www.hunters.security Open in urlscan Pro
199.60.103.29 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2
Submission: On November 07 via api (November 7th 2024, 6:05:03 am UTC) from IN — Scanned from US

Summary HTTP 107 Redirects Links 10 Behaviour Indicators

Summary

This website contacted 21 IPs in 2 countries across 28 domains to perform 107 HTTP transactions. The main IP is 199.60.103.29, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is www.hunters.security.
TLS certificate: Issued by WE1 on September 18th 2024. Valid for: 3 months.

This is the only time www.hunters.security was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
50	199.60.103.29 199.60.103.29	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
13	2606:4700:440... 2606:4700:4400::6812:297c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2607:f8b0:400... 2607:f8b0:4004:c19::5f	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6811:f5cb	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:1408:c40... 2600:1408:c400:5::17c7:3716	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	104.17.25.14 104.17.25.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:ac5b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.16.117.43 104.16.117.43	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	31.13.66.19 31.13.66.19	32934 (FACEBOOK) (FACEBOOK)
2	151.101.148.157 151.101.148.157	54113 (FASTLY) (FASTLY)
5	2606:4700::68... 2606:4700::6810:7574	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:8ad1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:afc9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700:440... 2606:4700:4400::ac40:9310	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:8911	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:df98	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2607:f8b0:400... 2607:f8b0:400d:c04::61	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:f16c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.19.175.188 104.19.175.188	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	173.194.204.106 173.194.204.106	() ()
107	21

50 199.60.103.29 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

www.hunters.security	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2606:4700:4400::6812:297c (United States)

ASN13335 (CLOUDFLARENET, US)

5765386.fs1.hubspotusercontent-na1.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c19::5f (Washington, United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:f5cb (United States)

ASN13335 (CLOUDFLARENET, US)

www.unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1408:c400:5::17c7:3716 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)

platform.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.17.25.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:ac5b (United States)

ASN13335 (CLOUDFLARENET, US)

static.hsappstatic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.117.43 (None, )

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 31.13.66.19 (Ashburn, United States)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-iad3.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.148.157 (San Francisco, United States)

ASN54113 (FASTLY, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6810:7574 (United States)

ASN13335 (CLOUDFLARENET, US)

app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
js.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:8ad1 (United States)

ASN13335 (CLOUDFLARENET, US)

js-na1.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:afc9 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:4400::ac40:9310 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:8911 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsleadflows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:df98 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:400d:c04::61 (Morganton, United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:f16c (United States)

ASN13335 (CLOUDFLARENET, US)

api.hubapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.19.175.188 (None, )

ASN13335 (CLOUDFLARENET, US)

perf-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 173.194.204.106 (None, )

ASN- ()

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
50	hunters.security www.hunters.security	3 MB
13	hubspotusercontent-na1.net 5765386.fs1.hubspotusercontent-na1.net	415 KB
5	hubspot.com app.hubspot.com — Cisco Umbrella Rank: 5859 js.hubspot.com — Cisco Umbrella Rank: 3554 track.hubspot.com — Cisco Umbrella Rank: 2324 cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 3687 forms.hubspot.com — Cisco Umbrella Rank: 5962	29 KB
3	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 220	14 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	213 KB
2	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2172	26 KB
2	twitter.com platform.twitter.com — Cisco Umbrella Rank: 1472	27 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 180	75 KB
1	google.com www.google.com
1	hsforms.com perf-na1.hsforms.com — Cisco Umbrella Rank: 3796	927 B
1	hubapi.com api.hubapi.com — Cisco Umbrella Rank: 3483	823 B
1	hsadspixel.net js.hsadspixel.net — Cisco Umbrella Rank: 3176	4 KB
1	hsleadflows.net js.hsleadflows.net — Cisco Umbrella Rank: 5740	92 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2191	25 KB
1	hs-scripts.com js-na1.hs-scripts.com — Cisco Umbrella Rank: 6488	1006 B
1	zoominfo.com ws.zoominfo.com — Cisco Umbrella Rank: 4482	2 KB
1	hsappstatic.net static.hsappstatic.net — Cisco Umbrella Rank: 5807	5 KB
1	linkedin.com platform.linkedin.com — Cisco Umbrella Rank: 3841	160 KB
1	unpkg.com www.unpkg.com — Cisco Umbrella Rank: 44388	4 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 30	1 KB
0	doubleclick.net Failed googleads.g.doubleclick.net Failed td.doubleclick.net Failed
0	ads-twitter.com Failed static.ads-twitter.com Failed
0	redditstatic.com Failed www.redditstatic.com Failed
0	google-analytics.com Failed www.google-analytics.com Failed
0	6sc.co Failed j.6sc.co Failed
0	licdn.com Failed snap.licdn.com Failed
0	hs-sites.com Failed 5765386.hs-sites.com Failed
0	fontawesome.com Failed kit.fontawesome.com Failed
107	28

	Domain	Requested by
50	www.hunters.security	www.hunters.security
13	5765386.fs1.hubspotusercontent-na1.net	www.hunters.security
3	cdnjs.cloudflare.com	www.hunters.security
2	www.googletagmanager.com	www.hunters.security js.hsadspixel.net www.googletagmanager.com
2	js.hs-banner.com	js-na1.hs-scripts.com js.hs-banner.com
2	platform.twitter.com	www.hunters.security platform.twitter.com
2	connect.facebook.net	www.hunters.security connect.facebook.net
1	www.google.com	www.googletagmanager.com
1	perf-na1.hsforms.com
1	forms.hubspot.com	js.hsleadflows.net
1	cta-service-cms2.hubspot.com	js.hubspot.com
1	track.hubspot.com
1	api.hubapi.com	js.hsadspixel.net
1	js.hsadspixel.net	js-na1.hs-scripts.com
1	js.hubspot.com	js-na1.hs-scripts.com
1	js.hsleadflows.net	js-na1.hs-scripts.com
1	js.hs-analytics.net	js-na1.hs-scripts.com
1	js-na1.hs-scripts.com	www.hunters.security
1	app.hubspot.com	www.hunters.security
1	ws.zoominfo.com	www.hunters.security
1	static.hsappstatic.net	www.hunters.security
1	platform.linkedin.com	www.hunters.security
1	www.unpkg.com	www.hunters.security
1	fonts.googleapis.com	www.hunters.security
0	td.doubleclick.net Failed	www.googletagmanager.com
0	googleads.g.doubleclick.net Failed	www.googletagmanager.com
0	static.ads-twitter.com Failed	www.googletagmanager.com
0	www.redditstatic.com Failed	www.googletagmanager.com
0	www.google-analytics.com Failed	www.googletagmanager.com
0	j.6sc.co Failed	www.hunters.security
0	snap.licdn.com Failed	js.hsadspixel.net
0	5765386.hs-sites.com Failed	js.hubspot.com
0	kit.fontawesome.com Failed	www.hunters.security
107	33

This site contains links to these domains. Also see Links.

Domain
twitter.com
www.linkedin.com
support.microsoft.com
learn.microsoft.com
github.com
www.x.com
www.youtube.com
www.instagram.com
x.com

Subject Issuer	Validity	Valid
www.hunters.security WE1	`2024-09-18` - `2024-12-17`	3 months	crt.sh
hubspotusercontent-na1.net WE1	`2024-10-27` - `2025-01-26`	3 months	crt.sh
upload.video.google.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
unpkg.com WE1	`2024-09-25` - `2024-12-24`	3 months	crt.sh
platform.linkedin.com DigiCert SHA2 Secure Server CA	`2024-03-29` - `2025-03-28`	a year	crt.sh
cdnjs.cloudflare.com WE1	`2024-09-28` - `2024-12-27`	3 months	crt.sh
hsappstatic.net WE1	`2024-11-04` - `2025-02-02`	3 months	crt.sh
zoominfo.com E5	`2024-10-12` - `2025-01-10`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-08-16` - `2024-11-14`	3 months	crt.sh
*.twimg.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-06-24` - `2025-07-25`	a year	crt.sh
hubspot.com WE1	`2024-10-03` - `2025-01-01`	3 months	crt.sh
hs-scripts.com WE1	`2024-09-26` - `2024-12-25`	3 months	crt.sh
hs-analytics.net WE1	`2024-10-07` - `2025-01-05`	3 months	crt.sh
hs-banner.com WE1	`2024-09-24` - `2024-12-23`	3 months	crt.sh
hsleadflows.net WE1	`2024-09-29` - `2024-12-28`	3 months	crt.sh
hsadspixel.net WE1	`2024-10-10` - `2025-01-08`	3 months	crt.sh
*.google-analytics.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
hubapi.com WE1	`2024-09-09` - `2024-12-08`	3 months	crt.sh
hsforms.com WE1	`2024-10-10` - `2025-01-08`	3 months	crt.sh
*.google.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh

This page contains 6 frames:

Primary Page: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2
Frame ID: EB1C7EBB6D174189FD976B4B404FA681
Requests: 102 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fwww.hunters.security
Frame ID: 0AA2C028C21E15C9AC601B16A6373DC2
Requests: 1 HTTP requests in this frame

Frame: https://5765386.hs-sites.com/hs-web-interactive-5765386-181719015201?utk=3d3ed4958970586a4e8c8672ec40fe9a
Frame ID: A79A4D8C5811EE81666B32EB6572BA27
Requests: 1 HTTP requests in this frame

Frame: https://www.googletagmanager.com/static/service_worker/4al0/sw_iframe.html?origin=https%3A%2F%2Fwww.hunters.security
Frame ID: 7E6DF78D787442DE37531652BA1A658A
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/650970809?random=1730959501716&cv=11&fst=1730959501716&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4au0v885121730z8831148865za200zb831148865&gcd=13r3r3r3r5l1&dma=0&tag_exp=101823848~101925629&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.hunters.security%2Fen%2Fblog%2Fveildrive-microsoft-services-malware-c2&hn=www.googleadservices.com&frm=0&tiba=Unmasking%20VEILDrive%3A%20Threat%20Actors%20Exploit%20Microsoft%20Services%20for%20C2&did=dZTQ1Zm&gdid=dZTQ1Zm&npa=0&pscdl=noapi&auid=973713196.1730959502&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config
Frame ID: 7A402893060708F4E578AFD35ACB1930
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/650970809?random=1730959501761&cv=11&fst=1730959501761&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4au0v885121730za200zb831148865&gcd=13r3r3r3r5l1&dma=0&tag_exp=101823848~101925629&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.hunters.security%2Fen%2Fblog%2Fveildrive-microsoft-services-malware-c2&hn=www.googleadservices.com&frm=0&tiba=Unmasking%20VEILDrive%3A%20Threat%20Actors%20Exploit%20Microsoft%20Services%20for%20C2&did=dZTQ1Zm&gdid=dZTQ1Zm&npa=0&pscdl=noapi&auid=973713196.1730959502&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config
Frame ID: 94422AA44F18EF3A23434238C71712E1
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Unmasking VEILDrive: Threat Actors Exploit Microsoft Services for C2

Detected technologies

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.linkedin\.com/in\.js

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js

Slick (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

<link [^>]+(?:/([\d.]+)/)?slick-theme\.css
(?:/([\d.]+))?/slick(?:\.min)?\.js

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

107
Requests

85 %
HTTPS

65 %
IPv6

28
Domains

33
Subdomains

21
IPs

2
Countries

4190 kB
Transfer

6785 kB
Size

14
Cookies

10 Outgoing links

These are links going to different origins than the main page.

URL: https://twitter.com/share?url=https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2&via=gotosage

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/shareArticle?mini=true&url=https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2&title=Unmasking%20VEILDrive:%20Threat%20Actors%20Exploit%20Microsoft%20Services%20for%20C2&summary=Discover%20how%20the%20latest%20cybersecurity%20threat%20research%20on%20VEILDrive%20exposes%20attackers%20exploiting%20Microsoft%20services%20for%20C2,%20bypassing%20defenses,%20and%20leveraging%20SaaS%20infrastructure.

Search URL Search Domain Scan URL

URL: https://support.microsoft.com/en-gb/windows/solve-pc-problems-remotely-using-quick-assist-b077e31a-16f4-2529-1a47-21f6a9040bf3
Title: Quick Assist

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/microsoftteams/trusted-organizations-external-meetings-chat?tabs=organization-settings
Title: External Access

Search URL Search Domain Scan URL

URL: https://github.com/profesorfalken/jPowerShell
Title: jPowerShell

Search URL Search Domain Scan URL

URL: http://www.x.com/team__axon
Title: @team__axon

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/hunters-ai/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCUufMdZ-6mS4dqEFI81IRKw

Search URL Search Domain Scan URL

URL: https://www.instagram.com/lifeathunters/

Search URL Search Domain Scan URL

URL: https://x.com/hunters_ai

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

107 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 Primary Request veildrive-microsoft-services-malware-c2 Show response
www.hunters.security/en/blog/ 145 KB
35 KB 413ms
151ms Document
text/html 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

5c7f3271772e26c27e838271d6f589ee07cfc58b3ce26c82d98c9af1dfef41ec

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: false
alt-svc: h3=":443"; ma=86400
cache-control: s-maxage=7200,max-age=5
cache-tag: CT-182226747037,CG-24463927651,P-5765386,W-67518999559,CW-113865751404,CW-114030893094,CW-127063834721,CW-177021600416,CW-97550317662,E-113857786690,E-113858768455,E-113858809947,E-113865332764,E-114002466428,E-114356373127,E-114370662982,E-126880748318,E-126882284039,E-126882549514,E-126882549552,E-126882575241,E-126882575404,E-126882575644,E-127024241524,E-127040996237,E-127041525412,E-127662486199,E-127662486200,E-127662695006,E-130719549746,E-133487975192,E-176293618185,E-177020218457,MENU-67518999559,PGS-ALL,SW-3,B-24463927651,GC-113864403970,GC-113870397194
cf-cache-status: HIT
cf-ray: 8deb20f63c2f743c-MIA
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-security-policy-report-only: default-src 'self' 'unsafe-inline' 5765386.fs1.hubspotusercontent-na1.net; script-src 'self' 'unsafe-inline' *.hsadspixel.net *.hs-analytics.net js.hscta.net *.hubspot.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com *.google.com *.hunters.security.com *.googleapis.com *.twitter.com *.facebook.net *.linkedin.com *.hotjar.com unpkg.com *.cloudflare.com *.fontawesome.com *.zoominfo.com googletagmanager.com *.licdn.com googleads.g.doubleclick.net 5765386.fs1.hubspotusercontent-na1.net googletagmanager.com webthemez.com j.6sc.co google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com/analytics.js js.chilipiper.com *.cookiebot.com 'unsafe-eval';connect-src 'self' *.hubapi.com js.hscta.net *.hubspot.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com *.hunters.security.com hunters.security localhost:1442 5765386.fs1.hubspotusercontent-na1.net wss://ws.hotjar.com content.hotjar.io px.ads.linkedin.com vc.hotjar.io content.hotjar.io ws.zoominfo.com google-analytics.com c.6sc.co ipv6.6sc.co webthemez.com analytics.google.com *.google.com stats.g.doubleclick.net j.6sc.co google-analytics.com *.google.com analytics.google.com stats.g.doubleclick.net https://www.google-analytics.com metrics.hotjar.io http://localhost:1442/ www.comeet.co *.cookiebot.com; frame-src *.hubspot.com *.hs-sites.com *.hubspot.net play.hubspotvideo.com *.hsforms.net *.hsforms.com *.hunters.security.com *.google.com *.twitter.com *.facebook.com *.doubleclick.net metrics.hotjar.io demostack.app googletagmanager.com webthemez.com *.youtube.com *.zoominfo.com app.hubspot.com *.chilipiper.com *.cookiebot.com; font-src 'self' *; style-src 'self' 'unsafe-inline' *; img-src 'self' data:
content-type: text/html;charset=utf-8
date: Thu, 07 Nov 2024 06:04:56 GMT
edge-cache-tag: CT-182226747037,CG-24463927651,P-5765386,W-67518999559,CW-113865751404,CW-114030893094,CW-127063834721,CW-177021600416,CW-97550317662,E-113857786690,E-113858768455,E-113858809947,E-113865332764,E-114002466428,E-114356373127,E-114370662982,E-126880748318,E-126882284039,E-126882549514,E-126882549552,E-126882575241,E-126882575404,E-126882575644,E-127024241524,E-127040996237,E-127041525412,E-127662486199,E-127662486200,E-127662695006,E-130719549746,E-133487975192,E-176293618185,E-177020218457,MENU-67518999559,PGS-ALL,SW-3,B-24463927651,GC-113864403970,GC-113870397194
last-modified: Thu, 07 Nov 2024 04:05:30 GMT
link: </hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js>; rel=preload; as=script, </hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
permissions-policy: geolocation=*
referrer-policy: no-referrer-when-downgrade
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NCzVfPlIaAfG0Ucakc3kCwUOX62YDhgx%2FwgJ31vorVL2l5Lg5EWNUJuuIn%2BCl8j1qxnLzNo85KO7iPsdRxhd%2BR%2FFSFTlWpk2fHmiLDioeXwH9lnUTke%2B%2BI2txl7GhK4KNGEwbTyB"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000
vary: origin, Accept-Encoding
x-content-type-options: nosniff
x-envoy-upstream-service-time: 285
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/cms-30-39-td/envoy-proxy-6947cbcf6c-z9qkk
x-evy-trace-virtual-host: all
x-frame-options: sameorigin
x-hs-cache-config: BrowserCache-5s-EdgeCache-7200s
x-hs-content-campaign-id: eac7b83e-5b5c-4fb6-8394-9c82ca03e975
x-hs-content-id: 182226747037
x-hs-hub-id: 5765386
x-hubspot-correlation-id: 1df8b437-58ff-443f-a6e4-5ed3ba60b15e
x-request-id: 1df8b437-58ff-443f-a6e4-5ed3ba60b15e

GET
H3 200 project.js Show response
www.hunters.security/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/ 2 KB
1 KB 73ms
72ms Script
application/javascript 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fb56af9f7623a55839dfb9cf019b05664a62e1b41671d925f3ed587c506443b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"ef84f26c310485299d6b75777414eddb"
age: 845852
x-amz-version-id: gEenO44eZUewxnIWfgj9q6LB.g9OszNv
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BteWH6PEQPXoLCPESl%2B3dDrKdkD7i46pkm4IYJQlnEg06YZOusqSy1DDmyUc6s7tpjC2AHcfHuw6oG3FB0SCWgScRKxH%2FkoYHxVCEk5LSGDvCToVa1USTpVNpdJ2uxxLerKE6pAY"}],"group":"cf-nel","max_age":604800}
expires: Fri, 07 Nov 2025 06:04:56 GMT
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-amz-cf-id: V6ZzWZWe7YALUSI7BZ393RN16Gk8Kc8D1zoY-TXz-wxt_EJad2wyEQ==
date: Thu, 07 Nov 2024 06:04:56 GMT
content-type: application/javascript
last-modified: Wed, 19 Aug 2020 22:24:11 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000
x-amz-replication-status: COMPLETED
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via: 1.1 a6a774e7ecfee1b1064e4dfb82b3086c.cloudfront.net (CloudFront)
cf-ray: 8deb20f73cde743c-MIA
x-amz-cf-pop: MIA3-P8
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 project.js Show response
www.hunters.security/hs/hsstatic/cos-i18n/static-1.53/bundles/ 1 KB
1 KB 79ms
77ms Script
application/javascript 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"61ca66de658cab9587e4636894680d5d"
age: 164375
x-amz-version-id: P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=veEswyiIOPxFEkoNpHxf%2FfecmzXOWynK7Kc1o%2FvYWM%2F59pZPBqseSiuhG0uZMMbW7f0Zk2gIhqNKFKXn8gsFMUCuwSzOBUBJEUD%2BFUVqDkcvDYTdZH1jFlAB7SLatVsb2%2Bj%2FbMGU"}],"group":"cf-nel","max_age":604800}
expires: Fri, 07 Nov 2025 06:04:56 GMT
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: 13gNc_p0upkBnxlgv1W1UYb1mCsgNse9vCfKnytqxQLRGX_yVOSFiQ==
date: Thu, 07 Nov 2024 06:04:56 GMT
content-type: application/javascript
last-modified: Tue, 09 Nov 2021 16:12:42 GMT
vary: accept-encoding
strict-transport-security: max-age=31536000
x-amz-replication-status: COMPLETED
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via: 1.1 9b06d154fff944cda67f7bcd6f9f49e4.cloudfront.net (CloudFront)
cf-ray: 8deb20f73ce0743c-MIA
x-amz-cf-pop: MIA3-P8
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 F37JudgeBoldCompressed.woff2
5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/May%202022/Fonts/F37-Judge-Bold/ 37 KB
37 KB 271ms
152ms Font
application/font-woff2 2606:4700:4400::6812:297c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/May%202022/Fonts/F37-Judge-Bold/F37JudgeBoldCompressed.woff2
Requested by: Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 631550304df547eb64d2d7af3e6bc30bf346fdd47640adefcbe22263b36d65b4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.hunters.security
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: all
cf-cache-status: HIT
etag: "54e5c65113bb56ee4af633895983b9d3"
age: 383419
cache-tag: F-74685838647,FD-74685881460,P-5765386,FLS-ALL
x-amz-version-id: oROJePp8ny04DPku2cFXECrZhzDxBHie
x-cache: RefreshHit from cloudfront
x-amz-cf-id: 7a8jZgrIHAuL656rlhBNICN9EQxbAOsA5SeiMp0XKt8GKzO2fecdCw==
content-type: application/font-woff2
last-modified: Fri, 27 May 2022 11:06:03 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-74685838647,FD-74685881460,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: W75585K5DNK40KPD
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
x-amz-meta-cache-tag: F-74685838647,FD-74685881460,P-5765386,FLS-ALL
content-length: 37524
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
date: Thu, 07 Nov 2024 06:04:57 GMT
vary: Accept-Encoding
x-amz-id-2: 9ffFszayDohfm89grCT2qK8pf3vFyyEFV7GEHI1clUEIuVQK/FYku+2nHegBS2m0TOXYZESfjak=
timing-allow-origin: 5765386.fs1.hubspotusercontent-na1.net
via: 1.1 111ebfb08854e3536ddd29ae1254b43e.cloudfront.net (CloudFront)
cf-ray: 8deb20f7f81509ae-MIA
access-control-allow-origin: *
x-amz-cf-pop: MIA3-P2
x-amz-meta-created-unix-time-millis: 1653649201795

GET
H2 200 F37JudgeBoldCompressed.woff
5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/May%202022/Fonts/F37-Judge-Bold/ 54 KB
55 KB 271ms
153ms Font
application/font-woff 2606:4700:4400::6812:297c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/May%202022/Fonts/F37-Judge-Bold/F37JudgeBoldCompressed.woff
Requested by: Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4aeece6fda59aeaf7ea1271ac3ecbe1189bd88726b444d8813de296f0ad41ad8

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.hunters.security
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"fcdb90a6762c4f6d4b1d785202df4df8"
age: 642479
cache-tag: F-74685838648,FD-74685881460,P-5765386,FLS-ALL
x-amz-version-id: bxO6WUkxLECrzA9CObgprRT8g6V_LjJt
x-cache: RefreshHit from cloudfront
x-amz-cf-id: ucM_aPp9Yhe8a842mD-niT4elc8ZAzcr4QLI6eb23_52QSAP3h7xsg==
content-type: application/font-woff
last-modified: Fri, 27 May 2022 11:06:02 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-74685838648,FD-74685881460,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: H89PHD8QQX6C6JKM
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-74685838648,FD-74685881460,P-5765386,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
date: Thu, 07 Nov 2024 06:04:57 GMT
vary: Accept-Encoding
x-amz-id-2: wF+cfiMif4mg7yC6rxmgB24lPuREwPV9rp3TkaPepUMD/VLY8eXNuQ0SbWD4S4WMQYSQKCbEMxU=
timing-allow-origin: 5765386.fs1.hubspotusercontent-na1.net
via: 1.1 ab5bcbd8c5b6d1e18d99563cef1a3042.cloudfront.net (CloudFront)
cf-ray: 8deb20f7f81609ae-MIA
access-control-allow-origin: *
x-amz-cf-pop: MIA3-P2
x-amz-meta-created-unix-time-millis: 1653649201856

GET
H2 200 GraphikRegularWeb.woff2
5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/May%202022/Fonts/Graphik-Regular/ 30 KB
31 KB 309ms
191ms Font
application/font-woff2 2606:4700:4400::6812:297c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/May%202022/Fonts/Graphik-Regular/GraphikRegularWeb.woff2
Requested by: Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a5ef33de34661d7ae6bce5bc0b514687f2813f7ade07b4e2511611c62c7494ac

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.hunters.security
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: all
cf-cache-status: HIT
etag: "e2d3e1bd2dba862a1c76e2cc88ac1776"
age: 383419
cache-tag: F-74688893267,FD-74688893086,P-5765386,FLS-ALL
x-amz-version-id: 9bSL54EBoxaoAARqnLg2bUn5vMLmIfW0
x-cache: RefreshHit from cloudfront
x-amz-cf-id: vl9A1RdcXLHSqvrRB1gj1u4IYYaCNb7AuoHdi9TEVOsP5TajKMyFUw==
content-type: application/font-woff2
last-modified: Fri, 27 May 2022 11:14:17 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-74688893267,FD-74688893086,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: 885X04F8ZNVR9WFE
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
x-amz-meta-cache-tag: F-74688893267,FD-74688893086,P-5765386,FLS-ALL
content-length: 30480
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 06:04:57 GMT
vary: Accept-Encoding
x-amz-id-2: GjRyA4CakPB9GLZaFCaoBzbhqZqSPwfe5JBxJLXflxVLFW8Hzhc1ROSAIpIlFlps8wve72+EgbU=
timing-allow-origin: 5765386.fs1.hubspotusercontent-na1.net
via: 1.1 fe16c80658be143c81fdffc7cbf895ae.cloudfront.net (CloudFront)
cf-ray: 8deb20f8182509ae-MIA
access-control-allow-origin: *
x-amz-cf-pop: MIA3-P2
x-amz-meta-created-unix-time-millis: 1653650056855

GET
H2 200 GraphikRegularWeb.woff
5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/May%202022/Fonts/Graphik-Regular/ 40 KB
41 KB 303ms
185ms Font
application/font-woff 2606:4700:4400::6812:297c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/May%202022/Fonts/Graphik-Regular/GraphikRegularWeb.woff
Requested by: Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ea9a85e8c7b1ba0c225aec7ced73372fd08fba0bb37faa515a47008aceb550a1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.hunters.security
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"fc1a5bae62a99fa59c23f0576cebae23"
age: 196758
cache-tag: F-74688947978,FD-74688893086,P-5765386,FLS-ALL
x-amz-version-id: 1UScc5WOOidn3hjYnkMBOExxdbhthO8_
x-cache: RefreshHit from cloudfront
x-amz-cf-id: 6H4TLi0knkxKNSDZS9huQHI44UiY1Q2kCCV5Sb_oPIoo2o-J4G3paw==
content-type: application/font-woff
last-modified: Fri, 27 May 2022 11:14:18 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-74688947978,FD-74688893086,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: 8CCEH9JQK9F2TQBM
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-74688947978,FD-74688893086,P-5765386,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 06:04:57 GMT
vary: Accept-Encoding
x-amz-id-2: sZYwmXsYmL4r+3ldsSwRvEEAi3kZYoCk2/X3zfREPNaxSF8oECRKOyc42gT+f6hLrBm+hTRKypI=
timing-allow-origin: 5765386.fs1.hubspotusercontent-na1.net
via: 1.1 9b435e7a8d74607fede4b1f1f66d58dc.cloudfront.net (CloudFront)
cf-ray: 8deb20f8182609ae-MIA
access-control-allow-origin: *
x-amz-cf-pop: MIA3-P2
x-amz-meta-created-unix-time-millis: 1653650057194

GET
H2 200 GraphikMediumWeb.woff2
5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/May%202022/Fonts/Graphik-Medium/ 34 KB
34 KB 269ms
152ms Font
application/font-woff2 2606:4700:4400::6812:297c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/May%202022/Fonts/Graphik-Medium/GraphikMediumWeb.woff2
Requested by: Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bc95b09fc339140c69c5136e815b78be4ef324669185635fc3aef462e8d7df83

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.hunters.security
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: all
cf-cache-status: HIT
etag: "aa45b0c2aae2e5fe139bebd1dfdff19e"
age: 383419
cache-tag: F-74689121951,FD-74686513451,P-5765386,FLS-ALL
x-amz-version-id: nhNd1_3PHI0s79bODgTLIoIpudYFz6ze
x-cache: RefreshHit from cloudfront
x-amz-cf-id: SG73G2Xh0MUEtWgSykZYCmHyB4FdFFF3K-Pu73lPMO3yyqcKz5oiKA==
content-type: application/font-woff2
last-modified: Fri, 27 May 2022 11:18:23 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-74689121951,FD-74686513451,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: 1JTHNM0TYPY199GC
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
x-amz-meta-cache-tag: F-74689121951,FD-74686513451,P-5765386,FLS-ALL
content-length: 34712
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 06:04:57 GMT
vary: Accept-Encoding
x-amz-id-2: olFzhqdMIAJ99w3BbxuBFMqG3ryQQyJi3owIjbQbt5innOQXM3VmplUjGN56p8lHhaxxgq4khzo=
timing-allow-origin: 5765386.fs1.hubspotusercontent-na1.net
via: 1.1 5a60386eb046f88a482c3726fc19fb4e.cloudfront.net (CloudFront)
cf-ray: 8deb20f7f81409ae-MIA
access-control-allow-origin: *
x-amz-cf-pop: MIA3-P2
x-amz-meta-created-unix-time-millis: 1653650302473

GET
H2 200 GraphikMediumWeb.woff
5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/May%202022/Fonts/Graphik-Medium/ 45 KB
46 KB 210ms
93ms Font
application/font-woff 2606:4700:4400::6812:297c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/May%202022/Fonts/Graphik-Medium/GraphikMediumWeb.woff
Requested by: Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5ee453db69de2afe22f2abc664d11aa3b8720f3b24a8d82d2a1d2306be008e93

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.hunters.security
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"fcffb480afa2b61f3e96a65a4371050c"
age: 1143636
cache-tag: F-74686513466,FD-74686513451,P-5765386,FLS-ALL
x-amz-version-id: rLgVVtHx16aoM4Ice3_nDtYzGojOWLuA
x-cache: RefreshHit from cloudfront
x-amz-cf-id: brrAS_bMNY5Cc3FdbQcqbDabE1eNpEVFNIPaFaE6XIVolUCSQ4bjsQ==
content-type: application/font-woff
last-modified: Fri, 27 May 2022 11:18:23 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-74686513466,FD-74686513451,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: 9W64RHAVK5H47SAJ
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-74686513466,FD-74686513451,P-5765386,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 06:04:57 GMT
vary: Accept-Encoding
x-amz-id-2: SGppVhd5t3x+8+7RuKhKNDiiQuScetObj/NxGp1/YnLh+/1yQqBorQ+hwi/E/yGHktG3IRDIBBg=
timing-allow-origin: 5765386.fs1.hubspotusercontent-na1.net
via: 1.1 111ebfb08854e3536ddd29ae1254b43e.cloudfront.net (CloudFront)
cf-ray: 8deb20f7f81209ae-MIA
access-control-allow-origin: *
x-amz-cf-pop: MIA3-P2
x-amz-meta-created-unix-time-millis: 1653650302463

GET
H2 200 GraphikSemiboldWeb.woff2
5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/May%202022/Fonts/Graphik-Semibold/ 34 KB
35 KB 268ms
151ms Font
application/font-woff2 2606:4700:4400::6812:297c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/May%202022/Fonts/Graphik-Semibold/GraphikSemiboldWeb.woff2
Requested by: Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6a28d627f3677c456980de2b9026548c69a9f542993b2b5b6d8608882fe1e878

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.hunters.security
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: all
cf-cache-status: HIT
etag: "e13cf054833eb8ba8d3ffc1e1c2cb82e"
age: 956761
cache-tag: F-74689240845,FD-74689122096,P-5765386,FLS-ALL
x-amz-version-id: E4J3u.P1u8zLJOqkt22N.5.YJpbVcz61
x-cache: RefreshHit from cloudfront
x-amz-cf-id: -8eXxse_3slUDG3N_Je65J49XFY3O3CBc0zOdbEbOV-Mfs7b-h1Hsg==
content-type: application/font-woff2
last-modified: Fri, 27 May 2022 11:21:39 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-74689240845,FD-74689122096,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: GNEAD5EJ1GZH78MC
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
x-amz-meta-cache-tag: F-74689240845,FD-74689122096,P-5765386,FLS-ALL
content-length: 34772
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 06:04:57 GMT
vary: Accept-Encoding
x-amz-id-2: Imtw6rzLfzNaFQxss0fVJ2K5Lg+Y2QXQjSyu61BriJmuECsUbGqarg0zceZcoDkPv9x0oZDFmrM=
timing-allow-origin: 5765386.fs1.hubspotusercontent-na1.net
via: 1.1 19f81b125c62da79641b37663ddce94c.cloudfront.net (CloudFront)
cf-ray: 8deb20f7f81309ae-MIA
access-control-allow-origin: *
x-amz-cf-pop: MIA3-P2
x-amz-meta-created-unix-time-millis: 1653650498635

GET
H2 200 GraphikSemiboldWeb.woff
5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/May%202022/Fonts/Graphik-Semibold/ 45 KB
46 KB 207ms
90ms Font
application/font-woff 2606:4700:4400::6812:297c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/May%202022/Fonts/Graphik-Semibold/GraphikSemiboldWeb.woff
Requested by: Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 90eefa1db290de170e8127aa6f3ad079f38762aa27b4c885670cf5d757c0f2fa

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.hunters.security
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"9f90b54a350e13f1a49e108263dc77fd"
age: 1956619
cache-tag: F-74689122130,FD-74689122096,P-5765386,FLS-ALL
x-amz-version-id: Gi5MSgpYdkr_yWE00VeiwtpigLTzp4EV
x-cache: RefreshHit from cloudfront
x-amz-cf-id: cypxkFFPAr8kyUZrTInUta5IrQXBEloOEHnmlETgzMQ_45h5xINkZQ==
content-type: application/font-woff
last-modified: Fri, 27 May 2022 11:21:39 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-74689122130,FD-74689122096,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: WF8KH9GAN61YXZT7
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-74689122130,FD-74689122096,P-5765386,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 06:04:57 GMT
vary: Accept-Encoding
x-amz-id-2: Yf47eKebnQeE96Q6kcxjn/CPqBZn2FCkpuGoFjFND34KcY6ZILl+NB+fFuVpqb1eGuUDiwpC3Mk=
timing-allow-origin: 5765386.fs1.hubspotusercontent-na1.net
via: 1.1 ea17bb5c24692755a274a9116072570a.cloudfront.net (CloudFront)
cf-ray: 8deb20f7f81109ae-MIA
access-control-allow-origin: *
x-amz-cf-pop: MIA3-P2
x-amz-meta-created-unix-time-millis: 1653650498577

GET
H2 200 GraphikBoldWeb.woff2
5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/May%202022/Fonts/Graphik-Bold/ 36 KB
37 KB 274ms
157ms Font
application/font-woff2 2606:4700:4400::6812:297c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/May%202022/Fonts/Graphik-Bold/GraphikBoldWeb.woff2
Requested by: Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 424560f6d441470e553c5c2d0e31a7df189ddb73ea43d909714d57b16f024624

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.hunters.security
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: all
cf-cache-status: HIT
etag: "0fb4b480278277d351d7afefe46bf6e8"
age: 956761
cache-tag: F-74687526932,FD-74689491725,P-5765386,FLS-ALL
x-amz-version-id: aqs.ab3Smnu9FGL_UhGDqku4oUVVMHEq
x-cache: RefreshHit from cloudfront
x-amz-cf-id: MRJ2Mkfvi-17HxFZExxpteBavQizx7O9eW3LDTUIJOBN1NL3Di9xMg==
content-type: application/font-woff2
last-modified: Fri, 27 May 2022 11:23:34 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-74687526932,FD-74689491725,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: BS9KY24H8236REAZ
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
x-amz-meta-cache-tag: F-74687526932,FD-74689491725,P-5765386,FLS-ALL
content-length: 37044
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 06:04:57 GMT
vary: Accept-Encoding
x-amz-id-2: AMeEybSKtZzHKfemkmTztK4AhPOCc4t8Nyhl9RNa5//iZNRycWCHHBSz1c3gAiNnOaxH8DDyg79MBOriKe5hXCIH6AJuSHaibIF/4E9VeIw=
timing-allow-origin: 5765386.fs1.hubspotusercontent-na1.net
via: 1.1 8e5d44dec7efea195d680ed573f3c5f6.cloudfront.net (CloudFront)
cf-ray: 8deb20f7f81009ae-MIA
access-control-allow-origin: *
x-amz-cf-pop: MIA3-P2
x-amz-meta-created-unix-time-millis: 1653650613120

GET
H2 200 GraphikBoldWeb.woff
5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/May%202022/Fonts/Graphik-Bold/ 48 KB
48 KB 209ms
92ms Font
application/font-woff 2606:4700:4400::6812:297c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/May%202022/Fonts/Graphik-Bold/GraphikBoldWeb.woff
Requested by: Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ef4bfee18eaf9bb02c3d3c93ce39551cff6effb9b29678a118c808b0b92489a0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.hunters.security
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"911f0d5fac02bc40cd5381f22e2fcaba"
age: 99357
cache-tag: F-74689255197,FD-74689491725,P-5765386,FLS-ALL
x-amz-version-id: S2hh5ffEdgyJNoO5lDEhL2UBGwqv.dRz
x-cache: RefreshHit from cloudfront
x-amz-cf-id: 1bOl4sMV7b06rCnhlYreztCiBmTNHeIyxLu6b3NJYjJNjt_vQS8uvQ==
content-type: application/font-woff
last-modified: Fri, 27 May 2022 11:23:34 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-74689255197,FD-74689491725,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: CN0VXFRCGJ4WZBMA
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-74689255197,FD-74689491725,P-5765386,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 06:04:57 GMT
vary: Accept-Encoding
x-amz-id-2: 02RN/BzAv4nMk9RGEUHNl/04uUhW2viZbpQM6rNW4Sg1SCsAu01sBcd29BrxjWc0cfrYYffpsIIkjvfNheKTUA==
timing-allow-origin: 5765386.fs1.hubspotusercontent-na1.net
via: 1.1 f3407167245d79d14876c53a82e27948.cloudfront.net (CloudFront)
cf-ray: 8deb20f7f80f09ae-MIA
access-control-allow-origin: *
x-amz-cf-pop: MIA3-P2
x-amz-meta-created-unix-time-millis: 1653650613108

GET
H2 200 css2
fonts.googleapis.com/ 2 KB
1 KB 189ms
71ms Stylesheet
text/css 2607:f8b0:4004:c19::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto&display=swap

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c19::5f Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

23428c6301061ebb006b127c5841235122a23672f0041d08a9518520795a1bde

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Thu, 07 Nov 2024 06:04:56 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 07 Nov 2024 06:04:56 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Thu, 07 Nov 2024 04:59:58 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H3 200 main.min.css
www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/113858768455/1730201284054/Hunters_Theme_May_2023/css/ 164 KB
38 KB 98ms
93ms Stylesheet
text/css 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/113858768455/1730201284054/Hunters_Theme_May_2023/css/main.min.css

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d46b85c9bfc0fa2045feaa27ead9491e95cc1c2a6e09f834f0ed6710eaceaefa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-request-id: b3278f3c-09d5-4097-b25d-4084d11105d8
content-encoding: gzip
cf-cache-status: HIT
etag: W/"a157f5adf5dd5c41e21b0b9a04b61c0a"
x-amz-version-id: iRuUDL3FKL4U7R6Ga9FXc5psP.12JJZE
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NOMH%2BAf%2FI1fF032K6U6h46bQqhIZ4uXO5T4pK3yntApkFnucSAKxSxVg1Eq%2FLN0Gb4GF6E5X0bJO1wb0DOthV6CPJJFUNkteFz5e5NBlqRQvqA8f1svg9Ii%2Bj6QAbvyCRnxB476i"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: IkmTQ5GoCWKdXh-M35s1pdAFWT219vsvpCgRuYHoZEig7ZZ7hJhyNw==
x-hubspot-correlation-id: b3278f3c-09d5-4097-b25d-4084d11105d8
content-type: text/css
last-modified: Tue, 29 Oct 2024 11:28:06 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-6548769dcd-pl227
x-envoy-upstream-service-time: 268
x-amz-request-id: R7ZQ6Y0E54AK8CG4
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 06:04:56 GMT
vary: origin, Accept-Encoding
x-amz-id-2: OZJtPauzLWzl5SYHUmX+9bLLyjSTavj3rdnNePUTwbT5EWdOWDWtS5FYzQ5wuB+XWkYIdsvfSXk=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.hunters.security
access-control-allow-credentials: false
via: 1.1 0fbab52df0695e2a561cd26eb7f9484c.cloudfront.net (CloudFront)
cf-ray: 8deb20f74ce9743c-MIA
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1730201285365

GET
H2 200 aos.css
www.unpkg.com/aos@2.3.1/dist/ 25 KB
4 KB 155ms
39ms Stylesheet
text/css 2606:4700::6811:f5cb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.unpkg.com/aos@2.3.1/dist/aos.css

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:f5cb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1aa8845fd06e475aefe733d4e55b36a92fcd487975049c8172341827ac9cc03e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

content-encoding: br
cf-cache-status: HIT
etag: "65c5-BVfTdFS2f0LyyxAeV+UHD7EZNXA"
age: 17600995
x-content-type-options: nosniff
date: Thu, 07 Nov 2024 06:04:56 GMT
content-type: text/css; charset=utf-8
last-modified: Thu, 17 May 2018 22:11:13 GMT
fly-request-id: 01HVP1ZW1S8BJ3ZQDJFR7TV77J-mia
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=31536000
via: 1.1 fly.io
cf-ray: 8deb20f7fb4531d2-MIA
access-control-allow-origin: *
server: cloudflare

GET
H3 200 slick-theme.css
www.hunters.security/hubfs/Theme%20-%202022/Coded_file/ 4 KB
2 KB 68ms
64ms Stylesheet
text/css 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hubfs/Theme%20-%202022/Coded_file/slick-theme.css

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

238b1cf831e99615cf4d403ccdecbc5a3a615f2f0f8e92179cc69f9ec7d60b0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"ac139110825d34d1df5de4182f5faa12"
age: 1767032
cache-tag: F-69248747294,FD-69248485214,P-5765386,FLS-ALL
x-amz-version-id: z1bsZX54c1Duha0qf2GLwEA1Ju475_Hl
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s266KwsLYH3WHn2wSvph3RUTGdbaDhrU2LMyECyT0V4PF8BUT%2B5OFFsFq2l3%2B84J4td%2BsnfkYqqY13B99kajrEwlqPDyc9hgybYutRjHDtAI9RgB4jMJX8SpaM30qGZHvo72N%2B43"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-amz-cf-id: 68zAdFFOUppVj-W02B5vBeI8F94v6idaXNhWIW4khpBY3zQolHlPkg==
content-type: text/css
last-modified: Wed, 06 Apr 2022 12:25:58 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-69248747294,FD-69248485214,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: YXZVXF1QW6CX7Y70
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-69248747294,FD-69248485214,P-5765386,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
date: Thu, 07 Nov 2024 06:04:56 GMT
vary: Accept-Encoding
x-amz-id-2: GM6wl6JKn4dOdTKlCNTgrnthU+EvVBF9lyBkpMWPgHL1Ov8BFdqLZT3DSiuBZ+T7K+eXHTzRKVxu+fHMsVs9l8t93nGSPZp+
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 651cf5d0a06c74ce46a4d577371d508c.cloudfront.net (CloudFront)
cf-ray: 8deb20f74cea743c-MIA
access-control-allow-origin: *
x-amz-cf-pop: MIA3-P2
x-amz-meta-created-unix-time-millis: 1648029640205

GET
H3 200 easy-responsive-tabs.min.css
www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/114002466428/1688126129748/Hunters_Theme_May_2023/css/ 3 KB
2 KB 126ms
123ms Stylesheet
text/css 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/114002466428/1688126129748/Hunters_Theme_May_2023/css/easy-responsive-tabs.min.css

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

10dc028779c21e5b3f1bc41e19eaccdca81a38e53e7712439d271ceb6174f534

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-request-id: da3054ac-d7e7-485d-ac46-37478cbedf5b
content-encoding: gzip
cf-cache-status: HIT
etag: W/"9b3e369494f25ea9c18f4f72ef2213ec"
x-amz-version-id: BY9GNWlAAug9FlkNRr2aEQugpO0wA3Rx
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uupR38HfeGRbZKnGZzhgt3%2FuX2j%2BzpGLfUXRX145s7Qa8E2p9qgnpIGcoFXIMLkbpbrEs50l633rubW3oK9ACHRmxPwfU71FGwbNS720yWKcO7YMOKovj3AXECNtI8N1lc6Nre6B"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: WWTBoWi5dIRSC6OhMsb1XOZPoF0OZxALBEk5dWDQkm_tgTD6BKOBxw==
x-hubspot-correlation-id: da3054ac-d7e7-485d-ac46-37478cbedf5b
content-type: text/css
last-modified: Fri, 30 Jun 2023 11:55:31 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-lrfms
x-envoy-upstream-service-time: 212
x-amz-request-id: ME4Q72BJE1HN61X0
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 06:04:56 GMT
vary: origin, Accept-Encoding
x-amz-id-2: 0009zU4a8D7R4UP3epz30VQN7oJJqIC6LZk9zljsEylGD3ECHK+lUGKiyPzOvIzzQL7bLgU/IB8=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.hunters.security
access-control-allow-credentials: false
via: 1.1 263d97c176fc51d1d08116820c013de4.cloudfront.net (CloudFront)
cf-ray: 8deb20f74ceb743c-MIA
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1688126130469

GET
H3 200 prism.css
www.hunters.security/hubfs/hunters_theme_files/coded_files/ 6 KB
4 KB 75ms
71ms Stylesheet
text/css 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hubfs/hunters_theme_files/coded_files/prism.css

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2f352a7de3dda4ecc29be98eaf8ecf19731d7d68038058f5568e3117228b9a82

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"3dd7dff137c510bff50522c86539bb99"
age: 755556
cache-tag: F-176294964336,FD-176294964329,P-5765386,FLS-ALL
x-amz-version-id: oAon8SFHzDJTzJyzo0pdwPdI3oMcMiGJ
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XGt2vhd4VaVAApJDfwrId0UeFt9v%2BVwUGSE4lMOX0aaV%2BMumDy%2FjbPslhL1kQ%2BqMAG3AHB%2FIwHEgiU3sN6KLZOK2SC81QGTQ3aoOfVnxBgMnWkCI9oW8VXABEHoxliuJe2MzA11c"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-amz-cf-id: innnBmw3eB7DjiNKj6RMVyg5-ccRuTI5ip46AuVVJO8v43XsoaccNg==
content-type: text/css
last-modified: Wed, 21 Aug 2024 20:09:19 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-176294964336,FD-176294964329,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: HMCVXED03TCNWHN0
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-176294964336,FD-176294964329,P-5765386,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 06:04:56 GMT
vary: Accept-Encoding
x-amz-id-2: U1yxm5reF5IAEZBjRGbKlMc1wn0q7+thfcB7QGazkb0nCXTM34mrpUd8Updq4aJ/RSmZFrNScp4=
strict-transport-security: max-age=31536000
x-amz-meta-access-tag: public-indexable
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 e1f65ba06022d8499dfa37a9c3123554.cloudfront.net (CloudFront)
cf-ray: 8deb20f74ced743c-MIA
access-control-allow-origin: *
x-amz-cf-pop: MIA3-P2
x-amz-meta-created-unix-time-millis: 1724270958871

GET
H3 200 slick.css
www.hunters.security/hubfs/Theme%20-%202022/Coded_file/ 2 KB
2 KB 98ms
94ms Stylesheet
text/css 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hubfs/Theme%20-%202022/Coded_file/slick.css

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

de1e399b07289f3b0a8d35142e363e128124a1185770e214e25e58030dad48e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"f38b2db10e01b1572732a3191d538707"
age: 1258152
cache-tag: F-69248658105,FD-69248485214,P-5765386,FLS-ALL
x-amz-version-id: lv8LwiVh7O8FnrKTBtURlNZDqFrl1rNS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Bb9bc2BgZsKxxAg%2BcwTOkNEQejLDdPle5hRu%2BLx9bS88MJCLLWoEIO%2BQQjV%2B5RsynTBPYOhG2%2BcxITa4s67fUdlwuqs5X8QmeFfVPq7R1LdJm6Od3VAN3Bl1UcaHrSvQDhtfqOyz"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: l8Xt9ZS7h5zu7Ec9yy3gHpqnAX0FYkEoMBchbIOUiFF43uirchU_zA==
content-type: text/css
last-modified: Wed, 23 Mar 2022 10:00:41 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-69248658105,FD-69248485214,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: ZK8NK94XBMMD8KQY
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-69248658105,FD-69248485214,P-5765386,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
date: Thu, 07 Nov 2024 06:04:56 GMT
vary: Accept-Encoding
x-amz-id-2: MxgOMpbuJAnnxxKsDJriTaFNMgr7OoobWjx7NjBolk65DcyayFt4Y2B/+xybmlJKtsQD19vel+Y=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 5a60386eb046f88a482c3726fc19fb4e.cloudfront.net (CloudFront)
cf-ray: 8deb20f74cee743c-MIA
access-control-allow-origin: *
x-amz-cf-pop: MIA3-P2
x-amz-meta-created-unix-time-millis: 1648029640205

GET
H3 200 jquery-1.11.2.js Show response
www.hunters.security/hs/hsstatic/jquery-libs/static-1.4/jquery/ 94 KB
33 KB 71ms
67ms Script
application/javascript 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hs/hsstatic/jquery-libs/static-1.4/jquery/jquery-1.11.2.js

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"5790ead7ad3ba27397aedfa3d263b867"
age: 1259385
x-amz-version-id: null
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1AB%2B52LmR8eMblN8ODkLMF218p3ZET98uPLfuKlaXfiZLqStbNyUgIgafrxU1vEso%2FfhF31lI9wDseIf6KRELx6heel1lZaAtp9%2BWRSuGVzdhSbJ0QaVqheD7XGmb16HeVCavzuq"}],"group":"cf-nel","max_age":604800}
expires: Fri, 07 Nov 2025 06:04:56 GMT
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: uEMM1ScPMwgrF3CH6TqhydPDJPY9wsHav726f20uu-U9BS8RGRlCqA==
date: Thu, 07 Nov 2024 06:04:56 GMT
content-type: application/javascript
last-modified: Thu, 08 Jan 2015 18:08:00 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via: 1.1 15167ef85a9fc2764e4d5ca36adfffde.cloudfront.net (CloudFront)
cf-ray: 8deb20f74cef743c-MIA
x-amz-cf-pop: MIA3-P8
server: cloudflare

GET
H3 200 jquery-migrate-1.2.1.js Show response
www.hunters.security/hs/hsstatic/jquery-libs/static-1.4/jquery-migrate/ 7 KB
4 KB 69ms
66ms Script
application/javascript 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hs/hsstatic/jquery-libs/static-1.4/jquery-migrate/jquery-migrate-1.2.1.js

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

1e67d8dbcca1f6fd94e077c85c2fb40fa1c2756c99238daa8da882144260a68d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"eb05d8d73b5b13d8d84308a4751ece96"
age: 422370
x-amz-version-id: null
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yMCko%2FJNyqs9K4MzxdkFbVXf1Nze7drm3M%2FyZA3ZAj3wN9%2FCfC2QHbJk%2F5v56p2yTkbEMu8w2%2Fz2vc2ImEyhhEZ%2BwP8Q5xBoLkwhNPJ1UKKRwWSiARSN6waqwbcvgjvV4t1u%2BiMY"}],"group":"cf-nel","max_age":604800}
expires: Fri, 07 Nov 2025 06:04:56 GMT
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: 5ZBZ8qakZpb1Cqy9KATuGgFrsQfttZfcB4Lut1inDY7WDvWMKGv-SQ==
date: Thu, 07 Nov 2024 06:04:56 GMT
content-type: application/javascript
last-modified: Thu, 08 Jan 2015 18:08:00 GMT
vary: accept-encoding
strict-transport-security: max-age=31536000
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via: 1.1 1474adcc0e66c9223c69479a37c85e70.cloudfront.net (CloudFront)
cf-ray: 8deb20f74cf0743c-MIA
x-amz-cf-pop: MIA3-P8
server: cloudflare

GET
H3 200 blog.css
www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/133487975192/1725515743800/Hunters_Theme_May_2023/css/ 32 KB
9 KB 128ms
125ms Stylesheet
text/css 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/133487975192/1725515743800/Hunters_Theme_May_2023/css/blog.css

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2f6f9f7221a54fc4900e4ed44711c25b3370354baf336529033882586d75152c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-request-id: af564cfa-a58c-4f68-8164-e16fac4ff7ca
content-encoding: gzip
cf-cache-status: HIT
etag: W/"7fe698814a172c18a2c5ba080260505c"
x-amz-version-id: BOWJ5B2WfnjK5WqpTgULzR0J2MoyWeP_
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KMY7UQKe3oFldiqKLHQ%2FhcFlTihgiROOjdXbNIz%2BevzKQxgsaWLvlCkX90Vr2wXdm5QhI3h7bCrIudzSIdsergW8muYRPFQ9CWpWIb8B0sLlDqf3tY%2FHUy3Coi9xSKS092Q%2FBJKk"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: gcyKXT7yf0pOwMERmaozLUcxn-8I53a8s3jXGZ-jOLaEUOOlDGteyQ==
x-hubspot-correlation-id: af564cfa-a58c-4f68-8164-e16fac4ff7ca
content-type: text/css
last-modified: Thu, 05 Sep 2024 05:55:44 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-6548769dcd-l49l8
x-envoy-upstream-service-time: 175
x-amz-request-id: 80BQ6AW1Z333ZQD4
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 06:04:56 GMT
vary: origin, Accept-Encoding
x-amz-id-2: xjapiRD5e4sAX/7ekme1lgdfNv5F8xv2JgYpBVveTla5Dh94KDqMtjsMee6ynMGVWc6qmOKI+aE=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.hunters.security
access-control-allow-credentials: false
via: 1.1 6b7e1e42d74fd61097787cc6c1a37c34.cloudfront.net (CloudFront)
cf-ray: 8deb20f74cf1743c-MIA
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1725515743800

GET
H3 200 magnific-popup.min.css
www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/130719549746/1693291612591/Hunters_Theme_May_2023/css/ 5 KB
3 KB 128ms
125ms Stylesheet
text/css 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/130719549746/1693291612591/Hunters_Theme_May_2023/css/magnific-popup.min.css

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3d92e113ac3031b838001ddddf965d045f470ff748ff2e116b30378910eeaecb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-request-id: ed26a8ab-858d-4410-ba19-a54e13de0d4a
content-encoding: gzip
cf-cache-status: HIT
etag: W/"64912a79884a20761ab19de42f85218c"
x-amz-version-id: Xjt7jqVG9NhQHsz_IZzhHZq6jRGc4F63
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cz6lanunnwbg3PeQZtOnMYirgn50a2JQY6wizWwJWW4PnCd1k0sZZlIVSbJD18Y3t439bcJL748s1JZcNqEeu7BCCwwUEmGTv9ygBM3Bddhdb%2B1en1wmiAPAUMe3RK7hJdRf8j%2FR"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: zxMbGwZ_ScF8yc413lxQBsZ7QQhWS1tI1SIrdOQN67qUXx2CKb4AoA==
x-hubspot-correlation-id: ed26a8ab-858d-4410-ba19-a54e13de0d4a
content-type: text/css
last-modified: Tue, 29 Aug 2023 06:46:53 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-lrfms
x-envoy-upstream-service-time: 301
x-amz-request-id: FS9GGX2JRNCNZ409
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 06:04:56 GMT
vary: origin, Accept-Encoding
x-amz-id-2: TcrmpozCSMC0jHIss4g8I6OYvhT91II4znr8MbIQqNz2s0BTta1WZ5DbqabGCYacBsFcT3RhTJE=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.hunters.security
access-control-allow-credentials: false
via: 1.1 14d757a67b913f1bc93427e69819362c.cloudfront.net (CloudFront)
cf-ray: 8deb20f74cf2743c-MIA
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1693291612591

GET
H3 200 easy-responsive-tabs.min.css
www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/114002466428/1693291614672/Hunters_Theme_May_2023/css/ 3 KB
2 KB 128ms
125ms Stylesheet
text/css 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/114002466428/1693291614672/Hunters_Theme_May_2023/css/easy-responsive-tabs.min.css

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

10dc028779c21e5b3f1bc41e19eaccdca81a38e53e7712439d271ceb6174f534

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-request-id: 386e71d0-0af9-49f4-9a44-96ee6aa15786
content-encoding: gzip
cf-cache-status: HIT
etag: W/"9b3e369494f25ea9c18f4f72ef2213ec"
x-amz-version-id: WRfDjq3ykki5RbUHXjGTj2jUB4D3Ghw8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OFtf7bEeerX2BPrMG8Erjpn6YPoQjEK2UU1pO8foPKc8UxBIG7S0O4csqhTOKyG3p3yajXcpBJOsIVfplheIqo6Oeh%2Fa6Ud1ZDGzaMJMuZe4iZmt1jwj9id6tyg5VNg9x1GV6I5l"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: 1_KX9HLk5gk8d_cf3aYneQ5PvASHCioD4sai1xqJtHMBx0Rzm2aeDw==
x-hubspot-correlation-id: 386e71d0-0af9-49f4-9a44-96ee6aa15786
content-type: text/css
last-modified: Tue, 29 Aug 2023 06:46:56 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-6548769dcd-cqlxj
x-envoy-upstream-service-time: 220
x-amz-request-id: G4VEQQ71RVZPNKCF
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 06:04:56 GMT
vary: origin, Accept-Encoding
x-amz-id-2: rLqq/NQduw37PiOYr+T2c9nGLJNvgGqXuuLL6OzFQgAIspd3/xPIrcOq2VQQuETskzYXu50eUjetZonmnY1D7EzXEGIWX4vslKgl5/CSp7s=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.hunters.security
access-control-allow-credentials: false
via: 1.1 50f5f6b4e0025748bb74dce1db44c750.cloudfront.net (CloudFront)
cf-ray: 8deb20f74cf3743c-MIA
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1693291615367

GET
H3 200 style.min.css
www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/127041525412/1728555178550/Hunters_Theme_May_2023/css/ 104 KB
24 KB 130ms
128ms Stylesheet
text/css 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/127041525412/1728555178550/Hunters_Theme_May_2023/css/style.min.css

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e639f213682c84c7ed4da94c224b65a4cfa532975476b44d6b3d22ae0ef8afc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-request-id: c2510047-dfbb-40dc-b368-67e0d5dc2ca3
content-encoding: gzip
cf-cache-status: HIT
etag: W/"3f0e6ccb2f417c511a3bf11d7ae9598f"
x-amz-version-id: lCcO0jaM1q_hQTtMrlUAIh_oSgGTbYQJ
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RjtcLdL4ko7SsMrP0%2Fyq10SOnjFN9CqOu5J2MquvveB1EiTZ2Yp%2FPD7lHQqVsbbAhsV5WfVtB2rWPIdQaZ6O01OK%2FyVMGAmQ%2BZP%2FiOLmJ3MMbtLT%2B%2F573zi90KLleJz1OugzG62q"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: 0BvkW5GuIJb4yuDxl2hY_zO7G3f6cIEgz07vjs6QGSZwCAHvEw8Vww==
x-hubspot-correlation-id: c2510047-dfbb-40dc-b368-67e0d5dc2ca3
content-type: text/css
last-modified: Thu, 10 Oct 2024 10:13:00 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-679cd85c5c-4hrwm
x-envoy-upstream-service-time: 179
x-amz-request-id: RRG3ZKNBF3Q259TG
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 06:04:56 GMT
vary: origin, Accept-Encoding
x-amz-id-2: evAg01DigPgMHj2rr8Mu07/o50QB3nnlfopV9YslZSdPd3yGebvVtJlMxDMCPQusmKXX8J+DHzX7G4RqYWgLcg==
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.hunters.security
access-control-allow-credentials: false
via: 1.1 55b6418a8a2f714a67d8e4d292154ef2.cloudfront.net (CloudFront)
cf-ray: 8deb20f74cf4743c-MIA
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1728555179664

GET
H3 200 additional_style.min.css
www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/127040996237/1704720085106/Hunters_Theme_May_2023/css/ 34 KB
8 KB 130ms
127ms Stylesheet
text/css 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/127040996237/1704720085106/Hunters_Theme_May_2023/css/additional_style.min.css

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

24af0aa554afc559dd1f59f21a2cb05e7fc668adced9605b05f5807df02585e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-request-id: 5e85986b-cd96-4a6b-a272-cc5660686df7
content-encoding: gzip
cf-cache-status: HIT
etag: W/"1a4540ab849cb164a15d24bd841a965f"
x-amz-version-id: _j1ADJ6juhLyBYdBUKdlkTK.32G8Aa2B
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O9b1%2B7X5a3eS63pF4fsBqkO3Oef66TbLdN0c95KNnLjPd62NTGYpahykXfn2nFvTNKz%2Fc9GmrXoP6xQSjedxtoqpMVkKSt6KoyzaGu8ycwKVSgInfmgJY8Qdoq1Y%2FXlR7ldK8caS"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: Uzajtv1q08xlXoYgLiLWOVrsBuLdhcu-yXZlHqRtb5pNeRjzOpw9QQ==
x-hubspot-correlation-id: 5e85986b-cd96-4a6b-a272-cc5660686df7
content-type: text/css
last-modified: Mon, 08 Jan 2024 13:21:27 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-7849459c5c-dcvwg
x-envoy-upstream-service-time: 192
x-amz-request-id: A3DGKZH0TRJ51Y86
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 06:04:56 GMT
vary: origin, Accept-Encoding
x-amz-id-2: XtipC8jGSMdWF4IBy7yb8rBwgz+Wwnm1j4yhSuV7y3QlBbNuIkrVrRIDzW3Z0cQs9dgdVdYyUwg=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.hunters.security
access-control-allow-credentials: false
via: 1.1 6b7e1e42d74fd61097787cc6c1a37c34.cloudfront.net (CloudFront)
cf-ray: 8deb20f74cf5743c-MIA
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1704720086029

GET
H3 200 theme-overrides.min.css
www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/113858809947/1693977471236/Hunters_Theme_May_2023/css/ 13 KB
4 KB 133ms
130ms Stylesheet
text/css 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/113858809947/1693977471236/Hunters_Theme_May_2023/css/theme-overrides.min.css

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

6b1d913f0ef5cc8fd8d0c483772f5d511071ccc1d441f64292fb7659616f5b79

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-request-id: aad56fac-bc6e-4812-97dd-9a0098537cf2
content-encoding: gzip
cf-cache-status: HIT
etag: W/"55ca2988b2dcdc64c0d28ce220832d86"
x-amz-version-id: MwZEdO.RtzwbqpCFNnZDvkHS1VL3JhKQ
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AvdJuNr5uYChL0V5aAq%2BcUmkeIAf01%2Bgz6qRMDaw2AJ%2FGZHZRxp0rynzr4c2kGrG8Z1TVkPTOwAzWkDZRSb88rWL0smi2pjw4GdZatnSJnlaXiG9WfeOLPsn%2B%2B4lv3vjNW9TgIAz"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: Tkxd44tIRvyV5mIV1-B2sCQpZ7afNZS6Xw7Cp7PulIHor4F9FoMk9A==
x-hubspot-correlation-id: aad56fac-bc6e-4812-97dd-9a0098537cf2
content-type: text/css
last-modified: Wed, 06 Sep 2023 05:17:52 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-x5qbk
x-envoy-upstream-service-time: 182
x-amz-request-id: GS3M3CG023XVTVF1
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 06:04:56 GMT
vary: origin, Accept-Encoding
x-amz-id-2: lDg8ER2ZI5ppt5Dgq1lV3GWNdWzmJl6YEK4KXg6ZLLFhvS3KsjdWFyGbkfNyOhSD9en97IM6R3Y=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.hunters.security
access-control-allow-credentials: false
via: 1.1 6b7e1e42d74fd61097787cc6c1a37c34.cloudfront.net (CloudFront)
cf-ray: 8deb20f74cf7743c-MIA
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1693977471960

GET
H3 200 module_177021600416_Blog_Table_of_Content_Sidebar.min.css
www.hunters.security/hs-fs/hub/5765386/hub_generated/module_assets/177021600416/1725602140791/ 2 KB
2 KB 133ms
131ms Stylesheet
text/css 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hs-fs/hub/5765386/hub_generated/module_assets/177021600416/1725602140791/module_177021600416_Blog_Table_of_Content_Sidebar.min.css

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

35c55b14508fa6bc876713dc6ca5b0cdd84333a1294b12d9ccff89d3784e4259

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-request-id: 1428350e-6eb4-4841-9197-1ecf86a6f3c0
content-encoding: gzip
cf-cache-status: HIT
etag: W/"b7cf312d99a3fc2fc8be3c954b38366d"
x-amz-version-id: hV5liPpT6zRMd22GBmtfRRZZhKsfBRQ7
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fcTD7NuEEDL%2FU5sfqJZHHlUxRxx5042UCHzfXhZQHn1DwRjp8fbo5t9aHOtti%2F%2F2eBworZMWkAEtW52g2Hv7g2DbTMJNxOqDxPqKQ3VYujYd42R0p4rN%2F854KRgvRLSCQQQQiary"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: OxT-QOQ0aINfl9SXNn4_KwCSusVSAU733yyUu4nOPp_95duor78nLw==
x-hubspot-correlation-id: 1428350e-6eb4-4841-9197-1ecf86a6f3c0
content-type: text/css
last-modified: Fri, 06 Sep 2024 05:55:41 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-7849459c5c-j4svf
x-envoy-upstream-service-time: 192
x-amz-request-id: WG92K9EFTM38QWNS
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 06:04:56 GMT
vary: origin, Accept-Encoding
x-amz-id-2: nPIw4ayqH0s7PB8yIRHdP1pGRCHqq2x62UqeumfjsTkHpF/vfkhM2PeGt9R+vFIsgaS6KQpFznc=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.hunters.security
access-control-allow-credentials: false
via: 1.1 6129f7f4feb0c02da809b6ee7e340b18.cloudfront.net (CloudFront)
cf-ray: 8deb20f74cf8743c-MIA
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD61-P1
x-amz-meta-created-unix-time-millis: 1725602140791

GET
H3 200 module_127063834721_related-post-listing-blog.min.css
www.hunters.security/hs-fs/hub/5765386/hub_generated/module_assets/127063834721/1725535151579/ 669 B
2 KB 133ms
131ms Stylesheet
text/css 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hs-fs/hub/5765386/hub_generated/module_assets/127063834721/1725535151579/module_127063834721_related-post-listing-blog.min.css

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

23a2777cbbd78b114125c9276a3b42d568e17909104309e46e94dd2d93b3abd3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-request-id: 973ccdc3-ad51-4a34-975c-c666e1a922fb
content-encoding: br
cf-cache-status: HIT
etag: W/"70d8f9f86b8f7fcd77f9fd2c13570bad"
x-amz-version-id: W5A2p7cZ_X1j2YSgonU9jjISRW1FRQ7Y
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zIqwTQEWh87FnwwYFOQE0pPPJPm7Bi1HwcRjEhNUmB2BjmxlZv8mpQQRd5EjSVHalgHwDI7qsgBjSHtfk6nr2R%2F8QxeUmKTrcbye%2FEcycCxFk0WR8INNalUEI5iQ9DbDrAL5bLkV"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: SUL7EVygry2HgRCgCOuKaNdPWdkxdZ5Fsc52ynfp2VxaEB7NFZjsIA==
x-hubspot-correlation-id: 973ccdc3-ad51-4a34-975c-c666e1a922fb
content-type: text/css
last-modified: Thu, 05 Sep 2024 11:19:12 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-7849459c5c-rnmfs
x-envoy-upstream-service-time: 190
x-amz-request-id: WG90FCXKJA800K7Z
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 06:04:56 GMT
vary: origin, Accept-Encoding
x-amz-id-2: h7D6rw/J2AeFx/i1w5+Mt1pu1XigLUkBxr3p7VbrQE6II8c+awHGfNKkciAxfcnJhCIFf5lOdVU=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.hunters.security
access-control-allow-credentials: false
via: 1.1 6946167499a4b8f515865d62f0b0b284.cloudfront.net (CloudFront)
cf-ray: 8deb20f74cf9743c-MIA
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD61-P1
x-amz-meta-created-unix-time-millis: 1725535151579

GET
H2 200 in.js Show response
platform.linkedin.com/ 510 KB
160 KB 280ms
58ms Script
text/javascript 2600:1408:c400:5::17c7:3716
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.linkedin.com/in.js

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1408:c400:5::17c7:3716 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Play /

Resource Hash

632ae2a19dd0817549172e38d37d628124c089c4466c0dca78378c8a78e3f1e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-li-pop: prod-ltx1-x
cache-control: public, max-age=3600
content-encoding: gzip
x-cdn: AKAM
x-li-fabric: prod-ltx1
x-content-type-options: nosniff
expires: Thu, 7 Nov 2024 06:59:04 GMT
x-li-uuid: AAYmTFTw5SU8DiyDNUmYlw==
x-li-proto: http/1.1
content-length: 163631
date: Thu, 07 Nov 2024 06:04:57 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
server: Play
x-cdn-client-ip-version: IPV6

GET
H3 200 black-logo.svg
www.hunters.security/hubfs/Imported%20images/ 2 KB
2 KB 61ms
56ms Image
image/svg+xml 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hunters.security/hubfs/Imported%20images/black-logo.svg

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

368406900c890220c314afd610820f1e635e69e4d3e0275ec060057865f563c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"88d1cec7ef908496d2e8aa6c03895c82"
age: 99358
cache-tag: F-71680581388,FD-36925193306,P-5765386,FLS-ALL
x-amz-version-id: VnnFkSmT.uR334htBJTUR8Yrxz9yrp6X
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XFDCQD08b3gikg791s%2Fj7kdpF18zx228xffn8gG%2BQKzTEVgcsxhsPtaLF83IZMrbrULGjc0jB90TXgbjp8arJ7ITpaGVK0xn8kk7qabgg9WkFLbPP7C%2FtW5mI29%2B85edR90Zo17i"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-amz-cf-id: IocEmPbFKziSdZwIs4ZyjWwX8i51YfyDSJEJQAGoFDfqHxIFZZ7L_A==
content-type: image/svg+xml
last-modified: Fri, 22 Apr 2022 05:21:19 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-71680581388,FD-36925193306,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: 3DGW0Y1GFTYZ0KT2
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-71680581388,FD-36925193306,P-5765386,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
date: Thu, 07 Nov 2024 06:04:57 GMT
vary: Accept-Encoding
x-amz-id-2: wJTBO9DeC3OhjRv0MYJyfDTQq9X8qISPruL3QHTfttIzUlRGD4W6NtKJhxPm5NCicwc8vQgzp1AcllSfQcv198lrkrN7wrw8lAAOlZUgoA0=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 18133da1ea724d113c4123fb3f20be9e.cloudfront.net (CloudFront)
cf-ray: 8deb20fa2f34743c-MIA
access-control-allow-origin: *
x-amz-cf-pop: MIA3-P2
x-amz-meta-created-unix-time-millis: 1650604878426

GET
H3 200 Detect%20and%20Investigate%20Threats%20in%20Snowflake%20%282%29.jpg
www.hunters.security/hubfs/ 31 KB
32 KB 114ms
114ms Image
image/webp 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hunters.security/hubfs/Detect%20and%20Investigate%20Threats%20in%20Snowflake%20%282%29.jpg

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2e83074dd815b9adf43a1ca073b8dc0bc6eeccb0f9c008f3a06d20dec5f335d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: all
cf-cache-status: HIT
etag: "66ed83a351c121127084476f9674b6d0"
age: 755556
cache-tag: F-179140737673,P-5765386,FLS-ALL
x-amz-version-id: Maw0BuDHzbRRELulH0YPDGOu5COlFzpu
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PV6hEZR%2FkF6CXyHVoOplUsHd1UZixxf6N8DJJcsahPagthqH9TDHbuvEseJgInsv3gSB4nrhiMVMWpEwRRcP0UaEUnIs%2F0eEmNZKWgQ9U5%2BcTXTkBwFyIGJjWNHhkhwB2Rlt3yqP"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-amz-cf-id: zrdBq-YNMVE5kwJ2k35MTsXbotC1ps6Y5QmCPocxnxpHPkDXhoqsfA==
content-type: image/webp
content-disposition: inline; filename="Detect%20and%20Investigate%20Threats%20in%20Snowflake%20%282%29.webp"
last-modified: Sun, 22 Sep 2024 12:00:20 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-179140737673,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: T783R9J6ER30XVQ1
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
x-amz-meta-cache-tag: F-179140737673,P-5765386,FLS-ALL
content-length: 31702
x-hs-alternate-content-type: text/plain
server: cloudflare
x-amz-server-side-encryption: AES256
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
cf-polished: qual=85, origFmt=jpeg, origSize=169098
date: Thu, 07 Nov 2024 06:04:56 GMT
vary: Accept, Accept-Encoding
x-amz-id-2: k4qT2bYXOA2Jgx6ftW6rx1qkPRAT3IeQ+lINc0RO2W/oQXL6dSG4lUY+6ldFiTsg+qKUAFNntYiJ93iV5gzhmRLqY3kV/RLk6BKDmao1f2A=
strict-transport-security: max-age=31536000
x-amz-meta-access-tag: public-indexable
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 111ebfb08854e3536ddd29ae1254b43e.cloudfront.net (CloudFront)
cf-ray: 8deb20f76d12743c-MIA
access-control-allow-origin: *
x-amz-cf-pop: MIA3-P2
x-amz-meta-created-unix-time-millis: 1727006419050

GET
H3 200 Featured%20images%20%289%29.png
www.hunters.security/hubfs/ 195 KB
197 KB 116ms
115ms Image
image/webp 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hunters.security/hubfs/Featured%20images%20%289%29.png

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3c23c888b01855d9310b1a569def2623503bcc2a81327955f0a824c6f722b278

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: all
cf-cache-status: HIT
etag: "2ac3620fd903a59ff0b19fe172b6087d"
age: 755555
cache-tag: F-164070765938,P-5765386,FLS-ALL
x-amz-version-id: IaNtUqfmHGRaI2nvOMBv6G5rNRuIfCwI
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f8EjxWtAA5Sj2TbtWwpIinCEcQdpaP%2FwdoR511tceL4HGx7gGb5sEkFMghs2QkIwo6Gf1oOWgXhmLp0CYdthI2sKFWEbHM9xTcMi1ustcOSpCcPYCu6MpqbpGiHrGjO3uRX%2FV0qJ"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: F05KOAt0ApoQPk8PIousiWlysteo2gXRvFE3to3F7aVISTI7uDDo-w==
content-type: image/webp
content-disposition: inline; filename="Featured%20images%20%289%29.webp"
last-modified: Wed, 10 Apr 2024 18:41:29 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-164070765938,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: ZM704TGNEXS5JCSA
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
x-amz-meta-cache-tag: F-164070765938,P-5765386,FLS-ALL
content-length: 200090
x-hs-alternate-content-type: text/plain
server: cloudflare
x-amz-server-side-encryption: AES256
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
cf-polished: origFmt=png, origSize=298563
date: Thu, 07 Nov 2024 06:04:56 GMT
vary: Accept, Accept-Encoding
x-amz-id-2: 68RfdhWif1ziFb2zPQcEf/fNRxi44BmGj6rITeqF3Pww6gYEnY2of9/AnufesBOdnKwlHhOTp5R9jPlt0LwC/X62un2Jalnc
strict-transport-security: max-age=31536000
x-amz-meta-access-tag: public-indexable
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 ea17bb5c24692755a274a9116072570a.cloudfront.net (CloudFront)
cf-ray: 8deb20f76d17743c-MIA
access-control-allow-origin: *
x-amz-cf-pop: MIA3-P2
x-amz-meta-created-unix-time-millis: 1712774488375

GET
H3 200 Featured%20images%20%287%29.png
www.hunters.security/hubfs/ 176 KB
178 KB 56ms
55ms Image
image/webp 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hunters.security/hubfs/Featured%20images%20%287%29.png

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f69bcd585affafad0635a9037adb2fcfd915699c3de54326f0efd20616e53d5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: all
cf-cache-status: HIT
etag: "78236630afaedde1b030b89a3307c3d8"
age: 55089
cache-tag: F-156189238030,P-5765386,FLS-ALL
x-amz-version-id: jvPhEmmB1qc7coTrNsEVbgDU6J5QSyXH
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JaZp%2FLOmiU8x2nd3O2hMrZWckAl5Qay9fkH%2BdvNwE4ndHnmZ4hFotgGivbnqYJYf8Gvxi0YYUn%2B46yU66YGwveWwiYdUs9p39%2FEymcqorSTf3uawwrmStv59fS9iGxmuALNQmCzL"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-amz-cf-id: QwiHtje70xbt3rz3KF_-_ughFR_Pgc_iBvjriBR-OsRBaZGlJ6m6YA==
content-type: image/webp
content-disposition: inline; filename="Featured%20images%20%287%29.webp"
last-modified: Thu, 08 Feb 2024 19:24:29 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-156189238030,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: XH4MPN3HMQH0YRX0
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
x-amz-meta-cache-tag: F-156189238030,P-5765386,FLS-ALL
content-length: 180648
x-hs-alternate-content-type: text/plain
server: cloudflare
x-amz-server-side-encryption: AES256
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
cf-polished: origFmt=png, origSize=266067
date: Thu, 07 Nov 2024 06:04:57 GMT
vary: Accept, Accept-Encoding
x-amz-id-2: APMFLrKaYnWeu1MGbgC8CvIXVHFY1rpamJg2FiJ59ymkEMd9aCxM++aUy9Z9kxZMM45TNtb3fl8=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 65517ef93bd405f25128444b5366724e.cloudfront.net (CloudFront)
cf-ray: 8deb20f83dc5743c-MIA
access-control-allow-origin: *
x-amz-cf-pop: MIA3-P2
x-amz-meta-created-unix-time-millis: 1707420268607

GET
H3 200 Featured%20images%20%286%29.png
www.hunters.security/hubfs/ 210 KB
211 KB 61ms
60ms Image
image/webp 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hunters.security/hubfs/Featured%20images%20%286%29.png

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ede5de999081588cb095a1acf05bbed529c06278912c2318b74b6141b617ecec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: all
cf-cache-status: HIT
etag: "084a75b29c6059fa0357d14d117823e9"
age: 55089
cache-tag: F-147477662849,P-5765386,FLS-ALL
x-amz-version-id: _8t30zuhoETPchdomPCUql6RbdJTwB_r
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q3Qc9ot8I53Lyg23a6nc05udrIxz8jCJNksqTjxmDLJDOpiVBLk09Gds3zINRuzYyktmNzCDDsThTunp2i1YvWBY%2F7k4ihRKj59q2%2BbDopjs8nTkdUh2fo6G7cPk9KavY1o4yW%2Fo"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: wDPz0-csHywJI9eAWqXcXSFbqDTgfS_9Ixj8bYJ4d5TMKfM8xPn8eQ==
content-type: image/webp
content-disposition: inline; filename="Featured%20images%20%286%29.webp"
last-modified: Mon, 27 Nov 2023 21:17:17 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-147477662849,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: SQ80M1PQWRFZVJFM
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
x-amz-meta-cache-tag: F-147477662849,P-5765386,FLS-ALL
content-length: 214682
x-hs-alternate-content-type: text/plain
server: cloudflare
x-amz-server-side-encryption: AES256
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
cf-polished: origFmt=png, origSize=320939
date: Thu, 07 Nov 2024 06:04:57 GMT
vary: Accept, Accept-Encoding
x-amz-id-2: DnT83620iUd8uzPEmU9kdmZPYDcqQWBh2cM1xbY2NVqL3XtRQwrXw3WkFsn0sYNruvg6jbhgETQ=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 5a60386eb046f88a482c3726fc19fb4e.cloudfront.net (CloudFront)
cf-ray: 8deb20f85de4743c-MIA
access-control-allow-origin: *
x-amz-cf-pop: MIA3-P2
x-amz-meta-created-unix-time-millis: 1701119836657

GET
H3 200 Featured%20images%20%285%29-2.png
www.hunters.security/hubfs/ 197 KB
198 KB 55ms
55ms Image
image/webp 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hunters.security/hubfs/Featured%20images%20%285%29-2.png

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b83025c6af427c862bf1f6599330a1dff8ea8effa9bd200614b5e7a6fed36c64

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: all
cf-cache-status: HIT
etag: "5e71f6e99d836fd4c727f0183a9f7de5"
age: 233385
cache-tag: F-140864712274,P-5765386,FLS-ALL
x-amz-version-id: .kW3g32t9JHA4lbGsCfqupyqElRZSFMj
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4lTnC1i%2FvOsD0N9cS6%2BZl%2FP0OhfjSdk2Wd9l16IoTMrMU347H0xLLYOWdVH%2BcCPvWCSwYWvQNYs02avIl8IirnZqYZV6eEvVdhEZWzf2bf2GaUn06GreYUPacNguqeBOExdX3wUD"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: 0RFuCSIp_g9fZbdRewqRsbLhH7H5kZTgh3FheOF_1RajYXZrTtvW-g==
content-type: image/webp
content-disposition: inline; filename="Featured%20images%20%285%29-2.webp"
last-modified: Wed, 18 Oct 2023 21:04:33 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-140864712274,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: 0Q6WYE2987Q1DCE2
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
x-amz-meta-cache-tag: F-140864712274,P-5765386,FLS-ALL
content-length: 201218
x-hs-alternate-content-type: text/plain
server: cloudflare
x-amz-server-side-encryption: AES256
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
cf-polished: origFmt=png, origSize=298115
date: Thu, 07 Nov 2024 06:04:57 GMT
vary: Accept, Accept-Encoding
x-amz-id-2: hjdjJEvnSTFWQiD/Kegy0GAr4OV4uP9f57Te92AaCvnSPusojLGRjVmhvMMAT4kYwsjqwFpSkXY=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 34fecb651efaeb1f6068e51395af55e2.cloudfront.net (CloudFront)
cf-ray: 8deb20f8be1d743c-MIA
access-control-allow-origin: *
x-amz-cf-pop: MIA3-P2
x-amz-meta-created-unix-time-millis: 1697663072549

GET
H3 200 magic-mouse.min.js Show response
www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/126882284593/1693291612618/Hunters_Theme_May_2023/js/ 7 KB
4 KB 88ms
87ms Script
application/javascript 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/126882284593/1693291612618/Hunters_Theme_May_2023/js/magic-mouse.min.js

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

91f0116d893ce32487b8b683a408b135c15809c7e1b3d8d26bdb5889126f2077

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-request-id: e84e6b8a-7bd6-424b-9c0e-7d595bf892e6
content-encoding: br
cf-cache-status: HIT
etag: W/"54c961291b27575b217ab9dc804ff844"
x-amz-version-id: nkLfko.VU99ei9urIHGN_QjnPno3EX44
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6Fi5VpwgWYidgbNtNpJWop%2FQaTOGwwJAfS2CL0kaPicMUxfshkasLdH3uGxTzuGeFbrKmd9JmVA%2Byr2zHoS%2FOYe1X2uaURKksc%2B%2BDDVCdcOrYqe28gZkxVndw890KBm5BifbLjFh"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: S83_kQP_Z87v870jNF8WeGiPK4UPfg3wQLROhgQzYm66nE8TCVEdrQ==
x-hubspot-correlation-id: e84e6b8a-7bd6-424b-9c0e-7d595bf892e6
content-type: application/javascript; charset=utf-8
last-modified: Tue, 29 Aug 2023 06:46:53 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-6548769dcd-6k429
x-envoy-upstream-service-time: 195
x-amz-request-id: TBG7A1DJX67CR9P6
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 06:04:57 GMT
vary: origin, Accept-Encoding
x-amz-id-2: SkqzBgjq+j46wJ6MPutlAmbxZxNB9z8t1dBBYNOCa2CQ2lTxC25VtHL1XuZUnTjdhle0YcpXPaY=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.hunters.security
access-control-allow-credentials: false
via: 1.1 fba666ceffdeb316c8edf476d8994bd4.cloudfront.net (CloudFront)
cf-ray: 8deb20f8fe4b743c-MIA
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1693291612886

GET
H3 200 jquery.magnific-popup.min.js Show response
cdnjs.cloudflare.com/ajax/libs/magnific-popup.js/1.1.0/ 20 KB
7 KB 76ms
39ms Script
application/javascript 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/magnific-popup.js/1.1.0/jquery.magnific-popup.min.js

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3fddc6d28aba3c13d64cfd4847c333ff48c71d4a5a58bd1a0494ca6ae8ac1bb4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "5eb03ed4-4ef8"
age: 1120495
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cFEUhh0Gh297FsYbNC2qQ6yez9iayHwcFKAaPM2CU2D3vEXlDbiTxkVwQXSm9rMgAi4PshahS6MpR7i6JYRHm6oskgk817noWDp05jN8KIKd0phnYg6jLiuIfkMmdU5kRaZY8j64"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Tue, 28 Oct 2025 06:04:57 GMT
alt-svc: h3=":443"; ma=86400
date: Thu, 07 Nov 2024 06:04:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 04 May 2020 16:12:04 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8deb20f98cfb333d-MIA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 6546
server: cloudflare

GET a076d05399.js
kit.fontawesome.com/ 0
0

GET
H3 200 modernizr.min.js Show response
cdnjs.cloudflare.com/ajax/libs/modernizr/2.8.3/ 11 KB
4 KB 47ms
46ms Script
application/javascript 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/modernizr/2.8.3/modernizr.min.js

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d2b82e612d2a812e8be2a57300dab8923c4f2edbe7a799e7da70791b595646fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "5eb03f26-2b4c"
age: 124907
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KY%2B6iam6ov0HSPZQ1hRgw8tJeMOB%2FbmJIwkD0n6biqDU5PSs3cFJnDo7yj258PHYUw0u9gD0f%2FP%2FupGnLnj8KgKOaRghu1YwmW3ustkcfAOTEZ6Kdh9mumhjEx1m%2B2BDe8d1Y3Lv"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Tue, 28 Oct 2025 06:04:57 GMT
alt-svc: h3=":443"; ma=86400
date: Thu, 07 Nov 2024 06:04:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 04 May 2020 16:13:26 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8deb20f9ed1b333d-MIA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 3980
server: cloudflare

GET
H3 200 prism-sql.min.js Show response
cdnjs.cloudflare.com/ajax/libs/prism/1.28.0/components/ 3 KB
2 KB 44ms
41ms Script
application/javascript 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/prism/1.28.0/components/prism-sql.min.js

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3fc5f8ce69950ec73adc972f061df42aaea78faa4864709134ea2adc083f3a33

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "625c25f1-651"
age: 15007857
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8gEgAE8AIbuCYwjXQ6bxap6DcJoqdD9Y%2BlQqKFmDhnwnF6uHsxAYAEgJpyqw05INw4yzEn2vCmSBYbVMvZchigH6F%2FHsT1fN48C4PRoozUNiwHJe4xDtAVrJjx0UL22FOCp3ufUr"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Tue, 28 Oct 2025 06:04:57 GMT
alt-svc: h3=":443"; ma=86400
date: Thu, 07 Nov 2024 06:04:57 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 17 Apr 2022 14:36:33 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8deb20fa2d3f333d-MIA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 1617
server: cloudflare

GET
H2 200 embed.js Show response
static.hsappstatic.net/content-cwv-embed/static-1.1293/ 13 KB
5 KB 115ms
40ms Script
application/javascript 2606:4700::6811:ac5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/content-cwv-embed/static-1.1293/embed.js

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:ac5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cb5224674e43d02db0037517f4aa29ba5ce9ddd0672e513cc7289714ba657522

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"f667e53d5752ee2e5759f3dfaf20d330"
x-amz-version-id: AFGFBaAC1397GFbOapH2DRIkjQ_NaZzY
age: 1259201
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ixNDz1Xqs7zxrp8Awe3azOMa89BZv1Ah5mVU1vbRXxe%2Bk1Ti32uMRDOUmfVvJXlJF2zV5GxTkUNYHQ4fNOjebXpkt8hL5ZciX%2FoWtv7%2B0h2DF83mpx7mltxcECLRXhq4kZL%2FFQt30mlgnzP%2BWsaxXvZyurM%3D"}],"group":"cf-nel","max_age":604800}
expires: Fri, 07 Nov 2025 06:04:57 GMT
x-cache: Hit from cloudfront
x-amz-cf-id: zWep2CrewDPaJFNoAeUbNFa6FVORrvSkna6RKs34ObTLUBMlE4SYag==
date: Thu, 07 Nov 2024 06:04:57 GMT
content-type: application/javascript
last-modified: Mon, 23 Sep 2024 19:59:06 GMT
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: COMPLETED
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via: 1.1 caafbc8a9aa04b09dd564a3ddef60622.cloudfront.net (CloudFront)
cf-ray: 8deb20faac425c69-MIA
x-amz-cf-pop: IAD12-P3
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 Owl-carousel.min.js Show response
www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/114356373127/1693291620234/Hunters_Theme_May_2023/js/ 40 KB
12 KB 94ms
89ms Script
application/javascript 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/114356373127/1693291620234/Hunters_Theme_May_2023/js/Owl-carousel.min.js

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc507001be80bda64a1378c7f6edce7a6fe445dd6712c4eeaed70db462a7e934

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-request-id: bcb1691f-29f8-452c-a8ae-0d7447980f5f
content-encoding: br
cf-cache-status: HIT
etag: W/"b563bf018685e7895cfd162d6dffaf88"
x-amz-version-id: v7yQPkPfKxlswQf6LteLuXRiDwl435C8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fn3BQMBVcDa3atLhiPjMlfByYvp5iXhuGn0Zx8PC7C1FJ8w%2BC%2FY77lrcnMUcu%2BplSxBkb0FUUKqPKlRSsJo4O2fajsjLjV8dWwoRsGpkiAbCeWW1sIFQcVEYiZm2uRDnWWKqTfQF"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: kilt-bo8MTgQTYbQx77RQoNuCTTkvW7aBGzKXhTFw2_2WhuB9mNR4w==
x-hubspot-correlation-id: bcb1691f-29f8-452c-a8ae-0d7447980f5f
content-type: application/javascript; charset=utf-8
last-modified: Tue, 29 Aug 2023 06:47:01 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-679cd85c5c-4cwxm
x-envoy-upstream-service-time: 242
x-amz-request-id: VKNHV867JM6PD87T
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 06:04:57 GMT
vary: origin, Accept-Encoding
x-amz-id-2: RXfZ60BHDWzG7fVMv42wIB7w70EW3ielDApIZTW6NYJJvOPJChV1ZkfJ3Uki/kiDCZxjtt6bLPc=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.hunters.security
access-control-allow-credentials: false
via: 1.1 3c324ded5bb9b770378ef373690c8a34.cloudfront.net (CloudFront)
cf-ray: 8deb20fa2f21743c-MIA
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD61-P1
x-amz-meta-created-unix-time-millis: 1693291620646

GET
H3 200 magnific-popup.min.js Show response
www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/127662486200/1693291616579/Hunters_Theme_May_2023/js/js_plugins/ 20 KB
9 KB 107ms
101ms Script
application/javascript 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/127662486200/1693291616579/Hunters_Theme_May_2023/js/js_plugins/magnific-popup.min.js

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3fddc6d28aba3c13d64cfd4847c333ff48c71d4a5a58bd1a0494ca6ae8ac1bb4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-request-id: 584f275d-501f-408b-9c89-24aadb7080e9
content-encoding: br
cf-cache-status: HIT
etag: W/"ba6cf724c8bb1cf5b084e79ff230626e"
x-amz-version-id: Al9aEv2E0deAwAfGacCRBEskazOldysU
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rVdHaflZkBjntticfXxSYa1KiLjoPr664bf1CrqnJ3IG%2B5q9Ylqf1lxBcWA0Sep7%2BL%2B8c60q7ArVNwkjoTzuPESDrXx3v%2BXFQsKgUXKYBl7fpf53wx1s8tpGpIqIESltwvmwrLhK"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: WYLPiBepEwg92HXmUQU2s1Uzh3oW-u8Z8twC_oxuKN1XElYMunQm5w==
x-hubspot-correlation-id: 584f275d-501f-408b-9c89-24aadb7080e9
content-type: application/javascript; charset=utf-8
last-modified: Tue, 29 Aug 2023 06:46:57 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-679cd85c5c-n6klc
x-envoy-upstream-service-time: 175
x-amz-request-id: XDAH3C7YFK56YJPZ
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 06:04:57 GMT
vary: origin, Accept-Encoding
x-amz-id-2: Xp9Upkt8HgGPIsM4ioCn5qj5qXWYv2vqidU5GKvJWXbh3i7Dzl9ll/CEx8Y3ItZufE8MEXEuWBfrusE+JxoNZ6QRrDPy9e3m25Gh5R56WSs=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.hunters.security
access-control-allow-credentials: false
via: 1.1 d640ec12547ee097cb75dd5bdc8787b8.cloudfront.net (CloudFront)
cf-ray: 8deb20fa2f24743c-MIA
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD61-P1
x-amz-meta-created-unix-time-millis: 1693291616579

GET
H3 200 mousewheel.min.js Show response
www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/127662695006/1693291622639/Hunters_Theme_May_2023/js/js_plugins/ 3 KB
3 KB 103ms
97ms Script
application/javascript 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/127662695006/1693291622639/Hunters_Theme_May_2023/js/js_plugins/mousewheel.min.js

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8e73a30d35c83ea6a597c3343324d2b7df097ad26e67b62efb5266ee12d317b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-request-id: fac49518-a37d-4204-876a-bb67820cf49c
content-encoding: br
cf-cache-status: HIT
etag: W/"d5843dbdc71ff8014a5eafd346a262da"
x-amz-version-id: EB4B3aQyiLb5JuXTAcZzRVAQLRHIpKLi
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bpHfucrvjhb%2Fy7CkgZThIVq2KWsxCAsem%2BqLQvnxKRALOgLFtIG7v%2FpbkKRnmh6o9vhaCELLp4Vg8%2ByGic5Ixm81lnBfltQRP9RDNywGRQLdDe6%2FrBUFAli0ipXnV0rnPE9BOZYp"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: AAqMFVHvq_z0a1J_-35Myy91DpZhvSvB4WboK6KUaZ_KPvgzv1OWhA==
x-hubspot-correlation-id: fac49518-a37d-4204-876a-bb67820cf49c
content-type: application/javascript; charset=utf-8
last-modified: Tue, 29 Aug 2023 06:47:03 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-7849459c5c-tm9g7
x-envoy-upstream-service-time: 166
x-amz-request-id: JWEVSESMCASJKJ7A
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 06:04:57 GMT
vary: origin, Accept-Encoding
x-amz-id-2: 0WSr+K8mCpu4xOHPwa9qary9ppwnMs8ER8oGvv+UxX7RnkhMYuleztgDusG67lZesYDlZ3zSjY5X8BZCNYFYb69wY6hQ5LBg
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.hunters.security
access-control-allow-credentials: false
via: 1.1 148f45d892bd2198be5295012ed59888.cloudfront.net (CloudFront)
cf-ray: 8deb20fa2f25743c-MIA
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1693291622639

GET
H3 200 aos.min.js Show response
www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/127662486199/1693291612611/Hunters_Theme_May_2023/js/js_plugins/ 14 KB
6 KB 125ms
119ms Script
application/javascript 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/127662486199/1693291612611/Hunters_Theme_May_2023/js/js_plugins/aos.min.js

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c29e718b023d06a8824bd6cc3d2856124f2c41af363a256936e7c7a79a4b8af

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-request-id: f730ab8b-4134-45f0-b115-3009a841d1eb
content-encoding: br
cf-cache-status: HIT
etag: W/"ede6e7843492ab4c25dcb5ff2fb243e0"
x-amz-version-id: WX4f.toIuFDPXZmixmFRY3dgQMbUPcRt
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3nmzFd29ZYNllaUmmvNFOEfr4NqyBti%2FMsxSfcf84YUY%2BmzBvih8o42zG6ZSRhTslSCoRrYhM19%2BGiIcMf1eL%2FEbIKshNp8IC67EpSObvcJSay5hrq4Pbaxbj%2FrhGR8UZIZPjoSt"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: Mfo0LP5zu2fJfMmxIx-OncNy1DCeUbBO8RGGur2SCoseL6rzUiROhA==
x-hubspot-correlation-id: f730ab8b-4134-45f0-b115-3009a841d1eb
content-type: application/javascript; charset=utf-8
last-modified: Tue, 29 Aug 2023 06:46:53 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-tjdnr
x-envoy-upstream-service-time: 167
x-amz-request-id: AXWQ750PBJ0359G6
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 06:04:57 GMT
vary: origin, Accept-Encoding
x-amz-id-2: 8HppHBTZ6iXtlfJyhU+nolHllkLtAq6GXVuZoUF21gchYmOmI70ZIEIwrEnbkBNwYlK6SqXqzsE=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.hunters.security
access-control-allow-credentials: false
via: 1.1 8fc9659fc06389e49927f68638e9bc94.cloudfront.net (CloudFront)
cf-ray: 8deb20fa2f26743c-MIA
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1693291612977

GET
H3 200 ScrollMagic.min.js Show response
www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/126882575644/1693291613854/Hunters_Theme_May_2023/js/ 17 KB
7 KB 125ms
120ms Script
application/javascript 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/126882575644/1693291613854/Hunters_Theme_May_2023/js/ScrollMagic.min.js

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

da9dad45994fa30a773ffd383f0daba950926e1c95fc807b644554825ac34bf7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-request-id: 40b40bdb-d333-409e-9c10-5037d0c04828
content-encoding: br
cf-cache-status: HIT
etag: W/"6ac0def42e0780c817de6097d1607a27"
x-amz-version-id: .pBAd2cfgI71wmAPubCRyFgyotetpu1F
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q6v70AsifH10AE5iEKtCuSDftX2H0LEoi8TVTMKg5vKQFs6zah0WU4Y6JDvkmfRh5PnsuUUIDdXXroRPHAUYmsgnWDLtq1WcrEwF%2FFVBH9QLIrSSbt8f5xy0YKeIvP1TTM6bwS9z"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: lP1f_qpHzRJQDaJY1bDMUG6aw2Cb9HKpmSEAgjcUTSbAvN4UnYbXEQ==
x-hubspot-correlation-id: 40b40bdb-d333-409e-9c10-5037d0c04828
content-type: application/javascript; charset=utf-8
last-modified: Tue, 29 Aug 2023 06:46:54 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-7849459c5c-tm9g7
x-envoy-upstream-service-time: 173
x-amz-request-id: 3N49KYCS474QK4XH
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 06:04:57 GMT
vary: origin, Accept-Encoding
x-amz-id-2: NVYwOEkgpabf6VyB4q+b+pu2GC6XWlCc3CXjajq10NuCSex/yqywphoO7zQ8R4g0gZClMuF+8zU=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.hunters.security
access-control-allow-credentials: false
via: 1.1 ed8e6c4476f2632eef2c7ce856161af0.cloudfront.net (CloudFront)
cf-ray: 8deb20fa2f27743c-MIA
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1693291613854

GET
H3 200 debug.addIndicators.min.js Show response
www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/126882549514/1693291622778/Hunters_Theme_May_2023/js/ 7 KB
4 KB 125ms
120ms Script
application/javascript 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/126882549514/1693291622778/Hunters_Theme_May_2023/js/debug.addIndicators.min.js

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

5c15402dcdd0b03490883b62681c0d676af10894c7ce55218650d0f3827c6f0f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-request-id: 769ee714-e316-4aca-8fc4-ffffd05ef139
content-encoding: br
cf-cache-status: HIT
etag: W/"2ca110d3d8bfbf577de0d2339e952d19"
x-amz-version-id: G_XOawQsOWl3pTEmVM.aigCXZh2FBzqq
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ueLbNVTmkcMOaUUuWHiuqOP8z9Y1ac1faxxevvgfRdsLu7ZE%2BBkI6Oj7UBi2f1%2BJ9cU7swg%2B%2Ff0R0zM%2BAWvHm8pj2MsnFu5DOdVUF1wCl0HJyVFr6jgANmQ%2Fcu5SYRBvRMc6L5n%2F"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: L1R6bGZiy2Ecb8d50p7n8moixqtX0S2Hy8DJuzBMk3kZwPZgW0qISg==
x-hubspot-correlation-id: 769ee714-e316-4aca-8fc4-ffffd05ef139
content-type: application/javascript; charset=utf-8
last-modified: Tue, 29 Aug 2023 06:47:03 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-6548769dcd-kwkrm
x-envoy-upstream-service-time: 197
x-amz-request-id: XG52EXZ5WRTTVR65
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 06:04:57 GMT
vary: origin, Accept-Encoding
x-amz-id-2: eXwlZB7taINwUC3OwTCGDpsEZv0TwykjSWIn2Nwo979TUvMnFU5xFKE+C5yrkfJvNLWis2hKqlXnas+BAP5QzSPPzO27LKIf
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.hunters.security
access-control-allow-credentials: false
via: 1.1 7fc4d53a17d950b206cd9fccf1108b8a.cloudfront.net (CloudFront)
cf-ray: 8deb20fa2f28743c-MIA
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1693291622778

GET
H3 200 easyResponsiveTabs.min.js Show response
www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/114370662982/1693291620440/Hunters_Theme_May_2023/js/ 6 KB
3 KB 100ms
95ms Script
application/javascript 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/114370662982/1693291620440/Hunters_Theme_May_2023/js/easyResponsiveTabs.min.js

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d5ac74ae7bad75e342eeb77f0c16005fcb01eaf5473b584030feb2f9f07e23df

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-request-id: a77cb96a-9bb9-4a04-977b-1f68e6cf4afd
content-encoding: br
cf-cache-status: HIT
etag: W/"cb4427cd8f350ccfbe2447e487ced2f1"
x-amz-version-id: GXs4GlqPQXBqS3kFTrlfj_Tb_2NZavMh
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=00QXw%2BTGsfAfaX2guAjUDN1kVImYx5ykzDwqRSf4SSyGNndaa%2BE61edR4G%2FSa3LYmAmCLJRk2x9i0%2BBPRG64hyL0fkOSAggMrqTDMegRVO6ieJONnFWYdztmGFJowdhK%2FDtmoH37"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: 8xFTkFLkf8fPbgB0QH0WTYY7YZeWZThOjOYzVtKxn15pPeLOypOQgA==
x-hubspot-correlation-id: a77cb96a-9bb9-4a04-977b-1f68e6cf4afd
content-type: application/javascript; charset=utf-8
last-modified: Tue, 29 Aug 2023 06:47:01 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-6548769dcd-7cmh5
x-envoy-upstream-service-time: 166
x-amz-request-id: F9TTW856TPFPSN91
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 06:04:57 GMT
vary: origin, Accept-Encoding
x-amz-id-2: l8/f6tuMP/vbolCuSZJdMUk0asjQA3Dnh8nv4mb5YgBdCC/gDToK8rIUmzki2uFHSZ6XF9yU8kc=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.hunters.security
access-control-allow-credentials: false
via: 1.1 6b7e1e42d74fd61097787cc6c1a37c34.cloudfront.net (CloudFront)
cf-ray: 8deb20fa2f29743c-MIA
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1693291620639

GET
H3 200 slick.min.js Show response
www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/126882284039/1693291624252/Hunters_Theme_May_2023/js/ 42 KB
12 KB 110ms
105ms Script
application/javascript 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/126882284039/1693291624252/Hunters_Theme_May_2023/js/slick.min.js

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

27bebe78e3b6a4b1664dd4fa83a8cd0187f051631a06248fefa3ef3991a5a92a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-request-id: ca98d7e7-23b8-49e0-a57a-b50ffacb8f57
content-encoding: br
cf-cache-status: HIT
etag: W/"efe2dc57bf7b73137e9642e586ee272b"
x-amz-version-id: Fb072li6tYjBxDBknsVKEvzOtP5mz1G5
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ey%2BHk9eglELf1%2BB4ql98PVH5UVsTu4t8%2FDq4xQTUr4Q6Y5gJZbnMc61zDDClHPS5I2N6HUTX6gMP4MprSDE17MkPkqX%2BDmuqXqexS%2FfvY%2BLl%2FW7GeyyeCWNJEQANQ8V4XTedl%2FXK"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: 2r_ggNilPJeH2H2bNj0f8SJ8QBnaa-gXebSNDIqK5qewJpXXP2IReA==
x-hubspot-correlation-id: ca98d7e7-23b8-49e0-a57a-b50ffacb8f57
content-type: application/javascript; charset=utf-8
last-modified: Tue, 29 Aug 2023 06:47:05 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-tjdnr
x-envoy-upstream-service-time: 166
x-amz-request-id: HVNG3JNBP7T17D49
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 06:04:57 GMT
vary: origin, Accept-Encoding
x-amz-id-2: hNM5d7xCX3zx6W66GjYaKihnSKE41F0zztAxxR3sOHvIf1WNQiTGl45++LP8dk/iVyZbH4Y1iy4=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.hunters.security
access-control-allow-credentials: false
via: 1.1 f2c051917a765f1d1a1cd2ce1622adb8.cloudfront.net (CloudFront)
cf-ray: 8deb20fa2f2b743c-MIA
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1693291624252

GET
H3 200 jquery.matchHeight.min.js Show response
www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/126882575404/1693291617490/Hunters_Theme_May_2023/js/ 5 KB
3 KB 127ms
123ms Script
application/javascript 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/126882575404/1693291617490/Hunters_Theme_May_2023/js/jquery.matchHeight.min.js

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

762a5cce3355f95306400b6113dd70cbb8bcf2ce3601fa27297d1899d007ec54

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-request-id: 59f2438a-6fd2-42ba-b948-f4be0c47d3c2
content-encoding: br
cf-cache-status: HIT
etag: W/"3a5a31244d61d9cd0778b47e2d60374e"
x-amz-version-id: 2Pt0BYwvDy8cMMES08pnbHuhXdNpbKtt
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5sSNKfVg0v3ZLJfalxoGiXaMYNnBiScQScyk4WmXe18H9gCjRF8m6VBRuJGJCFSIf2oESQjxiO87Ouna8t%2BD%2FA2nCxlGoHAwpezBV6m3sOoFZUlegRLwm6WrIZy5LOeDo9jiqW8x"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: vtLh2RIutezFAGm9Qxo1PLB6DxXOiF31bjTdpWppw4T-DzKDaAMnYQ==
x-hubspot-correlation-id: 59f2438a-6fd2-42ba-b948-f4be0c47d3c2
content-type: application/javascript; charset=utf-8
last-modified: Tue, 29 Aug 2023 06:46:58 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-ts7f8
x-envoy-upstream-service-time: 172
x-amz-request-id: HVNT5675JRV0Y3FT
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 06:04:57 GMT
vary: origin, Accept-Encoding
x-amz-id-2: VS1AQq8dJUxHOAxBWtESNiqxdD5DvrJWnsl/TAe8GAC6XyxU3GiN5fN4fycvu5AiRWH58uJO2Wc=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.hunters.security
access-control-allow-credentials: false
via: 1.1 88b63cb2f8aab28c7291262ffc15282e.cloudfront.net (CloudFront)
cf-ray: 8deb20fa2f2d743c-MIA
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1693291617668

GET
H3 200 isotope.pkgd.min.js Show response
www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/126882549552/1693291622937/Hunters_Theme_May_2023/js/ 54 KB
15 KB 103ms
98ms Script
application/javascript 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/126882549552/1693291622937/Hunters_Theme_May_2023/js/isotope.pkgd.min.js

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e31677db4782bc8c9162fa1b42005aad15d67853f7a496e9fbb493fe2309759

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-request-id: c64c1abc-7b86-45a1-8776-a775fbaeb5e9
content-encoding: br
cf-cache-status: HIT
etag: W/"d171d2b83a97424cf2f260c1fc1394e1"
x-amz-version-id: WhIw.DQXpL.ZBq74aHMGtTHmE6XKg.AO
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4WtvAgySFIUR2CUumK7okBQUtyrInGdXwZp3K07%2B9jYJJGPhcqpf8sSsm%2F8pUqUv4MA0FVnLinLmewfjIiVSPxNGxeKJTUmg6qrjkPraGEOAf60K21%2BnOezSq%2FZe8mbxH44aLOtp"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: hBvpl3iQ90_rPrkkBeRUibynmjhTx6M7NPIX5tv_nnp7MiQSNbxljQ==
x-hubspot-correlation-id: c64c1abc-7b86-45a1-8776-a775fbaeb5e9
content-type: application/javascript; charset=utf-8
last-modified: Tue, 29 Aug 2023 06:47:04 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-54797cf595-ftsxn
x-envoy-upstream-service-time: 177
x-amz-request-id: MVH1N73ADE3J0HNG
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 06:04:57 GMT
vary: origin, Accept-Encoding
x-amz-id-2: KbzdWakTYx+OQFE79TwadtnFIaRvDt51MeSGulQSEs1mThVy0/VDx9oPEfAb3tYygJNn8mmv6DQ=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.hunters.security
access-control-allow-credentials: false
via: 1.1 b4346add631a498bf6cdbf88cbc5ff12.cloudfront.net (CloudFront)
cf-ray: 8deb20fa2f2e743c-MIA
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1693291623392

GET
H3 200 main.min.js Show response
www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/127024241524/1727866885819/Hunters_Theme_May_2023/js/ 13 KB
5 KB 112ms
107ms Script
application/javascript 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/127024241524/1727866885819/Hunters_Theme_May_2023/js/main.min.js

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7f46e2fe055ca798ae7242cc770d2136169c4298407ec09bdc79ac73a545adb4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-request-id: afe0b9d8-db7d-4459-9acc-f89a68de30cb
content-encoding: br
cf-cache-status: HIT
etag: W/"83fd3f63889ecf4d879ff978bbc5a7b6"
x-amz-version-id: 8gvaeCYmSRFny4nUM7XK_SZ_ZDVl.RVk
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mEf0nhEUTpy4Td3dEv6VveLgW%2BJREFbFFuATV7OywcNxH1rlPVlQBxxsZqZKNsYGUbknw5lDFktoNv72gE1chouCmpa4%2FV7wmzndudsJ0h%2FbAv5mupVNHKrtIOhzhrvFdj2d6Agg"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: abVxp_COoY80lsHGo08sXGjcd2z26tjH-MEeb47nWhyzwpuykvyzxA==
x-hubspot-correlation-id: afe0b9d8-db7d-4459-9acc-f89a68de30cb
content-type: application/javascript; charset=utf-8
last-modified: Wed, 02 Oct 2024 11:01:27 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-54797cf595-69vbl
x-envoy-upstream-service-time: 216
x-amz-request-id: WK5SGQ43BXDX47C4
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 06:04:57 GMT
vary: origin, Accept-Encoding
x-amz-id-2: 4DvrzS09+Lv75gloWp6nQO+48iJTGJbXeG0bHkHHzJYtnLKYNxnAhwlA0K1a+le2hUW14F37Ce/YsPMA9qlYGz0/dffi7e1upWSJGJs08wI=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.hunters.security
access-control-allow-credentials: false
via: 1.1 c1cecf43ad8e18f031edf5229ce4289c.cloudfront.net (CloudFront)
cf-ray: 8deb20fa2f30743c-MIA
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD61-P3
x-amz-meta-created-unix-time-millis: 1727866886078

GET
H3 200 custom_script.min.js Show response
www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/126882575241/1693291612623/Hunters_Theme_May_2023/js/ 151 B
1 KB 92ms
87ms Script
application/javascript 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/126882575241/1693291612623/Hunters_Theme_May_2023/js/custom_script.min.js

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4fa2622bbcafa420ce5be37bca0ff1e87dacede5fba4f42641d000313b4a1d49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-request-id: 737157d5-5bc9-4ae3-80f1-9eb13d1f73dd
content-encoding: br
cf-cache-status: HIT
etag: W/"4ca3117ba95e8789d0b706f44b545073"
x-amz-version-id: Wh.fFmcfNGDyyXMIXV3QBJ1mayq8w00j
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l0K7PMghydzMdsr8LDuWVAEHTee97ioKtx56D5ct3dVM1SrgeMpc4VnJeXSceZm4B2RcI5q0LYJekikxrB54hUWRHW2KLcEy99tF0bWn5wseyCtxep0OFT5SSiRijdcMJrpD7Wgc"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: P_o1DFfwIPGJCpUvH9MYYmakSwx7lGDfWEeBevh6niPzWhJ0y8obkA==
x-hubspot-correlation-id: 737157d5-5bc9-4ae3-80f1-9eb13d1f73dd
content-type: application/javascript; charset=utf-8
last-modified: Tue, 29 Aug 2023 06:46:53 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-x5qbk
x-envoy-upstream-service-time: 171
x-amz-request-id: AXWM9SMD4TF46P8C
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 06:04:57 GMT
vary: origin, Accept-Encoding
x-amz-id-2: 5vNTtUqbH3/NkKPW2QcwsfcXagIsfctNMKJoBX1+8AuCBG7CgvDCzMd94/wDdbBsdDA2hpgZjjE=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.hunters.security
access-control-allow-credentials: false
via: 1.1 9b097dfab92228268a37145aac5629c0.cloudfront.net (CloudFront)
cf-ray: 8deb20fa2f31743c-MIA
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1693291612737

GET
H3 200 prism.min.js Show response
www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/176293618185/1724271074702/Hunters_Theme_May_2023/js/ 575 KB
206 KB 98ms
93ms Script
application/javascript 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/176293618185/1724271074702/Hunters_Theme_May_2023/js/prism.min.js

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a300d0cca9c84237c8127d65ddf9619b1f1dd7834240d9b5fdfc9eaa25706cab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-request-id: 2a24ff44-5169-4bb4-9435-98cfbdb18d24
content-encoding: br
cf-cache-status: HIT
etag: W/"76e9eb0938253042b85c917a887b10c2"
x-amz-version-id: hi4qftgT0n941NW2C1gYzI8P3nSN5hgh
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kIiggQjKGqx93nsL9Msacj3F6Ia7WV2FW3YzFm4Xv7wJOc0DWQhmf2rU64a9Rfy5sfvJS5A%2B4UY8%2BfTYrY9YyljiRY2vajcvhGZ%2FXppEte3OyxMxc8yNTh73pCpJxZnxMkFyXVQZ"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: ayEgWKc64FdmBg4VPr9Tr4yE_VwlMIlptkFd5FeO4f5B6dh-AArrpw==
x-hubspot-correlation-id: 2a24ff44-5169-4bb4-9435-98cfbdb18d24
content-type: application/javascript; charset=utf-8
last-modified: Wed, 21 Aug 2024 20:11:15 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-679cd85c5c-n6klc
x-envoy-upstream-service-time: 383
x-amz-request-id: AD7PTGH4PRG7461J
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 06:04:57 GMT
vary: origin, Accept-Encoding
x-amz-id-2: 3c9XXeixR52o3/ynO6AgO1z0NSwvV3yN/7SNQ3gaoA0qtJsUDA1taYn44RxUf1vV/jPg8wEz8bA=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.hunters.security
access-control-allow-credentials: false
via: 1.1 ed8e6c4476f2632eef2c7ce856161af0.cloudfront.net (CloudFront)
cf-ray: 8deb20fa2f32743c-MIA
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1724271074703

GET
H3 200 module_177021600416_Blog_Table_of_Content_Sidebar.min.js Show response
www.hunters.security/hs-fs/hub/5765386/hub_generated/module_assets/177021600416/1725602140089/ 2 KB
2 KB 99ms
94ms Script
application/javascript 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hs-fs/hub/5765386/hub_generated/module_assets/177021600416/1725602140089/module_177021600416_Blog_Table_of_Content_Sidebar.min.js

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f72983748dfd73b846c63554d18da197fec40f21b43f400cc2d8d1a2339098f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-request-id: bca69c5e-2c11-46d3-aab3-bf05979cdc57
content-encoding: br
cf-cache-status: HIT
etag: W/"ddb217cf8b81653c720488ad63e9e9e9"
x-amz-version-id: hWykXL3FXMyTYU1Ece.FCASwbh4OR9pr
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g%2F40AMOSviV00ZkF%2FM4mt0Sq4HiLIbRbZqW9W52rkDsDU5eJDfVhhquJwfrBcHIErBCCy3O93NyOqE0KilYgTaBG1vmETyuFASoZHsFtlCyHURrsYteR19Q1hX1bEir142L%2F4cRO"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: I-Qv1_a6t7MYNoAwnhPk9k20_ACR1sIziStZse-p0IXOMwvHAJNyLw==
x-hubspot-correlation-id: bca69c5e-2c11-46d3-aab3-bf05979cdc57
content-type: application/javascript; charset=utf-8
last-modified: Fri, 06 Sep 2024 05:55:41 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-54797cf595-gdtt5
x-envoy-upstream-service-time: 194
x-amz-request-id: 9NKBV5HF01XD42J9
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 06:04:57 GMT
vary: origin, Accept-Encoding
x-amz-id-2: kLoBUydUrHQOv5wu107kUMZHzJldzf2csiiYeuA11iW4ralojmbQ9wYN5Gny3uj3PpP+pqeys5gGOCTNy5+j+WcyTd7nNSc+IdmQ3caZzW4=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.hunters.security
access-control-allow-credentials: false
via: 1.1 1ac532da7db85d551ad10ca7bd9957b8.cloudfront.net (CloudFront)
cf-ray: 8deb20fa2f33743c-MIA
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD61-P1
x-amz-meta-created-unix-time-millis: 1725602140089

GET
H3 200 index.js Show response
www.hunters.security/hs/hsstatic/HubspotToolsMenu/static-1.354/js/ 12 KB
5 KB 62ms
58ms Script
application/javascript 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hs/hsstatic/HubspotToolsMenu/static-1.354/js/index.js

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

42c7e51d284cd7256caf3bfebf641141876657ea0d6e5588ac7e69dce1e9cf7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"3ef0deda0631561665e95645daf500a2"
age: 125167
x-amz-version-id: O3iI8Pl3bd7LIBbSsE98q3XHW8vfw5hp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iLCwjs3Hejg5VUf9LTCvnovXoEbAVkYTbrTFq5jcHc%2BsWHWZ4rpUr%2B0aEBTI8L3D8WPOgtL4gikMTPVvnRWATEqoN0NeDlyLmqyZPGJZVrSJScO8j5JOx3StO3RnKvx95QTztT6B"}],"group":"cf-nel","max_age":604800}
expires: Fri, 07 Nov 2025 06:04:57 GMT
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: dEfFOPihDvaHBKovWxJT3tV-2dcSd36tYsGBAlNTcPQMbpOrDQNrRA==
date: Thu, 07 Nov 2024 06:04:57 GMT
content-type: application/javascript
last-modified: Wed, 21 Aug 2024 20:24:20 GMT
vary: accept-encoding
strict-transport-security: max-age=31536000
x-amz-replication-status: COMPLETED
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via: 1.1 3813ed3cdc27b30328453aeb9fee680a.cloudfront.net (CloudFront)
cf-ray: 8deb20fa2f35743c-MIA
x-amz-cf-pop: MIA3-P8
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 slick-theme.css
www.hunters.security/hubfs/Theme%20-%202022/Coded_file/ 4 KB
1 KB 63ms
57ms Other
text/css 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hubfs/Theme%20-%202022/Coded_file/slick-theme.css

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

72992fa978ffc62249702a083e053bba15e65fcdf9a3873f5872e3778584bc0d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
x-amz-version-id: z1bsZX54c1Duha0qf2GLwEA1Ju475_Hl
age: 1767033
cache-tag: F-69248747294,FD-69248485214,P-5765386,FLS-ALL
etag: W/"ac139110825d34d1df5de4182f5faa12"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BmGScicr2wc0%2BZpOpb%2FrkAvjT0fDji2IMkx56vrVSQIbXhvUbHvYVVm7qAhCNnaGhNiKv0dQC4vdgipBO%2F6awPvGmxJHhkHlu66JSOpHN%2BPciIzk2Nt64ix0PyaKEqrsE5yf49fr"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-amz-cf-id: 68zAdFFOUppVj-W02B5vBeI8F94v6idaXNhWIW4khpBY3zQolHlPkg==
last-modified: Wed, 06 Apr 2022 12:25:58 GMT
content-type: text/css
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-69248747294,FD-69248485214,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: YXZVXF1QW6CX7Y70
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-69248747294,FD-69248485214,P-5765386,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
date: Thu, 07 Nov 2024 06:04:57 GMT
vary: Accept-Encoding
x-amz-id-2: GM6wl6JKn4dOdTKlCNTgrnthU+EvVBF9lyBkpMWPgHL1Ov8BFdqLZT3DSiuBZ+T7K+eXHTzRKVxu+fHMsVs9l8t93nGSPZp+
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 651cf5d0a06c74ce46a4d577371d508c.cloudfront.net (CloudFront)
cf-ray: 8deb20fa2f36743c-MIA
access-control-allow-origin: *
x-amz-cf-pop: MIA3-P2
x-amz-meta-created-unix-time-millis: 1648029640205

GET
H3 200 GraphikSemiboldWeb.woff2
www.hunters.security/hubfs/May%202022/Fonts/Graphik-Semibold/ 34 KB
35 KB 58ms
57ms Font
application/font-woff2 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hubfs/May%202022/Fonts/Graphik-Semibold/GraphikSemiboldWeb.woff2

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

6a28d627f3677c456980de2b9026548c69a9f542993b2b5b6d8608882fe1e878

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.hunters.security
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: all
cf-cache-status: HIT
etag: "e13cf054833eb8ba8d3ffc1e1c2cb82e"
age: 1761231
cache-tag: F-74689240845,FD-74689122096,P-5765386,FLS-ALL
x-amz-version-id: E4J3u.P1u8zLJOqkt22N.5.YJpbVcz61
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AcrIOjYjjRIG7tbkUTbli9WguAe%2FqZH3H3BcsbV5blqnu6VIy0pbgKMed7fOsdJyAyMlmMvvUyRk0sb%2BFTgnqzLmWSR14457GZjTMXao6a7IJ3Bghf69A63QkyBnFKx6PCttQcRY"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-amz-cf-id: o-PqHfPkDeDNi43oBKgfvNhIRrNTEoBj376e8awe5F7o_THW6xbeYQ==
content-type: application/font-woff2
last-modified: Fri, 27 May 2022 11:21:39 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-74689240845,FD-74689122096,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: 7T8RV90ZDFWH4WB2
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
x-amz-meta-cache-tag: F-74689240845,FD-74689122096,P-5765386,FLS-ALL
content-length: 34772
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 06:04:57 GMT
vary: Accept-Encoding
x-amz-id-2: WfgEfeARa/P5rvCJGQPomipvFfy6NYuqGFGXgwtTivygqtjHKb6OzKIzHwo0PNtEuqG6H27VexavDyugKUzJGQ==
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 8e474c795a53d6737eb97f2aa45be964.cloudfront.net (CloudFront)
cf-ray: 8deb20fa8f74743c-MIA
access-control-allow-origin: *
x-amz-cf-pop: MIA3-P2
x-amz-meta-created-unix-time-millis: 1653650498635

GET
H3 200 GraphikRegularWeb.woff2
www.hunters.security/hubfs/May%202022/Fonts/Graphik-Regular/ 30 KB
31 KB 72ms
71ms Font
application/font-woff2 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hubfs/May%202022/Fonts/Graphik-Regular/GraphikRegularWeb.woff2

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a5ef33de34661d7ae6bce5bc0b514687f2813f7ade07b4e2511611c62c7494ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.hunters.security
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: all
cf-cache-status: HIT
etag: "e2d3e1bd2dba862a1c76e2cc88ac1776"
age: 49764
cache-tag: F-74688893267,FD-74688893086,P-5765386,FLS-ALL
x-amz-version-id: 9bSL54EBoxaoAARqnLg2bUn5vMLmIfW0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VGj3Azgkw%2Bf24ybBEeTwlKYmFZFoC1ZP%2B1n%2FakoPJoE%2Bplt11VKSQoU%2FWDdPc152ss3d5V9CrBGdkuEnb4Fy754LxfqdHWLD%2BMvjuJRBSJju8xK8Q8FwcjDf80vAEq2XqWCXx12E"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-amz-cf-id: 3Tbuy6pPSJZo3MT2roykc4CTOm0GAouwhv1bdnKyC-327fG8KGGiTA==
content-type: application/font-woff2
last-modified: Fri, 27 May 2022 11:14:17 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-74688893267,FD-74688893086,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: 5E4DQXKWWJDTH2HC
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
x-amz-meta-cache-tag: F-74688893267,FD-74688893086,P-5765386,FLS-ALL
content-length: 30480
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 06:04:57 GMT
vary: Accept-Encoding
x-amz-id-2: +t2p/r7AJTAvETBqPtb/RkbASNqDCO+BT0vdUo+78XE6FwGJjcop4a8elICvWqjS++tV7ktguq4=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 1d180e6d1aa5f424d0d3571ff7011a02.cloudfront.net (CloudFront)
cf-ray: 8deb20fa8f77743c-MIA
access-control-allow-origin: *
x-amz-cf-pop: MIA3-P2
x-amz-meta-created-unix-time-millis: 1653650056855

GET
H3 200 GraphikBoldWeb.woff2
www.hunters.security/hubfs/May%202022/Fonts/Graphik-Bold/ 36 KB
37 KB 73ms
72ms Font
application/font-woff2 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hubfs/May%202022/Fonts/Graphik-Bold/GraphikBoldWeb.woff2

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

424560f6d441470e553c5c2d0e31a7df189ddb73ea43d909714d57b16f024624

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.hunters.security
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: all
cf-cache-status: HIT
etag: "0fb4b480278277d351d7afefe46bf6e8"
age: 1184486
cache-tag: F-74687526932,FD-74689491725,P-5765386,FLS-ALL
x-amz-version-id: aqs.ab3Smnu9FGL_UhGDqku4oUVVMHEq
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5R7OaMZ8EVx%2BuA5whDV1cOzyltQAqJcykSAdUvz6M96QEuMhiDzuSp2BUyOzsSbqaqRh0PkQF20TapcFrG2l%2FAFi37iOcN2dIbFVjcAiadb2dZYsoIRh3WZNK8sciJ4uovDZIEeQ"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: E7Ia8NKMNmUodv5Gik2uiudigYTlaQZzqGKoWRARvN6OClJViboMQQ==
content-type: application/font-woff2
last-modified: Fri, 27 May 2022 11:23:34 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-74687526932,FD-74689491725,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: 5Z2J36F3XSS2CH7F
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
x-amz-meta-cache-tag: F-74687526932,FD-74689491725,P-5765386,FLS-ALL
content-length: 37044
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 06:04:57 GMT
vary: Accept-Encoding
x-amz-id-2: tBvVjaNkDRHzpzwdEMDWNbfZHTZuCp/iKmJkZg8BIepFLG+1qfU0u9O0lmz7ooU1fpgnuWXZ6lA=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 dd2d6c5b6e642ed1fe019e9ccc631034.cloudfront.net (CloudFront)
cf-ray: 8deb20fa8f78743c-MIA
access-control-allow-origin: *
x-amz-cf-pop: MIA3-P2
x-amz-meta-created-unix-time-millis: 1653650613120

GET
H3 200 F37JudgeBoldCompressed.woff2
www.hunters.security/hubfs/May%202022/Fonts/F37-Judge-Bold/ 37 KB
38 KB 82ms
81ms Font
application/font-woff2 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hubfs/May%202022/Fonts/F37-Judge-Bold/F37JudgeBoldCompressed.woff2

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

631550304df547eb64d2d7af3e6bc30bf346fdd47640adefcbe22263b36d65b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.hunters.security
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: all
cf-cache-status: HIT
etag: "54e5c65113bb56ee4af633895983b9d3"
age: 1184527
cache-tag: F-74685838647,FD-74685881460,P-5765386,FLS-ALL
x-amz-version-id: oROJePp8ny04DPku2cFXECrZhzDxBHie
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hS5kdZZ09wUiqJnMdsBXMjhT7AfhcxnzaokOBeG02lq9mEDahJ1U8ZXpOVgPTC6JhAFUlUhFwLP2UtKVjnnFJlnqzpd2mHjhe%2BvN4CKobnHzBiX%2F%2FuCDTU4%2FEznaOs1O8jv6XaSM"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: l9DBqF2RxE2ArsNbLfiz2V-BFC0H3cLcYc48UOdXP8Lo0fg22vLxmA==
content-type: application/font-woff2
last-modified: Fri, 27 May 2022 11:06:03 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-74685838647,FD-74685881460,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: J9KAHR7XJQ8MFBDV
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
x-amz-meta-cache-tag: F-74685838647,FD-74685881460,P-5765386,FLS-ALL
content-length: 37524
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
date: Thu, 07 Nov 2024 06:04:57 GMT
vary: Accept-Encoding
x-amz-id-2: eTxnP/K7u1bAXnurj34Hrxpa/VnNl2y918bYfW4tSHVbz+kbTbY7HQVcEskSqvL0gfP+chGtk0c8HayjklRgYBeGeSAXnQc+qs2hFU2E9Qk=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 5a60386eb046f88a482c3726fc19fb4e.cloudfront.net (CloudFront)
cf-ray: 8deb20fa8f79743c-MIA
access-control-allow-origin: *
x-amz-cf-pop: MIA3-P2
x-amz-meta-created-unix-time-millis: 1653649201795

GET
H3 200 linkedin-icon.svg
www.hunters.security/hubfs/March2022/ 643 B
2 KB 55ms
52ms Image
image/svg+xml 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hunters.security/hubfs/March2022/linkedin-icon.svg

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d7802c74a8e2285615d0ee35e104175b11653884c111470744907827543cbb29

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"e0c606f3ed38d3b0e235a9d79e2d50d5"
age: 1761228
cache-tag: F-69884653457,FD-69047889517,P-5765386,FLS-ALL
x-amz-version-id: RGaoSmCKiksnnaxFoSo.9rmpZKMbOr0i
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZZDKSes%2BdzAtH%2FI55%2FjXSha21dM1PJUg7sIhP34ecjiMpKKUBgkyd6JkwnMcuYreKx6pOMG%2B6lS22PWwJj3vnh6YH26zSOsmw28Y1Ym25lrr%2B27Rt55%2FwmDUYyH%2BkStojigQfLTk"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: hxYxu7-58NtEqFinDfqBXyrvUJ-HaC5LNu8LkqIhkHZCoutdp8aJmw==
content-type: image/svg+xml
last-modified: Thu, 31 Mar 2022 06:41:54 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-69884653457,FD-69047889517,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: YSRXN8H9GK0HCS33
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-69884653457,FD-69047889517,P-5765386,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
date: Thu, 07 Nov 2024 06:04:57 GMT
vary: Accept-Encoding
x-amz-id-2: HhADSOr7pmgthQP7A9zRQfngJGyAXVzFFmrfTEwTAeyzB+DG+8Y/Oj8/RYVUcpyiKHpSiUirE7k=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 901ab2286f37b97cae8e703e2e582a98.cloudfront.net (CloudFront)
cf-ray: 8deb20facfbd743c-MIA
access-control-allow-origin: *
x-amz-cf-pop: MIA3-P2
x-amz-meta-created-unix-time-millis: 1648708913834

GET
H3 200 youtube-icon.svg
www.hunters.security/hubfs/july2022/ 1 KB
2 KB 52ms
48ms Image
image/svg+xml 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hunters.security/hubfs/july2022/youtube-icon.svg

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

6ca76596a4a51aff45954e24a6dd4e1f148f7f0b16c578e1c919f5e1106a04df

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"485d3d8fd140c1a3d379056d6f87c309"
age: 1793459
cache-tag: F-80602868852,FD-79786790955,P-5765386,FLS-ALL
x-amz-version-id: 7SVwuijW7.9ZxDGZl7_ajMufvWc9s565
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CU9ivOry7VR9DLYhPBj2XJmO%2FMtTO0oJJ9jJ1jOmzGhMc0Pix4Q5oORoAwlyr9RK4S7JEEriR90MFM4yi26qyBoazq5rpSQIWwdkLtC4AgBo4I1WPshsQwYUKVx4OxB3LpkwIGtT"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: p7WwBRhNMEVWGXp5gxn_lTWrzSurV1p_IEfSVE3xF5ApG0cuLT_Fyg==
content-type: image/svg+xml
last-modified: Sat, 30 Jul 2022 06:30:12 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-80602868852,FD-79786790955,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: H3VZ0W4YJ8V3NJ38
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-80602868852,FD-79786790955,P-5765386,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 06:04:57 GMT
vary: Accept-Encoding
x-amz-id-2: KJwsBHZJbtWKg5y0Pidkrew4zWUrPJ/ksHawc3oV5sEPDVz7OTydVrviX39Q6kKTE6AzTZROIVdsMdhSo1wWwQ==
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 651cf5d0a06c74ce46a4d577371d508c.cloudfront.net (CloudFront)
cf-ray: 8deb20facfbe743c-MIA
access-control-allow-origin: *
x-amz-cf-pop: MIA3-P2
x-amz-meta-created-unix-time-millis: 1659162611609

GET
H3 200 instagram-icon.svg
www.hunters.security/hubfs/March2022/ 2 KB
2 KB 55ms
53ms Image
image/svg+xml 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hunters.security/hubfs/March2022/instagram-icon.svg

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8ec0979e7bb7143c393e8a431924cbe84a42fa6ad659f0b83530c88b5a349a04

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"6d9f00570997ce78863203323d206105"
age: 1761228
cache-tag: F-69883107502,FD-69047889517,P-5765386,FLS-ALL
x-amz-version-id: ohnkeFx5GZM_tWLIt9ZBHORho_g_4kmz
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9S%2Bhmuw1x5y7v%2F8R0J5YC9uFXnaH7uR0KuaCaxWrK2%2FPcinpndwz4M0EbGcdAcC6o8MQHsrppp9zC%2BWBJRKdAOY6HQ6QxmdjuLONbllD2zXGK2d4tQgywvLb1PZkAhCJ5g72I8V9"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-amz-cf-id: 1-92GWAt_cXr1kgfC1pUsbbD2dqbyGKxiodY6MPwpBAkDY0v4Lc_fg==
content-type: image/svg+xml
last-modified: Thu, 31 Mar 2022 06:41:54 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-69883107502,FD-69047889517,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: 7T8SF7N6BSBAJVFH
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-69883107502,FD-69047889517,P-5765386,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
date: Thu, 07 Nov 2024 06:04:57 GMT
vary: Accept-Encoding
x-amz-id-2: E6JLlEZVgKYMzh0OmK5rG7LRAfKdqj7gfvmCCINSN1c4TAnPDs7FMRLSdYRnXp4Pi67pYn+eJBo=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 2fe82b22dfffd878b4fbdc9a1d847330.cloudfront.net (CloudFront)
cf-ray: 8deb20facfc0743c-MIA
access-control-allow-origin: *
x-amz-cf-pop: MIA3-P2
x-amz-meta-created-unix-time-millis: 1648708913835

GET
H3 200 twitter-icon.svg
www.hunters.security/hubfs/March2022/ 927 B
2 KB 57ms
54ms Image
image/svg+xml 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hunters.security/hubfs/March2022/twitter-icon.svg

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

0d5f628bd87bce595cf9c4a7bf72985cbea5bffab1a535a266f70acc04fd2590

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"59c767f187bf12c75ce744733bfa4597"
age: 99357
cache-tag: F-69885227289,FD-69047889517,P-5765386,FLS-ALL
x-amz-version-id: OzvZViA9VWh6aRDHSIlYEgB3BdAss8oJ
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BjrxTvRLFwlCbLn286%2Fh7%2FoGHLW%2B5xPhYSysRsRyyqnqIS%2FNhKw2qZTh7oaHUaWjhYZZfGumo7RtFdQobxyCarIAEvwZv6TpbPvovo4mQzbw0WMXt3SjmJeusyubioNpiP6Cm2M1"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: mCrQLsSLiPVjEl0_Y6s1OQWCHZ06pAzRKd33c5i8IHrohtIn8zutDg==
content-type: image/svg+xml
last-modified: Thu, 31 Mar 2022 06:41:54 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-69885227289,FD-69047889517,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: GAYY9EDRNZZWAW8E
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-69885227289,FD-69047889517,P-5765386,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
date: Thu, 07 Nov 2024 06:04:57 GMT
vary: Accept-Encoding
x-amz-id-2: hBs7UBEt3rWQrD7PDXoVK7t1yI05V5RXfH0fseBvK6fedWSX1Ib9vPOHpRBqA6JxdLwdGaOsQQR6U2ArmgHRKEVRSGYmdfd4zNge1dziacQ=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 2fe82b22dfffd878b4fbdc9a1d847330.cloudfront.net (CloudFront)
cf-ray: 8deb20facfc2743c-MIA
access-control-allow-origin: *
x-amz-cf-pop: MIA3-P2
x-amz-meta-created-unix-time-millis: 1648708913852

GET
H3 200 VqKHtlHBiv3Lc8dabqWd Show response
ws.zoominfo.com/pixel/ 3 KB
2 KB 485ms
368ms Script
text/javascript 104.16.117.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/VqKHtlHBiv3Lc8dabqWd

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

6189e04c26070d034daaa15a02efb5b885cd91314c32cd7e0202b7b90e6e4fbe

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: noindex, nofollow
content-encoding: gzip
cf-cache-status: DYNAMIC
access-control-allow-credentials: true
x-content-type-options: nosniff
via: 1.1 google
cf-ray: 8deb20fd99e8a578-MIA
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Thu, 07 Nov 2024 06:04:58 GMT
content-type: text/javascript
vary: Accept-Encoding
x-powered-by: Express
server: cloudflare
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url

GET
H3 200 sdk.js Show response
connect.facebook.net/en_GB/ 3 KB
2 KB 174ms
71ms Script
application/x-javascript 31.13.66.19
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/sdk.js

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.66.19 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-iad3.fbcdn.net

Software

Resource Hash

f51c01b11ea2dc81dccfcc290ad1479abf33f5c5d9bb82449d9bc6cd656a57e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

content-md5: 5mUZ3B+kXLC+JvX8FIY8Gw==
access-control-expose-headers: X-FB-Content-MD5
content-encoding: gzip
etag: "16fcd3d72b0d9c76d1c4a493aca3e44f"
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Thu, 07 Nov 2024 06:07:17 GMT
alt-svc: h3=":443"; ma=86400
date: Thu, 07 Nov 2024 06:04:57 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-content-md5: 9aa2272f14b4685cea23c7a7bddf73fa
cache-control: public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: GOOD; q=0.7, rtt=71, rtx=0, c=23, mss=1232, tbw=4422, tp=9, tpl=0, uplat=2, ullat=-1
x-fb-debug: ReX/oF6JKDzhHbJhiMWrNnA2PZVJS6aXQ4M4Q9SCx0K++cW/iWm8eMXsYsAJh3TPddW1zkkWtNS3mxOwmuzaFQ==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
access-control-allow-origin: *
cross-origin-opener-policy-report-only: restrict-properties;report-to="coop_report"
content-length: 1687
origin-agent-cluster: ?1

GET
H2 200 widgets.js Show response
platform.twitter.com/ 91 KB
27 KB 317ms
71ms Script
application/javascript 151.101.148.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.148.157 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

content-encoding: gzip
etag: "824beb891744db98ccbd3a456e59e0f7+gzip"
access-control-allow-methods: GET
x-cache: HIT, HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
date: Thu, 07 Nov 2024 06:04:57 GMT
last-modified: Mon, 11 Dec 2023 17:20:28 GMT
vary: Accept-Encoding
x-served-by: cache-iad-kcgs7200137-IAD, cache-msp11847-MSP
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=1800
tw-cdn: FT
accept-ranges: bytes
access-control-allow-origin: *
content-length: 27597
x-amz-server-side-encryption: AES256

GET
H2 204 has-permission-json Show response
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 0
1 KB 270ms
146ms XHR
text/plain 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission-json?portalId=5765386

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/hs/hsstatic/HubspotToolsMenu/static-1.354/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	no-sniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-request-id: d25d6b1e-c4b9-4baf-8303-3cf5c72eddeb
cf-cache-status: DYNAMIC
x-hs-worker-debug-mode: false
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
access-control-allow-methods: GET
x-content-type-options: no-sniff
x-evy-trace-listener: listener_https
date: Thu, 07 Nov 2024 06:04:57 GMT
x-hubspot-correlation-id: d25d6b1e-c4b9-4baf-8303-3cf5c72eddeb
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
reporting-endpoints: default="https://send.hsbrowserreports.com/csp/reports?cfRay=8deb20fdac28497a&resource=unknown"
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-86c46c9777-h8qjj
x-envoy-upstream-service-time: 3
access-control-allow-credentials: true
cf-ray: 8deb20fdac28497a-MIA
access-control-allow-origin: https://www.hunters.security
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 slider-arrow-svg.svg
5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/Theme%20-%202022/Images/ 167 B
625 B 171ms
61ms Image
image/svg+xml 2606:4700:4400::6812:297c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/Theme%20-%202022/Images/slider-arrow-svg.svg
Requested by: Host: www.hunters.security
URL: https://www.hunters.security/hs-fs/hub/5765386/hub_generated/template_assets/133487975192/1725515743800/Hunters_Theme_May_2023/css/blog.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ae83cab298fa07ba817359c389252d7333d46894358eafa3ab6183084f6620ae

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"fee26a843c7fdd1c9f17c6adfc9f0450"
age: 755551
cache-tag: F-69508665731,FD-67529050204,P-5765386,FLS-ALL
x-amz-version-id: bL.jHGbyNSCIRNfrCyGqYcUzyUsUcKl.
x-cache: Miss from cloudfront
x-amz-cf-id: 7lkn4XEWQYxQIb5gjCgow85OJWZVLXfu9XT_6pnQTxJuMcGTLO0egg==
content-type: image/svg+xml
last-modified: Sat, 26 Mar 2022 05:09:58 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-69508665731,FD-67529050204,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: 1Q6A7KNM20DMT630
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-69508665731,FD-67529050204,P-5765386,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
date: Thu, 07 Nov 2024 06:04:57 GMT
vary: Accept-Encoding
x-amz-id-2: f7nxOStigGYGDEe+jHXQyFCL5UVWprv4slhDFFl6jy33hFWyzf6rAxdESF2K9PNiHrZuOgHj1UoqjScv6nRrM09kwbRm+T+5
timing-allow-origin: 5765386.fs1.hubspotusercontent-na1.net
via: 1.1 c8bcdad2cb88c57a5e39f7757d2e9f6a.cloudfront.net (CloudFront)
cf-ray: 8deb20fdae280a02-MIA
access-control-allow-origin: *
x-amz-cf-pop: MIA3-P2
x-amz-meta-created-unix-time-millis: 1648271397518

GET
H2 200 ajax-loader.gif
5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/Theme%20-%202022/Coded_file/ 3 KB
3 KB 169ms
60ms Image
image/gif 2606:4700:4400::6812:297c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/Theme%20-%202022/Coded_file/ajax-loader.gif
Requested by: Host: www.hunters.security
URL: https://www.hunters.security/hubfs/Theme%20-%202022/Coded_file/slick-theme.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 568d7b83659993469a2d729ad98daba3a7de2568f74d670d18ae618f118fe353

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/

Response headers

x-robots-tag: all
cf-cache-status: HIT
etag: "c5cd7f5300576ab4c88202b42f6ded62"
age: 956761
cache-tag: F-70405709719,FD-69248485214,P-5765386,FLS-ALL
x-amz-version-id: MAvWa1A2j0obAl2z4.DuLXjNnKAy1Xp5
x-cache: Miss from cloudfront
x-amz-cf-id: 7bFEkGpARS5m0pZbq9a1MSlNHoLaggqob6ElRgqKzYRFN3btVBspSQ==
content-type: image/gif
last-modified: Wed, 06 Apr 2022 12:24:29 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-70405709719,FD-69248485214,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: TW77QBJV0FDRS5JN
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
x-amz-meta-cache-tag: F-70405709719,FD-69248485214,P-5765386,FLS-ALL
content-length: 2592
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
cf-bgj: imgq:85,h2pri
access-control-allow-methods: GET
cf-polished: origSize=4178
date: Thu, 07 Nov 2024 06:04:57 GMT
vary: Accept-Encoding
x-amz-id-2: Y3RobUVAz4R0im5LEjvlkRLOoS/jkSdyPH87RCfUtRjfTngHwv112iSvdbsp9D5GW+4UekH80zA=
timing-allow-origin: 5765386.fs1.hubspotusercontent-na1.net
via: 1.1 242bc3f9f2b453f586c995114997fbac.cloudfront.net (CloudFront)
cf-ray: 8deb20fdae2a0a02-MIA
access-control-allow-origin: *
x-amz-cf-pop: MIA3-P2
x-amz-meta-created-unix-time-millis: 1649247868407

GET
H2 200 right-arrow.svg
5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/March2022/ 272 B
1 KB 154ms
60ms Image
image/svg+xml 2606:4700:4400::6812:297c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/March2022/right-arrow.svg
Requested by: Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e2856b09b8551910e6cb03f10c7c59245716b78864f205ee433fb3109f15fcbd

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"fe17677dc5e5a558797d8f08f625efaf"
age: 170211
cache-tag: F-69047833408,FD-69047889517,P-5765386,FLS-ALL
x-amz-version-id: BCXBoPsgYqnM0oNdz5UfoKeTAiJIuz9.
x-cache: Miss from cloudfront
x-amz-cf-id: 0i43VmaCxZaOrJMFznNCBtj4ST7Swk6wOiJzVse8lK3rvv5L4CzuQQ==
content-type: image/svg+xml
last-modified: Mon, 21 Mar 2022 05:24:26 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-69047833408,FD-69047889517,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: HQDSRB51T8H2BRWH
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-69047833408,FD-69047889517,P-5765386,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
date: Thu, 07 Nov 2024 06:04:57 GMT
vary: Accept-Encoding
x-amz-id-2: o6NjCN2A22ESOcV9BwsOEDVmL4I4r9F5Dh8NBkatn7z5whBctfOZ7/+kq59jDEwHLDagm7k9FdJ35cvf5VAE8uGRwLPIao86
timing-allow-origin: 5765386.fs1.hubspotusercontent-na1.net
via: 1.1 8e474c795a53d6737eb97f2aa45be964.cloudfront.net (CloudFront)
cf-ray: 8deb20fdae2b0a02-MIA
access-control-allow-origin: *
x-amz-cf-pop: MIA3-P2
x-amz-meta-created-unix-time-millis: 1647840265758

GET
H3 200 sdk.js Show response
connect.facebook.net/en_GB/ 248 KB
73 KB 56ms
55ms Script
application/x-javascript 31.13.66.19
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/sdk.js?hash=88756c74ee213fded3a674da74216f19

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_GB/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.66.19 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-iad3.fbcdn.net

Software

Resource Hash

c30491ee9d66af34d5e4739d93d3b62fd9f0d48858fdb21c250b45483cbba611

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.hunters.security
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

content-md5: us/xmGu8244O46jfg1OD0w==
access-control-expose-headers: X-FB-Content-MD5
content-encoding: gzip
etag: "8d350413e9f5ff8ab2f330aa8be77292"
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Fri, 07 Nov 2025 05:47:18 GMT
alt-svc: h3=":443"; ma=86400
date: Thu, 07 Nov 2024 06:04:57 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-content-md5: 7ef738e2d5cb27babcea6145ffe12c03
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: UNKNOWN; q=-1, rtt=-1, rtx=0, c=20, mss=1232, tbw=1825, tp=5, tpl=0, uplat=0, ullat=-1
x-fb-debug: yD+6ZM1D3ujm3XJ4zh7Hrf/R34evjsSyNQRa+vSW94+MjX9C0QCVHC6KnMSbr8vyn9OkX8dpLdzeDSJS1lqjYg==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
access-control-allow-origin: *
content-length: 75122
origin-agent-cluster: ?1

GET
H2 200 widget_iframe.2f70fb173b9000da126c79afe2098f02.html
platform.twitter.com/widgets/ Frame 0AA2 0
0 214ms
71ms Document
text/html 151.101.148.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fwww.hunters.security
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.148.157 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: public, max-age=315360000
content-encoding: gzip
content-length: 105429
content-type: text/html; charset=utf-8
date: Thu, 07 Nov 2024 06:04:58 GMT
etag: "81267302efdfb3e4524a22631a8fc99e+gzip"
last-modified: Mon, 11 Dec 2023 17:19:49 GMT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
tw-cdn: FT
vary: Accept-Encoding
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
x-served-by: cache-iad-kiad7000164-IAD, cache-msp11832-MSP

GET
H3 200 Youtube%20Profile%20Picture-2.png
www.hunters.security/hubfs/ 2 MB
2 MB 423ms
423ms Other
image/png 199.60.103.29
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hunters.security/hubfs/Youtube%20Profile%20Picture-2.png

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

45dbe99dbd4d77f38bfcdd434d4399f32321501dd6b19063edb9f09297094d8c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: all
cf-cache-status: MISS
etag: "1ce024c6f60f588abacbda5deb823052"
x-amz-version-id: S6lAdoIj9aqykg7msQHTGVsWLzb1qvj.
cache-tag: F-75057322131,P-5765386,FLS-ALL
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4xJC%2Fe3F0oz%2BSTpzwUvTF28zf4xJbrmfR0yTyjCT7dKeja3Ssq%2FZj%2BMpE1uzxrmtflVNOZViTfmQW0S4i2xA8A%2BRvljZPqLojZOgaFoeO8boAXMS58VaYqwQZWtJWbHvEnPw93Ud"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: J6AHRdOxGbAKGWIaDQBWFl1pDfHJ4-bG3HlSfAM0HzNh_et2DFAlOA==
content-type: image/png
last-modified: Wed, 01 Jun 2022 08:54:53 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-75057322131,P-5765386,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: VM1HW9QNMSYBQPQ1
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
x-amz-meta-cache-tag: F-75057322131,P-5765386,FLS-ALL
content-length: 1690575
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Thu, 07 Nov 2024 06:04:58 GMT
vary: Accept-Encoding
x-amz-id-2: NXpE9gpp+30l7fNbnHGJ+TFt0I9bpUvInZh6phIecoUtgeQ2xiUMxd/87TEQBV1SJblr2nzsEN0=
strict-transport-security: max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 375c695e49c84df5ace39057e6134b40.cloudfront.net (CloudFront)
cf-ray: 8deb21023de4743c-MIA
access-control-allow-origin: *
x-amz-cf-pop: MIA3-P2
x-amz-meta-created-unix-time-millis: 1654073692057

GET
H2 200 5765386.js Show response
js-na1.hs-scripts.com/ 2 KB
1006 B 291ms
119ms Script
application/javascript 2606:4700::6810:8ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js-na1.hs-scripts.com/5765386.js?_=1730959497021

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/hs/hsstatic/jquery-libs/static-1.4/jquery/jquery-1.11.2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:8ad1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3787b9ad59b219cdfaeb98edc22a982d1c638049e38f0847534cdc95f2e8038e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

access-control-max-age: 3600
content-encoding: gzip
cf-cache-status: MISS
access-control-allow-credentials: true
x-content-type-options: nosniff
cf-ray: 8deb210fbc17a543-MIA
accept-ranges: bytes
access-control-allow-origin: https://www.hunters.security
content-length: 673
date: Thu, 07 Nov 2024 06:05:00 GMT
x-hubspot-correlation-id: 26c3f3e0-0513-448d-a583-4f6f6a87abe4
content-type: application/javascript;charset=utf-8
vary: origin, Accept-Encoding
server: cloudflare
last-modified: Thu, 07 Nov 2024 06:05:00 GMT

GET
H2 200 5765386.js Show response
js.hs-analytics.net/analytics/1730959500000/ 68 KB
25 KB 196ms
104ms Script
text/javascript 2606:4700::6811:afc9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1730959500000/5765386.js
Requested by: Host: js-na1.hs-scripts.com
URL: https://js-na1.hs-scripts.com/5765386.js?_=1730959497021
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:afc9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cd39c33807a2e07e422bbe1712a0a116db55c9b6446a369f20e64c4eb5b2871f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-amz-server-side-encryption: AES256
x-request-id: 46a2dd52-b297-44c7-8188-b5ccbe26b11d
content-encoding: gzip
cf-cache-status: MISS
etag: W/"7263777b6d8512dff3b041d02472377a"
x-amz-version-id: null
expires: Thu, 07 Nov 2024 06:10:01 GMT
x-evy-trace-listener: listener_https
date: Thu, 07 Nov 2024 06:05:01 GMT
x-hubspot-correlation-id: 46a2dd52-b297-44c7-8188-b5ccbe26b11d
content-type: text/javascript
last-modified: Tue, 22 Oct 2024 20:45:51 GMT
vary: origin, Accept-Encoding
x-amz-id-2: BednK9OGkxcFGH1IavO2c7UhN9b9TuTn5td2E8KDup8pTtmm8RKDf2vTtwU6yG95jeSBx3fe5Lk=
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=300,public
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-58b4c4568d-wpzp6
x-envoy-upstream-service-time: 27
access-control-allow-credentials: false
x-amz-request-id: 6Y5PTFE132B8YCTB
cf-ray: 8deb21110fdd3347-MIA
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 banner.js Show response
js.hs-banner.com/v2/5765386/ 71 KB
26 KB 196ms
105ms Script
text/javascript 2606:4700:4400::ac40:9310
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/5765386/banner.js
Requested by: Host: js-na1.hs-scripts.com
URL: https://js-na1.hs-scripts.com/5765386.js?_=1730959497021
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9310 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b094add20f1838a81d9d9d54b33b9b48c9ffeee90b8153dd7a470e6cc8d6f778

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-evy-trace-virtual-host: all
access-control-max-age: 604800
x-request-id: 13031cbb-cd1e-497e-82bc-4a546975cc80
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
content-encoding: gzip
cf-cache-status: REVALIDATED
etag: W/"e25f8516965fb4100b34b97efe5bde12"
x-amz-version-id: 3FqQA37uiABMsYW.UhVX77sdbg4kH1Sb
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
expires: Thu, 07 Nov 2024 06:10:01 GMT
x-evy-trace-listener: listener_https
date: Thu, 07 Nov 2024 06:05:01 GMT
x-hubspot-correlation-id: 13031cbb-cd1e-497e-82bc-4a546975cc80
content-type: text/javascript; charset=UTF-8
last-modified: Mon, 15 Apr 2024 14:37:52 GMT
vary: origin, Accept-Encoding
x-amz-id-2: qrzktIDaxNzfoQssXOpInbKoCPnDsfdEHzcFThCah1vfMNB7wzoBKHOHmjUpGtzqIN8jdcSlTbU=
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=300,public
timing-allow-origin: *
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-7bfb89fbf6-rslzw
x-envoy-upstream-service-time: 130
access-control-allow-credentials: true
x-amz-request-id: 9FXAAMZ41D8HQWAS
cf-ray: 8deb21110f4f748f-MIA
access-control-allow-origin: https://www.hunters.security
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 leadflows.js Show response
js.hsleadflows.net/ 550 KB
92 KB 145ms
57ms Script
application/javascript 2606:4700::6812:8911
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsleadflows.net/leadflows.js

Requested by

Host: js-na1.hs-scripts.com
URL: https://js-na1.hs-scripts.com/5765386.js?_=1730959497021

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:8911 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d44882ab82adeef2856a0d52fb54bb70e472be45d50aa3a16b4cb39223391a99

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.hunters.security
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-request-id: 9cfcf0b1-e779-40bf-829b-7515ecea2d6e
content-encoding: gzip
cf-cache-status: HIT
etag: W/"ce26171eff05376a1b746efbb809f7f6"
x-amz-version-id: 1P48dmUoAxkQ57N6qBxgDzS3oBmZAXBF
cache-tag: staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
age: 16323
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: HWzg0QGFe8Ls7NBZgf7xKfUSfzlVpnAi_xzs7pVRsJOmfpYodJpLSw==
x-hubspot-correlation-id: 9cfcf0b1-e779-40bf-829b-7515ecea2d6e
content-type: application/javascript; charset=utf-8
last-modified: Wed, 09 Oct 2024 10:17:06 UTC
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=86400, max-age=0
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-6c6dd6864-8c628
x-envoy-upstream-service-time: 11
x-hs-target-asset: lead-flows-js/static-1.1724/bundle/main/lead-flows-release.js
server: cloudflare
x-evy-trace-virtual-host: all
x-amz-server-side-encryption: AES256
access-control-max-age: 3000
access-control-allow-methods: GET
x-hs-cache-status: MISS
date: Thu, 07 Nov 2024 06:05:00 GMT
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1724/bundle/main/lead-flows-release.js&cfRay=8cfde6dedff32583-IAD
via: 1.1 e8eec15d9551dd475d4c478f9fbb5f04.cloudfront.net (CloudFront)
cf-ray: 8deb21110834a55d-MIA
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD12-P3

GET
H2 200 web-interactives-embed.js Show response
js.hubspot.com/ 83 KB
24 KB 194ms
103ms Script
application/javascript 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hubspot.com/web-interactives-embed.js

Requested by

Host: js-na1.hs-scripts.com
URL: https://js-na1.hs-scripts.com/5765386.js?_=1730959497021

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cb60114d01e18846fc0570ef5b0c637ff1cf5f96b3cea88dd7a7a56bc587d726

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.hunters.security
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-request-id: 36e5138d-9898-4d85-88e3-f6a48f714b57
content-encoding: gzip
cf-cache-status: EXPIRED
etag: W/"83516cb36bba59046b931d3496c56b0c"
x-amz-version-id: CxKDbkLWIG8oARp7ZgYVTZrOz3tr7GRC
cache-tag: staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CLu30ntGoqdTHojs%2Bwq%2B7wQmw4RZ2BRC3h4ReYlZp%2FaEM2JawNxQq9AwXurFHbTpeLfLXF36NEDFGlNcvPaOgHXYtveTEAuA85lmGFrycYSeeTcgTyX5CT8qlWTy7MovjsKZaR%2B8MeKDMD52"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: 3KT86f5o7P9EdNbyNgZ6OVIYbUGKmxXsMW0BhigKwFAcJelWaQJUfA==
x-hubspot-correlation-id: 36e5138d-9898-4d85-88e3-f6a48f714b57
content-type: application/javascript; charset=utf-8
last-modified: Fri, 01 Nov 2024 15:51:22 UTC
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-86c46c9777-xgbvm
x-envoy-upstream-service-time: 0
x-hs-target-asset: web-interactives-embed/static-2.1648/bundles/project.js
server: cloudflare
x-evy-trace-virtual-host: all
x-amz-server-side-encryption: AES256
x-hs-cache-status: HIT
date: Thu, 07 Nov 2024 06:05:01 GMT
vary: accept-encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.1648/bundles/project.js&cfRay=8dbd5cd09f7cb3df-IAD
via: 1.1 05133180bbd1649d4b8f97441bf305e8.cloudfront.net (CloudFront)
cf-ray: 8deb21111eef4976-MIA
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD12-P3

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 7 KB
4 KB 128ms
45ms Script
application/javascript 2606:4700::6811:df98
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsadspixel.net/fb.js

Requested by

Host: js-na1.hs-scripts.com
URL: https://js-na1.hs-scripts.com/5765386.js?_=1730959497021

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:df98 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cb72a3cb5614383e3b08354bc293e2399eb11d0ed17eef59d44bef4598682c3e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-evy-trace-virtual-host: all
x-request-id: 7f89b5f3-a09e-41d3-84e8-65dd5fb0f0e4
content-encoding: gzip
cf-cache-status: HIT
etag: W/"17bd3d5b05607076554f8374be06d128"
x-amz-version-id: rL2b5HBNljJfVZ2cRM1vTT.Ta_yx29M2
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
age: 587
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-hs-cache-status: MISS
x-amz-cf-id: _ILgDV2mOXkn22m8mIDCkooHFCOSsIFsmHZHkVJj5kufCdJDMs1t6Q==
date: Thu, 07 Nov 2024 06:05:00 GMT
x-hubspot-correlation-id: 7f89b5f3-a09e-41d3-84e8-65dd5fb0f0e4
content-type: application/javascript; charset=utf-8
last-modified: Wed, 06 Nov 2024 21:06:30 UTC
vary: accept-encoding
x-evy-trace-listener: listener_https
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-86c46c9777-kvz7j
x-envoy-upstream-service-time: 6
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.647/bundles/pixels-release.js&cfRay=8deacca4cd2205dd-IAD
via: 1.1 caafbc8a9aa04b09dd564a3ddef60622.cloudfront.net (CloudFront)
cf-ray: 8deb21110dafa69b-MIA
x-evy-trace-route-configuration: listener_https/all
x-hs-target-asset: adsscriptloaderstatic/static-1.647/bundles/pixels-release.js
x-amz-cf-pop: IAD12-P3
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 cf-location Show response
js.hs-banner.com/v2/ 5 B
148 B 110ms
47ms Fetch
text/plain 2606:4700:4400::ac40:9310
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/cf-location
Requested by: Host: js.hs-banner.com
URL: https://js.hs-banner.com/v2/5765386/banner.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9310 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3435c916af74bf9f58dc6531fd421d0dd6f84591babaae1069d1451010fccbf0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

cache-control: private, max-age=1500
cf-ray: 8deb21123fbb7494-MIA
access-control-allow-origin: *
content-length: 5
date: Thu, 07 Nov 2024 06:05:01 GMT
content-type: text/plain;charset=UTF-8
vary: Accept-Encoding
server: cloudflare

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 343 KB
117 KB 374ms
80ms Script
application/javascript 2607:f8b0:400d:c04::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WQ56X32

Requested by

Host: www.hunters.security
URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c04::61 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ec2bf1a691f23976d27c82368095bd3d8eb2d4a7b83d915db9beafb5990ef9f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires: Thu, 07 Nov 2024 06:05:01 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 07 Nov 2024 06:05:01 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 119384
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 json Show response
api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/ 180 B
823 B 493ms
214ms XHR
application/json 2606:4700::6812:f16c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=5765386

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:f16c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5398d974b05c83fecc308ce8af06d5ca69ecfe557e9d7f45a6999d07c5bcd82b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

access-control-max-age: 180
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6eDIfsHxlrDIVvwm5cg2IF9a1owyAfUtMAZ3x%2FKSiTTQqNx3pLnU7nlaaIhbVCRdAqBoxr%2FKOlpT2N5Fod5wgG4Haa6HLGVFlT73LIUHzhaT00BXBcU4srl0Pfqy1oUz1AXLgVZF0j7IL15v"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-content-type-options: nosniff
date: Thu, 07 Nov 2024 06:05:01 GMT
x-hubspot-correlation-id: 5386f25e-0455-420e-980f-212245e9e252
content-type: application/json;charset=utf-8
vary: origin, Accept-Encoding
access-control-allow-headers: *
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials: false
cf-ray: 8deb21139e937bf9-MIA
access-control-allow-origin: https://www.hunters.security
server: cloudflare

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
614 B 95ms
94ms Image
image/gif 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1639347869&v=1.1&a=5765386&pi=182226747037&ct=blog-post&ccu=https%3A%2F%2Fwww.hunters.security%2Fen%2Fblog%2Fveildrive-microsoft-services-malware-c2&cpi=182226747037&cgi=24463927651&lpi=182226747037&lvi=182226747037&lvc=en&pu=https%3A%2F%2Fwww.hunters.security%2Fen%2Fblog%2Fveildrive-microsoft-services-malware-c2&t=Unmasking+VEILDrive%3A+Threat+Actors+Exploit+Microsoft+Services+for+C2&cts=1730959501089&vi=3d3ed4958970586a4e8c8672ec40fe9a&nc=true&u=27445923.3d3ed4958970586a4e8c8672ec40fe9a.1730959501085.1730959501085.1730959501085.1&b=27445923.1.1730959501085&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: none
x-request-id: 875da4cb-4949-41bf-8130-964c308c3103
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s%2F2LhXPAsaNMehtoWhH%2FeXkpAC6Tn8cS%2B817reRs72x%2FuJFIEhF5%2BDNXzSQQf81eXB2S1d8TGjz%2BgHyKDxG0tUnn91TH6u3AaotnfPPnt8yiO1iEAsqY%2F5z4X8FTNaLIy1C0gASt0Tm3nzkYVzfB"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
p3p: CP="NOI CUR ADM OUR NOR STA NID"
date: Thu, 07 Nov 2024 06:05:01 GMT
x-hubspot-correlation-id: 875da4cb-4949-41bf-8130-964c308c3103
content-type: image/gif
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: no-cache, no-store, no-transform
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-746d57b5c6-2lx62
x-envoy-upstream-service-time: 6
access-control-allow-credentials: false
cf-ray: 8deb2111e918497a-MIA
x-evy-trace-route-configuration: listener_https/all
content-length: 45
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 combinedConfigs Show response
cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/ 1 KB
2 KB 102ms
97ms Fetch
application/json 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=5765386&currentUrl=https%3A%2F%2Fwww.hunters.security%2Fen%2Fblog%2Fveildrive-microsoft-services-malware-c2&utk=3d3ed4958970586a4e8c8672ec40fe9a&__hstc=27445923.3d3ed4958970586a4e8c8672ec40fe9a.1730959501085.1730959501085.1730959501085.1&__hssc=27445923.1.1730959501085&contentId=182226747037

Requested by

Host: js.hubspot.com
URL: https://js.hubspot.com/web-interactives-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

711a15d0e1363958f6c47041e789c047528bed26727b282730a180513b71d3db

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: noindex, follow
access-control-max-age: 180
x-request-id: 0d018519-64ea-452e-81fe-a6d2f76d5588
content-encoding: gzip
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zwZ6kckbhCgVgT89%2FcpuAK6gNOH2%2FICcAYH9QWkqAdEFpsY%2FO%2Fvn6kLvMOWpP9QUHJ%2FVUjfIbaPvwfidICSi09%2FG93NSyCkF9wms%2BiK6uqytMKcnc8hCKsOtxGL8J%2BOcpcafTpSBEzSEqy8yvt5tMhjm1YPPtkWKE%2F4%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
access-control-allow-methods: OPTIONS, GET
x-evy-trace-listener: listener_https
date: Thu, 07 Nov 2024 06:05:01 GMT
x-hubspot-correlation-id: 0d018519-64ea-452e-81fe-a6d2f76d5588
content-type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-6c6b56f4b-zj727
x-envoy-upstream-service-time: 20
access-control-allow-credentials: true
cf-ray: 8deb21120fd24976-MIA
access-control-allow-origin: https://www.hunters.security
x-evy-trace-route-configuration: listener_https/all
content-length: 666
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 json Show response
forms.hubspot.com/lead-flows-config/v1/config/ 178 B
1 KB 103ms
95ms XHR
application/json 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=5765386&utk=3d3ed4958970586a4e8c8672ec40fe9a&__hstc=27445923.3d3ed4958970586a4e8c8672ec40fe9a.1730959501085.1730959501085.1730959501085.1&__hssc=27445923.1.1730959501085&contentId=182226747037&currentUrl=https%3A%2F%2Fwww.hunters.security%2Fen%2Fblog%2Fveildrive-microsoft-services-malware-c2

Requested by

Host: js.hsleadflows.net
URL: https://js.hsleadflows.net/leadflows.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0818f899d79cf1234c7dc41a663665dce621450c82bd4ec43ec769026d752140

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: none
access-control-max-age: 180
x-request-id: 10260b9d-74b3-4c2c-9b25-76fe9479b620
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xOzUwogYKIEtl5yR70iLsQzW%2BuMDFiTOowHx7jVf9uGInI0G2WVA1BGgPAHozWMRRI4X7JRl3LxmOA0xbN00C99%2B9bVqR8GukhAJ834Sm9xTsOJGkM%2Bc1cL7JeheJtFDD8j0CRruH%2BmwS824sElu"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-evy-trace-listener: listener_https
date: Thu, 07 Nov 2024 06:05:01 GMT
x-hubspot-correlation-id: 10260b9d-74b3-4c2c-9b25-76fe9479b620
content-type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-6c6b56f4b-vlvmm
x-envoy-upstream-service-time: 24
access-control-allow-credentials: false
cf-ray: 8deb2112a8534976-MIA
access-control-allow-origin: https://www.hunters.security
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 counters.gif
perf-na1.hsforms.com/embed/v3/ 35 B
927 B 185ms
109ms Image
image/gif 104.19.175.188
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf-na1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

x-robots-tag: none
x-request-id: 012fd619-2d86-42f7-a4e7-1f9396752261
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: MISS
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
date: Thu, 07 Nov 2024 06:05:01 GMT
x-hubspot-correlation-id: 012fd619-2d86-42f7-a4e7-1f9396752261
content-type: image/gif
vary: origin, Accept-Encoding
last-modified: Thu, 07 Nov 2024 06:05:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-6c6b56f4b-vlvmm
x-envoy-upstream-service-time: 1
access-control-allow-credentials: false
cf-ray: 8deb2113d8548daf-MIA
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 35
server: cloudflare
x-evy-trace-virtual-host: all

GET hs-web-interactive-5765386-181719015201
5765386.hs-sites.com/ Frame A79A 0
0

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 278 KB
96 KB 76ms
69ms Script
application/javascript 2607:f8b0:400d:c04::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-650970809

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c04::61 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c52003be08f023703a93b5c3ebd1b029d98fba80c24a3b18c4e1453ea79f4bf1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Thu, 07 Nov 2024 06:05:01 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 07 Nov 2024 06:05:01 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 97998
x-xss-protection: 0
server: Google Tag Manager

GET insight.min.js
snap.licdn.com/li.lms-analytics/ 0
0

GET js
www.googletagmanager.com/gtag/ 0
0

GET 6si.min.js
j.6sc.co/ 0
0

GET destination
www.googletagmanager.com/gtag/ 0
0

GET analytics.js
www.google-analytics.com/ 0
0

GET pixel.js
www.redditstatic.com/ads/ 0
0

GET uwt.js
static.ads-twitter.com/ 0
0

GET fbevents.js
connect.facebook.net/en_US/ 0
0

POST
H3 200 collect
www.google.com/ccm/ 0
0 212ms
57ms Ping
text/plain 173.194.204.106

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google.com/ccm/collect?en=page_view&dl=https%3A%2F%2Fwww.hunters.security%2Fen%2Fblog%2Fveildrive-microsoft-services-malware-c2&scrsrc=www.googletagmanager.com&frm=0&rnd=1776358767.1730959502&auid=973713196.1730959502&npa=0&gtm=45He4au0v831148865za200&gcs=G111&gcd=13r3r3r3r5l1&dma=0&tag_exp=101823848~101925629&tft=1730959501680&tfd=5284&apve=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WQ56X32
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 173.194.204.106 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2

Response headers

GET sw_iframe.html
www.googletagmanager.com/static/service_worker/4al0/ Frame 7E6D 0
0

GET /
googleads.g.doubleclick.net/pagead/viewthroughconversion/650970809/ 0
0

GET 650970809
td.doubleclick.net/td/rul/ Frame 7A40 0
0

GET /
googleads.g.doubleclick.net/pagead/viewthroughconversion/650970809/ 0
0

GET 650970809
td.doubleclick.net/td/rul/ Frame 9442 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: kit.fontawesome.com
URL: https://kit.fontawesome.com/a076d05399.js

Domain: 5765386.hs-sites.com
URL: https://5765386.hs-sites.com/hs-web-interactive-5765386-181719015201?utk=3d3ed4958970586a4e8c8672ec40fe9a

Domain: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js

Domain: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-C3M9VW2XNJ&l=dataLayer&cx=c

Domain: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-650970809&l=dataLayer&cx=c

Domain: j.6sc.co
URL: https://j.6sc.co/6si.min.js

Domain: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-650970809&l=dataLayer&cx=c

Domain: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Domain: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js

Domain: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Domain: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Domain: www.googletagmanager.com
URL: https://www.googletagmanager.com/static/service_worker/4al0/sw_iframe.html?origin=https%3A%2F%2Fwww.hunters.security

Domain: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/viewthroughconversion/650970809/?random=1730959501716&cv=11&fst=1730959501716&bg=ffffff&guid=ON&async=1&gtm=45be4au0v885121730z8831148865za200zb831148865&gcd=13r3r3r3r5l1&dma=0&tag_exp=101823848~101925629&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.hunters.security%2Fen%2Fblog%2Fveildrive-microsoft-services-malware-c2&hn=www.googleadservices.com&frm=0&tiba=Unmasking%20VEILDrive%3A%20Threat%20Actors%20Exploit%20Microsoft%20Services%20for%20C2&did=dZTQ1Zm&gdid=dZTQ1Zm&npa=0&pscdl=noapi&auid=973713196.1730959502&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=4

Domain: td.doubleclick.net
URL: https://td.doubleclick.net/td/rul/650970809?random=1730959501716&cv=11&fst=1730959501716&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4au0v885121730z8831148865za200zb831148865&gcd=13r3r3r3r5l1&dma=0&tag_exp=101823848~101925629&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.hunters.security%2Fen%2Fblog%2Fveildrive-microsoft-services-malware-c2&hn=www.googleadservices.com&frm=0&tiba=Unmasking%20VEILDrive%3A%20Threat%20Actors%20Exploit%20Microsoft%20Services%20for%20C2&did=dZTQ1Zm&gdid=dZTQ1Zm&npa=0&pscdl=noapi&auid=973713196.1730959502&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config

Domain: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/viewthroughconversion/650970809/?random=1730959501761&cv=11&fst=1730959501761&bg=ffffff&guid=ON&async=1&gtm=45be4au0v885121730za200zb831148865&gcd=13r3r3r3r5l1&dma=0&tag_exp=101823848~101925629&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.hunters.security%2Fen%2Fblog%2Fveildrive-microsoft-services-malware-c2&hn=www.googleadservices.com&frm=0&tiba=Unmasking%20VEILDrive%3A%20Threat%20Actors%20Exploit%20Microsoft%20Services%20for%20C2&did=dZTQ1Zm&gdid=dZTQ1Zm&npa=0&pscdl=noapi&auid=973713196.1730959502&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=4

Domain: td.doubleclick.net
URL: https://td.doubleclick.net/td/rul/650970809?random=1730959501761&cv=11&fst=1730959501761&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4au0v885121730za200zb831148865&gcd=13r3r3r3r5l1&dma=0&tag_exp=101823848~101925629&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.hunters.security%2Fen%2Fblog%2Fveildrive-microsoft-services-malware-c2&hn=www.googleadservices.com&frm=0&tiba=Unmasking%20VEILDrive%3A%20Threat%20Actors%20Exploit%20Microsoft%20Services%20for%20C2&did=dZTQ1Zm&gdid=dZTQ1Zm&npa=0&pscdl=noapi&auid=973713196.1730959502&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config

Verdicts & Comments Add Verdict or Comment

105 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

14 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.www.hunters.security/	1970-01-21 00:49:21	Name: __cf_bm Value: cd24NWHtQsbu2h71NrQi.qRDXtgBk.WaEHYS1_b0QtY-1730959496-1.0.1.1-CHjFLqr5f_PSvDQ4rfILQDv0EVF.pbkMdCsncvUlffCaKT5yTRO98hvHMpop63.okDRouJm4qnBAOjiK0iN5rQ
.www.hunters.security/	1969-12-31 23:59:59	Name: __cfruid Value: da7bd338f194c6959355645b5dd3af18f77379d9-1730959496
.hubspot.com/	1970-01-21 00:49:21	Name: __cf_bm Value: HHkfY3ipolJ1KXrMBzFkxHzYsgu0uHxF9PjKy3riTPI-1730959497-1.0.1.1-rwMxyZFzFaaaLyrGVkroSvEXOyyzD5dCR4KM_Cb2YEnccexCvEKIk5dNiFb7dW.qiRFYJifU8WuwvQ3UXQOvkw
.hubspot.com/	1969-12-31 23:59:59	Name: _cfuvid Value: 2qRKQWInIVmkzfOj8YTatnLwORKxkpLZXnzcJpOI5Tc-1730959497974-0.0.1.1-604800000
.ws.zoominfo.com/	1970-01-21 09:34:55	Name: visitorId Value: a6e6941d91a7b97a5eb2a88d3ccf18c943b41db4d65a4630480d09dcd2dcacc7
.zoominfo.com/	1970-01-21 00:49:21	Name: __cf_bm Value: hIJPzwM6WonJTIQLXTypojiDl98IZ72Z7MV7Dm7ZYx0-1730959498-1.0.1.1-W5G7XMgbLloblzdz6y28hJ3U0rpcBtjeV0EVhBiOMyQQ_gxPT5QWuvICrOn0hSpDbQtxswmPKiLtOZUE_f.uHQ
.zoominfo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: HiyPLqc2VLryUL2bjf8CA0dPlSHw82Wfim8cQXxSaVE-1730959498170-0.0.1.1-604800000
.hunters.security/	1970-01-21 05:08:31	Name: __hstc Value: 27445923.3d3ed4958970586a4e8c8672ec40fe9a.1730959501085.1730959501085.1730959501085.1
.hunters.security/	1970-01-21 05:08:31	Name: hubspotutk Value: 3d3ed4958970586a4e8c8672ec40fe9a
.hunters.security/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.hunters.security/	1970-01-21 00:49:21	Name: __hssc Value: 27445923.1.1730959501085
.hsforms.com/	1970-01-21 00:49:21	Name: __cf_bm Value: 4EHsYdG4fzRtJSxk9rzT0jNNak97FdnNil0vsCJXQlY-1730959501-1.0.1.1-grDa_ady3fRM8wUPnkaA39oGvnbjP.pBxJRSC4ayQhlLPNHwlkbYHfPgRD8UkI74rLLK5U8MpJPV3expecRyUA
.hsforms.com/	1969-12-31 23:59:59	Name: _cfuvid Value: cYdUDFTB5tvpjImfggf9hTYgNs_oE4w1M695_5Ed758-1730959501483-0.0.1.1-604800000
.hunters.security/	1970-01-21 02:58:55	Name: _gcl_au Value: 1.1.973713196.1730959502

29 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2(Line 11) Message: <link rel=preload> has an unsupported `type` value
other	warning	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2(Line 14) Message: <link rel=preload> has an unsupported `type` value
other	warning	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2(Line 15) Message: <link rel=preload> has an unsupported `type` value
other	warning	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2(Line 17) Message: <link rel=preload> has an unsupported `type` value
other	warning	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2(Line 20) Message: <link rel=preload> has an unsupported `type` value
other	warning	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2(Line 21) Message: <link rel=preload> has an unsupported `type` value
other	warning	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2(Line 23) Message: <link rel=preload> has an unsupported `type` value
other	warning	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2(Line 26) Message: <link rel=preload> has an unsupported `type` value
other	warning	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2(Line 27) Message: <link rel=preload> has an unsupported `type` value
other	warning	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2(Line 29) Message: <link rel=preload> has an unsupported `type` value
other	warning	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2(Line 32) Message: <link rel=preload> has an unsupported `type` value
other	warning	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2(Line 33) Message: <link rel=preload> has an unsupported `type` value
other	warning	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2(Line 35) Message: <link rel=preload> has an unsupported `type` value
other	warning	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2(Line 38) Message: <link rel=preload> has an unsupported `type` value
other	warning	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2(Line 39) Message: <link rel=preload> has an unsupported `type` value
javascript	error	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2(Line 1397) Message: Access to script at 'https://kit.fontawesome.com/a076d05399.js' from origin 'https://www.hunters.security' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://kit.fontawesome.com/a076d05399.js Message: Failed to load resource: net::ERR_FAILED
security	error	URL: https://www.hunters.security/hs/hsstatic/jquery-libs/static-1.4/jquery/jquery-1.11.2.js(Line 2) Message: [Report Only] Refused to load the image 'https://5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/Theme%20-%202022/Images/slider-arrow-svg.svg' because it violates the following Content Security Policy directive: "img-src 'self' data:".
security	error	URL: https://www.hunters.security/hs/hsstatic/jquery-libs/static-1.4/jquery/jquery-1.11.2.js(Line 2) Message: [Report Only] Refused to load the image 'https://5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/Theme%20-%202022/Coded_file/ajax-loader.gif' because it violates the following Content Security Policy directive: "img-src 'self' data:".
security	error	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2 Message: [Report Only] Refused to load the image 'https://5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/March2022/right-arrow.svg' because it violates the following Content Security Policy directive: "img-src 'self' data:".
security	error	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2 Message: [Report Only] Refused to load the image 'https://5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/March2022/right-arrow.svg' because it violates the following Content Security Policy directive: "img-src 'self' data:".
security	error	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2 Message: [Report Only] Refused to load the image 'https://5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/March2022/right-arrow.svg' because it violates the following Content Security Policy directive: "img-src 'self' data:".
security	error	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2 Message: [Report Only] Refused to load the image 'https://5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/March2022/right-arrow.svg' because it violates the following Content Security Policy directive: "img-src 'self' data:".
security	error	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2 Message: [Report Only] Refused to load the image 'https://5765386.fs1.hubspotusercontent-na1.net/hubfs/5765386/March2022/right-arrow.svg' because it violates the following Content Security Policy directive: "img-src 'self' data:".
security	error	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2 Message: [Report Only] Refused to load the image 'https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1639347869&v=1.1&a=5765386&pi=182226747037&ct=blog-post&ccu=https%3A%2F%2Fwww.hunters.security%2Fen%2Fblog%2Fveildrive-microsoft-services-malware-c2&cpi=182226747037&cgi=24463927651&lpi=182226747037&lvi=182226747037&lvc=en&pu=https%3A%2F%2Fwww.hunters.security%2Fen%2Fblog%2Fveildrive-microsoft-services-malware-c2&t=Unmasking+VEILDrive%3A+Threat+Actors+Exploit+Microsoft+Services+for+C2&cts=1730959501089&vi=3d3ed4958970586a4e8c8672ec40fe9a&nc=true&u=27445923.3d3ed4958970586a4e8c8672ec40fe9a.1730959501085.1730959501085.1730959501085.1&b=27445923.1.1730959501085&cc=15' because it violates the following Content Security Policy directive: "img-src 'self' data:".
security	error	URL: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2 Message: [Report Only] Refused to load the image 'https://perf-na1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1' because it violates the following Content Security Policy directive: "img-src 'self' data:".
security	error	URL: https://www.googletagmanager.com/gtm.js?id=GTM-WQ56X32(Line 154) Message: [Report Only] Refused to load the script 'https://www.redditstatic.com/ads/pixel.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' .hsadspixel.net .hs-analytics.net js.hscta.net .hubspot.com static.hsappstatic.net .usemessages.com .hs-banner.com .hubspotusercontent00.net .hubspotusercontent10.net .hubspotusercontent20.net .hubspotusercontent30.net .hubspotusercontent40.net .hubspot.net .hscollectedforms.net .hsleadflows.net .hsforms.net .hsforms.com .hs-scripts.com .hubspotfeedback.com feedback.hubapi.com .google.com .hunters.security.com .googleapis.com .twitter.com .facebook.net .linkedin.com .hotjar.com unpkg.com .cloudflare.com .fontawesome.com .zoominfo.com googletagmanager.com .licdn.com googleads.g.doubleclick.net 5765386.fs1.hubspotusercontent-na1.net googletagmanager.com webthemez.com j.6sc.co google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com/analytics.js js.chilipiper.com *.cookiebot.com 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://www.googletagmanager.com/gtm.js?id=GTM-WQ56X32(Line 154) Message: [Report Only] Refused to load the script 'https://static.ads-twitter.com/uwt.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' .hsadspixel.net .hs-analytics.net js.hscta.net .hubspot.com static.hsappstatic.net .usemessages.com .hs-banner.com .hubspotusercontent00.net .hubspotusercontent10.net .hubspotusercontent20.net .hubspotusercontent30.net .hubspotusercontent40.net .hubspot.net .hscollectedforms.net .hsleadflows.net .hsforms.net .hsforms.com .hs-scripts.com .hubspotfeedback.com feedback.hubapi.com .google.com .hunters.security.com .googleapis.com .twitter.com .facebook.net .linkedin.com .hotjar.com unpkg.com .cloudflare.com .fontawesome.com .zoominfo.com googletagmanager.com .licdn.com googleads.g.doubleclick.net 5765386.fs1.hubspotusercontent-na1.net googletagmanager.com webthemez.com j.6sc.co google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com/analytics.js js.chilipiper.com *.cookiebot.com 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://www.googletagmanager.com/ Message: [Report Only] Refused to frame 'https://www.googletagmanager.com/' because it violates the following Content Security Policy directive: "frame-src .hubspot.com .hs-sites.com .hubspot.net play.hubspotvideo.com .hsforms.net .hsforms.com .hunters.security.com .google.com .twitter.com .facebook.com .doubleclick.net metrics.hotjar.io demostack.app googletagmanager.com webthemez.com .youtube.com .zoominfo.com app.hubspot.com .chilipiper.com .cookiebot.com".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

5765386.fs1.hubspotusercontent-na1.net
5765386.hs-sites.com
api.hubapi.com
app.hubspot.com
cdnjs.cloudflare.com
connect.facebook.net
cta-service-cms2.hubspot.com
fonts.googleapis.com
forms.hubspot.com
googleads.g.doubleclick.net
j.6sc.co
js-na1.hs-scripts.com
js.hs-analytics.net
js.hs-banner.com
js.hsadspixel.net
js.hsleadflows.net
js.hubspot.com
kit.fontawesome.com
perf-na1.hsforms.com
platform.linkedin.com
platform.twitter.com
snap.licdn.com
static.ads-twitter.com
static.hsappstatic.net
td.doubleclick.net
track.hubspot.com
ws.zoominfo.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.hunters.security
www.redditstatic.com
www.unpkg.com
5765386.hs-sites.com
connect.facebook.net
googleads.g.doubleclick.net
j.6sc.co
kit.fontawesome.com
snap.licdn.com
static.ads-twitter.com
td.doubleclick.net
www.google-analytics.com
www.googletagmanager.com
www.redditstatic.com
104.16.117.43
104.17.25.14
104.19.175.188
151.101.148.157
173.194.204.106
199.60.103.29
2600:1408:c400:5::17c7:3716
2606:4700:4400::6812:297c
2606:4700:4400::ac40:9310
2606:4700::6810:7574
2606:4700::6810:8ad1
2606:4700::6811:ac5b
2606:4700::6811:afc9
2606:4700::6811:df98
2606:4700::6811:f5cb
2606:4700::6812:8911
2606:4700::6812:f16c
2607:f8b0:4004:c19::5f
2607:f8b0:400d:c04::61
31.13.66.19
0818f899d79cf1234c7dc41a663665dce621450c82bd4ec43ec769026d752140
0c29e718b023d06a8824bd6cc3d2856124f2c41af363a256936e7c7a79a4b8af
0d5f628bd87bce595cf9c4a7bf72985cbea5bffab1a535a266f70acc04fd2590
10dc028779c21e5b3f1bc41e19eaccdca81a38e53e7712439d271ceb6174f534
173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1
1aa8845fd06e475aefe733d4e55b36a92fcd487975049c8172341827ac9cc03e
1e67d8dbcca1f6fd94e077c85c2fb40fa1c2756c99238daa8da882144260a68d
23428c6301061ebb006b127c5841235122a23672f0041d08a9518520795a1bde
238b1cf831e99615cf4d403ccdecbc5a3a615f2f0f8e92179cc69f9ec7d60b0a
23a2777cbbd78b114125c9276a3b42d568e17909104309e46e94dd2d93b3abd3
24af0aa554afc559dd1f59f21a2cb05e7fc668adced9605b05f5807df02585e6
27bebe78e3b6a4b1664dd4fa83a8cd0187f051631a06248fefa3ef3991a5a92a
2e83074dd815b9adf43a1ca073b8dc0bc6eeccb0f9c008f3a06d20dec5f335d5
2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0
2f352a7de3dda4ecc29be98eaf8ecf19731d7d68038058f5568e3117228b9a82
2f6f9f7221a54fc4900e4ed44711c25b3370354baf336529033882586d75152c
3435c916af74bf9f58dc6531fd421d0dd6f84591babaae1069d1451010fccbf0
35c55b14508fa6bc876713dc6ca5b0cdd84333a1294b12d9ccff89d3784e4259
368406900c890220c314afd610820f1e635e69e4d3e0275ec060057865f563c0
3787b9ad59b219cdfaeb98edc22a982d1c638049e38f0847534cdc95f2e8038e
3c23c888b01855d9310b1a569def2623503bcc2a81327955f0a824c6f722b278
3d92e113ac3031b838001ddddf965d045f470ff748ff2e116b30378910eeaecb
3fc5f8ce69950ec73adc972f061df42aaea78faa4864709134ea2adc083f3a33
3fddc6d28aba3c13d64cfd4847c333ff48c71d4a5a58bd1a0494ca6ae8ac1bb4
424560f6d441470e553c5c2d0e31a7df189ddb73ea43d909714d57b16f024624
42c7e51d284cd7256caf3bfebf641141876657ea0d6e5588ac7e69dce1e9cf7e
45dbe99dbd4d77f38bfcdd434d4399f32321501dd6b19063edb9f09297094d8c
4aeece6fda59aeaf7ea1271ac3ecbe1189bd88726b444d8813de296f0ad41ad8
4fa2622bbcafa420ce5be37bca0ff1e87dacede5fba4f42641d000313b4a1d49
5398d974b05c83fecc308ce8af06d5ca69ecfe557e9d7f45a6999d07c5bcd82b
568d7b83659993469a2d729ad98daba3a7de2568f74d670d18ae618f118fe353
5c15402dcdd0b03490883b62681c0d676af10894c7ce55218650d0f3827c6f0f
5c7f3271772e26c27e838271d6f589ee07cfc58b3ce26c82d98c9af1dfef41ec
5ee453db69de2afe22f2abc664d11aa3b8720f3b24a8d82d2a1d2306be008e93
6189e04c26070d034daaa15a02efb5b885cd91314c32cd7e0202b7b90e6e4fbe
631550304df547eb64d2d7af3e6bc30bf346fdd47640adefcbe22263b36d65b4
632ae2a19dd0817549172e38d37d628124c089c4466c0dca78378c8a78e3f1e1
6a28d627f3677c456980de2b9026548c69a9f542993b2b5b6d8608882fe1e878
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b1d913f0ef5cc8fd8d0c483772f5d511071ccc1d441f64292fb7659616f5b79
6ca76596a4a51aff45954e24a6dd4e1f148f7f0b16c578e1c919f5e1106a04df
711a15d0e1363958f6c47041e789c047528bed26727b282730a180513b71d3db
72992fa978ffc62249702a083e053bba15e65fcdf9a3873f5872e3778584bc0d
762a5cce3355f95306400b6113dd70cbb8bcf2ce3601fa27297d1899d007ec54
7e31677db4782bc8c9162fa1b42005aad15d67853f7a496e9fbb493fe2309759
7e639f213682c84c7ed4da94c224b65a4cfa532975476b44d6b3d22ae0ef8afc
7f46e2fe055ca798ae7242cc770d2136169c4298407ec09bdc79ac73a545adb4
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
8e73a30d35c83ea6a597c3343324d2b7df097ad26e67b62efb5266ee12d317b5
8ec0979e7bb7143c393e8a431924cbe84a42fa6ad659f0b83530c88b5a349a04
90eefa1db290de170e8127aa6f3ad079f38762aa27b4c885670cf5d757c0f2fa
91f0116d893ce32487b8b683a408b135c15809c7e1b3d8d26bdb5889126f2077
a300d0cca9c84237c8127d65ddf9619b1f1dd7834240d9b5fdfc9eaa25706cab
a5ef33de34661d7ae6bce5bc0b514687f2813f7ade07b4e2511611c62c7494ac
ae83cab298fa07ba817359c389252d7333d46894358eafa3ab6183084f6620ae
b094add20f1838a81d9d9d54b33b9b48c9ffeee90b8153dd7a470e6cc8d6f778
b83025c6af427c862bf1f6599330a1dff8ea8effa9bd200614b5e7a6fed36c64
bc95b09fc339140c69c5136e815b78be4ef324669185635fc3aef462e8d7df83
c30491ee9d66af34d5e4739d93d3b62fd9f0d48858fdb21c250b45483cbba611
c52003be08f023703a93b5c3ebd1b029d98fba80c24a3b18c4e1453ea79f4bf1
cb5224674e43d02db0037517f4aa29ba5ce9ddd0672e513cc7289714ba657522
cb60114d01e18846fc0570ef5b0c637ff1cf5f96b3cea88dd7a7a56bc587d726
cb72a3cb5614383e3b08354bc293e2399eb11d0ed17eef59d44bef4598682c3e
cd39c33807a2e07e422bbe1712a0a116db55c9b6446a369f20e64c4eb5b2871f
d2b82e612d2a812e8be2a57300dab8923c4f2edbe7a799e7da70791b595646fe
d44882ab82adeef2856a0d52fb54bb70e472be45d50aa3a16b4cb39223391a99
d46b85c9bfc0fa2045feaa27ead9491e95cc1c2a6e09f834f0ed6710eaceaefa
d5ac74ae7bad75e342eeb77f0c16005fcb01eaf5473b584030feb2f9f07e23df
d7802c74a8e2285615d0ee35e104175b11653884c111470744907827543cbb29
da9dad45994fa30a773ffd383f0daba950926e1c95fc807b644554825ac34bf7
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dc507001be80bda64a1378c7f6edce7a6fe445dd6712c4eeaed70db462a7e934
de1e399b07289f3b0a8d35142e363e128124a1185770e214e25e58030dad48e5
e2856b09b8551910e6cb03f10c7c59245716b78864f205ee433fb3109f15fcbd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ea9a85e8c7b1ba0c225aec7ced73372fd08fba0bb37faa515a47008aceb550a1
ec2bf1a691f23976d27c82368095bd3d8eb2d4a7b83d915db9beafb5990ef9f7
ede5de999081588cb095a1acf05bbed529c06278912c2318b74b6141b617ecec
ef4bfee18eaf9bb02c3d3c93ce39551cff6effb9b29678a118c808b0b92489a0
f51c01b11ea2dc81dccfcc290ad1479abf33f5c5d9bb82449d9bc6cd656a57e8
f69bcd585affafad0635a9037adb2fcfd915699c3de54326f0efd20616e53d5f
f72983748dfd73b846c63554d18da197fec40f21b43f400cc2d8d1a2339098f6
fb56af9f7623a55839dfb9cf019b05664a62e1b41671d925f3ed587c506443b5

www.hunters.security Open in urlscan Pro 199.60.103.29 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

107 Requests

85 %HTTPS

65 %IPv6

28 Domains

33 Subdomains

21 IPs

2 Countries

4190 kBTransfer

6785 kBSize

14 Cookies

10 Outgoing links

Redirected requests

107 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.hunters.security Open in urlscan Pro
199.60.103.29 Public Scan

Screenshot
Live screenshot

Full Image

107
Requests

85 %
HTTPS

65 %
IPv6

28
Domains

33
Subdomains

21
IPs

2
Countries

4190 kB
Transfer

6785 kB
Size

14
Cookies

107 HTTP transactions
0 data transactions