Dec 2024 12:02:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 02 Dec 2024 12:02:00 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 120880
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 282 KB
97 KB 55ms
55ms Script
application/javascript 2a00:1450:4001:81d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-650970809&l=dataLayer&cx=c&gtm=45He4bk0v831148865za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WQ56X32

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

86f7dca42f3662c2a1bbe6fd8e196b14746853b98c743da2487ec47d3a83baa0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Mon, 02 Dec 2024 12:02:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 02 Dec 2024 12:02:00 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 99481
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 6si.min.js Show response
j.6sc.co/ 68 KB
19 KB 303ms
208ms Script
application/javascript 2.16.204.72
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.204.72 Hamburg, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a2-16-204-72.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

d5ecf2f6d5b7937dd1aa50165b89193436347d55cb130951d41e028b1f09d3af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

cache-control: private, proxy-revalidate, max-age=10800
content-encoding: gzip
etag: "66fb91ae-111bb"
x-content-type-options: nosniff
expires: Mon, 02 Dec 2024 15:02:01 GMT
accept-ranges: bytes
content-length: 18819
date: Mon, 02 Dec 2024 12:02:01 GMT
content-type: application/javascript
vary: Accept-Encoding
server: nginx/1.14.0 (Ubuntu)
last-modified: Tue, 01 Oct 2024 06:07:42 GMT

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ 282 KB
98 KB 69ms
69ms Script
application/javascript 2a00:1450:4001:81d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-650970809&l=dataLayer&cx=c&gtm=45He4bk0v831148865za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WQ56X32

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

840477dbc0f9135189ec353b83ceb410cc1f8421eb20503c73d679fe51605b68

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],}
expires: Mon, 02 Dec 2024 12:02:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 02 Dec 2024 12:02:00 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 99510
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 81ms
24ms Script
text/javascript 2001:4860:4802:32::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WQ56X32

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

content-encoding: gzip
age: 3724
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:225:0"}],}
x-content-type-options: nosniff
expires: Mon, 02 Dec 2024 12:59:57 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 02 Dec 2024 10:59:57 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
content-type: text/javascript
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:225:0
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 20994
server: Golfe2

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 43 KB
13 KB 79ms
24ms Script
application/javascript 2a04:4e42:600::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WQ56X32
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: 10429db431cbd2fc042c7397c8f1e62996d636ddeef2702c912d9fb7fc650c35

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

cache-control: public, max-age=60
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
content-encoding: gzip
etag: "1a001f3a066bff47a766099b87253911"
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 12220
date: Mon, 02 Dec 2024 12:02:01 GMT
last-modified: Mon, 18 Nov 2024 21:16:35 GMT
content-type: application/javascript
vary: Accept-Encoding,Origin
server: snooserv
x-amz-server-side-encryption: AES256

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 57 KB
16 KB 123ms
40ms Script
application/javascript 146.75.120.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WQ56X32
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: d4963b8afebfa0063b5d17b4c80f49bce702a37ea5c9b91bb3c996bb9dea4b60

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

vary: Accept-Encoding,Host
cache-control: no-cache
content-encoding: gzip
etag: "4328e910de583ad53b3a7a76455af005+gzip+gzip"
accept-ranges: bytes
x-cache: HIT, HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-length: 15926
date: Mon, 02 Dec 2024 12:02:01 GMT
x-tw-cdn: FT
last-modified: Tue, 29 Oct 2024 00:10:26 GMT
content-type: application/javascript; charset=utf-8
x-served-by: cache-iad-kiad7000084-IAD, cache-fra-etou8220089-FRA
x-amz-server-side-encryption: AES256

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ 239 KB
61 KB 36ms
36ms Script
application/x-javascript 157.240.251.9
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.251.9 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-fra5.fbcdn.net

Software

Resource Hash

527bf3dacc5eb62211130fe4bf315c682861320ab25b4aa2efe6ea87a760db8c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src 'nonce-Fj0JK0gL' .fbcdn.net .facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 02 Dec 2024 12:02:00 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'nonce-Fj0JK0gL' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=34, rtx=0, c=27, mss=1232, tbw=8791, tp=16, tpl=0, uplat=0, ullat=-1
pragma: public
x-fb-debug: QX0g8NqUT7yX12RFUGJq6sfh/eGRSNIWBoWirusQOt/O9Lb+iSR0TzKdzQz+RV1DEywXHvBgCejTb7L2OQ00yg==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
content-length: 62107
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
812 B 200ms
133ms XHR
application/json 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=2064881&time=1733140921010&url=https%3A%2F%2Fwww.hunters.security%2Fen%2Fblog%2Fveildrive-microsoft-services-malware-c2
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: *
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-li-pop: afd-prod-lva1-x
content-encoding: gzip
x-fs-uuid: 0006284850f323745417ce184d74196b
x-msedge-ref: Ref A: 1075CC8486164041AB79B838861D4923 Ref B: LTSEDGE1414 Ref C: 2024-12-02T12:02:01Z
x-li-fabric: prod-lva1
x-restli-protocol-version: 1.0.0
access-control-allow-methods: GET, OPTIONS
x-li-uuid: AAYoSFDzI3RUF84YTXQZaw==
x-li-proto: http/2
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
date: Mon, 02 Dec 2024 12:02:00 GMT
content-type: application/json
access-control-allow-headers: *

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2064881&time=1733140921010&url=https%3A%2F%2Fwww.hunters.security%2Fen%2Fblog%2Fveildrive-microsoft-services-malware-c2
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2064881&time=1733140921010&url=https%3A%2F%2Fwww.hunters.security%2Fen%2Fblog%2Fveildrive-microsoft-services-malware-c2&e_ipv6=AQL3hy_gN3MkcAAAAZ...

0
265 B

242ms
188ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2064881&time=1733140921010&url=https%3A%2F%2Fwww.hunters.security%2Fen%2Fblog%2Fveildrive-microsoft-services-malware-c2&e_ipv6=AQL3hy_gN3MkcAAAAZOHP7tidBBA8kck31evgsFooMe6C8QGzJxEHbmeE_p_cD42aFfdhoo
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

linkedin-action: 1
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 6BFBE064B7474243A590631F714FD211 Ref B: LON04EDGE1210 Ref C: 2024-12-02T12:02:01Z
x-li-fabric: prod-lor1
x-li-uuid: AAYoSFD4CA2ImTqT4TdnOg==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Mon, 02 Dec 2024 12:02:00 GMT
content-type: application/javascript

Redirect headers

linkedin-action: 1
x-li-pop: afd-prod-lor1-x
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2064881&time=1733140921010&url=https%3A%2F%2Fwww.hunters.security%2Fen%2Fblog%2Fveildrive-microsoft-services-malware-c2&e_ipv6=AQL3hy_gN3MkcAAAAZOHP7tidBBA8kck31evgsFooMe6C8QGzJxEHbmeE_p_cD42aFfdhoo
x-msedge-ref: Ref A: F15D282E3F124CC39026219F9EE57D55 Ref B: LON04EDGE0706 Ref C: 2024-12-02T12:02:01Z
x-li-fabric: prod-lor1
x-li-uuid: AAYoSFDzxnimkbTPS3BK4A==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Mon, 02 Dec 2024 12:02:00 GMT

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
704 B 240ms
174ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: *
Content-Type: text/plain;charset=UTF-8

Response headers

linkedin-action: 1
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: B4D8F854DB7D473C959AE8B69FA806A7 Ref B: LON04EDGE0706 Ref C: 2024-12-02T12:02:01Z
x-li-fabric: prod-ltx1
access-control-allow-credentials: true
x-li-uuid: AAYoSFDzgR8wrZ8joXYtMA==
x-li-proto: http/2
access-control-allow-origin: https://www.hunters.security
x-cache: CONFIG_NOCACHE
date: Mon, 02 Dec 2024 12:02:00 GMT
vary: Origin

GET
H3 200 240118131653263 Show response
connect.facebook.net/signals/config/ 76 KB
15 KB 154ms
154ms Script
application/x-javascript 157.240.251.9
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/240118131653263?v=2.9.176&r=stable&domain=www.hunters.security&hme=872f04a0547459b3285cb03b0d7a47bfde40628f4b386809918a621e2688602f&ex_m=70%2C121%2C107%2C111%2C61%2C4%2C100%2C69%2C16%2C97%2C89%2C51%2C54%2C172%2C175%2C187%2C183%2C184%2C186%2C29%2C101%2C53%2C77%2C185%2C167%2C170%2C180%2C181%2C188%2C131%2C41%2C189%2C190%2C34%2C143%2C15%2C50%2C195%2C194%2C133%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C93%2C17%2C14%2C96%2C92%2C91%2C108%2C52%2C110%2C39%2C109%2C30%2C94%2C26%2C168%2C171%2C140%2C86%2C56%2C84%2C33%2C73%2C0%2C95%2C32%2C28%2C82%2C83%2C88%2C47%2C46%2C87%2C37%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C102%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C104%2C103%2C105%2C98%2C10%2C20%2C3%2C38%2C74%2C19%2C5%2C90%2C81%2C44%2C35%2C85%2C2%2C36%2C63%2C42%2C106%2C45%2C79%2C68%2C112%2C60%2C59%2C31%2C99%2C58%2C55%2C49%2C78%2C72%2C24%2C113

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.251.9 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-fra5.fbcdn.net

Software

Resource Hash

f16fceef76af4b3f90c5e3f0dde725c0baee56948e2e82ee6e380b7dbfd50992

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src 'nonce-JHgFfNZs' .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* blob: data: 'self' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 02 Dec 2024 12:02:01 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: *;script-src 'nonce-JHgFfNZs' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=41, rtx=0, c=64, mss=1232, tbw=73095, tp=71, tpl=0, uplat=115, ullat=0
pragma: public
x-fb-debug: 5uxdzNdVIQ93kUgGT+9bVmKwvjrJn5ERMNy/f7n5NGWcBn4579aK4WGTcg9RZWhzrY1Yu1qingUpYdpNbUzHCQ==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2 200 config Show response
pixel-config.reddit.com/pixels/a2_fx1ojti1yz9z/ 3 B
124 B 82ms
25ms XHR
application/json 2a04:4e42::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel-config.reddit.com/pixels/a2_fx1ojti1yz9z/config
Requested by: Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

cache-control: max-age=14400
content-encoding: gzip
via: 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 27
date: Mon, 02 Dec 2024 12:02:01 GMT
content-type: application/json

GET
H2 200 a2_fx1ojti1yz9z_telemetry Show response
www.redditstatic.com/ads/conversions-config/v1/pixel/config/ 86 B
700 B 78ms
29ms XHR
application/json 2a04:4e42:600::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/a2_fx1ojti1yz9z_telemetry
Requested by: Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: 98d77039ea9249b3dce91ad7b467ee382f29daa61213c3e2737bd4a8786c8801

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

cache-control: max-age=300
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
content-encoding: gzip
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
via: 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 98
date: Mon, 02 Dec 2024 12:02:01 GMT
content-type: application/json
vary: Accept-Encoding,Origin
server: snooserv

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
637 B 163ms
106ms Image
image/gif 151.101.129.140
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1733140921037&id=a2_fx1ojti1yz9z&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=ed010884-abed-48a2-96c8-b22125de7275&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_b192616d&dpm=&dpcc=&dprc=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
retry-after: 0
cross-origin-resource-policy: cross-origin
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
via: 1.1 varnish
accept-ranges: bytes
content-length: 42
date: Mon, 02 Dec 2024 12:02:01 GMT
content-type: image/gif
server: Varnish

GET
H2 200 adsct
t.co/1/i/ 43 B
628 B 222ms
172ms Image
image/gif 172.66.0.227
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/1/i/adsct?bci=4&dv=Europe%2FLondon%26en-US%2Cen%26Google%20Inc.%26Linux%20x86_64%26255%261600%261200%2632%2624%261600%261200%260%26na&eci=3&event=%7B%7D&event_id=499aa4a7-ad32-4682-bdd1-c48afad98468&integration=gtm&p_id=Twitter&p_user_id=0&pl_id=bac06ad9-b7f8-4ee5-8dbf-2e043930b53c&tw_document_href=https%3A%2F%2Fwww.hunters.security%2Fen%2Fblog%2Fveildrive-microsoft-services-malware-c2&tw_iframe_status=0&txn_id=oprld&type=javascript&version=2.3.31

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.66.0.227 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare tsa_f /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

strict-transport-security: max-age=0
x-transaction-id: 0a5187f8f25c711d
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 82efa1022c0d8eec899052ded12b7b718538c1b4114344ab1fd3d990fed44399
cf-cache-status: DYNAMIC
cf-ray: 8ebb2a653f86947d-LHR
x-response-time: 112
content-length: 43
date: Mon, 02 Dec 2024 12:02:01 GMT
content-type: image/gif;charset=utf-8
perf: 7402827104
server: cloudflare tsa_f

GET
H2 200 adsct
analytics.twitter.com/1/i/ 43 B
722 B 218ms
169ms Image
image/gif 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/1/i/adsct?bci=4&dv=Europe%2FLondon%26en-US%2Cen%26Google%20Inc.%26Linux%20x86_64%26255%261600%261200%2632%2624%261600%261200%260%26na&eci=3&event=%7B%7D&event_id=499aa4a7-ad32-4682-bdd1-c48afad98468&integration=gtm&p_id=Twitter&p_user_id=0&pl_id=bac06ad9-b7f8-4ee5-8dbf-2e043930b53c&tw_document_href=https%3A%2F%2Fwww.hunters.security%2Fen%2Fblog%2Fveildrive-microsoft-services-malware-c2&tw_iframe_status=0&txn_id=oprld&type=javascript&version=2.3.31

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_f /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

strict-transport-security: max-age=631138519
x-transaction-id: 9b135fe51f0b4cf3
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 65ba22e61c8724742ff9844d463c7a8388fb212aaaaf3ffa52873864f6da8fd4
x-response-time: 114
content-length: 43
date: Mon, 02 Dec 2024 12:02:01 GMT
perf: 7402827104
content-type: image/gif;charset=utf-8
server: tsa_f

GET /
www.facebook.com/tr/ 0
0

GET /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 0
0

GET
H2 200 / Show response
c.6sc.co/ 7 B
197 B 45ms
38ms XHR
text/html 2.16.204.72
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.204.72 Hamburg, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS: a2-16-204-72.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-methods: GET,POST
access-control-allow-origin: https://www.hunters.security
content-length: 7
date: Mon, 02 Dec 2024 12:02:01 GMT
content-type: text/html
access-control-allow-headers: *

GET
H2 200 / Show response
ipv6.6sc.co/ 19 B
313 B 152ms
63ms XHR
text/html 2a02:26f0:480:22::1726:62ee
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:22::1726:62ee Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software: /
Resource Hash: 074ebd77d21c7159a2340309b5b4b21461361d6efb74e8e4152d002fd3ce186c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

cache-control: max-age=0, no-cache, no-store
pragma: no-cache
6si-ipv6: 2a02:8c8:c10:30::17
expires: Mon, 02 Dec 2024 12:02:01 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1733140921376_389993774_1131335077_29_966_39_65_219";dur=1
access-control-allow-origin: https://www.hunters.security
content-length: 19
date: Mon, 02 Dec 2024 12:02:01 GMT
content-type: text/html
vary: Origin

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 250ms
242ms Image
image/gif 2.16.204.72
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=b1312f22c62275b4776d49935ee65207&svisitor=null&visitor=0bc67df8-dceb-4af8-81e0-446ce6d3690e&session=8c42f22b-8641-4dc4-88ca-2ce7e6f09ac4&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Mon%2C%2002%20Dec%202024%2012%3A02%3A01%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22Discover%20how%20the%20latest%20cybersecurity%20threat%20research%20on%20VEILDrive%20exposes%20attackers%20exploiting%20Microsoft%20services%20for%20C2%2C%20bypassing%20defenses%2C%20and%20leveraging%20SaaS%20infrastructure.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Unmasking%20VEILDrive%3A%20Threat%20Actors%20Exploit%20Microsoft%20Services%20for%20C2%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.hunters.security%2Fen%2Fblog%2Fveildrive-microsoft-services-malware-c2&pageViewId=c0835cbd-086a-453c-84a8-ecc0c3959e73&v=1.1.29

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.204.72 Hamburg, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a2-16-204-72.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "63f020a0-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Mon, 02 Dec 2024 12:02:01 GMT
accept-ranges: bytes
content-length: 43
date: Mon, 02 Dec 2024 12:02:01 GMT
content-type: image/gif
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 219ms
212ms Image
image/gif 2.16.204.72
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=b1312f22c62275b4776d49935ee65207&svisitor=null&visitor=0bc67df8-dceb-4af8-81e0-446ce6d3690e&session=8c42f22b-8641-4dc4-88ca-2ce7e6f09ac4&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2002%20Dec%202024%2012%3A02%3A01%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22b1312f22c62275b4776d49935ee65207%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2002%20Dec%202024%2012%3A02%3A01%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2002%20Dec%202024%2012%3A02%3A01%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Discover%20how%20the%20latest%20cybersecurity%20threat%20research%20on%20VEILDrive%20exposes%20attackers%20exploiting%20Microsoft%20services%20for%20C2%2C%20bypassing%20defenses%2C%20and%20leveraging%20SaaS%20infrastructure.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Unmasking%20VEILDrive%3A%20Threat%20Actors%20Exploit%20Microsoft%20Services%20for%20C2%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.hunters.security%2Fen%2Fblog%2Fveildrive-microsoft-services-malware-c2&pageViewId=c0835cbd-086a-453c-84a8-ecc0c3959e73&v=1.1.29

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.204.72 Hamburg, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a2-16-204-72.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "60bb2e15-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Mon, 02 Dec 2024 12:02:01 GMT
accept-ranges: bytes
content-length: 43
date: Mon, 02 Dec 2024 12:02:01 GMT
content-type: image/gif
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)

GET img.gif
b.6sc.co/v1/beacon/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: kit.fontawesome.com
URL: https://kit.fontawesome.com/a076d05399.js

Domain: www.facebook.com
URL: https://www.facebook.com/tr/?batch=1&events[0]=id%3D240118131653263%26ev%3DPageView%26dl%3Dhttps%253A%252F%252Fwww.hunters.security%252Fen%252Fblog%252Fveildrive-microsoft-services-malware-c2%26rl%3D%26if%3Dfalse%26ts%3D1733140921198%26sw%3D1600%26sh%3D1200%26v%3D2.9.176%26r%3Dstable%26a%3Dtmgoogletagmanager%26ec%3D0%26o%3D12318%26fbp%3Dfb.1.1733140921197.468822365369692095%26cs_est%3Dtrue%26ler%3Dempty%26cdl%3DAPI_unavailable%26it%3D1733140921034%26coo%3Dfalse%26exp%3Df1&rqm=GET

Domain: www.facebook.com
URL: https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=240118131653263&ev=PageView&dl=https%3A%2F%2Fwww.hunters.security%2Fen%2Fblog%2Fveildrive-microsoft-services-malware-c2&rl=&if=false&ts=1733140921198&sw=1600&sh=1200&v=2.9.176&r=stable&a=tmgoogletagmanager&ec=0&o=12318&fbp=fb.1.1733140921197.468822365369692095&cs_est=true&ler=empty&cdl=API_unavailable&it=1733140921034&coo=false&exp=f1&rqm=FGET

Domain: b.6sc.co
URL: https://b.6sc.co/v1/beacon/img.gif?token=b1312f22c62275b4776d49935ee65207&svisitor=null&visitor=0bc67df8-dceb-4af8-81e0-446ce6d3690e&session=8c42f22b-8641-4dc4-88ca-2ce7e6f09ac4&event=ipv6&q=%7B%22address%22%3A%222a02%3A8c8%3Ac10%3A30%3A%3A17%22%7D&isIframe=false&m=%7B%22description%22%3A%22Discover%20how%20the%20latest%20cybersecurity%20threat%20research%20on%20VEILDrive%20exposes%20attackers%20exploiting%20Microsoft%20services%20for%20C2%2C%20bypassing%20defenses%2C%20and%20leveraging%20SaaS%20infrastructure.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Unmasking%20VEILDrive%3A%20Threat%20Actors%20Exploit%20Microsoft%20Services%20for%20C2%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.hunters.security%2Fen%2Fblog%2Fveildrive-microsoft-services-malware-c2&pageViewId=c0835cbd-086a-453c-84a8-ecc0c3959e73&ipv6=2a02%3A8c8%3Ac10%3A30%3A%3A17&v=1.1.29

Verdicts & Comments Add Verdict or Comment

106 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

26 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.www.hunters.security/	1970-01-21 01:25:42	Name: __cf_bm Value: kX6..eP09Guh3P1yEwibfX6gUHsGUquskRVXZO5Jaf0-1733140917-1.0.1.1-Yu5y7GQKn.ju3c88ptCM2ESztJFLFrPWTzwSAyxHDBfhX6sq0rgTI.hwcNd1f25v0NqutmOJJOL7h7kARAuAag
.www.hunters.security/	1969-12-31 23:59:59	Name: _cfuvid Value: PD6YVRiIgsS1MAbdDjy7P1fvU5U_wdSOHLM_x.JYqOs-1733140917217-0.0.1.1-604800000
.hubspot.com/	1970-01-21 01:25:42	Name: __cf_bm Value: EJDdNHjdAazp6nkoC9rwyqblPSzHDlzzFtvjXu0mE3o-1733140918-1.0.1.1-v2MnB.KbzdUx2ALb1wa5pV.xGiLelK_q41xG.r4FdT_YavQXcjHfvoO7V6c0QiVZKHfZ2bEuEMKQL8_vWM9fGw
.hubspot.com/	1969-12-31 23:59:59	Name: _cfuvid Value: tRr2s4ickb1js03cXDSr7W23GfgpJSUCw6Of2XMMzZM-1733140918045-0.0.1.1-604800000
.ws.zoominfo.com/	1970-01-21 10:11:16	Name: visitorId Value: f8bf6dd51ebd50d59aa7fc0913c55efee128b51eb16183f2a978348d93a0e59a
.zoominfo.com/	1970-01-21 01:25:42	Name: __cf_bm Value: fouuDmYmcg2ev5fMJ1LTRhM1hsmagrlN0ocQmZsMYmM-1733140918-1.0.1.1-qEeMhf7DL8OEX8ZjTyHfU4WBvWc4tsnMBar9YU001dG9avFlOsSRm7s1wRr5P1dhSvoAbe0MQgOYpDVOQs9KgA
.zoominfo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: TRu2DZ5i60dDUOg4Kd.RfBaBa70QJWfWV8UXGkGosGo-1733140918158-0.0.1.1-604800000
.hunters.security/	1970-01-21 05:44:52	Name: __hstc Value: 27445923.3cb56f287fe98028fb6568b82b7a9627.1733140920731.1733140920731.1733140920731.1
.hunters.security/	1970-01-21 05:44:52	Name: hubspotutk Value: 3cb56f287fe98028fb6568b82b7a9627
.hunters.security/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.hunters.security/	1970-01-21 01:25:42	Name: __hssc Value: 27445923.1.1733140920732
.hsforms.com/	1970-01-21 01:25:42	Name: __cf_bm Value: cYf3S545BwmeRIMMBzUHNFXeYaGJsJggNUwa41Y3QI4-1733140920-1.0.1.1-N4VQHO4TAFl4KOEHNRKQormFVmiycGQfySTe3zuCUam1y1nPIR4TXOvcZ4u2bUiKB8Kyrz6bkgG5nXOFlF4oAA
.hsforms.com/	1969-12-31 23:59:59	Name: _cfuvid Value: V48_af6MI4_THaWhGCrIgiyBM51FBybwyHOCahN.QXI-1733140920942-0.0.1.1-604800000
.hunters.security/	1970-01-21 03:35:16	Name: _rdt_uuid Value: 1733140921036.ed010884-abed-48a2-96c8-b22125de7275
.hunters.security/	1970-01-21 03:35:16	Name: _fbp Value: fb.1.1733140921197.468822365369692095
.linkedin.com/	1970-01-21 10:11:16	Name: bcookie Value: "v=2&ea05c111-a039-44d7-8fc3-a20d73f8a199"
.linkedin.com/	1970-01-21 05:44:52	Name: li_gc Value: MTswOzE3MzMxNDA5MjE7MjswMjFJkbcBCjq4riPX3Zpl+SfJRusN/DE4w+RpWeuGYsv2xw==
.linkedin.com/	1970-01-21 01:27:07	Name: lidc Value: "b=OGST02:s=O:r=O:a=O:p=O:g=3417:u=1:x=1:i=1733140921:t=1733227321:v=2:sig=AQGKnFQxqp8blbrOWO2XzrioY9cQajDg"
.twitter.com/	1970-01-21 11:01:40	Name: guest_id_marketing Value: v1%3A173314092120929475
.twitter.com/	1970-01-21 11:01:40	Name: guest_id_ads Value: v1%3A173314092120929475
.twitter.com/	1970-01-21 11:01:40	Name: personalization_id Value: "v1_BHuBuqNZ2QmBBmckKTBPyA=="
.twitter.com/	1970-01-21 11:01:40	Name: guest_id Value: v1%3A173314092120929475
.t.co/	1970-01-21 11:01:40	Name: muc_ads Value: 56864e5e-ff0d-45fc-9e31-fad969e3b757
.t.co/	1970-01-21 01:25:42	Name: __cf_bm Value: wKaxSXBq5NgDPWHJA_5nHYnBTq8OF1X5Iukaz5ksML0-1733140921-1.0.1.1-qxRKTWiKSbWoGmcgIvw2FMpsWHtwpRrMy2.JOT7sN1CeN3cA8oJ3H1wp6NFB3XtyMs3qXZuZImN03rHPrNSjBw
www.hunters.security/	1970-01-21 11:01:40	Name: _gd_visitor Value: 0bc67df8-dceb-4af8-81e0-446ce6d3690e
www.hunters.security/	1970-01-21 01:25:55	Name: _gd_session Value: 8c42f22b-8641-4dc4-88ca-2ce7e6f09ac4

50 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2(Line 11) Message: <link rel=preload> has an unsupported `type` value
other	warning	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2(Line 14) Message: <link rel=preload> has an unsupported `type` value
other	warning	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2(Line 15) Message: <link rel=preload> has an unsupported `type` value
other	warning	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2(Line 17) Message: <link rel=preload> has an unsupported `type` value
other	warning	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2(Line 20) Message: <link rel=preload> has an unsupported `type` value
other	warning	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2(Line 21) Message: <link rel=preload> has an unsupported `type` value
other	warning	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2(Line 23) Message: <link rel=preload> has an unsupported `type` value
other	warning	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2(Line 26) Message: <link rel=preload> has an unsupported `type` value
other	warning	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2(Line 27) Message: <link rel=preload> has an unsupported `type` value
other	warning	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2(Line 29) Message: <link rel=preload> has an unsupported `type` value
other	warning	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2(Line 32) Message: <link rel=preload> has an unsupported `type` value
other	warning	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2(Line 33) Message: <link rel=preload> has an unsupported `type` value
other	warning	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2(Line 35) Message: <link rel=preload> has an unsupported `type` value
other	warning	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2(Line 38) Message: <link rel=preload> has an unsupported `type` value
other	warning	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2(Line 39) Message: <link rel=preload> has an unsupported `type` value
javascript	error	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2 Message: Access to script at 'https://kit.fontawesome.com/a076d05399.js' from origin 'https://www.hunters.security' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://kit.fontawesome.com/a076d05399.js Message: Failed to load resource: net::ERR_FAILED
security	error	URL: https://www.hunters.security/hs/hsstatic/jquery-libs/static-1.4/jquery/jquery-1.11.2.js(Line 2) Message: [Report Only] Refused to load the image 'https://5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/Theme%20-%202022/Images/slider-arrow-svg.svg' because it violates the following Content Security Policy directive: "img-src 'self' data:".
security	error	URL: https://www.hunters.security/hs/hsstatic/jquery-libs/static-1.4/jquery/jquery-1.11.2.js(Line 2) Message: [Report Only] Refused to load the image 'https://5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/Theme%20-%202022/Coded_file/ajax-loader.gif' because it violates the following Content Security Policy directive: "img-src 'self' data:".
security	error	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2 Message: [Report Only] Refused to load the image 'https://5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/March2022/right-arrow.svg' because it violates the following Content Security Policy directive: "img-src 'self' data:".
security	error	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2 Message: [Report Only] Refused to load the image 'https://5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/March2022/right-arrow.svg' because it violates the following Content Security Policy directive: "img-src 'self' data:".
security	error	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2 Message: [Report Only] Refused to load the image 'https://5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/March2022/right-arrow.svg' because it violates the following Content Security Policy directive: "img-src 'self' data:".
security	error	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2 Message: [Report Only] Refused to load the image 'https://5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/March2022/right-arrow.svg' because it violates the following Content Security Policy directive: "img-src 'self' data:".
security	error	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2 Message: [Report Only] Refused to load the image 'https://5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/March2022/right-arrow.svg' because it violates the following Content Security Policy directive: "img-src 'self' data:".
security	error	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2 Message: [Report Only] Refused to load the image 'https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-gb&bfp=3511443875&v=1.1&a=5765386&pi=182226747037&ct=blog-post&ccu=https%3A%2F%2Fwww.hunters.security%2Fen%2Fblog%2Fveildrive-microsoft-services-malware-c2&cpi=182226747037&cgi=24463927651&lpi=182226747037&lvi=182226747037&lvc=en&pu=https%3A%2F%2Fwww.hunters.security%2Fen%2Fblog%2Fveildrive-microsoft-services-malware-c2&t=Unmasking+VEILDrive%3A+Threat+Actors+Exploit+Microsoft+Services+for+C2&cts=1733140920733&vi=3cb56f287fe98028fb6568b82b7a9627&nc=true&u=27445923.3cb56f287fe98028fb6568b82b7a9627.1733140920731.1733140920731.1733140920731.1&b=27445923.1.1733140920732&cc=15' because it violates the following Content Security Policy directive: "img-src 'self' data:".
security	error	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2 Message: [Report Only] Refused to load the image 'https://perf-na1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1' because it violates the following Content Security Policy directive: "img-src 'self' data:".
security	error	URL: https://www.googletagmanager.com/gtm.js?id=GTM-WQ56X32(Line 154) Message: [Report Only] Refused to load the script 'https://www.redditstatic.com/ads/pixel.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' .hsadspixel.net .hs-analytics.net js.hscta.net .hubspot.com static.hsappstatic.net .usemessages.com .hs-banner.com .hubspotusercontent00.net .hubspotusercontent10.net .hubspotusercontent20.net .hubspotusercontent30.net .hubspotusercontent40.net .hubspot.net .hscollectedforms.net .hsleadflows.net .hsforms.net .hsforms.com .hs-scripts.com .hubspotfeedback.com feedback.hubapi.com .google.com .hunters.security.com .googleapis.com .twitter.com .facebook.net .linkedin.com .hotjar.com unpkg.com .cloudflare.com .fontawesome.com .zoominfo.com googletagmanager.com .licdn.com googleads.g.doubleclick.net 5765386.fs1.hubspotusercontent-na1.net googletagmanager.com webthemez.com j.6sc.co google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com/analytics.js js.chilipiper.com *.cookiebot.com 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://www.googletagmanager.com/gtm.js?id=GTM-WQ56X32(Line 154) Message: [Report Only] Refused to load the script 'https://static.ads-twitter.com/uwt.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' .hsadspixel.net .hs-analytics.net js.hscta.net .hubspot.com static.hsappstatic.net .usemessages.com .hs-banner.com .hubspotusercontent00.net .hubspotusercontent10.net .hubspotusercontent20.net .hubspotusercontent30.net .hubspotusercontent40.net .hubspot.net .hscollectedforms.net .hsleadflows.net .hsforms.net .hsforms.com .hs-scripts.com .hubspotfeedback.com feedback.hubapi.com .google.com .hunters.security.com .googleapis.com .twitter.com .facebook.net .linkedin.com .hotjar.com unpkg.com .cloudflare.com .fontawesome.com .zoominfo.com googletagmanager.com .licdn.com googleads.g.doubleclick.net 5765386.fs1.hubspotusercontent-na1.net googletagmanager.com webthemez.com j.6sc.co google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com/analytics.js js.chilipiper.com *.cookiebot.com 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2 Message: [Report Only] Refused to load the image 'https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2064881&time=1733140921010&url=https%3A%2F%2Fwww.hunters.security%2Fen%2Fblog%2Fveildrive-microsoft-services-malware-c2' because it violates the following Content Security Policy directive: "img-src 'self' data:".
security	error	URL: https://www.redditstatic.com/ads/pixel.js Message: [Report Only] Refused to connect to 'https://pixel-config.reddit.com/pixels/a2_fx1ojti1yz9z/config' because it violates the following Content Security Policy directive: "connect-src 'self' .hubapi.com js.hscta.net .hubspot.com .hs-banner.com .hscollectedforms.net .hsforms.com .hunters.security.com hunters.security localhost:1442 5765386.fs1.hubspotusercontent-na1.net wss://ws.hotjar.com content.hotjar.io px.ads.linkedin.com vc.hotjar.io content.hotjar.io ws.zoominfo.com google-analytics.com c.6sc.co ipv6.6sc.co webthemez.com analytics.google.com .google.com stats.g.doubleclick.net j.6sc.co google-analytics.com .google.com analytics.google.com stats.g.doubleclick.net https://www.google-analytics.com metrics.hotjar.io http://localhost:1442/ www.comeet.co *.cookiebot.com".
security	error	URL: https://www.redditstatic.com/ads/pixel.js Message: [Report Only] Refused to connect to 'https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/a2_fx1ojti1yz9z_telemetry' because it violates the following Content Security Policy directive: "connect-src 'self' .hubapi.com js.hscta.net .hubspot.com .hs-banner.com .hscollectedforms.net .hsforms.com .hunters.security.com hunters.security localhost:1442 5765386.fs1.hubspotusercontent-na1.net wss://ws.hotjar.com content.hotjar.io px.ads.linkedin.com vc.hotjar.io content.hotjar.io ws.zoominfo.com google-analytics.com c.6sc.co ipv6.6sc.co webthemez.com analytics.google.com .google.com stats.g.doubleclick.net j.6sc.co google-analytics.com .google.com analytics.google.com stats.g.doubleclick.net https://www.google-analytics.com metrics.hotjar.io http://localhost:1442/ www.comeet.co *.cookiebot.com".
security	error	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2 Message: [Report Only] Refused to load the image 'https://alb.reddit.com/rp.gif?ts=1733140921037&id=a2_fx1ojti1yz9z&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=ed010884-abed-48a2-96c8-b22125de7275&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_b192616d&dpm=&dpcc=&dprc=' because it violates the following Content Security Policy directive: "img-src 'self' data:".
security	error	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2 Message: [Report Only] Refused to load the image 'https://t.co/1/i/adsct?bci=4&dv=Europe%2FLondon%26en-US%2Cen%26Google%20Inc.%26Linux%20x86_64%26255%261600%261200%2632%2624%261600%261200%260%26na&eci=3&event=%7B%7D&event_id=499aa4a7-ad32-4682-bdd1-c48afad98468&integration=gtm&p_id=Twitter&p_user_id=0&pl_id=bac06ad9-b7f8-4ee5-8dbf-2e043930b53c&tw_document_href=https%3A%2F%2Fwww.hunters.security%2Fen%2Fblog%2Fveildrive-microsoft-services-malware-c2&tw_iframe_status=0&txn_id=oprld&type=javascript&version=2.3.31' because it violates the following Content Security Policy directive: "img-src 'self' data:".
security	error	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2 Message: [Report Only] Refused to load the image 'https://analytics.twitter.com/1/i/adsct?bci=4&dv=Europe%2FLondon%26en-US%2Cen%26Google%20Inc.%26Linux%20x86_64%26255%261600%261200%2632%2624%261600%261200%260%26na&eci=3&event=%7B%7D&event_id=499aa4a7-ad32-4682-bdd1-c48afad98468&integration=gtm&p_id=Twitter&p_user_id=0&pl_id=bac06ad9-b7f8-4ee5-8dbf-2e043930b53c&tw_document_href=https%3A%2F%2Fwww.hunters.security%2Fen%2Fblog%2Fveildrive-microsoft-services-malware-c2&tw_iframe_status=0&txn_id=oprld&type=javascript&version=2.3.31' because it violates the following Content Security Policy directive: "img-src 'self' data:".
security	error	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2 Message: [Report Only] Refused to load the image 'https://www.facebook.com/tr/?batch=1&events[0]=id%3D240118131653263%26ev%3DPageView%26dl%3Dhttps%253A%252F%252Fwww.hunters.security%252Fen%252Fblog%252Fveildrive-microsoft-services-malware-c2%26rl%3D%26if%3Dfalse%26ts%3D1733140921198%26sw%3D1600%26sh%3D1200%26v%3D2.9.176%26r%3Dstable%26a%3Dtmgoogletagmanager%26ec%3D0%26o%3D12318%26fbp%3Dfb.1.1733140921197.468822365369692095%26cs_est%3Dtrue%26ler%3Dempty%26cdl%3DAPI_unavailable%26it%3D1733140921034%26coo%3Dfalse%26exp%3Df1&rqm=GET' because it violates the following Content Security Policy directive: "img-src 'self' data:".
security	error	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2 Message: [Report Only] Refused to load the image 'https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=240118131653263&ev=PageView&dl=https%3A%2F%2Fwww.hunters.security%2Fen%2Fblog%2Fveildrive-microsoft-services-malware-c2&rl=&if=false&ts=1733140921198&sw=1600&sh=1200&v=2.9.176&r=stable&a=tmgoogletagmanager&ec=0&o=12318&fbp=fb.1.1733140921197.468822365369692095&cs_est=true&ler=empty&cdl=API_unavailable&it=1733140921034&coo=false&exp=f1&rqm=FGET' because it violates the following Content Security Policy directive: "img-src 'self' data:".
security	error	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2 Message: [Report Only] Refused to load the image 'https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2064881&time=1733140921010&url=https%3A%2F%2Fwww.hunters.security%2Fen%2Fblog%2Fveildrive-microsoft-services-malware-c2&e_ipv6=AQL3hy_gN3MkcAAAAZOHP7tidBBA8kck31evgsFooMe6C8QGzJxEHbmeE_p_cD42aFfdhoo' because it violates the following Content Security Policy directive: "img-src 'self' data:".
security	error	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2 Message: [Report Only] Refused to load the image 'https://b.6sc.co/v1/beacon/img.gif?token=b1312f22c62275b4776d49935ee65207&svisitor=null&visitor=0bc67df8-dceb-4af8-81e0-446ce6d3690e&session=8c42f22b-8641-4dc4-88ca-2ce7e6f09ac4&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Mon%2C%2002%20Dec%202024%2012%3A02%3A01%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22Discover%20how%20the%20latest%20cybersecurity%20threat%20research%20on%20VEILDrive%20exposes%20attackers%20exploiting%20Microsoft%20services%20for%20C2%2C%20bypassing%20defenses%2C%20and%20leveraging%20SaaS%20infrastructure.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Unmasking%20VEILDrive%3A%20Threat%20Actors%20Exploit%20Microsoft%20Services%20for%20C2%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.hunters.security%2Fen%2Fblog%2Fveildrive-microsoft-services-malware-c2&pageViewId=c0835cbd-086a-453c-84a8-ecc0c3959e73&v=1.1.29' because it violates the following Content Security Policy directive: "img-src 'self' data:".
security	error	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2 Message: [Report Only] Refused to load the image 'https://b.6sc.co/v1/beacon/img.gif?token=b1312f22c62275b4776d49935ee65207&svisitor=null&visitor=0bc67df8-dceb-4af8-81e0-446ce6d3690e&session=8c42f22b-8641-4dc4-88ca-2ce7e6f09ac4&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2002%20Dec%202024%2012%3A02%3A01%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%...curity%20threat%20research%20on%20VEILDrive%20exposes%20attackers%20exploiting%20Microsoft%20services%20for%20C2%2C%20bypassing%20defenses%2C%20and%20leveraging%20SaaS%20infrastructure.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Unmasking%20VEILDrive%3A%20Threat%20Actors%20Exploit%20Microsoft%20Services%20for%20C2%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.hunters.security%2Fen%2Fblog%2Fveildrive-microsoft-services-malware-c2&pageViewId=c0835cbd-086a-453c-84a8-ecc0c3959e73&v=1.1.29' because it violates the following Content Security Policy directive: "img-src 'self' data:".
security	error	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2 Message: [Report Only] Refused to load the image 'https://b.6sc.co/v1/beacon/img.gif?token=b1312f22c62275b4776d49935ee65207&svisitor=null&visitor=0bc67df8-dceb-4af8-81e0-446ce6d3690e&session=8c42f22b-8641-4dc4-88ca-2ce7e6f09ac4&event=ipv6&q=%7B%22address%22%3A%222a02%3A8c8%3Ac10%3A30%3A%3A17%22%7D&isIframe=false&m=%7B%22description%22%3A%22Discover%20how%20the%20latest%20cybersecurity%20threat%20research%20on%20VEILDrive%20exposes%20attackers%20exploiting%20Microsoft%20services%20for%20C2%2C%20bypassing%20defenses%2C%20and%20leveraging%20SaaS%20infrastructure.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Unmasking%20VEILDrive%3A%20Threat%20Actors%20Exploit%20Microsoft%20Services%20for%20C2%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.hunters.security%2Fen%2Fblog%2Fveildrive-microsoft-services-malware-c2&pageViewId=c0835cbd-086a-453c-84a8-ecc0c3959e73&ipv6=2a02%3A8c8%3Ac10%3A30%3A%3A17&v=1.1.29' because it violates the following Content Security Policy directive: "img-src 'self' data:".
javascript	warning	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2 Message: The resource https://5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/May%202022/Fonts/F37-Judge-Bold/F37JudgeBoldCompressed.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2 Message: The resource https://5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/May%202022/Fonts/Graphik-Semibold/GraphikSemiboldWeb.woff was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2 Message: The resource https://5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/May%202022/Fonts/Graphik-Bold/GraphikBoldWeb.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2 Message: The resource https://5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/May%202022/Fonts/Graphik-Regular/GraphikRegularWeb.woff was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2 Message: The resource https://5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/May%202022/Fonts/Graphik-Semibold/GraphikSemiboldWeb.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2 Message: The resource https://5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/May%202022/Fonts/Graphik-Regular/GraphikRegularWeb.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2 Message: The resource https://5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/May%202022/Fonts/F37-Judge-Bold/F37JudgeBoldCompressed.woff was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2 Message: The resource https://5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/May%202022/Fonts/Graphik-Bold/GraphikBoldWeb.woff was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2 Message: The resource https://5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/May%202022/Fonts/Graphik-Medium/GraphikMediumWeb.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2 Message: The resource https://5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/May%202022/Fonts/Graphik-Medium/GraphikMediumWeb.woff was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

5765386.fs1.hubspotusercontent-na1.net
alb.reddit.com
analytics.twitter.com
api.hubapi.com
app.hubspot.com
b.6sc.co
c.6sc.co
cdnjs.cloudflare.com
connect.facebook.net
cta-service-cms2.hubspot.com
fonts.googleapis.com
forms.hubspot.com
ipv6.6sc.co
j.6sc.co
js-na1.hs-scripts.com
js.hs-analytics.net
js.hs-banner.com
js.hsadspixel.net
js.hsleadflows.net
js.hubspot.com
kit.fontawesome.com
perf-na1.hsforms.com
pixel-config.reddit.com
platform.linkedin.com
platform.twitter.com
px.ads.linkedin.com
px4.ads.linkedin.com
snap.licdn.com
static.ads-twitter.com
t.co
track.hubspot.com
ws.zoominfo.com
www.facebook.com
www.google-analytics.com
www.googletagmanager.com
www.hunters.security
www.redditstatic.com
www.unpkg.com
b.6sc.co
kit.fontawesome.com
www.facebook.com
104.16.117.43
104.17.24.14
104.19.175.188
104.244.42.3
13.107.42.14
146.75.120.157
151.101.129.140
157.240.251.9
172.66.0.227
199.60.103.227
2.16.204.72
2001:4860:4802:32::178
2606:2800:233:66b5:799a:7cd3:f74d:7071
2606:4700:4400::6812:28f0
2606:4700:4400::6812:297c
2606:4700::6810:7574
2606:4700::6810:7674
2606:4700::6810:8cd1
2606:4700::6811:afc9
2606:4700::6811:df98
2606:4700::6811:f9cb
2606:4700::6812:8b11
2606:4700::6812:f16c
2620:1ec:21::14
2a00:1450:4001:81d::2008
2a00:1450:4001:81d::200a
2a02:26f0:480:22::1726:62ee
2a02:26f0:780::5f65:36e3
2a04:4e42:600::396
2a04:4e42::396
027f9fef93a2d620715de7311a5bf674cb3df18a352d2a0a7266c147c157333f
074ebd77d21c7159a2340309b5b4b21461361d6efb74e8e4152d002fd3ce186c
0c29e718b023d06a8824bd6cc3d2856124f2c41af363a256936e7c7a79a4b8af
0d5f628bd87bce595cf9c4a7bf72985cbea5bffab1a535a266f70acc04fd2590
10429db431cbd2fc042c7397c8f1e62996d636ddeef2702c912d9fb7fc650c35
10dc028779c21e5b3f1bc41e19eaccdca81a38e53e7712439d271ceb6174f534
173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1
1aa8845fd06e475aefe733d4e55b36a92fcd487975049c8172341827ac9cc03e
1e67d8dbcca1f6fd94e077c85c2fb40fa1c2756c99238daa8da882144260a68d
23428c6301061ebb006b127c5841235122a23672f0041d08a9518520795a1bde
238b1cf831e99615cf4d403ccdecbc5a3a615f2f0f8e92179cc69f9ec7d60b0a
23a2777cbbd78b114125c9276a3b42d568e17909104309e46e94dd2d93b3abd3
24af0aa554afc559dd1f59f21a2cb05e7fc668adced9605b05f5807df02585e6
24d9020bc026028ec01c6070649daacb53b18061e84efae062e3d413857967fa
27bebe78e3b6a4b1664dd4fa83a8cd0187f051631a06248fefa3ef3991a5a92a
2e83074dd815b9adf43a1ca073b8dc0bc6eeccb0f9c008f3a06d20dec5f335d5
2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0
2f352a7de3dda4ecc29be98eaf8ecf19731d7d68038058f5568e3117228b9a82
2f6f9f7221a54fc4900e4ed44711c25b3370354baf336529033882586d75152c
3095aa418e3bde20e82b26f0275c80a63e0146955a0b77db3bac05fc66dd22e2
35c55b14508fa6bc876713dc6ca5b0cdd84333a1294b12d9ccff89d3784e4259
368406900c890220c314afd610820f1e635e69e4d3e0275ec060057865f563c0
37bfe43c77cc27808686236fd20413c24f0df7da65368ac7a92fdfc3fbbf25db
3c23c888b01855d9310b1a569def2623503bcc2a81327955f0a824c6f722b278
3d92e113ac3031b838001ddddf965d045f470ff748ff2e116b30378910eeaecb
3fc5f8ce69950ec73adc972f061df42aaea78faa4864709134ea2adc083f3a33
3fddc6d28aba3c13d64cfd4847c333ff48c71d4a5a58bd1a0494ca6ae8ac1bb4
424560f6d441470e553c5c2d0e31a7df189ddb73ea43d909714d57b16f024624
42c7e51d284cd7256caf3bfebf641141876657ea0d6e5588ac7e69dce1e9cf7e
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4a3785ea58861126bbf6837513df3a08ba5d7f1c243f07ea9c5278e60129c696
4aeece6fda59aeaf7ea1271ac3ecbe1189bd88726b444d8813de296f0ad41ad8
4d8d24f7bc28c29ed4285b69a442654d891c980cf924a7a376fc2286f4dc8ae8
4fa2622bbcafa420ce5be37bca0ff1e87dacede5fba4f42641d000313b4a1d49
527bf3dacc5eb62211130fe4bf315c682861320ab25b4aa2efe6ea87a760db8c
5398d974b05c83fecc308ce8af06d5ca69ecfe557e9d7f45a6999d07c5bcd82b
55d014846b34bef181c9b239e103c4c61f28f8917aae9540c4ba3ebdfd1d604d
568d7b83659993469a2d729ad98daba3a7de2568f74d670d18ae618f118fe353
5c15402dcdd0b03490883b62681c0d676af10894c7ce55218650d0f3827c6f0f
5ee453db69de2afe22f2abc664d11aa3b8720f3b24a8d82d2a1d2306be008e93
630938f4cb96514df23151bcb2b6598503d40e482e3cb04d8d41e4c095f0cbba
631550304df547eb64d2d7af3e6bc30bf346fdd47640adefcbe22263b36d65b4
6a28d627f3677c456980de2b9026548c69a9f542993b2b5b6d8608882fe1e878
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b1d913f0ef5cc8fd8d0c483772f5d511071ccc1d441f64292fb7659616f5b79
6ca76596a4a51aff45954e24a6dd4e1f148f7f0b16c578e1c919f5e1106a04df
762a5cce3355f95306400b6113dd70cbb8bcf2ce3601fa27297d1899d007ec54
7e31677db4782bc8c9162fa1b42005aad15d67853f7a496e9fbb493fe2309759
7e639f213682c84c7ed4da94c224b65a4cfa532975476b44d6b3d22ae0ef8afc
7f46e2fe055ca798ae7242cc770d2136169c4298407ec09bdc79ac73a545adb4
840477dbc0f9135189ec353b83ceb410cc1f8421eb20503c73d679fe51605b68
86f7dca42f3662c2a1bbe6fd8e196b14746853b98c743da2487ec47d3a83baa0
87d049fc6d16da1f81063235c0e3d31a4656800cbbdca8277d6ae56614a52aba
8a27dc7b44ebe886390bfa0a9beeea36ea5a3f37479f0e0836b6c9b80d9b35ed
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
8e73a30d35c83ea6a597c3343324d2b7df097ad26e67b62efb5266ee12d317b5
8ec0979e7bb7143c393e8a431924cbe84a42fa6ad659f0b83530c88b5a349a04
90eefa1db290de170e8127aa6f3ad079f38762aa27b4c885670cf5d757c0f2fa
91f0116d893ce32487b8b683a408b135c15809c7e1b3d8d26bdb5889126f2077
98d77039ea9249b3dce91ad7b467ee382f29daa61213c3e2737bd4a8786c8801
a300d0cca9c84237c8127d65ddf9619b1f1dd7834240d9b5fdfc9eaa25706cab
a5ef33de34661d7ae6bce5bc0b514687f2813f7ade07b4e2511611c62c7494ac
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
acac35527291e61e046c500d86c076f7e943494bf7b469987d5efd76a0c93218
ae83cab298fa07ba817359c389252d7333d46894358eafa3ab6183084f6620ae
b4043b0b8297e379bc559ab33b6ae9c7a9b4ef6519d3baee53270f0c0dd3d960
b5a102aed533390e53f0c3da4a28fd5a0c882afb2d67abd36ae78e418f2d9e5d
b83025c6af427c862bf1f6599330a1dff8ea8effa9bd200614b5e7a6fed36c64
bc95b09fc339140c69c5136e815b78be4ef324669185635fc3aef462e8d7df83
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
ca5f58ab6b87c19e12c7132167c31c2e01cc7c9e3e22ed55c982fc4364bf6bd3
cb5224674e43d02db0037517f4aa29ba5ce9ddd0672e513cc7289714ba657522
d2b82e612d2a812e8be2a57300dab8923c4f2edbe7a799e7da70791b595646fe
d44882ab82adeef2856a0d52fb54bb70e472be45d50aa3a16b4cb39223391a99
d46b85c9bfc0fa2045feaa27ead9491e95cc1c2a6e09f834f0ed6710eaceaefa
d4963b8afebfa0063b5d17b4c80f49bce702a37ea5c9b91bb3c996bb9dea4b60
d5ac74ae7bad75e342eeb77f0c16005fcb01eaf5473b584030feb2f9f07e23df
d5ecf2f6d5b7937dd1aa50165b89193436347d55cb130951d41e028b1f09d3af
d6f514ddc18e496f04ad9fad4afcec13d365dfa49efa5dac94d6fff64b95a623
d7802c74a8e2285615d0ee35e104175b11653884c111470744907827543cbb29
da9dad45994fa30a773ffd383f0daba950926e1c95fc807b644554825ac34bf7
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dc507001be80bda64a1378c7f6edce7a6fe445dd6712c4eeaed70db462a7e934
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd9d0187fcb52f680b97b2e0d3b71bfd2f65d59afa66b24a1e0980b2d53f8dd1
de1e399b07289f3b0a8d35142e363e128124a1185770e214e25e58030dad48e5
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e2856b09b8551910e6cb03f10c7c59245716b78864f205ee433fb3109f15fcbd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ea9a85e8c7b1ba0c225aec7ced73372fd08fba0bb37faa515a47008aceb550a1
ede5de999081588cb095a1acf05bbed529c06278912c2318b74b6141b617ecec
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef4bfee18eaf9bb02c3d3c93ce39551cff6effb9b29678a118c808b0b92489a0
f16fceef76af4b3f90c5e3f0dde725c0baee56948e2e82ee6e380b7dbfd50992
f59a623cd50863ff5033fdee18254f11967274ff1a09b4a3668ed65fa8a47975
f69bcd585affafad0635a9037adb2fcfd915699c3de54326f0efd20616e53d5f
f72983748dfd73b846c63554d18da197fec40f21b43f400cc2d8d1a2339098f6
f93fff611a9e87de73be016f193f6eeb6e3d3a19f0aface0a2fa3edac264e452
fb56af9f7623a55839dfb9cf019b05664a62e1b41671d925f3ed587c506443b5
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

www.hunters.security Open in urlscan Pro 199.60.103.227 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

115 Requests

96 %HTTPS

63 %IPv6

27 Domains

38 Subdomains

31 IPs

3 Countries

4108 kBTransfer

7719 kBSize

26 Cookies

11 Outgoing links

Redirected requests

115 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.hunters.security Open in urlscan Pro
199.60.103.227 Public Scan

Screenshot
Live screenshot

Full Image

115
Requests

96 %
HTTPS

63 %
IPv6

27
Domains

38
Subdomains

31
IPs

3
Countries

4108 kB
Transfer

7719 kB
Size

26
Cookies

115 HTTP transactions
0 data transactions