www.huntress.com Open in urlscan Pro
2606:2c40::c73c:67e4 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Submission Tags: falconsandbox
Submission: On February 20 via api (February 20th 2023, 11:02:03 am UTC) from US — Scanned from DE

Summary HTTP 101 Redirects Links 25 Behaviour Indicators

Summary

This website contacted 31 IPs in 5 countries across 24 domains to perform 101 HTTP transactions. The main IP is 2606:2c40::c73c:67e4, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is www.huntress.com. The Cisco Umbrella rank of the primary domain is 708424.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on November 21st 2022. Valid for: a year.

This is the only time www.huntress.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
44	2606:2c40::c7... 2606:2c40::c73c:67e4	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
2	2001:4de0:ac1... 2001:4de0:ac18::1:a:3b	20446 (STACKPATH...) (STACKPATH-CDN)
1	2606:2800:21f... 2606:2800:21f:edfc:49f9:c096:a5a7:75f2	15133 (EDGECAST) (EDGECAST)
1	2606:4700::68... 2606:4700::6811:f0cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	2606:4700::68... 2606:4700::6813:9a53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	23.62.220.135 23.62.220.135	16625 (AKAMAI-AS) (AKAMAI-AS)
3	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6810:5914	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	34.96.102.137 34.96.102.137	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2606:4700::68... 2606:4700::6812:df5a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700:440... 2606:4700:4400::ac40:9ad8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	34.159.227.151 34.159.227.151	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	3.228.174.83 3.228.174.83	14618 (AMAZON-AES) (AMAZON-AES)
1	23.203.125.127 23.203.125.127	16625 (AKAMAI-AS) (AKAMAI-AS)
1	108.138.7.127 108.138.7.127	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f08... 2a03:2880:f084:d:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2606:2800:220... 2606:2800:220:de:468:2285:c1:4a3	15133 (EDGECAST) (EDGECAST)
3	2606:4700:440... 2606:4700:4400::ac40:9a55	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:45b0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:e6cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:74b0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:80ab	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2606:4700::68... 2606:4700::6810:5605	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:5505	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	13.32.27.107 13.32.27.107	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6813:9b53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	18.66.147.113 18.66.147.113	16509 (AMAZON-02) (AMAZON-02)
1	54.194.67.126 54.194.67.126	16509 (AMAZON-02) (AMAZON-02)
1	34.252.123.111 34.252.123.111	16509 (AMAZON-02) (AMAZON-02)
1	104.244.42.8 104.244.42.8	13414 (TWITTER) (TWITTER)
101	31

44 2606:2c40::c73c:67e4 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

www.huntress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4de0:ac18::1:a:3b (Netherlands)

ASN20446 (STACKPATH-CDN, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:21f:edfc:49f9:c096:a5a7:75f2 (United States)

ASN15133 (EDGECAST, US)

platform.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:f0cc (United States)

ASN13335 (CLOUDFLARENET, US)

cdn2.hubspot.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700::6813:9a53 (United States)

ASN13335 (CLOUDFLARENET, US)

no-cache.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.62.220.135 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a23-62-220-135.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
v1.addthisedge.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
m.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:5914 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.96.102.137 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 137.102.96.34.bc.googleusercontent.com

dev.visualwebsiteoptimizer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:df5a (United States)

ASN13335 (CLOUDFLARENET, US)

scout-cdn.salesloft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:4400::ac40:9ad8 (United States)

ASN13335 (CLOUDFLARENET, US)

3911692.fs1.hubspotusercontent-na1.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.159.227.151 (Frankfurt am Main, Germany)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 151.227.159.34.bc.googleusercontent.com

webhooks.fivetran.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.228.174.83 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-228-174-83.compute-1.amazonaws.com

scout.salesloft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.203.125.127 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a23-203-125-127.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.7.127 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-7-127.fra56.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f084:d:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:2800:220:de:468:2285:c1:4a3 (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:4400::ac40:9a55 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:45b0 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:e6cc (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsleadflows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:74b0 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:80ab (United States)

ASN13335 (CLOUDFLARENET, US)

js.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6810:5605 (United States)

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
perf.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5505 (United States)

ASN13335 (CLOUDFLARENET, US)

forms-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.27.107 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-107.fra56.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6813:9b53 (United States)

ASN13335 (CLOUDFLARENET, US)

forms.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.147.113 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-147-113.fra60.r.cloudfront.net

vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.194.67.126 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-194-67-126.eu-west-1.compute.amazonaws.com

in.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.252.123.111 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-252-123-111.eu-west-1.compute.amazonaws.com

content.hotjar.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.8 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
44	huntress.com www.huntress.com — Cisco Umbrella Rank: 708424	1 MB
9	hubspot.com no-cache.hubspot.com — Cisco Umbrella Rank: 10631 app.hubspot.com — Cisco Umbrella Rank: 5462 cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 10386 forms.hubspot.com — Cisco Umbrella Rank: 3076 track.hubspot.com — Cisco Umbrella Rank: 2191	7 KB
6	hsforms.com forms.hsforms.com — Cisco Umbrella Rank: 4008 forms-na1.hsforms.com — Cisco Umbrella Rank: 6306 perf.hsforms.com — Cisco Umbrella Rank: 11172	2 KB
4	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 628 script.hotjar.com — Cisco Umbrella Rank: 767 vars.hotjar.com — Cisco Umbrella Rank: 914 in.hotjar.com — Cisco Umbrella Rank: 1676	74 KB
3	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2081	16 KB
3	twitter.com platform.twitter.com — Cisco Umbrella Rank: 735 syndication.twitter.com — Cisco Umbrella Rank: 1007	132 KB
3	hubspotusercontent-na1.net 3911692.fs1.hubspotusercontent-na1.net	95 KB
3	salesloft.com scout-cdn.salesloft.com — Cisco Umbrella Rank: 11581 scout.salesloft.com — Cisco Umbrella Rank: 13485	4 KB
3	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 196	25 KB
3	addthis.com s7.addthis.com — Cisco Umbrella Rank: 1618 m.addthis.com — Cisco Umbrella Rank: 1585	140 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 149	89 KB
2	fivetran.com webhooks.fivetran.com — Cisco Umbrella Rank: 104329	325 B
2	visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com — Cisco Umbrella Rank: 4583	2 KB
2	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 346	35 KB
2	jquery.com code.jquery.com — Cisco Umbrella Rank: 699	35 KB
1	hotjar.io content.hotjar.io — Cisco Umbrella Rank: 6329	161 B
1	addthisedge.com v1.addthisedge.com — Cisco Umbrella Rank: 1806	207 B
1	hscollectedforms.net js.hscollectedforms.net — Cisco Umbrella Rank: 4665	25 KB
1	hsadspixel.net js.hsadspixel.net — Cisco Umbrella Rank: 3096	3 KB
1	hsleadflows.net js.hsleadflows.net — Cisco Umbrella Rank: 4202	87 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2076	20 KB
1	moatads.com z.moatads.com — Cisco Umbrella Rank: 436	1 KB
1	hubspot.net cdn2.hubspot.net — Cisco Umbrella Rank: 7486	2 KB
1	linkedin.com platform.linkedin.com — Cisco Umbrella Rank: 3175	160 KB
101	24

	Domain	Requested by
44	www.huntress.com	www.huntress.com
5	track.hubspot.com
3	perf.hsforms.com	www.huntress.com
3	js.hs-banner.com	www.huntress.com js.hs-banner.com
3	3911692.fs1.hubspotusercontent-na1.net	www.huntress.com
3	cdnjs.cloudflare.com	www.huntress.com
2	forms.hsforms.com	www.huntress.com
2	platform.twitter.com	www.huntress.com platform.twitter.com
2	connect.facebook.net	www.huntress.com connect.facebook.net
2	scout.salesloft.com	scout-cdn.salesloft.com
2	webhooks.fivetran.com	cdn.jsdelivr.net
2	dev.visualwebsiteoptimizer.com	www.huntress.com
2	cdn.jsdelivr.net	www.huntress.com
2	s7.addthis.com	www.huntress.com s7.addthis.com
2	code.jquery.com	www.huntress.com
1	syndication.twitter.com	platform.twitter.com
1	content.hotjar.io	script.hotjar.com
1	in.hotjar.com	script.hotjar.com
1	vars.hotjar.com	static.hotjar.com
1	forms.hubspot.com	js.hscollectedforms.net
1	script.hotjar.com	static.hotjar.com
1	forms-na1.hsforms.com	www.huntress.com
1	cta-service-cms2.hubspot.com	www.huntress.com
1	m.addthis.com	s7.addthis.com
1	v1.addthisedge.com	s7.addthis.com
1	app.hubspot.com	www.huntress.com
1	js.hscollectedforms.net	www.huntress.com
1	js.hsadspixel.net	www.huntress.com
1	js.hsleadflows.net	www.huntress.com
1	js.hs-analytics.net	www.huntress.com
1	static.hotjar.com	www.huntress.com
1	z.moatads.com	s7.addthis.com
1	scout-cdn.salesloft.com	www.huntress.com
1	no-cache.hubspot.com	www.huntress.com
1	cdn2.hubspot.net	www.huntress.com
1	platform.linkedin.com	www.huntress.com
101	36

This site contains links to these domains. Also see Links.

Domain
huntress.io
support.huntress.io
msrc.microsoft.com
msrc-blog.microsoft.com
twitter.com
app.any.run
billdemirkapi.me
benjamin-altpeter.de
gist.github.com
docs.microsoft.com
cyberdrain.com
doublepulsar.com
www.reddit.com
www.linkedin.com
www.facebook.com
www.youtube.com
www.bizratings.com

Subject Issuer	Validity	Valid
www.huntress.com Cloudflare Inc ECC CA-3	`2022-11-21` - `2023-11-21`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2022-08-03` - `2023-07-14`	a year	crt.sh
platform.linkedin.com DigiCert SHA2 Secure Server CA	`2022-08-11` - `2023-08-11`	a year	crt.sh
hubspot.net Cloudflare Inc ECC CA-3	`2022-05-06` - `2023-05-06`	a year	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2023-02-05` - `2024-02-05`	a year	crt.sh
odc-addthis-prod-01.oracle.com DigiCert TLS RSA SHA256 2020 CA1	`2023-02-07` - `2024-02-07`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-08-03` - `2023-08-02`	a year	crt.sh
*.visualwebsiteoptimizer.com Starfield Secure Certificate Authority - G2	`2022-07-04` - `2023-08-05`	a year	crt.sh
salesloft.com Sectigo RSA Domain Validation Secure Server CA	`2022-03-16` - `2023-04-14`	a year	crt.sh
hubspotusercontent-na1.net Cloudflare Inc ECC CA-3	`2023-01-26` - `2024-01-25`	a year	crt.sh
webhooks.fivetran.com R3	`2023-01-31` - `2023-05-01`	3 months	crt.sh
moatads.com DigiCert TLS RSA SHA256 2020 CA1	`2022-11-16` - `2023-11-18`	a year	crt.sh
*.hotjar.com Amazon	`2022-10-25` - `2023-11-23`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-11-29` - `2023-02-27`	3 months	crt.sh
*.twimg.com DigiCert TLS RSA SHA256 2020 CA1	`2022-10-06` - `2023-11-06`	a year	crt.sh
*.hotjar.io Amazon RSA 2048 M02	`2023-02-10` - `2023-12-26`	a year	crt.sh
syndication.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-02-05` - `2024-02-05`	a year	crt.sh

This page contains 5 frames:

Primary Page: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Frame ID: E30FA3C0CE7B3942D5020F3D8B8238B8
Requests: 94 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: C9084A015962477F9CE117A97CE785EF
Requests: 1 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: 9BB210E602B5FC5E154FAB9E629C6B64
Requests: 1 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-e031119f9e9e307a08fa610f85dbfb52.html
Frame ID: CB6073919C817E604C94989B9F15014A
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html?origin=https%3A%2F%2Fwww.huntress.com
Frame ID: 7E7A339CD8B8605B512124E998EA8100
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Rapid Response: Microsoft Office RCE - “Follina” MSDT Attack

Detected technologies

AMP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

<link rel="amphtml"

AddThis (Widgets) Expand

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.linkedin\.com/in\.js

Moat (Analytics) Expand

Overall confidence: 100%
Detected patterns

moatads\.com

Polyfill (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/polyfill\.min\.js

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

101
Requests

99 %
HTTPS

63 %
IPv6

24
Domains

36
Subdomains

31
IPs

5
Countries

2319 kB
Transfer

5289 kB
Size

19
Cookies

25 Outgoing links

These are links going to different origins than the main page.

URL: https://huntress.io/
Title: Partner Login Access Your Huntress Dashboard

Search URL Search Domain Scan URL

URL: https://support.huntress.io/
Title: Support Documentation Technical Product Support, FAQs & More

Search URL Search Domain Scan URL

URL: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30190
Title: available patch

Search URL Search Domain Scan URL

URL: https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/
Title: https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/

Search URL Search Domain Scan URL

URL: https://twitter.com/nao_sec/status/1530196847679401984
Title: first shared by @nao_sec

Search URL Search Domain Scan URL

URL: https://app.any.run/tasks/713f05d2-fe78-4b9d-a744-f7c133e3fafb/
Title: ANY.RUN’s dynamic analysis

Search URL Search Domain Scan URL

URL: https://twitter.com/_JohnHammond/status/1531125503725289472
Title: served a benign payload that would display a message

Search URL Search Domain Scan URL

URL: https://twitter.com/buffaloverflow/status/1531168929925713923
Title: Rich Warren shared

Search URL Search Domain Scan URL

URL: https://billdemirkapi.me/unpacking-cve-2021-40444-microsoft-office-rce/
Title: a blog from Bill Demirkapi

Search URL Search Domain Scan URL

URL: https://twitter.com/_JohnHammond/status/1531170265039781888
Title: any files with fewer than 4096 bytes would not invoke the payload

Search URL Search Domain Scan URL

URL: https://twitter.com/KyleHanslovan/status/1531138449536958465
Title: just the Preview Pane within Windows Explorer

Search URL Search Domain Scan URL

URL: https://benjamin-altpeter.de/shell-openexternal-dangers/
Title: other methods to take advantage of MSDT

Search URL Search Domain Scan URL

URL: https://twitter.com/KyleHanslovan/status/1531114931973767168
Title: its subsequent payload processes

Search URL Search Domain Scan URL

URL: https://gist.github.com/matthewB-huntress/14ab9d309f25a05fc9305a8e7f351089
Title: here

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction?view=o365-worldwide
Title: Attack Surface Reduction

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-worldwide#block-all-office-applications-from-creating-child-processes
Title: Block all Office applications from creating child processes

Search URL Search Domain Scan URL

URL: https://twitter.com/DidierStevens/status/1531033449561264128
Title: remove the file type association for ms-msdt (can be done in Windows Registry HKCR:\ms-msdt or with

Search URL Search Domain Scan URL

URL: https://cyberdrain.com/automating-with-powershell-enable-m365-activity-based-time-out-office-code-execution-fix/
Title: Kelvin Tegelaar’s PowerShell snippet

Search URL Search Domain Scan URL

URL: https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e
Title: Kevin Beaumont’s Blog & Analysis

Search URL Search Domain Scan URL

URL: https://www.reddit.com/r/msp/comments/v0tuvs/ms_office_vuln_polite_warning_about_nearterm/
Title: r/MSP Reddit Community Discussion

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/huntress-labs/
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://twitter.com/huntresslabs
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.facebook.com/huntresslabs
Title: Facebook

Search URL Search Domain Scan URL

URL: https://www.youtube.com/c/Huntress/featured
Title: YouTube

Search URL Search Domain Scan URL

URL: https://www.bizratings.com/Huntress-Labs-Incorporated
Title: BizRatings

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

101 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request microsoft-office-remote-code-execution-follina-msdt-bug Show response
www.huntress.com/blog/ 173 KB
31 KB 728ms
477ms Document
text/html 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

1586497cd4c4f8d37b456ebc2f197a93568872a5b528537e139ae0f5f5cdd71e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Frame-Options	sameorigin

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: s-maxage=10800, max-age=0
cf-ray: 79c6bf3a9a5c366c-FRA
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Mon, 20 Feb 2023 11:01:55 GMT
edge-cache-tag: CT-49887898017,CT-63932328756,CT-74847633462,CT-86494645591,CG-39343107504,P-3911692,L-37647219354,L-38940492861,L-97832688913,CW-37647184945,CW-37647219358,CW-37648091485,CW-37648262592,CW-72308060713,CW-97827380338,E-37640723000,E-37647164007,E-37647184944,E-67886983812,MENU-38395296852,MENU-38397117900,PGS-ALL,SW-4,B-39343107504,GC-38395296829,GC-97827380396
etag: W/"bf3e53cc3843fb68f72f63858fa41b20"
last-modified: Sun, 19 Feb 2023 01:37:29 GMT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer-when-downgrade
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zMLXwLLdL4D4HdsH3kcoHOBeVr5NyfOezk0xpu%2BeLR%2BqSF2qqc%2Bk4%2Fibnb0DPhwyVGge2u0r8Urg3DgrbYhgz7xplkO3T7N7KdiwAY2UelcOnH4nx2aQ3JeJWEP6tuVDJhHK2Pe0LrmmTa%2BtfWE%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-frame-options: sameorigin
x-hs-cache-config: BrowserCache-5s-EdgeCache-180s
x-hs-cache-control: s-maxage=10800, max-age=0
x-hs-cf-cache-status: REVALIDATED
x-hs-content-id: 74847633462
x-hs-hub-id: 3911692
x-hs-prerendered: Sun, 19 Feb 2023 01:37:29 GMT

GET
H2 200 module_97827380338_POWER_Header_V2c.min.css
www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/97827380338/1676562421744/ 7 KB
3 KB 287ms
283ms Stylesheet
text/css 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/97827380338/1676562421744/module_97827380338_POWER_Header_V2c.min.css

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c14d9ab83afefac27b8b16689d2d1444e1d0d93ad55bbd1a55895fccfef24f74

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 11:01:55 GMT
strict-transport-security: max-age=31536000
via: 1.1 7afe17509cf46af31fd4ba3c3d932fa6.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: SAGWwmpNT4Ce834E44U7VqSnpf14PdPD
x-amz-cf-pop: IAD89-P1
x-amz-request-id: 8XZF49VVPQGKZE3T
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
content-encoding: br
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: NqoTjP4aNB/ITUatRFV/fXsx/NOh2IsJ9SQ0mklsbvwLxMnsU2Fn9bD/kRvZr6cQYKQmj5XcPi4=
last-modified: Thu, 16 Feb 2023 15:47:02 GMT
server: cloudflare
etag: W/"9be42df21680f40ed61ab094e7f3caf6"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1676562421744
content-type: text/css
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HkQmsvKPuCcOnYJRA9gdJyA%2FtfVH%2B%2B7Jcs4y%2BaO8PktUYml8lWwTGTAdd6kj%2B0O6n0ikF3i7icHlw2AhC9IPSAOH7wPZvkzl0tx0oIAcnauoDc02JtqSpUYgmqvQkIe4yyCP88xjZmi2CQLTW54%3D"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
cf-ray: 79c6bf3d984d366c-FRA
x-amz-cf-id: EPAhKehlDCMgepHTx2GwbIvJfBdJYTtKqcBhwIKrpUVlKgxM66jkNw==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 module_37647219358_POWER_Blog_Post_Header.min.css
www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/37647219358/1639032908209/ 74 B
755 B 316ms
312ms Stylesheet
text/css 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/37647219358/1639032908209/module_37647219358_POWER_Blog_Post_Header.min.css

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

24846a3f194b09919bf75cec2a1d012653257442cea9342c648d618c8bddd844

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 11:01:55 GMT
strict-transport-security: max-age=31536000
via: 1.1 2ca1a2664d288773b443dc5e52a8b5b8.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 49upZA48BAIxdOk80QHxcPVW7u781vZq
x-amz-cf-pop: IAD89-P1
x-amz-request-id: RBE504M68RCZWPX1
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
content-encoding: br
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: qpaMaopyR1ve51SMs5eS05E32EhYEia633CiPpFJGpj/WW10vCWvD0vc1t+RPydsfNKDKcskfhg=
last-modified: Thu, 09 Dec 2021 06:55:09 GMT
server: cloudflare
etag: W/"69dec35879b2f3061c26e9b58f93b109"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1639032908209
content-type: text/css
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DMqKwEfxXHTf2K5A8szIPyY%2FXSyIDcEpPhmlflxSPKF4oMIoc1mTCdd3jK6eWB1EBK%2FTEX6ZaDJQBfNmg8x0sHrwOz3dLNOFzVf3lWIDvNLNw4kyjy%2FYML4J%2ByFJlweTKBN1%2FuvrFJ%2Fg3iJAMAE%3D"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
cf-ray: 79c6bf3d9850366c-FRA
x-amz-cf-id: DHwx3wf_l5VGaQaMmygWnJiL3G3vahh0ju0NnMTz54pFbrGiJtcboQ==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 module_37648262592_POWER_Blog_Post.min.css
www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/37648262592/1674668888770/ 3 KB
1 KB 299ms
295ms Stylesheet
text/css 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/37648262592/1674668888770/module_37648262592_POWER_Blog_Post.min.css

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

558979f57321b92691fa5d479ae380773ae5d9dffd5f8bcaddc4525ea361f0a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 11:01:55 GMT
strict-transport-security: max-age=31536000
via: 1.1 2a6e657acb4fd3f6aee2e3da45e44642.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: sLM6hNVINivm4kGFb2j1Qp1W3F_bHazx
x-amz-cf-pop: IAD89-P1
x-amz-request-id: PTDP7CCM153DE2JK
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
content-encoding: br
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: uG833tOzY5UtHbCUhqxVy+GXCAMINANvDipgfvjUY26MnBBlhk7k8uoZTG1VhaCJTFXOjENIgcM=
last-modified: Wed, 25 Jan 2023 17:48:09 GMT
server: cloudflare
etag: W/"32d40d380ad9ef9fa7e8201229f3af48"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1674668888770
content-type: text/css
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gVK%2FHdhFfNYl%2FrGEmYuO6cufg0ql0%2BQDoec1ovmNhROQplmLbI55rn%2Bsy%2Bva%2FFq18bFgEnULxUtVxK98L2WBh2Go%2BXkoJcky802IVv36neeea1x%2FzOfWps6uzJZJmkoUtJmeXreskCZAjaCCB9E%3D"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
cf-ray: 79c6bf3d9852366c-FRA
x-amz-cf-id: oZWp7__FxzYT5fYkFXcQCbAGZovjszTAEM9A8Qm-2ecQwFe4lVN8Mg==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 module_72308060713_Blog_Related_post.min.css
www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/72308060713/1669043943698/ 980 B
1 KB 617ms
613ms Stylesheet
text/css 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/72308060713/1669043943698/module_72308060713_Blog_Related_post.min.css

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c52ffb59a6bf4ac549ed6da4dbe39a7661ff82147942ff109c2e72ae676b787c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 11:01:56 GMT
strict-transport-security: max-age=31536000
via: 1.1 470d4277236d0557f3e42c6bfe9dac78.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: PvcH1mnBAoQZmMyjaqQqh_SH9bmBXz5d
x-amz-cf-pop: IAD89-P1
x-amz-request-id: 10V13YW1RGWRM2ZK
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
content-encoding: br
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: 9b9pXyJB3MjFKREWo+lDGEpgFvtPkmzsAFIBaicBiNdOyTOJXTNpPnrW4waDDZM2woerQeI6htqqDo0OniMI3A==
last-modified: Mon, 21 Nov 2022 15:19:04 GMT
server: cloudflare
etag: W/"367408b281056af8212339a4673151f1"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1669043943698
content-type: text/css
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BSzZwkd2ALF6SkQeKK9CECz%2B4EhEBFoav1KxLe8Z64qothvZUOdnYHrlzi%2FeSrTcfo%2BuEETqhtP8fAac885VqhL%2Bp898d8kIqo%2FnqITbtliwqOyaBvC8hlMRYQRKf%2BPpmxLPgXAfQxzOVvMfkkM%3D"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
cf-ray: 79c6bf3d9854366c-FRA
x-amz-cf-id: NFIzT_EQL6FzBJQjbpV2D4eGeWDXf03b1y7aEGxKS4VZmWKhMatSdQ==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 module_37648091485_POWER_Footer_Full.min.css
www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/37648091485/1674666344441/ 161 B
824 B 566ms
563ms Stylesheet
text/css 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/37648091485/1674666344441/module_37648091485_POWER_Footer_Full.min.css

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b355e659eb1f476e9bb8b33c109b4c47718d902e483db104fcfea35cfc8a5584

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 11:01:55 GMT
strict-transport-security: max-age=31536000
via: 1.1 69baaa5439c683e230d9fcac1c2ffce0.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: IXDFPhC61haDVWMg3tDQdN4OwCCIYt0V
x-amz-cf-pop: IAD55-P1
x-amz-request-id: 0CNV5C31CK9E3E43
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
content-encoding: br
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: 3cphWYHr72JJqYX0M8HI7XXK5NkxpjZ12tbx87aUTAoirrHU5Gvc/V3/Hkha7pFGya031oKzFEU=
last-modified: Wed, 25 Jan 2023 17:05:45 GMT
server: cloudflare
etag: W/"6d74737f02d2fe1e657f09910ca14558"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1674666344441
content-type: text/css
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jBPXV97QpMUo5LQgQsVjKIY1tGlhA5SY33B13c0d8tyVCIZXz33Uznvb0W013rX5yKfw6UpOWRpYO03myQ0%2FCN1qYmSKcpxr7LqtAQKP3wJTWf1r6JS79ddYeZ5%2FlgAwQfhAMXlW2sacglthC4w%3D"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
cf-ray: 79c6bf3d9855366c-FRA
x-amz-cf-id: i22dISr3wF478uS-N1nzaGtDWUedPCOQtvAwvGJLSt_W7hS5-8pmuA==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 jquery-3.6.0.min.js Show response
code.jquery.com/ 87 KB
30 KB 161ms
43ms Script
application/javascript 2001:4de0:ac18::1:a:3b
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.6.0.min.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:3b , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: nginx /
Resource Hash: ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Origin: https://www.huntress.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 11:01:55 GMT
content-encoding: gzip
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
server: nginx
etag: W/"611feac9-15d9d"
vary: Accept-Encoding
x-hw: 1676890915.dop009.fr8.t,1676890915.cds125.fr8.hn,1676890915.cds144.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30875

GET
H2 200 jquery-migrate-3.3.2.min.js Show response
code.jquery.com/ 11 KB
4 KB 203ms
86ms Script
application/javascript 2001:4de0:ac18::1:a:3b
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-migrate-3.3.2.min.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:3b , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: nginx /
Resource Hash: 029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Request headers

Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Origin: https://www.huntress.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 11:01:55 GMT
content-encoding: gzip
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
server: nginx
etag: W/"611feac9-2bd8"
vary: Accept-Encoding
x-hw: 1676890915.dop009.fr8.t,1676890915.cds125.fr8.hn,1676890915.cds137.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 4165

GET
H2 200 in.js Show response
platform.linkedin.com/ 509 KB
160 KB 450ms
114ms Script
text/javascript 2606:2800:21f:edfc:49f9:c096:a5a7:75f2
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.linkedin.com/in.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:21f:edfc:49f9:c096:a5a7:75f2 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (nyb/47E2) /
Resource Hash: 8bb3490881871a000008d6a4cb3c4d56f3870440e1dae9c50f7579f131034ede

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 11:01:55 GMT
content-encoding: gzip
x-cdn-client-ip-version: IPV6
x-cdn: ECST
age: 1406
x-cache: HIT
x-cdn-proto: HTTP2
content-length: 163383
x-li-uuid: AAX1H0OG++ZgGTNIxhfddQ==
last-modified: Mon, 20 Feb 2023 10:38:29 GMT
server: ECAcc (nyb/47E2)
x-li-pop: prod-ltx1-x
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
x-li-fabric: prod-ltx1
cache-control: public, max-age=3600
x-li-proto: http/1.1
accept-ranges: bytes
expires: Mon, 20 Feb 2023 11:38:29 GMT

GET
H2 200 layout.min.css
cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1676649334063/hubspot/hubspot_default/shared/responsive/ 4 KB
2 KB 185ms
82ms Stylesheet
text/css 2606:4700::6811:f0cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1676649334063/hubspot/hubspot_default/shared/responsive/layout.min.css
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f0cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 257855f4e23a1e3d382077b15bfc30971c9c261fc23512c88abfdcda05f28bc4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 11:01:55 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 241486
x-amz-cf-pop: IAD12-P2
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
last-modified: Fri, 17 Feb 2023 15:55:35 GMT
server: cloudflare
etag: W/"94daf62e7e6df83595c6251fb0c7c055"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1676649334891
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=87uCaIeJ3LLXbHOZbqWhKfeEXnf%2BgfdtvqUtdWUS6SIRo%2Fis9GFQjohc2NFMCLDlyenLf%2Fkgu6rDnMBwxpbAUL%2F6csOuLYBACIux9yLGs6YYEzpchokUiFq0A5S8Z3lJefz8WsDiqOsu1Ch47pA%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 79c6bf3e38d1bb9b-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 pwr.min.css
www.huntress.com/hs-fs/hub/3911692/hub_generated/template_assets/37640723000/1675790605104/HL_Theme_2021/Coded_Files/ 247 KB
43 KB 515ms
513ms Stylesheet
text/css 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/hs-fs/hub/3911692/hub_generated/template_assets/37640723000/1675790605104/HL_Theme_2021/Coded_Files/pwr.min.css

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

50c8eef26a616fd17826b7f91ad40645d764d41e03d3a9e93da405bd37329f34

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 11:01:55 GMT
strict-transport-security: max-age=31536000
via: 1.1 b9d1b307966c2273bf97ed7c681603da.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: Dm_HCAeT3Cvt5ZQ7k6bjq._IYMYGaamU
x-amz-cf-pop: IAD89-P1
x-amz-request-id: PN1SSJFP48G0WDR6
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
content-encoding: br
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: 7Az413CK5p18nDFo7J/HHMKi2IShOKNqYpKlnI09DYQlWG7YadXGWzQjnAeKjr/yEQU2NTbUgkw=
last-modified: Tue, 07 Feb 2023 17:23:28 GMT
server: cloudflare
etag: W/"567ccc501c186b7a0263cad227884bd0"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1675790607796
content-type: text/css
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mOPwJKVyIDiT5YCQ%2B9nJiUIjBV%2BHlQ%2BxlAvsMiFtICyi8G5gIGM4pSCfs8jyMzuUX7Ygy76C6Qghs78CmkgFEvuhpfYSEFUHQ5kmVIEWAhfENrDYumPmwgVlH4oPW6TkVCMG7dzXXTdm4ROFFbc%3D"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
cf-ray: 79c6bf3d9857366c-FRA
x-amz-cf-id: ykXHEVqV5_E75o4z01ZyPYu70wSLUjLCZuxzzo25xhmujOpalpPr6A==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 custom-styles.min.css
www.huntress.com/hs-fs/hub/3911692/hub_generated/template_assets/37647184944/1670338665550/HL_Theme_2021/Coded_Files/ 5 KB
2 KB 540ms
538ms Stylesheet
text/css 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/hs-fs/hub/3911692/hub_generated/template_assets/37647184944/1670338665550/HL_Theme_2021/Coded_Files/custom-styles.min.css

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d4067930b3bd986758e5cf0716f632eed56d9628eba4fc6d9002a00cc94110dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 11:01:55 GMT
strict-transport-security: max-age=31536000
via: 1.1 76cd2de9f0213e8c76093c6b346e8118.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: GM243f.mqEIfG51QqeMKEnVH3FJ6_p3Q
x-amz-cf-pop: IAD89-P1
x-amz-request-id: PTDH1TQSWQ6M76ZZ
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
content-encoding: br
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: 4M3527KeaEpBTBs3rBvIDh4XWhTPBWRDge2tgZF6QGUYeVNuSOs1NNXAVSb7KzS5Oedz8zC3W1R0wf0gp+4nlQ==
last-modified: Tue, 06 Dec 2022 14:57:47 GMT
server: cloudflare
etag: W/"0e9f619bafa9c065ccaf1ff3119f0632"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1670338666433
content-type: text/css
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tew2Erpt63bfUx%2FLCKDpxuGHRlx7GKsVpvwDKn0eFsZp53xFNDOHyK%2FJe9MkzSQOpO%2Bea3V0glLro71QIuxs04RmvA5WSak55oOiF%2FwAVApRrxrMu7WhddHW3JZhZTVt5GRJIB43ZQcwDxxEUzg%3D"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
cf-ray: 79c6bf3d985b366c-FRA
x-amz-cf-id: E8KiayPtDt8aXxzcXinPHEu8coLjBlHBYwcLk3wA3xbzTdQwEQBWOQ==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H3 200 Asset%209@2x.svg
www.huntress.com/hubfs/ 9 KB
8 KB 256ms
247ms Image
image/svg+xml 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.huntress.com/hubfs/Asset%209@2x.svg

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b860656603a5037d589fbc590dae90f79f93a93fa0c0b9511e3aa8df3e1a5ca2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-encoding: br
x-amz-meta-cache-tag: F-83752863832,P-3911692,FLS-ALL
age: 1388460
x-amz-request-id: B4HEJY9FZ0E94VEA
x-amz-server-side-encryption: AES256
edge-cache-tag: F-83752863832,P-3911692,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
etag: W/"ec2e8f640c47f66c6d508679561605ea"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1662099980418
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
date: Mon, 20 Feb 2023 11:01:56 GMT
strict-transport-security: max-age=31536000
via: 1.1 fa87f2173bfe5d35fd73cec71ab12a32.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 5WkADezxqa2S290OS.L8DvV4kL0N54Ge
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-83752863832,P-3911692,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: K5OnEgt2J3NuyByC//vs1QZxfSb0tcFN02p1f5xps3FmDcpWmPP5uD0DvbjY+HV/Uo89n95sauc=
last-modified: Fri, 02 Sep 2022 06:26:21 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3IR7IHADvqbhjp0XtwsEWk0StydjgSR2lR%2BhrPBFspdEqZ8YaajEDMpsG8Eq5BNCpg55agHRswsv5Ms%2BfVpbvAlF1856H1HxRipMntTxzFhvPqNVvP1SznIeoKMYnP3jZgoP4j616cNjcH76Xig%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 79c6bf4208469b98-FRA
x-amz-cf-id: vLmATOTmJTgBun6P0P42VBWcLKDETB_k1OoBg41i13gsgS1Pwvmqeg==

GET
H3 200 Asset%2010@2x.svg
www.huntress.com/hubfs/ 10 KB
8 KB 78ms
69ms Image
image/svg+xml 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.huntress.com/hubfs/Asset%2010@2x.svg

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

954f86735dfd8abf4d923b985e719ab1ae438a2fb15a22346b141879538f4a83

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-encoding: br
x-amz-meta-cache-tag: F-83847772490,P-3911692,FLS-ALL
age: 1056530
x-amz-request-id: 9QFMGZN5T1MGHBTF
x-amz-server-side-encryption: AES256
edge-cache-tag: F-83847772490,P-3911692,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
etag: W/"f7b384afa435308d55a50acb3b4dc9a1"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1662182958118
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
date: Mon, 20 Feb 2023 11:01:56 GMT
strict-transport-security: max-age=31536000
via: 1.1 0464e135aac8f38db49f2554e7d434e6.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: YFYdY6E2e5vfVkim17ED3MGPRYOjZc2d
x-amz-cf-pop: SOF50-P1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-83847772490,P-3911692,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: FUGZzLm1ERWDz+0G7HC+YgYcJdLAo4vjpmyqu+3+12e3QSL3cl9ouVBXLASEwF8+wBAJ046LO8A=
last-modified: Sat, 03 Sep 2022 05:29:19 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3eLuMFK0bW94oFG8EhuZ9O1NuiXOc4gHwJaHxCcVKuuYY%2FcX9s8zlCSkJh9SpzXUgoYsBuQtfELBe4jeVnGKP7PG7kOv1zS3sO6GJQnd4KTNgzJfvd2DnfLcLbKdRqF5jAWP2Z08T96vM%2FthON8%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 79c6bf4208489b98-FRA
x-amz-cf-id: llktesSys7Yw8tBNnyqKLtH0VCEt1xPC4bUZhZmHT1fbqrngIByk1A==

GET
H3 200 Asset%2014@2x.svg
www.huntress.com/hubfs/ 7 KB
7 KB 78ms
70ms Image
image/svg+xml 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.huntress.com/hubfs/Asset%2014@2x.svg

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

eeab6099229124c0acf1a7cbccf49c55808ca5de5ba8468e03d98bcfcdab3ed7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-encoding: br
x-amz-meta-cache-tag: F-83846667130,P-3911692,FLS-ALL
age: 6227
x-amz-request-id: JCRPGSYSBB9Q947H
x-amz-server-side-encryption: AES256
edge-cache-tag: F-83846667130,P-3911692,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
etag: W/"50545bf8ea725c9686064c10f850c0aa"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1662183246506
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
date: Mon, 20 Feb 2023 11:01:56 GMT
strict-transport-security: max-age=31536000
via: 1.1 a811170f30183becd909b501e545e756.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: hNiqXEMKtM._2D4mEPj9Zrl4aEAcxNQs
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-83846667130,P-3911692,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: 2pX1oOQywSbnl57dVkJU6NUpfPYUMvImA0EjE0OFJ6g7mYS7vwIeEbo2jJQxXGwc5Ew3kerN4HY=
last-modified: Sat, 03 Sep 2022 05:34:07 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N7OsXdDppanvqyRKU8Vh3cb556wveIB7MUIw5enOGB9zbS1UJDTjnceEbeuU8X7pMGmn5WwpXk9CYM3io15CT2PPnOjr9VcqfNtSZ%2FGhUlfQ2Yau4iVXQYoNqltmye6Z76TNgT7XvLWxt4N3a%2FY%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 79c6bf4208499b98-FRA
x-amz-cf-id: 4NjdacMD3LR7M_HKF7_Pis8UOkjtJ3LMNpY1bRhDVc-YjCYl_ZSr2w==

GET
H3 200 Asset%2011@2x.svg
www.huntress.com/hubfs/ 3 KB
4 KB 123ms
115ms Image
image/svg+xml 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.huntress.com/hubfs/Asset%2011@2x.svg

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

295c420318d37ced90a8a681fe353fe027fd60e83a16ff965950cac3ccb22b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-encoding: br
x-amz-meta-cache-tag: F-83847468397,P-3911692,FLS-ALL
age: 1056529
x-amz-request-id: P3X5E8CQ4FX9SG77
x-amz-server-side-encryption: AES256
edge-cache-tag: F-83847468397,P-3911692,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
etag: W/"677d200d167e600e2026cdb12a5ed996"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1662183042931
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
date: Mon, 20 Feb 2023 11:01:56 GMT
strict-transport-security: max-age=31536000
via: 1.1 4476dca0506fd639c970ce02c0209fe0.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: xjQD8JwE7xmMFjX84sLQs_NDETJwQbqX
x-amz-cf-pop: SOF50-P1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-83847468397,P-3911692,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: XsbFh0Ox5iyq+Ip5tv9coIJP+DWNolJzL3jzWbaQjTipQMAdSZTSybvveSRITPEEVlwEhfnlr47vmZPro1/o/A==
last-modified: Sat, 03 Sep 2022 05:30:43 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v%2BB%2BkeAWiO%2Fl%2Bn9MLyalRtIuXQkK9a0t6Qbtk7McAgkVQZ8QBij7F%2BygaAX1ARM6PRrigB2bSsnxoovZ1hIHEypLGSUBt3BnWZSC4LOh6EeoItZbDwqRjQRgJDy%2BqpwcGvwhKYOJhS2TAn86dCg%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 79c6bf42084c9b98-FRA
x-amz-cf-id: mz2HloiJ71d_vfjAeHYYsjp7zTSPQUTQ5b4crbRUCGsL_oGAOgB7Rw==

GET
H3 200 Asset%2013@2x.svg
www.huntress.com/hubfs/ 15 KB
12 KB 123ms
116ms Image
image/svg+xml 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.huntress.com/hubfs/Asset%2013@2x.svg

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

6145ffccacbf92ec04526c41b5e912e6555a7102a0515c64d5ae5b6002c8e4cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-encoding: br
x-amz-meta-cache-tag: F-83846874671,P-3911692,FLS-ALL
age: 6227
x-amz-request-id: 489GRGK45TNK4BVE
x-amz-server-side-encryption: AES256
edge-cache-tag: F-83846874671,P-3911692,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
etag: W/"9ec961a19aeb3e2015c061aede542e18"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1662183181118
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
date: Mon, 20 Feb 2023 11:01:56 GMT
strict-transport-security: max-age=31536000
via: 1.1 0d78cc90106520d13c1b5c5b16dd8246.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: XFquvk99yq_WF897UvSyCDvvhrMfo7eM
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-83846874671,P-3911692,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: Kr4ojhsklRGjYHjXCqZlPeDNZbHcwWHBjIcEG+Kh4XsdGYoPX28jM24fFTw9nwq29qpqamHBBLQ=
last-modified: Sat, 03 Sep 2022 05:33:02 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ar2YfPCFPBMoJ1SpChYWB7S96MXCrrNWUbe2Cb60wp2C0EyslG5riMe%2FZsU4tC6fq46oLiTpn%2B%2FLhLnIVJhLjezmB2RgPobXKguEKVwOjKqSfiZBH5E%2FKIAsaObDuMlIDdYTbcs%2FQW4K%2BCkXx60%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 79c6bf42084d9b98-FRA
x-amz-cf-id: OJS5ptyPYxXCNp4AIyz17mxkLMGCiCzsNAk9BsLvyadFgPgIX6tzwg==

GET
H3 200 Asset%2012@2x.svg
www.huntress.com/hubfs/ 5 KB
5 KB 284ms
277ms Image
image/svg+xml 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.huntress.com/hubfs/Asset%2012@2x.svg

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

aad4b41123dd3a244cebc4b650de024f2650df1fba41d62ae4c9e4adcf4bc344

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-encoding: br
x-amz-meta-cache-tag: F-83854073700,P-3911692,FLS-ALL
age: 1056528
x-amz-request-id: 46Y2DJ19G2ZBR7M6
x-amz-server-side-encryption: AES256
edge-cache-tag: F-83854073700,P-3911692,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
etag: W/"840ad20b2e3fd35f9898eeb352b54514"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1662183114206
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
date: Mon, 20 Feb 2023 11:01:56 GMT
strict-transport-security: max-age=31536000
via: 1.1 dc8d59dd465eb0695e94a008d8f8d96e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 0u3oVjPLGkqbx06S3I_LGFVUVlpBJeGx
x-amz-cf-pop: SOF50-P1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-83854073700,P-3911692,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: eFn6xTUteBaIg55Io1Y2QF3VBAJwqaCAVaRv7dNjf1+hfSict92SSSZNpvH0paA5XUCJTGhh134=
last-modified: Sat, 03 Sep 2022 05:31:55 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5fjf584IVRA2NZJtNM8ek4cxvqXr0zGz6qWJR3kq0jwjTQI3%2BYAxq6KKkBRyzr2ZdoRijbrOOpqX%2FdwLES85igQH%2FDPWrPgkdMp397I7rLfn27UopjQbqjMGll8zjch2GhP0FMusmHkfi88CK%2FQ%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 79c6bf42084e9b98-FRA
x-amz-cf-id: umojTLIk5TOH3pgH6D3SzdLvGgbC5U4pT52DAuUYbmAALb3b9xYr9A==

GET
H3 200 Asset%2015@2x.svg
www.huntress.com/hubfs/ 7 KB
7 KB 285ms
277ms Image
image/svg+xml 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.huntress.com/hubfs/Asset%2015@2x.svg

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8ee1caa737e585d6cf4a91ab01b27aff627c2056544d7c9e4f704f1a9176a023

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-encoding: br
x-amz-meta-cache-tag: F-83854984338,P-3911692,FLS-ALL
age: 1056527
x-amz-request-id: 46YFZSGAR9FTJM0K
x-amz-server-side-encryption: AES256
edge-cache-tag: F-83854984338,P-3911692,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
etag: W/"46ba1d0e22afcd81d0f559509d4040e0"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1662183311931
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
date: Mon, 20 Feb 2023 11:01:56 GMT
strict-transport-security: max-age=31536000
via: 1.1 4476dca0506fd639c970ce02c0209fe0.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: ykcf.YtMKnpKRVLLWHK_h271kY_vwQ8j
x-amz-cf-pop: SOF50-P1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-83854984338,P-3911692,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: 3B8ixKP34tmNHTDeGqfzx5NZ3PPk9EIA7FjUICIyml+mKKohxH4o+IGCzeUal1epsST3jkTQTag=
last-modified: Sat, 03 Sep 2022 05:35:12 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fKnohPbCcWEExRdWxVbQPfI%2B71f%2F7E2vgd0B%2BEuQjI%2B%2FV4YCziIsNJ805YjZu34I2BqQ%2BgoUKdVYHrvyHGb3qmPTwGJXK3dODb%2Bm0USdPk3CZBmTtC35xXeWaIioktmrP2k6Cf1p9F2qlbtUD9A%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 79c6bf42084f9b98-FRA
x-amz-cf-id: oCehj1cB1tGdD0uU-sdioo0KmLroCJVssDucByAQXx6AZ-2AnmDllQ==

GET
H3 200 Asset%2016@2x.svg
www.huntress.com/hubfs/ 12 KB
10 KB 285ms
278ms Image
image/svg+xml 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.huntress.com/hubfs/Asset%2016@2x.svg

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

295fe623d1742c976f775c008be5bcb815be503e1cd7811aafdc08cd12682c25

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-encoding: br
x-amz-meta-cache-tag: F-83854167428,P-3911692,FLS-ALL
age: 6227
x-amz-request-id: YS0CXXZ6EK8PVFDG
x-amz-server-side-encryption: AES256
edge-cache-tag: F-83854167428,P-3911692,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
etag: W/"44914406e9714339fed07ac3ccde38fe"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1662184506038
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
date: Mon, 20 Feb 2023 11:01:56 GMT
strict-transport-security: max-age=31536000
via: 1.1 4dd80d99fd5d0f6baaaf5179cd921f72.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: wbLDdPcRl.zixcmn1ViEkxLS23kLuxQF
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-83854167428,P-3911692,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: /FTA1x+8qlzF+95ayGTJlbeTHPtiB7vmjbtRQ8WqdvlpnVh8MLgLeLRfc3/9NkuvjS1zgT4lkLk=
last-modified: Sat, 03 Sep 2022 05:55:07 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FEGH5MiuvPhwxqVTeIfUe63BwLit61RlAd1rITgu5%2BmrGVsPMR%2FhiQu4dzg%2FOOXNktxhacJBwq%2BwkgoL9Ag5OerBeuU7sufL1qvEV%2Fqave8AEzlYQvleiqLl6m5zpyrZamgmed5nXzrbpvDEVHw%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 79c6bf4208509b98-FRA
x-amz-cf-id: 6PEX5soesyfISSFJYHAftc6GFNJfU-YsJnkptdDx_DS1ccASW_pd3Q==

GET
H3 200 Group%20139.png
www.huntress.com/hubfs/ 5 KB
6 KB 286ms
279ms Image
image/webp 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.huntress.com/hubfs/Group%20139.png

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

24bf1462917f99639fe1db5284b292d9f2dfb6ab5629d2426b5243a4db6b5b47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-83753956493,P-3911692,FLS-ALL
age: 453390
x-amz-request-id: JPCYXMQAZXDG0025
x-amz-server-side-encryption: AES256
edge-cache-tag: F-83753956493,P-3911692,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="Group%20139.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
cf-bgj: imgq:85,h2pri
etag: "a44c8a54e3a9fd6dad771171d08e3544"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1662102247523
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
date: Mon, 20 Feb 2023 11:01:56 GMT
strict-transport-security: max-age=31536000
via: 1.1 9a8ac33fc9fddfdee2faf662aa337e6a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: WxJSvRoqOyadQDLBNMvKTsJ2SHDjIooW
x-amz-cf-pop: SOF50-P1
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=6890
x-cache: RefreshHit from cloudfront
cache-tag: F-83753956493,P-3911692,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5250
x-amz-id-2: NBBPo+CrfiUwSud6JuqFHa8SQAzqPr33PlgBr3zps7ET5fmo278iFVhVWQnkrl5skj4Yjd9i8IU=
last-modified: Fri, 02 Sep 2022 07:04:08 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aEc7g2iMwD5%2FfV3KtqVBfz7ei%2BS4QbB0ppcdYDJTVDZFHSHBjoTqaIuFah5MV0fF0N%2FAUdET6sUrBrRfg4fEOCxZmhw4%2FwcXqmzwmPj0lTZE8WwFj2v9%2FtK564q4LOhY2EbF%2F0%2BywOHvM%2B6bd90%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 79c6bf4208529b98-FRA
x-amz-cf-id: 3qxddvhBX6LTImrELp0bEeE6hoJZNo7ISyAnVILIr58ny5QOmccJsg==

GET
H2 200 40e39240-8f28-4247-989e-af913fc5ff6d.png
no-cache.hubspot.com/cta/default/3911692/ 1 KB
2 KB 282ms
168ms Image
image/png 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/3911692/40e39240-8f28-4247-989e-af913fc5ff6d.png

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f7bdf8f9ec125444bedd4c013d5b956636ea5b8407e0b60c991a361f65beab99

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 11:01:56 GMT
x-amz-version-id: null
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-request-id: V1HHFEYAWBH6WAFP
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1039
x-amz-id-2: 7go4zDzjhtcB5LUU3ZO+bbdbOVSKhLc4eiRfjcXU95I3CjR4DflE2+M6na6hkeJl4e/KzJL25Ts=
last-modified: Wed, 21 Jul 2021 14:21:28 GMT
server: cloudflare
etag: "79b5475fbb2abb884386550a797d2e28"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9qEYvmzefxU5I0oMYJADQ0lodTzXoHkp9YrOW2943ODHJGIYf9IU7j8LkeKSuVxzffj5oX121Qve3ujgTCjCAKi9m77J2kKB3VtnQQoxzb0DQL4GCAY6degHQnt97%2FDcSozy5p5w%2FlGTNFI4dZ%2BXfgyX"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: no-cache, no-store
accept-ranges: bytes
cf-ray: 79c6bf42bcf53630-FRA

GET
H3 200 current.js Show response
www.huntress.com/hs/cta/cta/ 16 KB
7 KB 92ms
92ms Script
application/javascript 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/hs/cta/cta/current.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

53e889ec0ff84d0673b7de59c593d0fef76f059e6180c221995aa143a15db19a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 11:01:56 GMT
strict-transport-security: max-age=31536000
via: 1.1 45893c5ff2aa24fa7dce9573a0274642.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: Gcf58dVrKBkf4GqTGjI3QoL_mPyyv1Zn
age: 510
x-amz-cf-pop: IAD12-P1
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=cta-embed-js/static-1.116/bundles/current.js&cfRay=79c6b2d096d7915e-IAD
x-cache: Hit from cloudfront
cache-tag: staticjsapp-CtaEmbed-cloudflare-web-prod,staticjsapp-prod
content-encoding: br
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 19 Dec 2022 10:41:21 UTC
server: cloudflare
etag: W/"de427b147fa70013c63bb257c88ede56"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=exLW6iBHQQhZ9rvvUOneHxim1SQXe5MyHvxcEx%2BQThzV2cjaCzcc9t7yE%2B36B9xVEQcDvFFq2kr8VS%2BL7gBDgHpDV35XloVTm0wTYc6FN6ChZ79DnYaw%2FDcsE60HGoOZhvBXZIr35h1vB7PUSNM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
cache-control: max-age=600
cf-ray: 79c6bf417ed29b98-FRA
x-amz-cf-id: ridNw7qkE86zA3yGv0sGyXrs6s7QptNS7tBNSs6W0UlyuHYGEVwjJQ==
x-hs-target-asset: cta-embed-js/static-1.116/bundles/current.js

GET
H3 200 Huntress-1-1.svg
www.huntress.com/hubfs/ 17 KB
14 KB 115ms
108ms Image
image/svg+xml 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.huntress.com/hubfs/Huntress-1-1.svg

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e5fae83c7b1bc318026072592130f5d8ac977970ad81b79218dd442235a59b6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-encoding: br
x-amz-meta-cache-tag: F-83639587659,P-3911692,FLS-ALL
age: 1388458
x-amz-request-id: B5142R2AFY7M70H2
x-amz-server-side-encryption: AES256
edge-cache-tag: F-83639587659,P-3911692,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
etag: W/"5eb7f12b49ec4085bccb33be62bc3fe9"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1662015849971
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
date: Mon, 20 Feb 2023 11:01:56 GMT
strict-transport-security: max-age=31536000
via: 1.1 099a327961f82798658bf21aa210d4a0.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: CV3yu1lUsNjBX07SDUAQdESVyZxYlca4
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-83639587659,P-3911692,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: DeA6AB/KQbNyYuh0jgzuii3/CHl+5c6Y9J7JWPZBPj9Dktv0+lNJj4KChdF1HZG5jwOhNziSVvg=
last-modified: Thu, 01 Sep 2022 07:04:10 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KrsjYrbsnxfrIPOyfM%2FPHwtMK8McKtDSGJl3fmP8Xf3yvvaybCmHaJ5%2F9lsSiSEm5FKzzzoadivl4w6IStBFy30ahqwkalVIjo4863xEwlRyH22yvtXIJwuLZEBUF7P%2BMFofvN6AR8cMypX2moM%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 79c6bf4208539b98-FRA
x-amz-cf-id: Z-MaMAnVjm6GRkSJY_x32WJZ3AYu7r2HOFiY1xukQYmifdTclBmmbw==

GET
H2 200 addthis_widget.js Show response
s7.addthis.com/js/300/ 353 KB
114 KB 251ms
53ms Script
application/javascript 23.62.220.135
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/300/addthis_widget.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.62.220.135 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-62-220-135.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
date: Mon, 20 Feb 2023 11:01:56 GMT
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
server: nginx/1.15.8
etag: "5f971164-5834c"
vary: Accept-Encoding
x-distribution: 99
content-type: application/javascript
cache-control: public, max-age=600
x-host: s7.addthis.com
content-length: 116325

GET
H2 200 magnific-popup.css
cdnjs.cloudflare.com/ajax/libs/magnific-popup.js/1.1.0/ 7 KB
2 KB 140ms
51ms Stylesheet
text/css 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/magnific-popup.js/1.1.0/magnific-popup.css

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

45d1f5f6cf913746c45dd697b1a8f3b719c02d8b3f678dc7fc2766d54e1aaf6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 11:01:56 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 485632
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1497
last-modified: Mon, 04 May 2020 16:12:04 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ed4-1b27"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FVdEpqaNzInM0Do%2B%2F%2FCVMnIiVwyVWX9oEminbA4gX8mR85blmif7fjnaUVB3%2FV64KZWl7dx4U9RvygkD%2F0NchNmQsuqtZM%2BSuG%2B4Zm5slRPuhHELAfW5TvzwmopoWn1wRAejdAVVJoMEn76z35T%2FUzEG"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 79c6bf428abf9974-FRA
expires: Sat, 10 Feb 2024 11:01:56 GMT

GET
H3 200 Huntress-1.svg
www.huntress.com/hubfs/ 17 KB
14 KB 287ms
280ms Image
image/svg+xml 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.huntress.com/hubfs/Huntress-1.svg

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e5fae83c7b1bc318026072592130f5d8ac977970ad81b79218dd442235a59b6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-encoding: br
x-amz-meta-cache-tag: F-39773583794,P-3911692,FLS-ALL
age: 1056519
x-amz-request-id: 46Y9AKQMQX5F32J3
x-amz-server-side-encryption: AES256
edge-cache-tag: F-39773583794,P-3911692,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
etag: W/"5eb7f12b49ec4085bccb33be62bc3fe9"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1609832613811
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
date: Mon, 20 Feb 2023 11:01:56 GMT
strict-transport-security: max-age=31536000
via: 1.1 0b39dec640ae4a26cac728370e000fc4.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: jsS8.Qyl076AnWtAah4sMmKUd0P8VNuI
x-amz-cf-pop: SOF50-P1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-39773583794,P-3911692,FLS-ALL
x-amz-meta-index-tag: all
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: BuBCvuDQMZMQxn6Imp6wm1D3i1WQ9+niidvvjKt5sw/On1N/jtQ6UOtUz8ushvmZ2gjwBVb6hJ0=
last-modified: Tue, 05 Jan 2021 07:43:34 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kO03f8wUZtovje2E0%2Fm4%2FN33muqUdKIgbr09hb82EzDCux6xqfgEme0qCNZ1%2F3%2B293HeVXxUnU7EB5ACQHSw%2FLRfdzaPvwsgya7elyEIUgan2DPKkFYCf%2FTPSpyLCDKzPV3UcYKBBdhk%2FdlOOfI%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 79c6bf4208549b98-FRA
x-amz-cf-id: IKoLO26dacF5pEy5m9XAL2boSrQlRpZkWWsAGkHZf2IVYCPlLwVojQ==

GET
H3 200 Biz-1.svg
www.huntress.com/hubfs/ 2 KB
2 KB 288ms
281ms Image
image/svg+xml 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.huntress.com/hubfs/Biz-1.svg

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8635796c350308ea6419713250a1cae02120881c6cc990f3b0562821201e7266

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-encoding: br
x-amz-meta-cache-tag: F-55369190472,P-3911692,FLS-ALL
age: 1056518
x-amz-request-id: 7N78KKBG8ZXPBCJ5
x-amz-server-side-encryption: AES256
edge-cache-tag: F-55369190472,P-3911692,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
etag: W/"10aa3cb3029e1f043563140e89d76c8d"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1631771480774
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
date: Mon, 20 Feb 2023 11:01:56 GMT
strict-transport-security: max-age=31536000
via: 1.1 5b0ae4234ebff11628ea262f3e0273c6.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: pb30Lhh_yVZl.AlHg0LSscg9tyoyIBsR
x-amz-cf-pop: SOF50-P1
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
cache-tag: F-55369190472,P-3911692,FLS-ALL
x-amz-meta-index-tag: all
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: FdeV2X6zST+EZ5Xf+xyi05iy018Ft9S5oi8jWjwVJYVoEviHOsaWVUAc53GVbLYjDa1KE86kGDw=
last-modified: Thu, 16 Sep 2021 05:51:21 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rU3ST34CyLj8zu6gdhT6yXNUpu9xSZKI0s%2Fp4SNBqf6Ad9G2tOEo2OxlE43u%2FJby3PXQqCO6D9FCRK9N3tVE1xrTc5KuREQrQNzMsOdLc5H0bt2zwxiw0xdvgC84cl7g%2B4ASsiEUyV%2B942m3mHE%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 79c6bf4208559b98-FRA
x-amz-cf-id: XgNb4qfla8PErOuqzBHMxKQr73sEQGDQM3ABnY0gpjQCG7EVZFrrxg==

GET
H3 200 pwr.min.js Show response
www.huntress.com/hs-fs/hub/3911692/hub_generated/template_assets/37647164007/1675459147413/HL_Theme_2021/Coded_Files/ 153 KB
39 KB 781ms
776ms Script
application/javascript 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/hs-fs/hub/3911692/hub_generated/template_assets/37647164007/1675459147413/HL_Theme_2021/Coded_Files/pwr.min.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fc9f94bac395a68b247d7b18c56682d5e3105df9fb210f428f379fa8b16496a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 11:01:56 GMT
strict-transport-security: max-age=31536000
via: 1.1 1b6db55df4d0459558669f7d008cda9c.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: l2MwqVH1MaNBn_HhGb88vmqd21UH5P3K
x-amz-cf-pop: IAD89-P1
x-amz-request-id: NRF80KGM5VX4VZAG
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
content-encoding: br
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: 2AkCbPjRaPv6gN9jN6SoPWWfG9VC0Z0YpXlljK9kztMGXI5+Usu2b6mG6adfwG6Rj68IFw7RfiM=
last-modified: Fri, 03 Feb 2023 21:19:09 GMT
server: cloudflare
etag: W/"305b0a8685ac0870712983a0934c9e1b"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1675459148904
content-type: application/javascript; charset=utf-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Zt86jMI5DYEC%2FZg1NUvIR3E4iGhC6Mk5nUJCBYO8iL%2F0JDxXH%2BCSyg9GkPc7qJZ0MCU5iSl3B8Uc1%2BXiu2l0krb5NI%2BAh%2Fnq3EbRk8scbXkOlkrUqgnVagIcS5vxAmWdxX2AFQVzouI2zFS%2BYDs%3D"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
cf-ray: 79c6bf4208259b98-FRA
x-amz-cf-id: 3HFBQi3EXb5jMoW3Ismc1kK0Jrb3K8vF53-Wq3HOa4_Mnn91p3iosg==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H3 200 project.js Show response
www.huntress.com/hs/hsstatic/cos-i18n/static-1.53/bundles/ 1 KB
1 KB 120ms
115ms Script
application/javascript 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 11:01:56 GMT
strict-transport-security: max-age=31536000
via: 1.1 7ef588f1ad9c3a185cdaf4119943040e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
age: 30834763
x-amz-cf-pop: DUS51-P2
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 09 Nov 2021 16:12:42 GMT
server: cloudflare
etag: W/"61ca66de658cab9587e4636894680d5d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zi0F6mKMktTKTbEi2DeUiBdkyvI%2FqgjK%2F2A7%2B1wyi0VmTLdxeK5PwmCoiHgUPB9cpeDVUiI79M63uswAT5HzjSsocDWmiBdY4ZGfr0qtzrPItaIFZNgIF04TGnC6yvIpe0%2BNxLH5KHyj6wIU%2BpY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 79c6bf4208289b98-FRA
x-amz-cf-id: lW4qF689P3Dc0HMw43ovy8wjZ74uhX_Wh4bq4rNr2huIwgx-yNd3Uw==
expires: Tue, 20 Feb 2024 11:01:56 GMT

GET
H3 200 module_37648262592_POWER_Blog_Post.min.js Show response
www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/37648262592/1674668888038/ 933 B
2 KB 335ms
326ms Script
application/javascript 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/37648262592/1674668888038/module_37648262592_POWER_Blog_Post.min.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

79bb1b80606f5282fa20cea179f7c7f619eb1848b1d550a9e13857477cd1c38e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 11:01:56 GMT
strict-transport-security: max-age=31536000
via: 1.1 cea67f5ca1b497624430e599aa6b7c62.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: BBcSXZF4Twfvqpetce9Qqr3pynKHdU7C
x-amz-cf-pop: IAD89-P1
x-amz-request-id: CQDB2Q6AJBDJETX4
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
content-encoding: br
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: Eq5Bj3AN/4AnAYH9UwOpCUtLXL8lP0mq8++3f0tv92scg9lnzNed0gZ2oKb8+Bnz5dun4P9xyRcSb4GkeCV0ig==
last-modified: Wed, 25 Jan 2023 17:48:09 GMT
server: cloudflare
etag: W/"005ba15488b184ae927f2bb08fa5a345"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1674668888038
content-type: application/javascript; charset=utf-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CyG7TcsSY6JHIp2zwDC2FooCleUMEN7h40Yt06Ijvgxzm0MnnH8Ug5zJVJZ%2F6sHlLZyAaeip9CUzyxKk6FdWjNG%2BbCxNvcqmrNsOJ%2FijU344bi2JD%2F5uDkNkm%2FNqoYIcCzE%2F7ZRMn9EuBubghaM%3D"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
cf-ray: 79c6bf42083c9b98-FRA
x-amz-cf-id: 3zh7eD1l_zSmk-Ms2XAppzf0fhL8Qrb_i03hsMCGelED4zGUUuXpiQ==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 jquery.magnific-popup.min.js Show response
cdnjs.cloudflare.com/ajax/libs/magnific-popup.js/1.1.0/ 20 KB
7 KB 146ms
58ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/magnific-popup.js/1.1.0/jquery.magnific-popup.min.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3fddc6d28aba3c13d64cfd4847c333ff48c71d4a5a58bd1a0494ca6ae8ac1bb4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 11:01:56 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 483044
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6546
last-modified: Mon, 04 May 2020 16:12:04 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ed4-4ef8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nYgOd05sHcENA3knJXngdpg%2BtulNZEoh9%2BSQWf9jR3GKXR5Aaf%2BbdGeTmXmZFRmsNq2z357ohIWCN%2BX%2Fs1LGi38HTxlZFV0xOsaMQ1TvUP%2FjRXIjPz91GPYXWQ%2FPz9oR1NAFUpAf3oyDZvp5q4vgT7gG"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 79c6bf428ac19974-FRA
expires: Sat, 10 Feb 2024 11:01:56 GMT

GET
H3 200 sticky.min.js Show response
www.huntress.com/hs-fs/hub/3911692/hub_generated/template_assets/67886983812/1646636852236/HL_Theme_2021/Coded_Files/ 3 KB
3 KB 345ms
337ms Script
application/javascript 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/hs-fs/hub/3911692/hub_generated/template_assets/67886983812/1646636852236/HL_Theme_2021/Coded_Files/sticky.min.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

11bcaa66e2e5486338bbf15bc2af4136962618bd84574c350c82c501d64f6868

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 11:01:56 GMT
strict-transport-security: max-age=31536000
via: 1.1 0fd782cbc1c3c43778f2ac89b2bfb444.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: oIU6rHYsVQSZOhrGoqvW7sFAXkwuMMSC
x-amz-cf-pop: IAD12-P2
x-amz-request-id: 8KNPJ3ENXMKYT4R4
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
content-encoding: br
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: Z5MNfVmOLZe7YtHotnCH2JF32pIqtdj3a6mKC9nK2d6np9GX0NAS+ycMYUjNpZTGwYvnG0qZwi8=
last-modified: Mon, 07 Mar 2022 07:07:33 GMT
server: cloudflare
etag: W/"55ae62a2138b0ac2dad2cd6f3fc3decb"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1646636852583
content-type: application/javascript; charset=utf-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N8%2FcLNCme7rIAblqfCelSd7xBmgjhE9vty2w5vjDrkTcaTs6JfRLfddaNA73yy1VZ%2BMHLexUe4f4T77IrBBKWl25neb3ZmnQS9jSPXhaw1kSkBF0s%2FNkhbBouCHR8Fn9viiPArxOqZzsVbS9o1U%3D"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
cf-ray: 79c6bf42083e9b98-FRA
x-amz-cf-id: bE0yBcTacaV36QbsA-Q5Y-itWsLDkaUXIsvYYXkDyl8xHlILVta5Wg==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H3 200 module_72308060713_Blog_Related_post.min.js Show response
www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/72308060713/1669043943002/ 365 B
1 KB 298ms
289ms Script
application/javascript 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/72308060713/1669043943002/module_72308060713_Blog_Related_post.min.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3367498692c5f6cdc662369af915c0c2f13b7f6af9e67a522d2e7fc1b3299364

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 11:01:56 GMT
strict-transport-security: max-age=31536000
via: 1.1 8bf94e29f889f8d0076c4502ae008b58.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: SBG.fyduSO9gOy.FmtNERc3Ncw_1ixXc
x-amz-cf-pop: IAD55-P1
x-amz-request-id: 0FXSXAGYWCD7PTWV
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
content-encoding: br
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: dVZTTVr2c9riO4H4tm43gtypTbkbmJS6taZr7LchjmYGqK+l9j03kTXmSiVpgpdveoygwctZ+38=
last-modified: Mon, 21 Nov 2022 15:19:04 GMT
server: cloudflare
etag: W/"136cb371b82e4f0a84d11b654e92bb11"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1669043943002
content-type: application/javascript; charset=utf-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zlkTEb7XNyHKvZOWhACXyQOftzb%2BzzWfiA7kbeMMH7MrbEMg6F8Hr%2BTtSk%2B2ydYJADBu5F8v1UEq6sTrBEexc8vhbdUyA44IrCFNVksjihOdn6aHY3Xr31b7sVIYCh6TGkB5KzQfIJhPf7YAcPI%3D"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
cf-ray: 79c6bf4208419b98-FRA
x-amz-cf-id: SJCzghbBd-n094RP6vB_urXBV08TSyLYI9N4hVAUYcjOXyuuPgk31Q==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H3 200 v2.js Show response
www.huntress.com/_hcms/forms/ 509 KB
166 KB 124ms
116ms Script
application/javascript 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/_hcms/forms/v2.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a5e470d918babacc4ffc6001009227fc3b3d6303f5e2738aed7a02c2e23628f4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 11:01:56 GMT
strict-transport-security: max-age=31536000
via: 1.1 6f067a3fd6e721a7db2a2901701a65d8.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: dZvLdX9P7w4t9flGoGjs6YWXCETUwiH4
age: 600
x-amz-cf-pop: IAD12-P1
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=forms-embed/static-1.2715/bundles/project-v2.js&cfRay=79c6b09b473d9162-IAD
x-cache: Hit from cloudfront
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
content-encoding: br
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 17 Feb 2023 05:17:00 UTC
server: cloudflare
etag: W/"d2b69dd4f64d2c0ab2d305cd7f4999b5"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p%2Fo5y2%2BNxV3iQv3LgApwi92AYGYp9NEkAjDWhgUN2RtJeLwGTloFn4IJnj6FyHBtgTpwTpvbEprCrRpy%2F4yN6OeAIAFgcY5g6Fv5JK%2FvPNkArRIxDt1i%2BJbVJJYUyUpRT%2BNKwusDdkJvCAmK16s%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-hs-cache-status: HIT
cache-control: s-maxage=600, max-age=300
cf-ray: 79c6bf4208439b98-FRA
x-amz-cf-id: sasszNk0HkDL-tQ12_HhCGgbUsNoMc7Tw-dtbbnMLd98P3qMBsAJLw==
x-hs-target-asset: forms-embed/static-1.2715/bundles/project-v2.js

GET
H3 200 3911692.js Show response
www.huntress.com/hs/scriptloader/ 2 KB
1 KB 290ms
283ms Script
application/javascript 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/hs/scriptloader/3911692.js?businessUnitId=0

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f87d3d4acc2fa5cb8ea842aaeec0bb90cb643a2048121c0d4c4f8b8849e660b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 11:01:56 GMT
strict-transport-security: max-age=31536000
content-encoding: br
cf-cache-status: EXPIRED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 3aab7d0b-2aa7-49b7-996a-53ce87cc6a29
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 20 Feb 2023 10:14:22 GMT
server: cloudflare
x-trace: 2BB14D050D109FC90B72767E6EAE6AD886BAA2D15C000000000000000000
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.huntress.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T8RurEkjQRgo%2BB5d%2FpIf91W7ros6Vl%2BQ0tqPfbmTWWA84eyofcrTC%2BS3TgRTXtLxo2ww1Vq11Pn5pS0qXdTCpvMcFygul7E85ge4LNvum31FVva3m5aTPuw6DOyhBPwl0ZqskQRkFQqE%2BhK89Sw%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=60
access-control-allow-credentials: true
cf-ray: 79c6bf4208579b98-FRA
expires: Mon, 20 Feb 2023 11:02:56 GMT

GET
H3 200 index.js Show response
www.huntress.com/hs/hsstatic/HubspotToolsMenu/static-1.154/js/ 11 KB
5 KB 293ms
286ms Script
application/javascript 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/hs/hsstatic/HubspotToolsMenu/static-1.154/js/index.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

49c050c7a4775b5b84a5ceabf44f33074c79c051306286a8be611e9794704894

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 11:01:56 GMT
strict-transport-security: max-age=31536000
via: 1.1 19f569e782b5b925c41d8bc4e292cc7a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: zqfoHVEO7SsMjSP1JrsnDQf9ix87l6qJ
age: 933340
x-amz-cf-pop: AMS1-P1
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 09 Feb 2023 15:43:08 GMT
server: cloudflare
etag: W/"d57b3d84e0be8dd0aef0781d100c0d14"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u0ZbLnhZxHy1g7tuvB%2B8dk4QuKJ3Zm7eWZrmGCx30TnCVhk5306rGOfOic99Zz9QmsB7QJUFh7Ul9OSwhdyaD16DK0Th6COL0cUVM%2FOSMD2%2Fn97aqz0A1vbgZKlqx3s7Vr53l3xOfaFQ3xwaHA0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 79c6bf4208599b98-FRA
x-amz-cf-id: LZoQ5rwWBe7yG-ndGTK3QocdekpnxF1cIw4-RF4i7Lkgg7CEMWJgtw==
expires: Tue, 20 Feb 2024 11:01:56 GMT

GET
H2 200 polyfill.min.js Show response
cdnjs.cloudflare.com/ajax/libs/js-polyfills/0.1.42/ 69 KB
16 KB 139ms
51ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/js-polyfills/0.1.42/polyfill.min.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd77c41d41a299d224e36572ee84e734bb53f2c56b3babe78619ec413d56d68a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 11:01:56 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1134947
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 15998
last-modified: Mon, 04 May 2020 16:11:50 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec6-11405"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5aSlPuGVrewMBUpMIvYPjiHEvbjFVpyE7XbNOTAsg5wJw81OZhatm7jKYtbhLF%2BJqAyYOD%2B5X15rtEtthkY1leuiF320es4qAx2f361mbjqFVxOwEe1pYVqFR1pJXhor%2FetDeVXhyePbTxJ3Va%2Br1JUb"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 79c6bf428ac49974-FRA
expires: Sat, 10 Feb 2024 11:01:56 GMT

GET
H2 200 lozad.min.js Show response
cdn.jsdelivr.net/npm/lozad/dist/ 3 KB
2 KB 170ms
77ms Script
application/javascript 2606:4700::6810:5914
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/lozad/dist/lozad.min.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5914 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

98e15110586a9877906d7a4ada5a789c0deaa285600027e1f3c7e925fb4b05b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 11:01:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 4904
x-jsd-version: 1.16.0
content-encoding: br
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19177-FRA
x-jsd-version-type: version
server: cloudflare
etag: W/"c17-/CtD5WDEW7iHrdmPF7CEBoqSMss"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3jcj4Tt%2B7pKrc%2FaRIPnsLO6pqJUYhTfwBRTW3oP%2F0arrf%2BQddA6Notxw4G0Y9IE%2Fno8kSOYWzm0ujWS2ijJeKMlmRE9pjdOOGvZF6Tt3sKsGJiSt5wUumggBuAx2dNCGX5ivw7EFZW9luUnwFNA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 79c6bf429c855c56-FRA

GET
H2 200 sp.js Show response
cdn.jsdelivr.net/gh/snowplow/sp-js-assets@2.15.0/ 111 KB
34 KB 145ms
55ms Script
application/javascript 2606:4700::6810:5914
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/snowplow/sp-js-assets@2.15.0/sp.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5914 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

19680a27e88da4a3713af26571b4849096e75d617f2845574af7fd15746256bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 11:01:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1012962
x-jsd-version: 2.15.0
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra-eddf8230123-FRA, cache-yyz4556-YYZ
x-jsd-version-type: version
server: cloudflare
etag: W/"1bcc9-Fvi1pHLpkqezVQp0uCr6MtFyy4s"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2bhYyC74YgOD0Emyc6ioxjLZZSh892wePBDEAfglIHE%2Fng6Tk%2FIK%2BDku0nx4sGGJX39LVUeBY8RBYLVVTPlN82I3I3BWGulplzIxL5UPKKvvstMRedeWKd4Uo%2F81iTsMvkbR27UGfDv1WWyoyQo%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 79c6bf429c875c56-FRA

GET
H2 200 j.php Show response
dev.visualwebsiteoptimizer.com/ 3 KB
2 KB 133ms
43ms Script
application/javascript 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=620982&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fmicrosoft-office-remote-code-execution-follina-msdt-bug&f=1&r=0.6135854985569504
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 75e514a6e6f17dedf68c46d4b3dd8ca9f79c7f96cdd3fea5e7c86c3837b2e7d0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 11:01:56 GMT
content-encoding: gzip
via: 1.1 google
server: gfra1
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0, no-cache, must-revalidate
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 sl.js Show response
scout-cdn.salesloft.com/ 6 KB
3 KB 210ms
51ms Script
application/javascript 2606:4700::6812:df5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://scout-cdn.salesloft.com/sl.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:df5a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a007af67f716c30c8848ab0ad0bfaab8a5fcf3e36dedf918b59c9429d522440

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 11:01:56 GMT
x-amz-version-id: 6anzvBQcvmaBDc8BSO9zI6Th.IIiwArc
content-encoding: br
cf-cache-status: HIT
strict-transport-security: max-age=0
x-amz-request-id: 2GR0DSRTYQ7GF9MQ
age: 4290
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: 7hBLnIgK4jdZzOAXb3ibRqFFJ0XNbVzb4U3lmcxzW2VQwYE7SPZQgPj6xU4+s+SHV/BynNvrJkQ=
last-modified: Mon, 13 Dec 2021 16:28:37 GMT
server: cloudflare
etag: W/"d74cc4825c8e333b2116da3fcc649db1"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400
cf-ray: 79c6bf430d23bbe6-FRA
expires: Mon, 20 Feb 2023 15:01:56 GMT

GET
H2 200 HKNova-Regular.woff2
3911692.fs1.hubspotusercontent-na1.net/hubfs/3911692/HT_2021/fonts/HK_Nova/ 32 KB
33 KB 227ms
121ms Font
application/font-woff2 2606:4700:4400::ac40:9ad8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://3911692.fs1.hubspotusercontent-na1.net/hubfs/3911692/HT_2021/fonts/HK_Nova/HKNova-Regular.woff2
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/hs-fs/hub/3911692/hub_generated/template_assets/37640723000/1675790605104/HL_Theme_2021/Coded_Files/pwr.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9ad8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d9cdf9b8cd47c0a17356ff68e2581021800a4c86dd8d71aaf0ad5cfe025b114e

Request headers

Referer: https://www.huntress.com/
Origin: https://www.huntress.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-38491779608,FD-38491499040,P-3911692,FLS-ALL
age: 281384
x-amz-request-id: 3CAT6Z83RW3J4VJZ
x-amz-server-side-encryption: AES256
edge-cache-tag: F-38491779608,FD-38491499040,P-3911692,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
etag: "5a3239585a66868a9109bab6273f0a26"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1607406808501
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
date: Mon, 20 Feb 2023 11:01:56 GMT
via: 1.1 6eb77e673c2aa566dbadbc817458b976.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-version-id: y1_7cBbebzu1P55qghtsCfIzqKHObY4N
x-amz-cf-pop: DUS51-P2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-38491779608,FD-38491499040,P-3911692,FLS-ALL
x-amz-meta-index-tag: all
content-length: 32892
x-amz-id-2: rw3J3JSsTGHTFQjhrWTvvNeCjaSOtD0t+nM1KOM6MY5XlYm03juxXwp00rZ7aj25i534uCmrZTk=
last-modified: Tue, 08 Dec 2020 05:53:29 GMT
server: cloudflare
accept-ranges: bytes
cf-ray: 79c6bf42be422c6e-FRA
x-amz-cf-id: 0LQ9uzyPSnvj18r-NULSm28VOrZh9YLCL4vTuGzW7_BoJtiGPmSYcg==

GET
H3 200 BlogHeader-RapidResponse-Follina.jpg
www.huntress.com/hubfs/Blog%20and%20Social%20Headers%20%28From%202-1-22%29/ 69 KB
71 KB 913ms
913ms Image
image/jpeg 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.huntress.com/hubfs/Blog%20and%20Social%20Headers%20%28From%202-1-22%29/BlogHeader-RapidResponse-Follina.jpg

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

71624d45ed9c87b1b1acd42b80506ea751460000345ce5ba04c39c4542bdd517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-94524593687,FD-65276690465,P-3911692,FLS-ALL
x-amz-request-id: BXPFBN88DZBM5QEK
x-amz-server-side-encryption: AES256
edge-cache-tag: F-94524593687,FD-65276690465,P-3911692,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
etag: "02608e8a6af0ae54b9e5783e89b5b28c"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/jpeg
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1670443557254
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
date: Mon, 20 Feb 2023 11:01:57 GMT
strict-transport-security: max-age=31536000
via: 1.1 298295dc49d01ca277aeb7439bbb326e.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: Pk.UU_.a4oFpMfd4zdGBN15ygKQ2kCt7
x-amz-cf-pop: MXP64-C2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-94524593687,FD-65276690465,P-3911692,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 70984
x-amz-id-2: x7HnteEFR/ePnwrr56FCVGi5ZJmNwsFwKjshQl+Y2Pe6b5K5DSwEHOJ4lH19ACwdeyPGkasADRw3MdDqb6p+xV8rqnJuWXDsv0VcRiTq7KE=
last-modified: Wed, 07 Dec 2022 20:05:58 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Pce1Etuoo3eNgkBUXFTELODPU3FaU8RGvXGLN59h0EGZp%2BdsxafTS1pDvKYLKpfZxXbzd8OE1RzIAu64%2BJCJTYUJXd0Fob%2B9x4726GFEY6aqYK8M6CbMbIbNDVb7r%2B%2FOhL5DfxMGM5R7Lw0I5JA%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 79c6bf42288e9b98-FRA
x-amz-cf-id: XEwYbKj6KKw7t8HC9YPU5FY6ipAPrFPUAToSpVE8M7vwduHKQIHdlA==

GET
H2 200 visuelt-black.woff2
3911692.fs1.hubspotusercontent-na1.net/hubfs/3911692/HT_2021/fonts/Visuelt/ 28 KB
28 KB 258ms
173ms Font
application/font-woff2 2606:4700:4400::ac40:9ad8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://3911692.fs1.hubspotusercontent-na1.net/hubfs/3911692/HT_2021/fonts/Visuelt/visuelt-black.woff2
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/hs-fs/hub/3911692/hub_generated/template_assets/37640723000/1675790605104/HL_Theme_2021/Coded_Files/pwr.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9ad8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b990552df973348baaa61af6a11d527c465edb14339f38e25d112b2a1a72ab0e

Request headers

Referer: https://www.huntress.com/
Origin: https://www.huntress.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-38492600914,FD-38492172814,P-3911692,FLS-ALL
age: 695108
x-amz-request-id: PZWYRXVHBNAC854P
x-amz-server-side-encryption: AES256
edge-cache-tag: F-38492600914,FD-38492172814,P-3911692,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
etag: "80407703322249fe13bbef5596e9e414"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1607408610505
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
date: Mon, 20 Feb 2023 11:01:56 GMT
via: 1.1 837a869ba82f4a85a2e5810b11746698.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-version-id: zgv.hEhHVdSF2XuwUP4L0JY36hLML11L
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-38492600914,FD-38492172814,P-3911692,FLS-ALL
x-amz-meta-index-tag: all
content-length: 28504
x-amz-id-2: GPXroITN990TEpZm2/mzn3WN8azVn8oCRZtfcvJJdS2YS556h1avWmfj5QVslZkdWWWb/o6GeNY=
last-modified: Tue, 08 Dec 2020 06:23:31 GMT
server: cloudflare
accept-ranges: bytes
cf-ray: 79c6bf42be442c6e-FRA
x-amz-cf-id: gwTLupqCJv7tkFe5Foj-YfxlFMfM649OT-2nEPbpY6OR8K_4kmiviA==

GET
H2 200 HKNova-Bold.woff2
3911692.fs1.hubspotusercontent-na1.net/hubfs/3911692/HT_2021/fonts/HK_Nova/ 33 KB
33 KB 224ms
139ms Font
application/font-woff2 2606:4700:4400::ac40:9ad8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://3911692.fs1.hubspotusercontent-na1.net/hubfs/3911692/HT_2021/fonts/HK_Nova/HKNova-Bold.woff2
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/hs-fs/hub/3911692/hub_generated/template_assets/37640723000/1675790605104/HL_Theme_2021/Coded_Files/pwr.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9ad8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bfe056293886177b09ff745622e1ed914c80210571ba1c1f357e26f2a456cc10

Request headers

Referer: https://www.huntress.com/
Origin: https://www.huntress.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-38491499045,FD-38491499040,P-3911692,FLS-ALL
age: 654867
x-amz-request-id: FWBT7JDDQREP8YV4
x-amz-server-side-encryption: AES256
edge-cache-tag: F-38491499045,FD-38491499040,P-3911692,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
etag: "c70ef2ebf7b362a95b0a872d29d0ecda"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1607406808193
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
date: Mon, 20 Feb 2023 11:01:56 GMT
via: 1.1 d3039ad83798b26ecb9f9f1e666afe26.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-version-id: HksL4GZhEqXLWJawp7ng3VY8IqbEzeqn
x-amz-cf-pop: FRA6-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-38491499045,FD-38491499040,P-3911692,FLS-ALL
x-amz-meta-index-tag: all
content-length: 33624
x-amz-id-2: r2KfAnJ3Q7OmMxmIACbUSsN8ENYdmo7ws4S/mSYOdAXoTF2Dpz0/Qj/1GgTQsfvF8DOonROIg4g=
last-modified: Tue, 08 Dec 2020 05:53:29 GMT
server: cloudflare
accept-ranges: bytes
cf-ray: 79c6bf42be492c6e-FRA
x-amz-cf-id: pLnx7pMPINCn3z8iqH7hGh64H2ITuBWxrkpZHOtPsOAke-MJznMnlA==

GET
H2 200 v.gif
dev.visualwebsiteoptimizer.com/ 35 B
214 B 129ms
129ms Image
image/gif 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=620982&d=huntress.com&u=DAB0CEBEBA3BC2449C01988AFDB7FA6D7&h=118747ab73145a29d8ca582556938614&t=false&r=0.5285401475507867

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

137.102.96.34.bc.googleusercontent.com

Software

gnv3c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Feb 2023 11:01:56 GMT
via: 1.1 google
x-content-type-options: nosniff
server: gnv3c
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 10 Jan 2005 00:00:01 GMT

OPTIONS
H2 200 tp2
webhooks.fivetran.com/snowplow/326b5e9f-b03b-4ea3-894f-c545305b3241/com.snowplowanalytics.snowplow/ Frame 0
0 153ms
41ms Preflight
application/json 34.159.227.151
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://webhooks.fivetran.com/snowplow/326b5e9f-b03b-4ea3-894f-c545305b3241/com.snowplowanalytics.snowplow/tp2

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.159.227.151 Frankfurt am Main, Germany, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

151.227.159.34.bc.googleusercontent.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.huntress.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, HEAD, OPTIONS
access-control-allow-origin: https://www.huntress.com
content-length: 0
content-type: application/json
date: Mon, 20 Feb 2023 11:01:56 GMT
strict-transport-security: max-age=15724800; includeSubDomains
vary: Origin

POST
H2 200 tp2 Show response
webhooks.fivetran.com/snowplow/326b5e9f-b03b-4ea3-894f-c545305b3241/com.snowplowanalytics.snowplow/ 53 B
325 B 435ms
354ms XHR
application/json 34.159.227.151
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://webhooks.fivetran.com/snowplow/326b5e9f-b03b-4ea3-894f-c545305b3241/com.snowplowanalytics.snowplow/tp2

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/snowplow/sp-js-assets@2.15.0/sp.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.159.227.151 Frankfurt am Main, Germany, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

151.227.159.34.bc.googleusercontent.com

Software

Resource Hash

4081a5f270ace3305571b8f393e20c3a50141d103fb6fced35cf64d5182c2cd2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

date: Mon, 20 Feb 2023 11:01:56 GMT
strict-transport-security: max-age=15724800; includeSubDomains
vary: Origin
access-control-allow-methods: GET, POST, HEAD, OPTIONS
content-type: application/json
access-control-allow-origin: https://www.huntress.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 53

GET
H2 200 r Show response
scout.salesloft.com/ 41 B
404 B 411ms
118ms XHR
application/json 3.228.174.83
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://scout.salesloft.com/r?tid=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0IjoxMDc1MzJ9.cEH1s6yztON1Ehgx-719N-kMH0OD6S-0URMdFL8pAP0

Requested by

Host: scout-cdn.salesloft.com
URL: https://scout-cdn.salesloft.com/sl.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.228.174.83 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-228-174-83.compute-1.amazonaws.com

Software

Resource Hash

b37678e2c4e8452e51ee8902e176d670941b72bc06eaeeb951360f96322c6921

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains, max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 11:01:56 GMT
strict-transport-security: max-age=15724800; includeSubDomains, max-age=31536000; includeSubDomains
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.huntress.com
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
content-length: 41
x-request-id: 50f82fcc2b63750cac3306f8eb52085e

GET
H2 200 moatframe.js Show response
z.moatads.com/addthismoatframe568911941483/ 2 KB
1 KB 182ms
50ms Script
application/x-javascript 23.203.125.127
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.203.125.127 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-203-125-127.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

unused62: 8096267
date: Mon, 20 Feb 2023 11:01:56 GMT
content-encoding: gzip
last-modified: Fri, 08 Nov 2019 20:13:52 GMT
server: AmazonS3
x-amz-request-id: 3DA20F33DFB043F4
etag: "f14b4e1f799b14f798a195f43cf58376"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=33270
accept-ranges: bytes
content-length: 948
x-amz-id-2: g7+QTkfgFpKXdjIV1ns3PedgNVHG4mi9TLupYfjziOmGieTRD5DTu0V21U3C4oqBbTG5njMGxL0=

GET
H3 200 BlogHeader-ResponsetoIncidents-Threat-Advisory_-Qakbot-Activity-Is-Rising.jpg
www.huntress.com/hs-fs/hubfs/Blog%20and%20Social%20Headers%20%28From%202-1-22%29/ 9 KB
10 KB 64ms
64ms Image
image/jpeg 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.huntress.com/hs-fs/hubfs/Blog%20and%20Social%20Headers%20%28From%202-1-22%29/BlogHeader-ResponsetoIncidents-Threat-Advisory_-Qakbot-Activity-Is-Rising.jpg?width=600&name=BlogHeader-ResponsetoIncidents-Threat-Advisory_-Qakbot-Activity-Is-Rising.jpg

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f4c53d2bc8357954009bac8b149d15268c4388165231e4a0418f08ff72cb0bb0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 11:01:56 GMT
strict-transport-security: max-age=31536000
via: 1.1 ea3bfccd683c652cb849f6ec1b5606a4.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 79646
x-amz-cf-pop: IAD89-P1
cf-polished: degrade=85, origSize=10658, status=vary_header_present
x-amz-server-side-encryption: AES256
edge-cache-tag: F-94526611211,FD-65276690465,P-3911692,FLS-ALL
cache-tag: F-94526611211,FD-65276690465,P-3911692,FLS-ALL
x-amz-storage-class: INTELLIGENT_TIERING
x-cache: RefreshHit from cloudfront
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 9587
last-modified: Wed, 08 Feb 2023 19:05:53 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "1de58344582be970cf03896e7ea875b9"
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZScGZ6p%2BaEGsr0MKOaG8ymXHest%2F6mWbKetkeeR8andYTszDFcacPwHkRqp0lxi4OVsB8sXP2U%2Be5YYAYQRUbJnmQ8bkA9L1me4krgJnBlDn4X6jAIGilpoaeWELDvZB73h9NgL0RVsXFGv7KLE%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 79c6bf446cf19b98-FRA
x-amz-cf-id: 1TxNf0knPyvXJHLCQJVg40uWW7lW4vY8DWgB0-R9qDVQ_luEI0RiDQ==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H3 200 BlogHeader-ResponsetoIncidents-New-0-Day-Vulnerabilities-Found-in-Microsoft-Exchange.jpg
www.huntress.com/hs-fs/hubfs/Blog%20and%20Social%20Headers%20%28From%202-1-22%29/ 8 KB
9 KB 65ms
64ms Image
image/jpeg 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.huntress.com/hs-fs/hubfs/Blog%20and%20Social%20Headers%20%28From%202-1-22%29/BlogHeader-ResponsetoIncidents-New-0-Day-Vulnerabilities-Found-in-Microsoft-Exchange.jpg?width=600&name=BlogHeader-ResponsetoIncidents-New-0-Day-Vulnerabilities-Found-in-Microsoft-Exchange.jpg

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

befe169340184b6f7c0b8a6b17c3af4a00d621091666d84a8f640be02acd45aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 11:01:56 GMT
strict-transport-security: max-age=31536000
via: 1.1 349b149961d8d2361c29d4be4b5847f2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 79646
x-amz-cf-pop: IAD89-P1
cf-polished: degrade=85, origSize=9986, status=vary_header_present
x-amz-server-side-encryption: AES256
edge-cache-tag: F-94526577015,FD-65276690465,P-3911692,FLS-ALL
cache-tag: F-94526577015,FD-65276690465,P-3911692,FLS-ALL
x-amz-storage-class: INTELLIGENT_TIERING
x-cache: RefreshHit from cloudfront
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 8614
last-modified: Wed, 08 Feb 2023 19:05:55 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "c4b8f6fa89d6b460e138bb0a3436e399"
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8E6yvZxiZDGd2qgSg3DqWOTBKRv44Sx5binkyX4wwgbMnz46JOIzhliT3r8RhJ0pDmELoK9QgLZwauc5Q%2BnL819xyyznDog59Jcy9hw04kTKf2EILSs%2FUjAehNkZJ7fDdFld%2BSac2548Vei2Sbg%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 79c6bf446cf49b98-FRA
x-amz-cf-id: flCTZcUCuU06lV8wrTgyFaThZdOvEYjhIRU_6KMAqS1-w4_akS3M2Q==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H3 200 BlogHeader-ResponsetoIncidents-MSPBeeper.jpg
www.huntress.com/hs-fs/hubfs/Blog%20and%20Social%20Headers%20%28From%202-1-22%29/ 5 KB
6 KB 67ms
66ms Image
image/jpeg 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.huntress.com/hs-fs/hubfs/Blog%20and%20Social%20Headers%20%28From%202-1-22%29/BlogHeader-ResponsetoIncidents-MSPBeeper.jpg?width=600&name=BlogHeader-ResponsetoIncidents-MSPBeeper.jpg

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f4c21141558eb53b32e1aff9658182db74f97c0ce4b34be06764dd8b567e3a09

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 11:01:56 GMT
strict-transport-security: max-age=31536000
via: 1.1 de349bd2105a0a744704f391ff854e62.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 79646
x-amz-cf-pop: IAD89-P1
cf-polished: degrade=85, origSize=7482, status=vary_header_present
x-amz-server-side-encryption: AES256
edge-cache-tag: F-94526849617,FD-65276690465,P-3911692,FLS-ALL
cache-tag: F-94526849617,FD-65276690465,P-3911692,FLS-ALL
x-amz-storage-class: INTELLIGENT_TIERING
x-cache: RefreshHit from cloudfront
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5576
last-modified: Wed, 08 Feb 2023 19:05:53 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "a13ac4b01ebe2c8a58ccf9359487123e"
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gkPxRgoIg%2B949FoVMTou%2F9HeeimK6RN67EwpikL5VBFR1ogpqqg5FbekY43HohPeCgVJXctiHE7LznCm2zUBIsCcVl28xzsxyZy4ee%2F8hxLL2prs3uYIPblSZleBegEzH08eBdOhUnNKkzTqtLM%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 79c6bf446cf99b98-FRA
x-amz-cf-id: aOPYlZuMi4FtkiZ0jOMKzBIEUTTCV_B67SaONuSnv4ZLxP_aqRIK0A==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H3 200 image%20(8).png
www.huntress.com/hs-fs/hubfs/ 4 KB
5 KB 361ms
360ms Image
image/png 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.huntress.com/hs-fs/hubfs/image%20(8).png?width=615&name=image%20(8).png

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

464e2fc6a6a58ecd632343beafeacd8d81304f0cb9229e2c122b7078e61184d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
edge-cache-tag: F-76359315499,P-3911692,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
etag: "b8a92805c39d6cb46a122e3018cf008c"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1655238856756
content-type: image/png
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
date: Mon, 20 Feb 2023 11:01:56 GMT
strict-transport-security: max-age=31536000
via: 1.1 4ee1745ee3cece0fab563f5a32ba165a.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-P1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-76359315499,P-3911692,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3818
last-modified: Tue, 14 Jun 2022 20:34:17 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tPGAE9URsWXkcKMiVVZPPAs1TxFPvaR8Zuoqh8bhgMfCiXPg3d2TKxq4A9Zonk0aFvfx90Mu5gR7qpoEmRjhJKRv73ewuraKFK7roj3XAk6VfWOF1AjFDfnnHkswxhq1AtAv7zTrH%2FYBcPOo5hM%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 79c6bf448d459b98-FRA
x-amz-cf-id: CyboEJnMriF1N5wT1WcgROHbo171PaoZXNBwmgnJ6Mh7Tddod8KE4A==

GET
H3 200 image%20(7)-1.png
www.huntress.com/hs-fs/hubfs/ 38 KB
39 KB 723ms
722ms Image
image/png 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.huntress.com/hs-fs/hubfs/image%20(7)-1.png?width=800&name=image%20(7)-1.png

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

97a21e677e3cc98d50e48f3366fcd077421a8884f7b9f034106fba0ba0ae8547

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 11:01:57 GMT
strict-transport-security: max-age=31536000
via: 1.1 7afe17509cf46af31fd4ba3c3d932fa6.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
edge-cache-tag: F-76359263555,P-3911692,FLS-ALL
cache-tag: F-76359263555,P-3911692,FLS-ALL
x-amz-storage-class: INTELLIGENT_TIERING
x-cache: RefreshHit from cloudfront
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 38742
last-modified: Sat, 11 Feb 2023 04:17:38 GMT
server: cloudflare
etag: "77912d7d2bd1ab3db314e40ccafbfa0f"
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BCyLp1eBaozeTWUcsbsLiW2GCLBIX%2BCmukys25IPXk3cbUmeabfGwuYtWgFHZWJTM7x4yBWpK%2FBVaImoTWZzLsFQZRmPTdSxb2lkZXQC46XN%2FIICemzBAQVkLSuqw6qikeKfqtBJab%2BRmMJPfOQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 79c6bf448d4e9b98-FRA
x-amz-cf-id: qNX4iCx0r6AucwPncQtb1QvApbW3IB6s0nW5DzB2KZN_QHoRCFn3mg==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H3 200 image%20(9).png
www.huntress.com/hs-fs/hubfs/ 126 KB
127 KB 385ms
384ms Image
image/png 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.huntress.com/hs-fs/hubfs/image%20(9).png?width=800&name=image%20(9).png

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

9eef5968b3993825ea9fdc75650e1b9f5203f6318ca8a0545c7f0a7fe688d8cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 11:01:56 GMT
strict-transport-security: max-age=31536000
via: 1.1 6f3546b6b501aaa8c1b4750231158188.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
edge-cache-tag: F-76359263556,P-3911692,FLS-ALL
cache-tag: F-76359263556,P-3911692,FLS-ALL
x-amz-storage-class: INTELLIGENT_TIERING
x-cache: RefreshHit from cloudfront
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 128753
last-modified: Wed, 01 Feb 2023 04:16:22 GMT
server: cloudflare
etag: "f7c235474d5af85c3cb7cf6929827ac6"
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7lSW4zYUOO%2FIRcOSRgGMh3WvIfW91JSjnok7O91ybhOYZegyjrul7kxWH8VEduSfLffwti0UHvkkWclFCeH1eJCJiy2j0B%2FL9Ue3nSZDz3TlT9fsp%2BOX5AQiCt5tnVIUPh0NFgHw2iR3yvSCvgU%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 79c6bf448d529b98-FRA
x-amz-cf-id: ZL8-xSbFQ4eNZBZSeWfkiluKis4ONWy5eu6kApySY7WSkz3I0avGQw==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H3 200 AGk0z-Nw863bCoqJyqzHawiKjw85aE9B9niLdyjI8nP81oRTrKc3jO2Nc8LQJsFb1HBEWOTC3ARSMY2bdKpAWlse1ZI3UO7LLPrsOmzH8A8=s940.png
www.huntress.com/hs-fs/hubfs/Imported%20sitepage%20images/ 130 KB
131 KB 1325ms
1324ms Image
image/png 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.huntress.com/hs-fs/hubfs/Imported%20sitepage%20images/AGk0z-Nw863bCoqJyqzHawiKjw85aE9B9niLdyjI8nP81oRTrKc3jO2Nc8LQJsFb1HBEWOTC3ARSMY2bdKpAWlse1ZI3UO7LLPrsOmzH8A8=s940.png?width=800&name=AGk0z-Nw863bCoqJyqzHawiKjw85aE9B9niLdyjI8nP81oRTrKc3jO2Nc8LQJsFb1HBEWOTC3ARSMY2bdKpAWlse1ZI3UO7LLPrsOmzH8A8=s940.png

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ffd3290983e63657569cb2975f17d7e3081c76a99803b69fb691bad608d563ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-74852991414,FD-74854980023,P-3911692,FLS-ALL
x-amz-request-id: 52073QHXZA4FTX3Q
x-amz-server-side-encryption: AES256
edge-cache-tag: F-74852991414,FD-74854980023,P-3911692,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
etag: "628672b4bb3bc1cdcc09d7451d91cb87"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1653902142240
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
date: Mon, 20 Feb 2023 11:01:57 GMT
strict-transport-security: max-age=31536000
via: 1.1 9de65abaae1c9efde396060d6fa80946.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: xTTnfB3IlwJkere8XPfUiXqahGRWAFKD
x-amz-cf-pop: MXP64-C2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-74852991414,FD-74854980023,P-3911692,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 133352
x-amz-id-2: zdCqgunlA+W63uUcKgNx6F5EReNXIpXezb0tgFKl15qGeDFutbLTRKulwGMcOuifXRuXLK5tkvo=
last-modified: Mon, 30 May 2022 09:15:43 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cS3clDbMoUujKdo3yp%2BBFMis3347d8MNTvpsbTC7jRqWE0NAFEkWHsNPpSGAB337zkyhfhTXUiuAUwk23Z29IjAEtHJfzvgNliISDHR3JOeiQzy3jIzWNiXn4gSrU4JZhM7sXS0jpwtjbExmHNU%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 79c6bf448d549b98-FRA
x-amz-cf-id: 7q8IdXlFVx7L-alsO-COB0fzyrVVapWZl94OvNIX__kWUYDmF--Vfw==

GET
H3 200 AGk0z-Mh2jUKtAL6bGu7KnQBIxCBYLzG96FJhvWysAiXJhfMjqPJhB55rQrc-ObOELbgQ6YMcXD5LX4SS-1aoqsRsx-Rt_cfslfz151U1FA=s1600.png
www.huntress.com/hs-fs/hubfs/Imported%20sitepage%20images/ 200 KB
201 KB 414ms
412ms Image
image/png 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.huntress.com/hs-fs/hubfs/Imported%20sitepage%20images/AGk0z-Mh2jUKtAL6bGu7KnQBIxCBYLzG96FJhvWysAiXJhfMjqPJhB55rQrc-ObOELbgQ6YMcXD5LX4SS-1aoqsRsx-Rt_cfslfz151U1FA=s1600.png?width=800&name=AGk0z-Mh2jUKtAL6bGu7KnQBIxCBYLzG96FJhvWysAiXJhfMjqPJhB55rQrc-ObOELbgQ6YMcXD5LX4SS-1aoqsRsx-Rt_cfslfz151U1FA=s1600.png

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

6367797d0dc1677ddd5fb92b277ca6665884bc9e985daea0ba5fef4128d25d81

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 11:01:56 GMT
strict-transport-security: max-age=31536000
via: 1.1 8c1cde7cef0a6f5dc839234d2bb2bca4.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
edge-cache-tag: F-74853078801,FD-74854980023,P-3911692,FLS-ALL
cache-tag: F-74853078801,FD-74854980023,P-3911692,FLS-ALL
x-amz-storage-class: INTELLIGENT_TIERING
x-cache: RefreshHit from cloudfront
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 205245
last-modified: Wed, 01 Feb 2023 04:16:23 GMT
server: cloudflare
etag: "2ccb714563f627ee825fa8f15c2545ef"
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YI5rFbQWInFcoxMaPzUHm28CcQDz5Xgrlzq8vxJrLtGIdzDfqetn6%2BDpOCdMWOXQctMcukdsF0TYf9hqIZeoyWEizdxm%2FjNdujlyYid6ud0qi7m%2FH0b8KP%2F6OT9Gsmsq82pxESpLnE8DqswAMPw%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 79c6bf448d579b98-FRA
x-amz-cf-id: ZrwTKDFoBRQARJCaWR_2rnIY61-HObf5DX6MuxKztNP4JNllW-qgKQ==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H3 200 AGk0z-NzyeIhzJVD1QdOetaZ2sUrDFl6qNPO5AcWdKj6sBXrxC1e42aj2wED0QUnClPyvP-YY18KALWbKqCziwpSJPvjiWCn5F0q_JbyLQc=s1592.png
www.huntress.com/hs-fs/hubfs/Imported%20sitepage%20images/ 59 KB
61 KB 1334ms
1332ms Image
image/png 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.huntress.com/hs-fs/hubfs/Imported%20sitepage%20images/AGk0z-NzyeIhzJVD1QdOetaZ2sUrDFl6qNPO5AcWdKj6sBXrxC1e42aj2wED0QUnClPyvP-YY18KALWbKqCziwpSJPvjiWCn5F0q_JbyLQc=s1592.png?width=800&name=AGk0z-NzyeIhzJVD1QdOetaZ2sUrDFl6qNPO5AcWdKj6sBXrxC1e42aj2wED0QUnClPyvP-YY18KALWbKqCziwpSJPvjiWCn5F0q_JbyLQc=s1592.png

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f6edb4cb08f774d4177f05d4528784b7e40a4039ca43e7a38eb2b2df0b35beb5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-74852991609,FD-74854980023,P-3911692,FLS-ALL
x-amz-request-id: ZJD0C1TMABB94RH9
x-amz-server-side-encryption: AES256
edge-cache-tag: F-74852991609,FD-74854980023,P-3911692,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
etag: "accf7f30242ee5ec73adbdb93d762755"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1653902260158
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
date: Mon, 20 Feb 2023 11:01:57 GMT
strict-transport-security: max-age=31536000
via: 1.1 71d15e4317f9ba4644f6c17f42ef94c8.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: E1qk1s_IGf8_Iwsjtgeg7PsUAOJ28ztj
x-amz-cf-pop: MXP64-C2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-74852991609,FD-74854980023,P-3911692,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 60762
x-amz-id-2: uW5PpohsIObS90mdTyIWn3XfiJHeBzWgIu0chBQm5wG9Cs524LY/ugSIjAv+9dDKExy1MJSUEWl8/MjiqQGpfQ==
last-modified: Mon, 30 May 2022 09:17:41 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Uf5fJ26XSpGnafbkFZsCnR%2BYo1WWaMokeOWoivRk5kadY6OX7TS8mnyGftWPYh5DNTT5oKqY0LUYAd%2B7yNysiIFUy8d37yqhpGODcw17PFvMuSvVjMS98BnvauQ6efKQTXckWJCwh5sJIl02JEk%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 79c6bf448d599b98-FRA
x-amz-cf-id: pawscwXNdpLMWETtSZOXkUSi8UszjQwriuXaeoqDCzVGaScmuo6lDA==

GET
H3 200 AGk0z-MJoFmNdQJPwfxEz5YrwtbzKby74JE1PYdd2HNcbRZkFnm9kxt36GHjiocX_zFwUoeOypcH-KE7wjK27CVOSvLzjI2pWqVWHyPWE1c=s1600.png
www.huntress.com/hs-fs/hubfs/Imported%20sitepage%20images/ 295 KB
296 KB 523ms
522ms Image
image/png 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.huntress.com/hs-fs/hubfs/Imported%20sitepage%20images/AGk0z-MJoFmNdQJPwfxEz5YrwtbzKby74JE1PYdd2HNcbRZkFnm9kxt36GHjiocX_zFwUoeOypcH-KE7wjK27CVOSvLzjI2pWqVWHyPWE1c=s1600.png?width=800&name=AGk0z-MJoFmNdQJPwfxEz5YrwtbzKby74JE1PYdd2HNcbRZkFnm9kxt36GHjiocX_zFwUoeOypcH-KE7wjK27CVOSvLzjI2pWqVWHyPWE1c=s1600.png

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

02ca0ee56fefe22d07b21a83aebcd2d0ae92206010f4eb744d234e364bfc2a0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 11:01:57 GMT
strict-transport-security: max-age=31536000
via: 1.1 de349bd2105a0a744704f391ff854e62.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
edge-cache-tag: F-74853078944,FD-74854980023,P-3911692,FLS-ALL
cache-tag: F-74853078944,FD-74854980023,P-3911692,FLS-ALL
x-amz-storage-class: INTELLIGENT_TIERING
x-cache: RefreshHit from cloudfront
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 302074
last-modified: Fri, 17 Feb 2023 06:29:44 GMT
server: cloudflare
etag: "3fc408ab11fcacadac2882f51bc65b6d"
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZSSBJuLaDr0yU8WIyQVKL2wl8zl72Q2OALmczM68XWZMxd4Jxjg7UrRgg6HfBrkHIIdDszS%2F%2Be702rXWRd3itdVyM1VGjmcSzLZ7F4OUxYhpNpg948N234HaONA0fG4l5q3VejmE8PsNxGmEyXM%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 79c6bf448d5c9b98-FRA
x-amz-cf-id: Fq1HrtutH6dRxYHRZYxbsvpnLPiaJvNvAPPI5tVcgjXCOhwD4Pcomg==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 i Show response
scout.salesloft.com/ 48 B
510 B 119ms
118ms XHR
application/json 3.228.174.83
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://scout.salesloft.com/i

Requested by

Host: scout-cdn.salesloft.com
URL: https://scout-cdn.salesloft.com/sl.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.228.174.83 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-228-174-83.compute-1.amazonaws.com

Software

Resource Hash

14b9d4a7bdfcd031c78de6cc66d164177b74a2535e7e33505e7944cba6b0eaa9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains, max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 11:01:56 GMT
strict-transport-security: max-age=15724800; includeSubDomains, max-age=31536000; includeSubDomains
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.huntress.com
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
content-length: 48
x-request-id: ca40ed0bd3a0e41c2f232a7463e99de2

GET
H3 200 json Show response
www.huntress.com/_hcms/forms/embed/v3/form/3911692/196be66c-f1bb-4156-af05-2952954526cd/ 8 KB
3 KB 182ms
182ms XHR
application/json 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/_hcms/forms/embed/v3/form/3911692/196be66c-f1bb-4156-af05-2952954526cd/json?hs_static_app=forms-embed&hs_static_app_version=1.2715&X-HubSpot-Static-App-Info=forms-embed-1.2715

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/_hcms/forms/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

67e79e4f07cc3705082f36298cb3f5983818b15aa1262cb899247f187a041baf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-origin-hublet: na1
date: Mon, 20 Feb 2023 11:01:57 GMT
strict-transport-security: max-age=31536000
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 950b046e-5e84-406f-b049-e5cc3d1765bb
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
x-trace: 2B1520ABC58FCCA803F4FA2496299A4B9E4AAE9632000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-max-age: 180
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q0J7V21ZJhU%2FG4HhzfyFt0Ml327cDY9IG3CzfGQ5yR4hFUsP871y3xlghUPKOxLQu2H%2BUzBdo%2FpG6TRJR4Yt3QkK6O8LPWg3fQofKmx1DtQbSUku4n22kymXPoASK9OZkT9ecbFXT7CRb%2B1h1bE%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
cf-ray: 79c6bf471b399b98-FRA
access-control-allow-headers: *
x-robots-tag: none

GET
H2 200 hotjar-2159185.js Show response
static.hotjar.com/c/ 9 KB
4 KB 214ms
81ms Script
application/javascript 108.138.7.127
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2159185.js?sv=6

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.7.127 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-127.fra56.r.cloudfront.net

Software

Resource Hash

45954f37cc341196e99e69d84099348fb90cf0c7e85205fe998120fcc170d238

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

strict-transport-security: max-age=2592000; includeSubDomains
content-encoding: br
x-content-type-options: nosniff
date: Mon, 20 Feb 2023 11:01:57 GMT
via: 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
etag: W/444778a864ea0417fe3ceaecb39ee87b
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
cache-control: max-age=60
cross-origin-resource-policy: cross-origin
x-amz-cf-id: s7LKHcNgBho2wfq74LkqDaFs9uRaFSeuuWTL59Z7tSsrHIQBqdbdlQ==

GET
H2 200 all.js Show response
connect.facebook.net/en_GB/ 3 KB
2 KB 126ms
42ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/all.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

8580cc55638003f38e5abbf4faf83a52f7beb53ffadbf32559304ea6e9af8d0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 20 Feb 2023 11:01:57 GMT
content-md5: 1UXlGKSzfH58h5xwZz85Cg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1686
x-fb-rlafr: 0
x-fb-debug: graiq7ads8LInEtsc9xmTsJ3U1c2Ehezr49YZyu2EW3JLcx4SSuSikbfFgSylACgFcbGCagIyRl/W4evbYtM9A==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-trip-id: 1679558926
x-fb-content-md5: 6d45025f69f8ac48d7d2607880708982
cross-origin-opener-policy: same-origin-allow-popups
etag: "bccac2fea86e4d07369f2d67bd601099"
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
x-frame-options: DENY
timing-allow-origin: *
priority: u=3,i
expires: Mon, 20 Feb 2023 11:11:24 GMT

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 91 KB
28 KB 613ms
111ms Script
application/javascript 2606:2800:220:de:468:2285:c1:4a3
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:de:468:2285:c1:4a3 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D14) /
Resource Hash: 392c9fa9cd1273a2a89d1a83a69cd1f63f21d1d55e7be21e1d8f51f25145668b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Mon, 20 Feb 2023 11:01:57 GMT
Content-Encoding: gzip
Age: 71
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 27630
x-amzn-internal-status: 304
Last-Modified: Tue, 24 Jan 2023 21:41:51 GMT
Server: ECS (nyb/1D14)
Etag: "9e99725b7a4cd730a934afba2a438bb5+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=1800

GET
H2 200 3911692.js Show response
js.hs-banner.com/ 60 KB
16 KB 548ms
448ms Script
text/javascript 2606:4700:4400::ac40:9a55
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/3911692.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/hs/scriptloader/3911692.js?businessUnitId=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9a55 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: db247da989b444145ac8089c0e67518ec866692e3a063d55fbd677e7b93247ee

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 11:01:57 GMT
x-amz-version-id: GasN4YO2MODTYKn1ZtY1Nq3iAObcATUn
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: EZA6FRD8DSMM8QVV
x-amz-server-side-encryption: AES256
x-amz-id-2: t4SOxrW/XvcYMveLM+i/bWx+FylE7Yt0Ks8BDiBN2cECPKcJUTUQuTB+2sS4l6th+XzQAIIJeSY=
last-modified: Wed, 01 Feb 2023 14:51:13 GMT
server: cloudflare
etag: W/"53dee976c8f9c15af4a730f04a4166ff"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.huntress.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300, public
access-control-allow-credentials: true
vary: origin, Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 79c6bf47cead9193-FRA
expires: Mon, 20 Feb 2023 11:06:57 GMT

GET
H2 200 3911692.js Show response
js.hs-analytics.net/analytics/1676890800000/ 65 KB
20 KB 300ms
202ms Script
text/javascript 2606:4700::6811:45b0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1676890800000/3911692.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/hs/scriptloader/3911692.js?businessUnitId=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:45b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9b40af42cca5275a22564ad742ddc4699f7dfd762cc03663a36850852ad65a3f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 11:01:57 GMT
x-amz-version-id: null
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: QG8JMQTN49TPJECA
x-amz-server-side-encryption: AES256
x-amz-id-2: fc5KsHVzQB3o0u2j31Kbd7QtCYiFP7bSwVu6IAMl6mDK48/tHXPenBTz16t/W+MVyu3cS6zlm0Y=
last-modified: Wed, 01 Feb 2023 14:51:12 GMT
server: cloudflare
etag: W/"30890c7c17e2bb3ba7d5a7d49f2b349f"
vary: origin, Accept-Encoding
content-type: text/javascript
cache-control: max-age=300, public
access-control-allow-credentials: false
cf-ray: 79c6bf47cbaebbc7-FRA
expires: Mon, 20 Feb 2023 11:06:57 GMT

GET
H2 200 leadflows.js Show response
js.hsleadflows.net/ 544 KB
87 KB 142ms
57ms Script
application/javascript 2606:4700::6811:e6cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hsleadflows.net/leadflows.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/hs/scriptloader/3911692.js?businessUnitId=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:e6cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fd43cd92e272c2e3872abd9559900116d85f2899e76c00015c59360060bcf062

Request headers

Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Origin: https://www.huntress.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 11:01:57 GMT
x-amz-version-id: 9g41IgVIr3w9wyiFOHn4rgapkQc72OJD
via: 1.1 29e51fc5bac0897053e2f02edda4aecc.cloudfront.net (CloudFront)
cf-cache-status: HIT
content-encoding: br
x-amz-cf-pop: IAD55-P5
age: 70075
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=lead-flows-js/static-1.1134/bundle/main/lead-flows-release.js&cfRay=79c0107b3b1735e2-IAD
x-cache: Hit from cloudfront
cache-tag: staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
x-amz-replication-status: COMPLETED
last-modified: Thu, 02 Feb 2023 01:26:06 UTC
server: cloudflare
etag: W/"998dfd36d3c4078a3a05a1a77e61963c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-hs-cache-status: MISS
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
cache-control: s-maxage=86400, max-age=0
cf-ray: 79c6bf47ac04365f-FRA
x-amz-cf-id: MToJCH8AjZTSLiECZIhnr2fBcteV1bvZjjFpdSHrTap-rn28eZJ7eA==
x-hs-target-asset: lead-flows-js/static-1.1134/bundle/main/lead-flows-release.js

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 6 KB
3 KB 155ms
52ms Script
application/javascript 2606:4700::6811:74b0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hsadspixel.net/fb.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/hs/scriptloader/3911692.js?businessUnitId=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:74b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f7455fff3d4e08245186e113636f69cbc44679bdf8870de5e4fd9a835e3d2e93

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 11:01:57 GMT
x-amz-version-id: voeLZ8jD1qAOp4h9t0pVQ2YHSdN3ebgQ
via: 1.1 086e2cd5d94fa729de58c51b5666e0e4.cloudfront.net (CloudFront)
cf-cache-status: HIT
content-encoding: br
x-amz-cf-pop: IAD12-P1
age: 52
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=adsscriptloaderstatic/static-1.317/bundles/pixels-release.js&cfRay=79c6be02debd9b76-IAD
x-cache: Hit from cloudfront
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
x-amz-replication-status: COMPLETED
last-modified: Tue, 31 Jan 2023 04:09:31 UTC
server: cloudflare
etag: W/"bde7af4ffd2c05ea8423271f767ebc69"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
cache-control: max-age=600
cf-ray: 79c6bf47ca499ba7-FRA
x-amz-cf-id: jhX1EmSPRIR5GaFFexNblDprOTqq_HtTsln-vsiW7D6IMOxHf0PZwQ==
x-hs-target-asset: adsscriptloaderstatic/static-1.317/bundles/pixels-release.js

GET
H2 200 collectedforms.js Show response
js.hscollectedforms.net/ 68 KB
25 KB 244ms
159ms Script
application/javascript 2606:4700::6811:80ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hscollectedforms.net/collectedforms.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/hs/scriptloader/3911692.js?businessUnitId=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:80ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 36b42aceb12f34135ce39544c6b143dbdd5690ee9a8809c49a3a37ba014bd200

Request headers

Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Origin: https://www.huntress.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 11:01:57 GMT
x-amz-version-id: SRrb.93sqm.lmAPDUKFHizePSATAJlo.
via: 1.1 309e9e958e8d35f7e17ae8ac267b7dea.cloudfront.net (CloudFront)
cf-cache-status: EXPIRED
content-encoding: br
x-amz-cf-pop: IAD12-P1
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=collected-forms-embed-js/static-1.315/bundles/project.js&cfRay=79c6bf47ac973611-IAD
x-cache: Hit from cloudfront
cache-tag: staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod
x-amz-replication-status: COMPLETED
last-modified: Tue, 07 Feb 2023 01:17:58 UTC
server: cloudflare
etag: W/"257b82c9f242c143eb09b6862e336a56"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-hs-cache-status: MISS
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
cache-control: s-maxage=600, max-age=300
cf-ray: 79c6bf47ac973611-FRA
x-amz-cf-id: 84Snj0iDMnFi6enw1HwAH7xt1XcZAJhbNUKCqsxYE8hDCevef2N5aQ==
x-hs-target-asset: collected-forms-embed-js/static-1.315/bundles/project.js

GET
H2 204 has-permission Show response
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 0
341 B 261ms
246ms Script
text/plain 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission?portalId=3911692&callback=jsonpHandler

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/hs/hsstatic/HubspotToolsMenu/static-1.154/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 11:01:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
x-hs-worker-debug-mode: false
server: cloudflare
x-hubspot-correlation-id: 1ee7772c-4ee3-477c-a33c-f0c1e813aeaf
x-trace: 2B4F62C3B67BF06E6F05AF3CA316B6B63B82A6D22F000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: GET
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://exceptions.hubspot.com/csp/reports"}]}
cache-control: max-age=0
access-control-allow-credentials: true
cf-ray: 79c6bf474d443630-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
reporting-endpoints: default="https://exceptions.hubspot.com/csp/reports?cfRay=79c6bf474d443630&resource=unknown"

GET
H2 200 _ate.track.config_resp Show response
v1.addthisedge.com/live/boost/YOUR_ID/ 27 B
207 B 96ms
70ms Script
application/javascript 23.62.220.135
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://v1.addthisedge.com/live/boost/YOUR_ID/_ate.track.config_resp
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.62.220.135 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-62-220-135.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 19a26d6046c4fcfe9e3efbc1fb7532f424c6b0b7590b9e193788e30bce8b9836

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 11:01:57 GMT
content-encoding: gzip
cache-control: public, max-age=7, s-maxage=86400
content-disposition: attachment; filename=1.txt
content-length: 47
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8

GET
H2 200 300lo.json Show response
m.addthis.com/live/red_lojson/ 90 B
250 B 244ms
220ms Script
application/javascript 23.62.220.135
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://m.addthis.com/live/red_lojson/300lo.json?si=63f35324ae117d2b&bkl=0&bl=1&pdt=753&sid=63f35324ae117d2b&pub=YOUR_ID&rev=v8.28.8-wp&ln=en&pc=men&cb=0&ab=-&dp=www.huntress.com&fp=blog%2Fmicrosoft-office-remote-code-execution-follina-msdt-bug&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&colc=1676890916972&jsl=1&uvs=63f35324804c4fe0000&skipb=1&callback=addthis.cbs.jsonp__415995145064823160
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.62.220.135 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-62-220-135.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe8a3821e540ac0dfe44547a958a8eb5c589372876a55a8c43212a1e88e4b2dd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Feb 2023 11:01:57 GMT
cache-control: max-age=0, no-cache, no-store, no-transform
content-disposition: attachment; filename=1.txt
content-length: 90
content-type: application/javascript;charset=utf-8

GET sh.f48a1a04fe8dbf021b4cda1d.html
s7.addthis.com/static/ Frame C908 0
0

GET
H2 200 sh.f48a1a04fe8dbf021b4cda1d.html Show response
s7.addthis.com/static/ Frame 9BB2 71 KB
26 KB 49ms
48ms Document
text/html 23.62.220.135
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.62.220.135 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-62-220-135.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

7b6bfa13f0778c40bb2a00af9819bea2f07afcb4d071e7e4f436196953a5db4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: public, max-age=86313600
content-encoding: gzip
content-length: 26421
content-type: text/html
date: Mon, 20 Feb 2023 11:01:57 GMT
etag: W/"5f971164-11adc"
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
p3p: CP="NON ADM OUR DEV IND COM STA"
server: nginx/1.15.8
strict-transport-security: max-age=15724800; includeSubDomains
timing-allow-origin: *
vary: Accept-Encoding
x-host: s7.addthis.com

GET
H2 200 cta-json Show response
cta-service-cms2.hubspot.com/ctas/v2/public/cs/ 3 KB
2 KB 226ms
215ms XHR
application/json 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/cta-json?canon=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fmicrosoft-office-remote-code-execution-follina-msdt-bug&pageId=74847633462&pid=3911692&sv=cta-embed-js-static-1.116&rdy=1&cos=1&df=t&pg=40e39240-8f28-4247-989e-af913fc5ff6d&pg=40e39240-8f28-4247-989e-af913fc5ff6d

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/hs/cta/cta/current.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

706d004aab08d74d28528fb66dc196b153781d7913de2cdd71118225bbc3b979

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-origin-hublet: na1
date: Mon, 20 Feb 2023 11:01:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: fae9e9b1-2391-4a84-b5e1-b4870c6b664a
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
x-trace: 2B5551DED8B8C610453476689D14FCC36206542DFF000000000000000000
vary: origin
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.huntress.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PngxkwHFKOgpP%2FbNdM6yCer7des5Be%2B1KrXjiIj8e1L3609HOpCc164V0TA9fN9HoPl8QkM2bFJsW9sekV%2FvIn8LB1S9dUS0vfRfVbIpQRjOiaIZkkq%2FWPwNw%2BEvCVroUThA2OCjawd3phhyawRB6sRWNn9KXD10xPg%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
access-control-max-age: 180
x-robots-tag: noindex, follow
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 79c6bf476d893630-FRA

GET
H3 200 all.js Show response
connect.facebook.net/en_GB/ 308 KB
86 KB 83ms
41ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/all.js?hash=aefd6a0d9e383e9d7604f3a23846ebb8

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_GB/all.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

552d629aece0fee1257c366f4d5d3fa7492aee5a9b92b527fb6543b53a59abb4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Origin: https://www.huntress.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 20 Feb 2023 11:01:57 GMT
content-md5: OGb0YxdytkrvLohQPFValA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 88353
x-fb-rlafr: 0
x-fb-debug: bReMbEUcUUJBxvCSlH62iwojolMc4jhI40NCouOpUqXQJJHo6+zm2vgJITldnL6WrxxEcg3RXjYVPmqO9cABcg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: ff6ef256e44d0077e21dc5b4bc20e47b
cross-origin-opener-policy: same-origin-allow-popups
etag: "074763de863c56e18c31ecfb192d0a80"
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
x-frame-options: DENY
timing-allow-origin: *
priority: u=3,i
expires: Tue, 20 Feb 2024 08:45:41 GMT

GET
H2 200 counters.gif
forms.hsforms.com/embed/v3/ 35 B
183 B 240ms
155ms Image
image/gif 2606:4700::6810:5605
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5605 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 11:01:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
server: cloudflare
x-hubspot-correlation-id: c75ebba1-4602-459c-91af-f230f405d48a
x-trace: 2B2BB956902DBECD80E9107D62375BF7129FFC0A2A000000000000000000
vary: origin
content-type: image/gif
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 79c6bf48de979b6a-FRA
content-length: 35
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
438 B 265ms
153ms Image
image/gif 2606:4700::6810:5505
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5505 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 11:01:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
server: cloudflare
x-hubspot-correlation-id: 2bf2babc-e087-458a-8193-dfda201f76ab
x-trace: 2B44B5D8C42A10E1F5353903CAFDB7FC0B8C39D43A000000000000000000
vary: origin
content-type: image/gif
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 79c6bf492badbba9-FRA
content-length: 35
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 modules.7659de6e9a796dae10e4.js Show response
script.hotjar.com/ 263 KB
67 KB 140ms
45ms Script
application/javascript 13.32.27.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.7659de6e9a796dae10e4.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2159185.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-107.fra56.r.cloudfront.net

Software

Resource Hash

673dd7296f7b2fc51cc430503be6c982706ef1d0fa1ec2ce3c05bec4bbf0044b

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 14:44:06 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 a23dafbbb9a61c77bda1d66d97f24e2e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
age: 332271
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 68524
last-modified: Thu, 16 Feb 2023 14:43:16 GMT
etag: "9896434e83f89e3cdb1a5ef8698a6247"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: mXdzuiY8rAj3v_9jPq35uYNDd-n5zX7mdoDwI2oX37sNec9eXwTKpQ==

GET
H3 200 cta-loaded.js Show response
www.huntress.com/hs/cta/ctas/v2/public/cs/ 0
844 B 189ms
188ms Script
text/plain 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=3911692&pg=40e39240-8f28-4247-989e-af913fc5ff6d&lt=1676890916158&dt=1676890916161&at=1676890917219&an=1

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/hs/cta/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-origin-hublet: na1
date: Mon, 20 Feb 2023 11:01:57 GMT
strict-transport-security: max-age=31536000
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: a001f4eb-ae85-4fde-9150-0e0c99c49aba
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 20 Feb 2023 11:01:57 GMT
server: cloudflare
x-trace: 2BFD739652813089A88B21BA69DE43393718B55BD2000000000000000000
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TQfb%2BaGFEAejsjSk3WVRi3sztCXBnucazVeABbTc5M7FOYscBwpc3G33SLizxmIPJJV3GZ7pw%2FnfOBimdru5KTyV5q%2BctV6hCuQBVE58D7xqbrp%2BylMVqtY3DhEEG8FgNyig56R0SHM%2FVCTOJy0%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
cf-ray: 79c6bf48bebe9b98-FRA
x-robots-tag: noindex, follow

GET
H3 200 cta-loaded.js Show response
www.huntress.com/hs/cta/ctas/v2/public/cs/ 0
842 B 174ms
173ms Script
text/plain 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=3911692&pg=40e39240-8f28-4247-989e-af913fc5ff6d&lt=1676890916158&dt=1676890916161&at=1676890917220&an=1

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/hs/cta/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-origin-hublet: na1
date: Mon, 20 Feb 2023 11:01:57 GMT
strict-transport-security: max-age=31536000
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: be66920f-b50c-4d9a-8f37-e4ab1952db59
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 20 Feb 2023 11:01:57 GMT
server: cloudflare
x-trace: 2B660837DB133340BD667F6040A95C36667D653B00000000000000000000
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mUNJkk%2B5GKRWVKGaFq0r02omu3BtHM6bMtyjcN2T3mFBckgoqlLsoh4vy88fM0nS%2B122MJiFn5t%2BfIFwRoljLfzFgkrr1nZtCYTuZQ7IhtUbt9B4z85JlAnafSengSC%2B8LCDdvAA2AEWPVlQ3rg%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
cf-ray: 79c6bf48cec29b98-FRA
x-robots-tag: noindex, follow

GET
H2 200 counters.gif
perf.hsforms.com/embed/v3/ 35 B
478 B 171ms
149ms Image
image/gif 2606:4700::6810:5605
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-json-success&value=1

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5605 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 11:01:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: MISS
x-hubspot-correlation-id: e1897a36-b37b-4e86-a846-608be2ec91e4
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 35
last-modified: Mon, 20 Feb 2023 11:01:57 GMT
server: cloudflare
x-trace: 2BD83C3699D5E0E8457309639768F6084C3402DD85000000000000000000
vary: origin, Accept-Encoding
content-type: image/gif
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: none
cf-ray: 79c6bf48ee9f9b6a-FRA

GET
H2 200 counters.gif
perf.hsforms.com/embed/v3/ 35 B
170 B 179ms
157ms Image
image/gif 2606:4700::6810:5605
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-render-success&value=1

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5605 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 11:01:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: MISS
x-hubspot-correlation-id: 1f0ea048-5bfb-4a3d-9b24-03040af95090
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 35
last-modified: Mon, 20 Feb 2023 11:01:57 GMT
server: cloudflare
x-trace: 2B98B82010671FB7F7B38A5C2DEA23B46FAA5B1213000000000000000000
vary: origin, Accept-Encoding
content-type: image/gif
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: none
cf-ray: 79c6bf48eea19b6a-FRA

GET
H2 200 json Show response
forms.hubspot.com/collected-forms/v1/config/ 115 B
1023 B 270ms
166ms XHR
application/json 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hubspot.com/collected-forms/v1/config/json?portalId=3911692&utk=

Requested by

Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5d247e1c2efc38a727967b2f5f9e99b961d0cbe2b0aa1ddcf170bd6933409403

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 11:01:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 78225fcf-1fff-4b8b-a784-237bad31c4e5
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
vary: origin
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.huntress.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c4I63o3fWiX%2F9YEB4z4UJZqpVxU%2FwZm9tGD5P1nq1uM%2Fs0chgYuL5mnSMqNqlxVlqqZg8pRHhyhvSGSa4XJX8Z9azByKgOLot1HK4FR5qbbEzfmPvq6f%2BS895ic2YVz62zx11o1inDfxeSPovNln"}],"group":"cf-nel","max_age":604800}
access-control-max-age: 180
access-control-allow-credentials: false
x-robots-tag: none
access-control-allow-headers: *
cf-ray: 79c6bf498b84bb7a-FRA

GET
H2 200 box-e031119f9e9e307a08fa610f85dbfb52.html Show response
vars.hotjar.com/ Frame CB60 2 KB
1 KB 151ms
44ms Document
text/html 18.66.147.113
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://vars.hotjar.com/box-e031119f9e9e307a08fa610f85dbfb52.html

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2159185.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.147.113 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-147-113.fra60.r.cloudfront.net

Software

Resource Hash

f92333a45b532bdb5248178674b041b1c35edfd33a55df48192256f0bfe49e4e

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1461111
cache-control: max-age=31536000
content-encoding: br
content-length: 1034
content-type: text/html
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 03 Feb 2023 13:10:06 GMT
etag: "112fdf47cdb80b9ce3d033ed09717460"
last-modified: Fri, 03 Feb 2023 13:09:45 GMT
strict-transport-security: max-age=2592000; includeSubDomains
vary: Accept-Encoding
via: 1.1 9c920cc684a38b53bc9c7a44ba794874.cloudfront.net (CloudFront)
x-amz-cf-id: 1TsJHmHRCOOKrmeDNllRPaQy4lZ2Xy_o97iuRbyPF26S78Wiy0MYug==
x-amz-cf-pop: FRA60-P4
x-cache: Hit from cloudfront
x-robots-tag: none

POST
H2 200 visit-data Show response
in.hotjar.com/api/v2/client/sites/2159185/ 148 B
323 B 203ms
63ms XHR
application/json 54.194.67.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.hotjar.com/api/v2/client/sites/2159185/visit-data?sv=6
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.7659de6e9a796dae10e4.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.194.67.126 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-194-67-126.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e06e9fa0c40a8cc645b697a45747eb06cb230ca0a48862a26847435d314ab228

Request headers

Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

date: Mon, 20 Feb 2023 11:01:57 GMT
content-encoding: br
vary: Accept-Encoding
access-control-max-age: 86400
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, no-store
access-control-allow-credentials: true

GET
H2 200 counters.gif
forms.hsforms.com/embed/v3/ 35 B
169 B 156ms
155ms Image
image/gif 2606:4700::6810:5605
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=4

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5605 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 11:01:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
server: cloudflare
x-hubspot-correlation-id: 438e86fc-19db-461c-a71f-ac3439a8c0bf
x-trace: 2B2C4441F6AD4A8182AD212350B9C21BB8DC6BBB3E000000000000000000
vary: origin
content-type: image/gif
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 79c6bf4aaa289b6a-FRA
content-length: 35
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

OPTIONS
H2 200 view
js.hs-banner.com/cookie-banner-public/v1/activity/ Frame 0
0 231ms
149ms Preflight
application/octet-stream 2606:4700:4400::ac40:9a55
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/cookie-banner-public/v1/activity/view
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9a55 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.huntress.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://www.huntress.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-max-age: 604800
cf-cache-status: DYNAMIC
cf-ray: 79c6bf4b2972995c-FRA
content-length: 0
content-type: application/octet-stream
date: Mon, 20 Feb 2023 11:01:57 GMT
server: cloudflare
timing-allow-origin: *
vary: origin

POST
H2 204 view Show response
js.hs-banner.com/cookie-banner-public/v1/activity/ 0
85 B 158ms
158ms XHR
text/plain 2606:4700:4400::ac40:9a55
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/cookie-banner-public/v1/activity/view
Requested by: Host: js.hs-banner.com
URL: https://js.hs-banner.com/3911692.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9a55 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 20 Feb 2023 11:01:57 GMT
cf-cache-status: DYNAMIC
server: cloudflare
x-hubspot-correlation-id: a60a182b-41cf-4944-80d5-7b81a2a7083a
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://www.huntress.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
vary: origin
access-control-allow-credentials: true
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 79c6bf4c1aee995c-FRA

GET
H/1.1 200
OK widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html Show response
platform.twitter.com/widgets/ Frame 7E7A 320 KB
104 KB 111ms
111ms Document
text/html 2606:2800:220:de:468:2285:c1:4a3
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html?origin=https%3A%2F%2Fwww.huntress.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:de:468:2285:c1:4a3 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D29) /
Resource Hash: 4002d65e95f94dc87ae8ad170eb8dbc3644921032ac76dcb376537d9304a6fbf

Request headers

Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 2294313
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 105435
Content-Type: text/html; charset=utf-8
Date: Mon, 20 Feb 2023 11:01:57 GMT
Etag: "95e1b50b0c179aefb47b5b211bb347b5+gzip"
Last-Modified: Tue, 24 Jan 2023 21:41:13 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (nyb/1D29)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ

POST
H2 200 / Show response
content.hotjar.io/ 56 B
161 B 396ms
109ms XHR
application/json 34.252.123.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://content.hotjar.io/
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.7659de6e9a796dae10e4.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.252.123.111 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-252-123-111.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: a811e13d5f51a13cfbe71c43193619fd8554e06a9e0ea05e034a01a74cbf53d4

Request headers

Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 20 Feb 2023 11:01:58 GMT
content-length: 56
vary: Origin
content-type: application/json

GET
H2 200 settings Show response
syndication.twitter.com/ Frame 7E7A 919 B
648 B 232ms
144ms Fetch
application/json 104.244.42.8
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=eda58f31eb3d8bb3340b10824697da4371a5a527

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html?origin=https%3A%2F%2Fwww.huntress.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.8 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ee80cf3b15ea6f7dd08ba1b6bbb065994092b94415845536e0db3476ea80fad4

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-response-time: 104
date: Mon, 20 Feb 2023 11:01:57 GMT
content-encoding: gzip
strict-transport-security: max-age=631138519
last-modified: Mon, 20 Feb 2023 11:01:57 GMT
server: tsa_o
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
x-transaction-id: 80a02550f307d73b
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
perf: 7626143928
x-connection-hash: a3e696470335baf328d08c5f8b4e2856f764846adcf20cbf052b62def79e2b3d
content-length: 326

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
378 B 177ms
162ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1878800189&v=1.1&a=3911692&pi=74847633462&ct=blog-post&ccu=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fmicrosoft-office-remote-code-execution-follina-msdt-bug&cpi=74847633462&cgi=39343107504&lpi=74847633462&lvi=74847633462&lvc=en&pu=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fmicrosoft-office-remote-code-execution-follina-msdt-bug&t=Rapid+Response%3A+Microsoft+Office+RCE+-+%E2%80%9CFollina%E2%80%9D+MSDT+Attack&cts=1676890917845&vi=64de05793b237d7754f00728efb603a6&nc=true&ce=false&pt=1&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 11:01:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 6467ca80-2d3d-479f-8b7c-07b4523bb9a3
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N4JcnRXNdeLNlGrRWMpLKN%2FpJ5L0YtlfmqPVDtxklV2uNrP2gaXA4dFr1%2F%2BWeHBWO5F1JECsFkTrjMVPInTY3K9O3z%2Bu7KAqfoqVYHOs40oG1UrQLTUBYlvBG1wWl%2BY939h8aE0aw6%2Br85uPpDC9"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 79c6bf4ccfbd3630-FRA
x-robots-tag: none

GET
H3 200 counters.gif
perf.hsforms.com/embed/v3/ 35 B
436 B 153ms
152ms Image
image/gif 2606:4700::6810:5605
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-with-analytics&value=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:5605 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 11:01:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: MISS
x-hubspot-correlation-id: f21d29b6-9be2-4e26-a410-989d39bb278d
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 35
last-modified: Mon, 20 Feb 2023 11:01:57 GMT
server: cloudflare
x-trace: 2BF56CF556D74E1E3FE37ED4AA668D9334AAA9B0C6000000000000000000
vary: origin, Accept-Encoding
content-type: image/gif
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: none
cf-ray: 79c6bf4cbd85383b-FRA

GET
H2 200 __pto.gif
track.hubspot.com/ 45 B
466 B 180ms
166ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__pto.gif?w=1676890917846&m=ReferenceError%3A+hasVars+is+not+defined&j=1.1&n=ReferenceError&x=ReferenceError%3A+hasVars+is+not+defined%0A++++at+https%3A%2F%2Fwww.huntress.com%2Fhs%2Fcta%2Fcta%2Fcurrent.js%3A1%3A1564%0A++++at+i+(https%3A%2F%2Fjs.hs-analytics.net%2Fanalytics%2F1676890800000%2F3911692.js%3A20%3A43442)%0A++++at+hstc.tracking.Runner.processHsq+(https%3A%2F%2Fjs.hs-analytics.net%2Fanalytics%2F1676890800000%2F3911692.js%3A20%3A44188)%0A++++at+hstc.tracking.Runner.run+(https%3A%2F%2Fjs.hs-analytics.net%2Fanalytics%2F1676890800000%2F3911692.js%3A20%3A43386)%0A++++at+i+(https%3A%2F%2Fjs.hs-analytics.net%2Fanalytics%2F1676890800000%2F3911692.js%3A20%3A65440)

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 11:01:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 645d201d-b1fd-46a0-b681-fc3679133a32
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gbKKs%2FITbTETPuZZwud3Ggyt6RoADz55eCPrEggC0OGfBGnNEExYXhY%2F7QHsxafNI01CZDnsKu%2Bq7DyjE7ibNfrGGFXvjU1PwJSzG8Dka5YHIDd0qQH4LcM7%2BpJO7t4xWkdqcSIwFWR%2B5gspu2iq"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 79c6bf4ccfbe3630-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
461 B 171ms
161ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=196be66c-f1bb-4156-af05-2952954526cd&fci=6f9b4470-2380-445d-9fb4-9523b5e5661f&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1878800189&v=1.1&a=3911692&pi=74847633462&ct=blog-post&ccu=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fmicrosoft-office-remote-code-execution-follina-msdt-bug&cpi=74847633462&cgi=39343107504&lpi=74847633462&lvi=74847633462&lvc=en&pu=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fmicrosoft-office-remote-code-execution-follina-msdt-bug&t=Rapid+Response%3A+Microsoft+Office+RCE+-+%E2%80%9CFollina%E2%80%9D+MSDT+Attack&cts=1676890917847&vi=64de05793b237d7754f00728efb603a6&nc=true&ce=false&pt=1&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 11:01:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 06f8f0b1-3ee1-4ed8-bcb9-53601ca2e07b
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vrtNCIlC4pJ2MVN%2Far%2FUAsyjEmzcFgvX0Q%2BYs73AeqBP6olABwRv1dj0FkiT7oxQa6vmpdHdEZ4OCAGxNBiDOFOa%2F%2BcZn26OEyxAgyMJh8UVhqKWBNUoaPHBKwDEwPIPsTHuXAk0iAS8wEVk5v3r"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 79c6bf4ccfba3630-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
397 B 177ms
168ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=17&fi=196be66c-f1bb-4156-af05-2952954526cd&fci=6f9b4470-2380-445d-9fb4-9523b5e5661f&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1878800189&v=1.1&a=3911692&pi=74847633462&ct=blog-post&ccu=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fmicrosoft-office-remote-code-execution-follina-msdt-bug&cpi=74847633462&cgi=39343107504&lpi=74847633462&lvi=74847633462&lvc=en&pu=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fmicrosoft-office-remote-code-execution-follina-msdt-bug&t=Rapid+Response%3A+Microsoft+Office+RCE+-+%E2%80%9CFollina%E2%80%9D+MSDT+Attack&cts=1676890917848&vi=64de05793b237d7754f00728efb603a6&nc=true&ce=false&pt=1&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 11:01:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: dc90704c-5b8f-4a77-81e2-eed005e26383
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qwA6Diw%2B6gVVnSgKYPheuxyTe8ncVHnKjonLVqzBy3dx3g7hK1HkOTpcweuNqOrMKpHqFyCvx4n%2FmpSXUJ%2FBtYyQW85x3FF%2BSu3Schs1ge7JRGE5D%2BMQMALZcHLbvCB4%2BLRw%2B%2FVaQ8vewkP92IJP"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 79c6bf4ccfc03630-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
358 B 188ms
181ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%2240e39240-8f28-4247-989e-af913fc5ff6d%22%2C%2211f3d86c-bd5d-4c54-8656-c84ab64a3af1%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1878800189&v=1.1&a=3911692&pi=74847633462&ct=blog-post&ccu=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fmicrosoft-office-remote-code-execution-follina-msdt-bug&cpi=74847633462&cgi=39343107504&lpi=74847633462&lvi=74847633462&lvc=en&pu=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fmicrosoft-office-remote-code-execution-follina-msdt-bug&t=Rapid+Response%3A+Microsoft+Office+RCE+-+%E2%80%9CFollina%E2%80%9D+MSDT+Attack&cts=1676890917849&vi=64de05793b237d7754f00728efb603a6&nc=true&ce=false&pt=1&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 11:01:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 03d388e0-f3b3-4880-9b4a-d49c61e859de
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AU2DPh%2BtwJi6mEn1%2FiaglkypkWX2%2FqQpPiVNT5NnfBHYO1qFgInTosk9o722OURY15snK8GpPYv2dVNaO%2FBFy6NeNPirbBJBsqssr92vmrZXKU%2BI9OR4fqpJe5D99m0bMyKFHbUJMdR7dUJgqvAK"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 79c6bf4ccfc13630-FRA
x-robots-tag: none

POST
H3 200 perf Show response
www.huntress.com/_hcms/ 2 B
596 B 171ms
171ms XHR
text/plain 2606:2c40::c73c:67e4
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/_hcms/perf

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e4 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-type: application/json

Response headers

date: Mon, 20 Feb 2023 11:02:00 GMT
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 0ebf0b91-a626-49f2-98dc-a123eff4fb74
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2
server: cloudflare
x-trace: 2B8E15ADADAAFBF182A978DAD1ABAF1E2BCEBAEBCE000000000000000000
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dfcwLqG3qeTRt3dllKOYJ8tRZ5exQJ%2Fno0Ylr1hE6jaBK0pmRaIGT3APx0F9MHRcxpWYdjgYSHgYeFnB7SpTyqY9mJnxIgkrDkZ3KA933%2FN6KeqWFfghtUL1U1IFY8a0LPy7GjQK6%2B7r2pITwTo%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
access-control-allow-credentials: false
cf-ray: 79c6bf5f5eb49b98-FRA
x-robots-tag: none

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: s7.addthis.com
URL: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Verdicts & Comments Add Verdict or Comment

136 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

19 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.www.huntress.com/	1970-01-20 09:48:12	Name: __cf_bm Value: 7WlfY2f3.ecBlHPHyw.TGuEAG4DcrYsq2ClKtofabuE-1676890915-0-AWv1aHFa03eqSiUH2UDPggyVbB5rMrwgIzd4nM325nGBQKE6JIYcwYutTTGayRU4+b6bvNR9amXNGKZ4fqzhtuc=
.www.huntress.com/	1969-12-31 23:59:59	Name: __cfruid Value: e7e471ea44d0b2bbc030716c40ce81e4c0e96fa9-1676890915
.huntress.com/	1970-01-20 18:35:13	Name: _vwo_uuid_v2 Value: DAB0CEBEBA3BC2449C01988AFDB7FA6D7\|118747ab73145a29d8ca582556938614
.huntress.com/	1970-01-20 09:48:12	Name: _sp_ses.1564 Value: *
.huntress.com/	1970-01-20 19:24:10	Name: _sp_id.1564 Value: f2fd87b1-8066-4a94-bae8-20d6f0b53ba1.1676890916.1.1676890916.1676890916.2835807d-eda1-4ec8-aafe-4268d99194d2
.hubspot.com/	1970-01-20 09:48:12	Name: __cf_bm Value: EJMWCVplv9VewtXKyU14Ep5.Na7xmE5CyxDbHVy018Q-1676890916-0-AdFO46gqqzyYJpdSWCk9xVXtBQI9rr8YY7NUyb2ce/bq1gi7ZwugaPX1X+un7cUCtgyRfMVop4hXhKSA0U2lZjM=
www.huntress.com/	1970-01-20 09:58:15	Name: slireg Value: https://scout.us4.salesloft.com
www.huntress.com/	1970-01-20 18:33:46	Name: sliguid Value: 401e43b2-fa31-4dd4-a98e-3e3ef748268f
www.huntress.com/	1970-01-20 18:33:46	Name: slirequested Value: true
www.huntress.com/	1970-01-20 19:15:32	Name: __atuvc Value: 1%7C8
www.huntress.com/	1970-01-20 09:48:12	Name: __atuvs Value: 63f35324804c4fe0000
.addthis.com/	1970-01-20 19:15:32	Name: uvc Value: 1%7C8
.addthis.com/	1970-01-20 19:15:32	Name: loc Value: MDAwMDBFVURFU04yMzA2MTkyMzAwODAwMDBDSA==
.huntress.com/	1970-01-20 18:33:46	Name: _hjSessionUser_2159185 Value: eyJpZCI6ImM5YjFkZTA3LWRjMDQtNTY3Ni04MWIwLTI0ODQ2ZGFjOWEwYiIsImNyZWF0ZWQiOjE2NzY4OTA5MTc0MDUsImV4aXN0aW5nIjpmYWxzZX0=
.huntress.com/	1970-01-20 09:48:12	Name: _hjFirstSeen Value: 1
.huntress.com/	1970-01-20 09:48:11	Name: _hjIncludedInSessionSample_2159185 Value: 1
.huntress.com/	1970-01-20 09:48:12	Name: _hjSession_2159185 Value: eyJpZCI6IjllYWEzZDYzLWRmZWQtNDIwYS1iZTA5LTE0ZmViNWZiYzEyZSIsImNyZWF0ZWQiOjE2NzY4OTA5MTc0MjcsImluU2FtcGxlIjp0cnVlfQ==
www.huntress.com/	1970-01-20 09:48:11	Name: _hjIncludedInPageviewSample Value: 1
.huntress.com/	1970-01-20 09:48:12	Name: _hjAbsoluteSessionInProgress Value: 0

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Frame-Options	sameorigin

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

3911692.fs1.hubspotusercontent-na1.net
app.hubspot.com
cdn.jsdelivr.net
cdn2.hubspot.net
cdnjs.cloudflare.com
code.jquery.com
connect.facebook.net
content.hotjar.io
cta-service-cms2.hubspot.com
dev.visualwebsiteoptimizer.com
forms-na1.hsforms.com
forms.hsforms.com
forms.hubspot.com
in.hotjar.com
js.hs-analytics.net
js.hs-banner.com
js.hsadspixel.net
js.hscollectedforms.net
js.hsleadflows.net
m.addthis.com
no-cache.hubspot.com
perf.hsforms.com
platform.linkedin.com
platform.twitter.com
s7.addthis.com
scout-cdn.salesloft.com
scout.salesloft.com
script.hotjar.com
static.hotjar.com
syndication.twitter.com
track.hubspot.com
v1.addthisedge.com
vars.hotjar.com
webhooks.fivetran.com
www.huntress.com
z.moatads.com
s7.addthis.com
104.244.42.8
108.138.7.127
13.32.27.107
18.66.147.113
2001:4de0:ac18::1:a:3b
23.203.125.127
23.62.220.135
2606:2800:21f:edfc:49f9:c096:a5a7:75f2
2606:2800:220:de:468:2285:c1:4a3
2606:2c40::c73c:67e4
2606:4700:4400::ac40:9a55
2606:4700:4400::ac40:9ad8
2606:4700::6810:5505
2606:4700::6810:5605
2606:4700::6810:5914
2606:4700::6811:190e
2606:4700::6811:45b0
2606:4700::6811:74b0
2606:4700::6811:80ab
2606:4700::6811:e6cc
2606:4700::6811:f0cc
2606:4700::6812:df5a
2606:4700::6813:9a53
2606:4700::6813:9b53
2a03:2880:f084:d:face:b00c:0:3
3.228.174.83
34.159.227.151
34.252.123.111
34.96.102.137
54.194.67.126
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
02ca0ee56fefe22d07b21a83aebcd2d0ae92206010f4eb744d234e364bfc2a0e
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
11bcaa66e2e5486338bbf15bc2af4136962618bd84574c350c82c501d64f6868
14b9d4a7bdfcd031c78de6cc66d164177b74a2535e7e33505e7944cba6b0eaa9
1586497cd4c4f8d37b456ebc2f197a93568872a5b528537e139ae0f5f5cdd71e
19680a27e88da4a3713af26571b4849096e75d617f2845574af7fd15746256bb
19a26d6046c4fcfe9e3efbc1fb7532f424c6b0b7590b9e193788e30bce8b9836
24846a3f194b09919bf75cec2a1d012653257442cea9342c648d618c8bddd844
24bf1462917f99639fe1db5284b292d9f2dfb6ab5629d2426b5243a4db6b5b47
257855f4e23a1e3d382077b15bfc30971c9c261fc23512c88abfdcda05f28bc4
295c420318d37ced90a8a681fe353fe027fd60e83a16ff965950cac3ccb22b4b
295fe623d1742c976f775c008be5bcb815be503e1cd7811aafdc08cd12682c25
3367498692c5f6cdc662369af915c0c2f13b7f6af9e67a522d2e7fc1b3299364
36b42aceb12f34135ce39544c6b143dbdd5690ee9a8809c49a3a37ba014bd200
392c9fa9cd1273a2a89d1a83a69cd1f63f21d1d55e7be21e1d8f51f25145668b
3fddc6d28aba3c13d64cfd4847c333ff48c71d4a5a58bd1a0494ca6ae8ac1bb4
4002d65e95f94dc87ae8ad170eb8dbc3644921032ac76dcb376537d9304a6fbf
4081a5f270ace3305571b8f393e20c3a50141d103fb6fced35cf64d5182c2cd2
45954f37cc341196e99e69d84099348fb90cf0c7e85205fe998120fcc170d238
45d1f5f6cf913746c45dd697b1a8f3b719c02d8b3f678dc7fc2766d54e1aaf6e
464e2fc6a6a58ecd632343beafeacd8d81304f0cb9229e2c122b7078e61184d3
49c050c7a4775b5b84a5ceabf44f33074c79c051306286a8be611e9794704894
4a007af67f716c30c8848ab0ad0bfaab8a5fcf3e36dedf918b59c9429d522440
50c8eef26a616fd17826b7f91ad40645d764d41e03d3a9e93da405bd37329f34
53e889ec0ff84d0673b7de59c593d0fef76f059e6180c221995aa143a15db19a
552d629aece0fee1257c366f4d5d3fa7492aee5a9b92b527fb6543b53a59abb4
558979f57321b92691fa5d479ae380773ae5d9dffd5f8bcaddc4525ea361f0a9
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5d247e1c2efc38a727967b2f5f9e99b961d0cbe2b0aa1ddcf170bd6933409403
6145ffccacbf92ec04526c41b5e912e6555a7102a0515c64d5ae5b6002c8e4cf
6367797d0dc1677ddd5fb92b277ca6665884bc9e985daea0ba5fef4128d25d81
673dd7296f7b2fc51cc430503be6c982706ef1d0fa1ec2ce3c05bec4bbf0044b
67e79e4f07cc3705082f36298cb3f5983818b15aa1262cb899247f187a041baf
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
706d004aab08d74d28528fb66dc196b153781d7913de2cdd71118225bbc3b979
71624d45ed9c87b1b1acd42b80506ea751460000345ce5ba04c39c4542bdd517
75e514a6e6f17dedf68c46d4b3dd8ca9f79c7f96cdd3fea5e7c86c3837b2e7d0
79bb1b80606f5282fa20cea179f7c7f619eb1848b1d550a9e13857477cd1c38e
7b6bfa13f0778c40bb2a00af9819bea2f07afcb4d071e7e4f436196953a5db4d
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8580cc55638003f38e5abbf4faf83a52f7beb53ffadbf32559304ea6e9af8d0e
8635796c350308ea6419713250a1cae02120881c6cc990f3b0562821201e7266
8bb3490881871a000008d6a4cb3c4d56f3870440e1dae9c50f7579f131034ede
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
8ee1caa737e585d6cf4a91ab01b27aff627c2056544d7c9e4f704f1a9176a023
954f86735dfd8abf4d923b985e719ab1ae438a2fb15a22346b141879538f4a83
97a21e677e3cc98d50e48f3366fcd077421a8884f7b9f034106fba0ba0ae8547
98e15110586a9877906d7a4ada5a789c0deaa285600027e1f3c7e925fb4b05b7
9b40af42cca5275a22564ad742ddc4699f7dfd762cc03663a36850852ad65a3f
9eef5968b3993825ea9fdc75650e1b9f5203f6318ca8a0545c7f0a7fe688d8cd
a5e470d918babacc4ffc6001009227fc3b3d6303f5e2738aed7a02c2e23628f4
a811e13d5f51a13cfbe71c43193619fd8554e06a9e0ea05e034a01a74cbf53d4
aad4b41123dd3a244cebc4b650de024f2650df1fba41d62ae4c9e4adcf4bc344
acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403
b355e659eb1f476e9bb8b33c109b4c47718d902e483db104fcfea35cfc8a5584
b37678e2c4e8452e51ee8902e176d670941b72bc06eaeeb951360f96322c6921
b860656603a5037d589fbc590dae90f79f93a93fa0c0b9511e3aa8df3e1a5ca2
b990552df973348baaa61af6a11d527c465edb14339f38e25d112b2a1a72ab0e
befe169340184b6f7c0b8a6b17c3af4a00d621091666d84a8f640be02acd45aa
bfe056293886177b09ff745622e1ed914c80210571ba1c1f357e26f2a456cc10
c14d9ab83afefac27b8b16689d2d1444e1d0d93ad55bbd1a55895fccfef24f74
c52ffb59a6bf4ac549ed6da4dbe39a7661ff82147942ff109c2e72ae676b787c
d4067930b3bd986758e5cf0716f632eed56d9628eba4fc6d9002a00cc94110dc
d9cdf9b8cd47c0a17356ff68e2581021800a4c86dd8d71aaf0ad5cfe025b114e
db247da989b444145ac8089c0e67518ec866692e3a063d55fbd677e7b93247ee
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
e06e9fa0c40a8cc645b697a45747eb06cb230ca0a48862a26847435d314ab228
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5fae83c7b1bc318026072592130f5d8ac977970ad81b79218dd442235a59b6e
ee80cf3b15ea6f7dd08ba1b6bbb065994092b94415845536e0db3476ea80fad4
eeab6099229124c0acf1a7cbccf49c55808ca5de5ba8468e03d98bcfcdab3ed7
f4c21141558eb53b32e1aff9658182db74f97c0ce4b34be06764dd8b567e3a09
f4c53d2bc8357954009bac8b149d15268c4388165231e4a0418f08ff72cb0bb0
f6edb4cb08f774d4177f05d4528784b7e40a4039ca43e7a38eb2b2df0b35beb5
f7455fff3d4e08245186e113636f69cbc44679bdf8870de5e4fd9a835e3d2e93
f7bdf8f9ec125444bedd4c013d5b956636ea5b8407e0b60c991a361f65beab99
f87d3d4acc2fa5cb8ea842aaeec0bb90cb643a2048121c0d4c4f8b8849e660b3
f92333a45b532bdb5248178674b041b1c35edfd33a55df48192256f0bfe49e4e
fc9f94bac395a68b247d7b18c56682d5e3105df9fb210f428f379fa8b16496a8
fd43cd92e272c2e3872abd9559900116d85f2899e76c00015c59360060bcf062
fd77c41d41a299d224e36572ee84e734bb53f2c56b3babe78619ec413d56d68a
fe8a3821e540ac0dfe44547a958a8eb5c589372876a55a8c43212a1e88e4b2dd
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
ffd3290983e63657569cb2975f17d7e3081c76a99803b69fb691bad608d563ec

www.huntress.com Open in urlscan Pro 2606:2c40::c73c:67e4 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

101 Requests

99 %HTTPS

63 %IPv6

24 Domains

36 Subdomains

31 IPs

5 Countries

2319 kBTransfer

5289 kBSize

19 Cookies

25 Outgoing links

Redirected requests

101 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.huntress.com Open in urlscan Pro
2606:2c40::c73c:67e4 Public Scan

Screenshot
Live screenshot

Full Image

101
Requests

99 %
HTTPS

63 %
IPv6

24
Domains

36
Subdomains

31
IPs

5
Countries

2319 kB
Transfer

5289 kB
Size

19
Cookies

101 HTTP transactions
0 data transactions