URL: https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backd...
Submission: On August 24 via api from CH

Summary

This website contacted 40 IPs in 7 countries across 33 domains to perform 132 HTTP transactions. The main IP is 2a02:e980:d::ba, located in Israel and belongs to INCAPSULA - Incapsula Inc, US. The main domain is www.fireeye.com.
TLS certificate: Issued by Entrust Certification Authority - L1K on May 7th 2018. Valid for: 2 years.
This is the only time www.fireeye.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
44 2a02:e980:d::ba 19551 (INCAPSULA)
1 1 104.111.226.25 16625 (AKAMAI-AS)
6 104.17.74.206 13335 (CLOUDFLAR...)
1 2400:cb00:204... 13335 (CLOUDFLAR...)
3 2.18.232.23 16625 (AKAMAI-AS)
1 52.51.131.19 16509 (AMAZON-02)
1 104.111.240.216 16625 (AKAMAI-AS)
12 104.111.215.136 16625 (AKAMAI-AS)
3 66.117.29.227 15224 (OMNITURE)
1 205.185.216.42 20446 (HIGHWINDS3)
5 104.108.68.8 16625 (AKAMAI-AS)
2 52.222.168.135 16509 (AMAZON-02)
1 66.117.29.11 15224 (OMNITURE)
1 151.101.113.181 54113 (FASTLY)
1 2a00:1288:80:... 203220 (YAHOO-DEB)
2 104.111.242.254 16625 (AKAMAI-AS)
1 182.22.67.123 23816 (YAHOO Yah...)
1 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
2 13.107.21.200 8068 (MICROSOFT...)
3 2a00:1450:400... 15169 (GOOGLE)
4 2a03:2880:f01... 32934 (FACEBOOK)
1 2a00:1450:400... 15169 (GOOGLE)
1 52.222.168.110 16509 (AMAZON-02)
1 209.197.3.15 20446 (HIGHWINDS3)
1 2a00:1450:400... 15169 (GOOGLE)
6 54.164.248.58 14618 (AMAZON-AES)
3 199.15.215.200 53580 (MARKETO)
1 13.32.223.46 16509 (AMAZON-02)
1 3 35.190.27.37 15169 (GOOGLE)
2 2 52.30.190.93 16509 (AMAZON-02)
1 52.222.168.50 16509 (AMAZON-02)
2 2 34.193.197.252 14618 (AMAZON-AES)
1 52.222.168.130 16509 (AMAZON-02)
1 188.125.66.33 34010 (YAHOO-IRD)
3 2a03:2880:f11... 32934 (FACEBOOK)
2 4 172.217.22.6 15169 (GOOGLE)
1 18.204.162.94 14618 (AMAZON-AES)
2 3 2a05:f500:10:... 14413 (LINKEDIN)
1 1 2a05:f500:10:... 14413 (LINKEDIN)
5 2606:2800:234... 15133 (EDGECAST)
4 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 52.203.52.189 14618 (AMAZON-AES)
1 1 104.244.42.200 13414 (TWITTER)
132 40
Apex Domain
Subdomains
Transfer
51 fireeye.com
www.fireeye.com
www2.fireeye.com
content.fireeye.com
2 MB
12 tiqcdn.com
tags.tiqcdn.com
34 KB
9 lookbookhq.com
app.cdn.lookbookhq.com
jukebox.lookbookhq.com
69 KB
6 twitter.com
platform.twitter.com
syndication.twitter.com
37 KB
6 company-target.com
api.company-target.com
d.company-target.com
segments.company-target.com
3 KB
5 google.com
apis.google.com
accounts.google.com
98 KB
5 omtrdc.net
cdn.tt.omtrdc.net
fireeye.sc.omtrdc.net
fireeye.tt.omtrdc.net
16 KB
4 linkedin.com
px.ads.linkedin.com
www.linkedin.com
3 KB
4 doubleclick.net
8443343.fls.doubleclick.net
2 KB
4 facebook.com
www.facebook.com
staticxx.facebook.com
144 B
4 addthis.com
s7.addthis.com
186 KB
3 mktoresp.com
848-did-242.mktoresp.com
2 KB
3 facebook.net
connect.facebook.net
100 KB
3 google-analytics.com
www.google-analytics.com
14 KB
3 adobedtm.com
assets.adobedtm.com
67 KB
2 rlcdn.com
id.rlcdn.com
1021 B
2 bidr.io
match.prod.bidr.io
707 B
2 bing.com
bat.bing.com
7 KB
2 marketo.net
munchkin.marketo.net
6 KB
1 addthisedge.com
m.addthisedge.com
909 B
1 yahoo.com
sp.analytics.yahoo.com
874 B
1 googleapis.com
fonts.googleapis.com
741 B
1 bootstrapcdn.com
maxcdn.bootstrapcdn.com
7 KB
1 demandbase.com
scripts.demandbase.com
15 KB
1 googletagmanager.com
www.googletagmanager.com
25 KB
1 licdn.com
snap.licdn.com
4 KB
1 yahoo.co.jp
b91.yahoo.co.jp
695 B
1 yimg.com
s.yimg.com
5 KB
1 vidyard.com
play.vidyard.com
3 KB
1 flashtalking.com
servedby.flashtalking.com
1 demdex.net
dpm.demdex.net
965 B
1 maxmind.com
js.maxmind.com
410 B
1 typography.com
cloud.typography.com
471 B
132 33
Domain Requested by
44 www.fireeye.com www.fireeye.com
12 tags.tiqcdn.com www.fireeye.com
tags.tiqcdn.com
7 jukebox.lookbookhq.com app.cdn.lookbookhq.com
www.fireeye.com
6 www2.fireeye.com www.fireeye.com
www2.fireeye.com
5 platform.twitter.com s7.addthis.com
platform.twitter.com
4 apis.google.com s7.addthis.com
apis.google.com
4 8443343.fls.doubleclick.net 2 redirects www.googletagmanager.com
4 s7.addthis.com www.fireeye.com
s7.addthis.com
3 px.ads.linkedin.com 2 redirects
3 www.facebook.com www.fireeye.com
connect.facebook.net
3 d.company-target.com 1 redirects www.fireeye.com
3 848-did-242.mktoresp.com munchkin.marketo.net
3 connect.facebook.net tags.tiqcdn.com
connect.facebook.net
s7.addthis.com
3 www.google-analytics.com tags.tiqcdn.com
www.fireeye.com
3 fireeye.sc.omtrdc.net assets.adobedtm.com
www.fireeye.com
3 assets.adobedtm.com www.fireeye.com
assets.adobedtm.com
2 id.rlcdn.com 2 redirects
2 segments.company-target.com www.fireeye.com
2 match.prod.bidr.io 2 redirects
2 bat.bing.com tags.tiqcdn.com
www.fireeye.com
2 munchkin.marketo.net tags.tiqcdn.com
munchkin.marketo.net
2 app.cdn.lookbookhq.com tags.tiqcdn.com
1 syndication.twitter.com 1 redirects
1 content.fireeye.com app.cdn.lookbookhq.com
1 accounts.google.com apis.google.com
1 staticxx.facebook.com connect.facebook.net
1 m.addthisedge.com s7.addthis.com
1 www.linkedin.com 1 redirects
1 sp.analytics.yahoo.com s.yimg.com
1 api.company-target.com scripts.demandbase.com
1 fonts.googleapis.com app.cdn.lookbookhq.com
1 maxcdn.bootstrapcdn.com app.cdn.lookbookhq.com
1 scripts.demandbase.com tags.tiqcdn.com
1 www.googletagmanager.com tags.tiqcdn.com
1 snap.licdn.com tags.tiqcdn.com
1 b91.yahoo.co.jp www.fireeye.com
1 s.yimg.com tags.tiqcdn.com
1 play.vidyard.com tags.tiqcdn.com
1 fireeye.tt.omtrdc.net assets.adobedtm.com
1 servedby.flashtalking.com www.fireeye.com
1 cdn.tt.omtrdc.net assets.adobedtm.com
1 dpm.demdex.net assets.adobedtm.com
1 js.maxmind.com www.fireeye.com
1 cloud.typography.com 1 redirects
132 44
Subject Issuer Validity Valid
fireeye.com
Entrust Certification Authority - L1K
2018-05-07 -
2020-05-06
2 years crt.sh
www2.fireeye.com
CloudFlare Inc ECC CA-2
2018-05-07 -
2019-05-07
a year crt.sh
*.maxmind.com
COMODO RSA Organization Validation Secure Server CA
2016-09-19 -
2018-10-31
2 years crt.sh
assets.adobedtm.com
DigiCert SHA2 High Assurance Server CA
2018-04-06 -
2019-04-11
a year crt.sh
*.demdex.net
DigiCert SHA2 High Assurance Server CA
2018-01-09 -
2021-02-12
3 years crt.sh
*.tt.omtrdc.net
DigiCert SHA2 High Assurance Server CA
2017-10-26 -
2020-11-25
3 years crt.sh
*.tiqcdn.com
DigiCert SHA2 Secure Server CA
2018-02-28 -
2019-02-28
a year crt.sh
*.sc.omtrdc.net
DigiCert SHA2 High Assurance Server CA
2016-05-04 -
2019-05-23
3 years crt.sh
servedby.flashtalking.com
GeoTrust RSA CA 2018
2018-02-13 -
2019-02-13
a year crt.sh
odc-prod-01.oracle.com
DigiCert ECC Secure Server CA
2018-05-06 -
2019-08-05
a year crt.sh
cdn.lookbookhq.com
Amazon
2018-01-17 -
2019-02-17
a year crt.sh
p.ssl.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3
2018-03-02 -
2018-12-28
10 months crt.sh
*.yahoo.com
DigiCert SHA2 High Assurance Server CA
2018-08-20 -
2018-09-28
a month crt.sh
*.marketo.net
DigiCert SHA2 Secure Server CA
2018-02-22 -
2019-02-22
a year crt.sh
b91.yahoo.co.jp
Cybertrust Japan Public CA G3
2017-10-26 -
2018-10-26
a year crt.sh
*.licdn.com
DigiCert SHA2 Secure Server CA
2016-02-16 -
2019-04-17
3 years crt.sh
www.bing.com
Microsoft IT TLS CA 5
2017-07-20 -
2019-07-10
2 years crt.sh
*.google-analytics.com
Google Internet Authority G3
2018-08-07 -
2018-10-16
2 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2017-12-15 -
2019-03-22
a year crt.sh
*.demandbase.com
Go Daddy Secure Certificate Authority - G2
2016-09-20 -
2018-11-19
2 years crt.sh
*.bootstrapcdn.com
COMODO RSA Domain Validation Secure Server CA
2017-10-03 -
2018-10-13
a year crt.sh
*.googleapis.com
Google Internet Authority G3
2018-08-07 -
2018-10-16
2 months crt.sh
*.lookbookhq.com
Amazon
2018-05-09 -
2019-06-09
a year crt.sh
*.mktoresp.com
Go Daddy Secure Certificate Authority - G2
2015-12-02 -
2018-12-02
3 years crt.sh
*.company-target.com
Go Daddy Secure Certificate Authority - G2
2017-08-18 -
2019-08-18
2 years crt.sh
*.d.company-target.com
Go Daddy Secure Certificate Authority - G2
2017-10-11 -
2018-10-11
a year crt.sh
*.analytics.yahoo.com
DigiCert SHA2 High Assurance Server CA
2018-06-08 -
2018-12-05
6 months crt.sh
*.doubleclick.net
Google Internet Authority G3
2018-08-07 -
2018-10-16
2 months crt.sh
px.ads.linkedin.com
DigiCert SHA2 Secure Server CA
2017-06-06 -
2019-06-11
2 years crt.sh
*.twimg.com
DigiCert SHA2 High Assurance Server CA
2017-12-02 -
2018-12-05
a year crt.sh
*.apis.google.com
Google Internet Authority G3
2018-08-07 -
2018-10-16
2 months crt.sh
accounts.google.com
Google Internet Authority G3
2018-08-07 -
2018-10-16
2 months crt.sh
content.fireeye.com
Entrust Certification Authority - L1K
2018-07-31 -
2020-07-31
2 years crt.sh

This page contains 16 frames:

Primary Page: https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Frame ID: E2FA0CCD12E24503D6A7E777C5BFB8A4
Requests: 125 HTTP requests in this frame

Frame: https://servedby.flashtalking.com/container/6639;55678;5918;iframe/?ft_referrer=https%3A//www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html&ns=&cb=817567.7974965676
Frame ID: 0EA315B64B5DD85CCC997C594FB8C326
Requests: 1 HTTP requests in this frame

Frame: https://8443343.fls.doubleclick.net/activityi;dc_pre=CIyu-IGhht0CFcEWGwodWO4Bag;src=8443343;type=sitew0;cat=firee0;ord=9568677702357;gtm=d86;u2=Microsoft%20Office%20Vulnerabilities%20Used%20to%20Distribute%20FELIXROOT%20Backdoor%20in%20Recent%20Campaign%20%C2%AB%20Microsoft%20Office%20Vulnerabilities%20Used%20to%20Distribute%20FELIXROOT%20Backdoor%20in%20Recent%20Campaign%20%7C%20FireEye%20Inc;u1=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html;~oref=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Frame ID: 0FD1FC8391C5A62FA1A291C522BE3926
Requests: 1 HTTP requests in this frame

Frame: https://8443343.fls.doubleclick.net/activityi;dc_pre=CLOgqYKhht0CFU4WGwodcjUEHA;src=8443343;type=sitew0;cat=firee0;ord=6147580650397;gtm=d86;u2=Microsoft%20Office%20Vulnerabilities%20Used%20to%20Distribute%20FELIXROOT%20Backdoor%20in%20Recent%20Campaign%20%C2%AB%20Microsoft%20Office%20Vulnerabilities%20Used%20to%20Distribute%20FELIXROOT%20Backdoor%20in%20Recent%20Campaign%20%7C%20FireEye%20Inc;u1=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html;~oref=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Frame ID: E855623CBED38CEC7311CB06090E49F4
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 09A5BC8C7FBE22B0E8673FF186B4330D
Requests: 1 HTTP requests in this frame

Frame: https://www2.fireeye.com/index.php/form/XDFrame
Frame ID: F463EFC4B0AC963E5550D92CA86679A6
Requests: 2 HTTP requests in this frame

Frame: https://jukebox.lookbookhq.com/cookie-iframe.html
Frame ID: 5A2FB1FDC8070CEBCC0BF229569D65ED
Requests: 1 HTTP requests in this frame

Frame: https://s7.addthis.com/static/linkedin.html
Frame ID: 433BB347E7DD998D1C66A1F0E1678E75
Requests: 1 HTTP requests in this frame

Frame: https://apis.google.com/se/0/_/+1/fastbutton?usegapi=1&size=tall&annotation=none&hl=en-US&origin=https%3A%2F%2Fwww.fireeye.com&url=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.NDts6jsgkBs.O%2Fam%3DwQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPG-dYdd3tpWAVzPFHtje9XGKwktg%2Fm%3D__features__
Frame ID: EC89F6DC74BDF80737E2D5C6D9DDE10D
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.5b37191c1b7fd23797a519962bf78683.html?origin=https%3A%2F%2Fwww.fireeye.com&settingsEndpoint=https%3A%2F%2Fsyndication.twitter.com%2Fsettings
Frame ID: 07A27EA3771E4EC271B989294A3C8BBB
Requests: 1 HTTP requests in this frame

Frame: https://staticxx.facebook.com/connect/xd_arbiter/r/QX17B8fU-Vm.js?version=42
Frame ID: 7DF5C135E7B60F26029A29C3CB040C7A
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/v2.6/plugins/share_button.php?app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter%2Fr%2FQX17B8fU-Vm.js%3Fversion%3D42%23cb%3Df3263bad93b4dac%26domain%3Dwww.fireeye.com%26origin%3Dhttps%253A%252F%252Fwww.fireeye.com%252Ff322b6adc6e91ac%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html&layout=button&locale=en_US&sdk=joey
Frame ID: D2085E8669E988217DB18AB190A1423E
Requests: 1 HTTP requests in this frame

Frame: https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fwww.fireeye.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.NDts6jsgkBs.O%2Fam%3DwQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPG-dYdd3tpWAVzPFHtje9XGKwktg%2Fm%3D__features__
Frame ID: D9753BF6197069994DCDC7C3A1433C8A
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.5b37191c1b7fd23797a519962bf78683.en.html
Frame ID: 3C390B736424E3A5EAC722079DB26CDA
Requests: 1 HTTP requests in this frame

Frame: https://content.fireeye.com/cookie-iframe.html
Frame ID: FF6D9768BBFAEC8632E115CDAA2DD209
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/jot.html
Frame ID: 4477C71A2308C27AA36AD7875D24BA54
Requests: 1 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • script /\/etc\/designs\//i

Overall confidence: 100%
Detected patterns
  • script /\/etc\/designs\//i

Overall confidence: 100%
Detected patterns
  • script /addthis\.com\/js\//i
  • env /^addthis/i

Overall confidence: 100%
Detected patterns
  • script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i

Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
  • env /^gaGlobal$/i

Overall confidence: 100%
Detected patterns
  • script /apis\.google\.com\/js\/[a-z]*\.js/i

Overall confidence: 100%
Detected patterns
  • env /^google_tag_manager$/i

Overall confidence: 100%
Detected patterns
  • script /munchkin\.marketo\.net\/munchkin\.js/i
  • env /^Munchkin$/i

Overall confidence: 100%
Detected patterns
  • env /^Modernizr$/i

Overall confidence: 100%
Detected patterns
  • script /\/s[_-]code.*\.js/i
  • env /^s_(?:account|objectID|code|INST)$/i

Overall confidence: 100%
Detected patterns
  • script /^\/\/tags\.tiqcdn\.com\//i

Overall confidence: 100%
Detected patterns
  • script /\/\/platform\.twitter\.com\/widgets\.js/i

Overall confidence: 100%
Detected patterns
  • env /^YAHOO$/i

Overall confidence: 100%
Detected patterns
  • script /jquery.*\.js/i
  • env /^jQuery$/i

Page Statistics

132
Requests

100 %
HTTPS

32 %
IPv6

33
Domains

44
Subdomains

40
IPs

7
Countries

2670 kB
Transfer

5218 kB
Size

20
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3
  • https://cloud.typography.com/6746836/6977592/css/fonts.css HTTP 302
  • https://www.fireeye.com/content/dam/fireeye-www/fw/f/651819/F3FCCD5E6343B3320.css
Request Chain 95
  • https://d.company-target.com/pixel?type=js&id=15318698543518&page=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html HTTP 302
  • https://d.company-target.com/ul_cb/pixel?type=js&id=15318698543518&page=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Request Chain 97
  • https://match.prod.bidr.io/cookie-sync/demandbase HTTP 303
  • https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1 HTTP 303
  • https://segments.company-target.com/log?vendor=choca&user_id=AARhN063AI0AACtZaXoGDg
Request Chain 98
  • https://id.rlcdn.com/464526.gif HTTP 302
  • https://id.rlcdn.com/464526.gif?redirect=1 HTTP 302
  • https://segments.company-target.com/wtk?vendor=liveramp&lrid=Xc1297UoQdxHxS9b4pjsNzwhKAy29iF32CFdqQM6tqtZNpTUQ
Request Chain 105
  • https://8443343.fls.doubleclick.net/activityi;src=8443343;type=sitew0;cat=firee0;ord=9568677702357;gtm=d86;u2=Microsoft%20Office%20Vulnerabilities%20Used%20to%20Distribute%20FELIXROOT%20Backdoor%20in%20Recent%20Campaign%20%C2%AB%20Microsoft%20Office%20Vulnerabilities%20Used%20to%20Distribute%20FELIXROOT%20Backdoor%20in%20Recent%20Campaign%20%7C%20FireEye%20Inc;u1=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html;~oref=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html HTTP 302
  • https://8443343.fls.doubleclick.net/activityi;dc_pre=CIyu-IGhht0CFcEWGwodWO4Bag;src=8443343;type=sitew0;cat=firee0;ord=9568677702357;gtm=d86;u2=Microsoft%20Office%20Vulnerabilities%20Used%20to%20Distribute%20FELIXROOT%20Backdoor%20in%20Recent%20Campaign%20%C2%AB%20Microsoft%20Office%20Vulnerabilities%20Used%20to%20Distribute%20FELIXROOT%20Backdoor%20in%20Recent%20Campaign%20%7C%20FireEye%20Inc;u1=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html;~oref=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Request Chain 111
  • https://8443343.fls.doubleclick.net/activityi;src=8443343;type=sitew0;cat=firee0;ord=6147580650397;gtm=d86;u2=Microsoft%20Office%20Vulnerabilities%20Used%20to%20Distribute%20FELIXROOT%20Backdoor%20in%20Recent%20Campaign%20%C2%AB%20Microsoft%20Office%20Vulnerabilities%20Used%20to%20Distribute%20FELIXROOT%20Backdoor%20in%20Recent%20Campaign%20%7C%20FireEye%20Inc;u1=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html;~oref=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html HTTP 302
  • https://8443343.fls.doubleclick.net/activityi;dc_pre=CLOgqYKhht0CFU4WGwodcjUEHA;src=8443343;type=sitew0;cat=firee0;ord=6147580650397;gtm=d86;u2=Microsoft%20Office%20Vulnerabilities%20Used%20to%20Distribute%20FELIXROOT%20Backdoor%20in%20Recent%20Campaign%20%C2%AB%20Microsoft%20Office%20Vulnerabilities%20Used%20to%20Distribute%20FELIXROOT%20Backdoor%20in%20Recent%20Campaign%20%7C%20FireEye%20Inc;u1=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html;~oref=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Request Chain 116
  • https://px.ads.linkedin.com/collect/?time=1535133254485&pid=6572&url=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html&pageUrl=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html&ref=&fmt=js&s=1 HTTP 302
  • https://px.ads.linkedin.com/collect/?time=1535133254485&pid=6572&url=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html&pageUrl=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html&ref=&fmt=js&s=1&cookiesTest=true HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%2F%3Ftime%3D1535133254485%26pid%3D6572%26url%3Dhttps%253A%252F%252Fwww.fireeye.com%252Fblog%252Fthreat-research%252F2018%252F07%252Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html%26pageUrl%3Dhttps%253A%252F%252Fwww.fireeye.com%252Fblog%252Fthreat-research%252F2018%252F07%252Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html%26ref%3D%26fmt%3Djs%26s%3D1%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect/?time=1535133254485&pid=6572&url=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html&pageUrl=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html&ref=&fmt=js&s=1&cookiesTest=true&liSync=true
Request Chain 137
  • https://syndication.twitter.com/i/jot HTTP 302
  • https://platform.twitter.com/jot.html

132 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
www.fireeye.com/blog/threat-research/2018/07/
69 KB
19 KB
Document
General
Full URL
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , Israel, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
e4ac9b53333ae44a1ec507077fbbdcf808167f547462ff431063878610623c37
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.fireeye.com
:scheme
https
:path
/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
E2FA0CCD12E24503D6A7E777C5BFB8A4

Response headers

status
200
etag
"12cfc-5743012df1a17-gzip"
last-modified
Fri, 24 Aug 2018 15:31:47 GMT
content-type
text/html; charset=UTF-8
content-length
19231
content-encoding
gzip
content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
strict-transport-security
max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
cache-control
max-age=300, public
expires
Fri, 24 Aug 2018 17:59:10 GMT
date
Fri, 24 Aug 2018 17:54:10 GMT
set-cookie
visid_incap_153517=bqTb70a6T7OCoPHdIwlU10JGgFsAAAAAQUIPAAAAAADHPWzsXmNs6EOq5RPtecPT; expires=Sat, 24 Aug 2019 10:04:47 GMT; path=/; Domain=.fireeye.com incap_ses_535_153517=qqGWWoCFiF9ffPhOabRsB0JGgFsAAAAA1Q8eNenHnrXQgtwl0udw3g==; path=/; Domain=.fireeye.com
x-iinfo
8-42040067-0 0CNN RT(1535133250902 0) q(0 -1 -1 1) r(0 -1)
jquery.min.js
www.fireeye.com/etc.clientlibs/clientlibs/granite/
107 KB
37 KB
Script
General
Full URL
https://www.fireeye.com/etc.clientlibs/clientlibs/granite/jquery.min.js
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , Israel, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
5289840c115a8725f816552aae25f03c928c019256a7547a9f8652a19f05ceba
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/etc.clientlibs/clientlibs/granite/jquery.min.js
pragma
no-cache
cookie
visid_incap_153517=bqTb70a6T7OCoPHdIwlU10JGgFsAAAAAQUIPAAAAAADHPWzsXmNs6EOq5RPtecPT; incap_ses_535_153517=qqGWWoCFiF9ffPhOabRsB0JGgFsAAAAA1Q8eNenHnrXQgtwl0udw3g==
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
www.fireeye.com
referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
:scheme
https
:method
GET
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 16 Aug 2018 08:07:24 GMT
etag
"1ba4e-57388eee0a700-gzip"
x-frame-options
SAMEORIGIN
content-type
application/javascript
status
200
x-iinfo
8-42040070-0 0CNN RT(1535133250915 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=86400, public
date
Fri, 24 Aug 2018 17:54:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
content-length
37625
x-xss-protection
1; mode=block
expires
Sat, 25 Aug 2018 17:54:10 GMT
clientlibs_nav.min.js
www.fireeye.com/etc/designs/fireeye-www/
10 KB
3 KB
Script
General
Full URL
https://www.fireeye.com/etc/designs/fireeye-www/clientlibs_nav.min.js
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , Israel, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
9c9430c197476f80275443261f9c704c4fa44209e1a73a70acc5432df543c7f0
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/etc/designs/fireeye-www/clientlibs_nav.min.js
pragma
no-cache
cookie
visid_incap_153517=bqTb70a6T7OCoPHdIwlU10JGgFsAAAAAQUIPAAAAAADHPWzsXmNs6EOq5RPtecPT; incap_ses_535_153517=qqGWWoCFiF9ffPhOabRsB0JGgFsAAAAA1Q8eNenHnrXQgtwl0udw3g==
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
www.fireeye.com
referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
:scheme
https
:method
GET
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 16 Aug 2018 08:06:18 GMT
etag
"2a69-57388eaf19280-gzip"
x-frame-options
SAMEORIGIN
content-type
application/javascript
status
200
x-iinfo
8-42040074-0 0CNN RT(1535133250919 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=86400, public
date
Fri, 24 Aug 2018 17:54:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
content-length
3251
x-xss-protection
1; mode=block
expires
Sat, 25 Aug 2018 17:54:10 GMT
cds.css
www.fireeye.com/etc/designs/fireeye-www/clientlibs_fw/css/
4 KB
1 KB
Stylesheet
General
Full URL
https://www.fireeye.com/etc/designs/fireeye-www/clientlibs_fw/css/cds.css
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , Israel, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
14f5c3507c3529201adf46f8d0bd4cac4cf8ee74b08c1143020dc577a86a66ef
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/etc/designs/fireeye-www/clientlibs_fw/css/cds.css
pragma
no-cache
cookie
visid_incap_153517=bqTb70a6T7OCoPHdIwlU10JGgFsAAAAAQUIPAAAAAADHPWzsXmNs6EOq5RPtecPT; incap_ses_535_153517=qqGWWoCFiF9ffPhOabRsB0JGgFsAAAAA1Q8eNenHnrXQgtwl0udw3g==
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/css,*/*;q=0.1
cache-control
no-cache
:authority
www.fireeye.com
referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
:scheme
https
:method
GET
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 16 Aug 2018 08:07:24 GMT
etag
"1757-57388eee0a700-gzip"
x-frame-options
SAMEORIGIN
content-type
text/css
status
200
x-iinfo
8-42040071-0 0CNN RT(1535133250917 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=43200, public
date
Fri, 24 Aug 2018 17:54:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
content-length
1120
x-xss-protection
1; mode=block
expires
Sat, 25 Aug 2018 05:54:10 GMT
F3FCCD5E6343B3320.css
www.fireeye.com/content/dam/fireeye-www/fw/f/651819/
Redirect Chain
  • https://cloud.typography.com/6746836/6977592/css/fonts.css
  • https://www.fireeye.com/content/dam/fireeye-www/fw/f/651819/F3FCCD5E6343B3320.css
245 KB
184 KB
Stylesheet
General
Full URL
https://www.fireeye.com/content/dam/fireeye-www/fw/f/651819/F3FCCD5E6343B3320.css
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , Israel, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
67a99837e80451fd25c1abdf9c96a984bf2aff964034155311361e47213f748b
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 16 Aug 2018 09:47:21 GMT
etag
"3d5e0-5738a54539c40-gzip"
x-frame-options
SAMEORIGIN
content-type
text/css
status
200
x-iinfo
8-42040169-0 0CNN RT(1535133251323 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=43200, public
date
Fri, 24 Aug 2018 17:54:11 GMT
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-length
187688
x-xss-protection
1; mode=block
expires
Sat, 25 Aug 2018 05:54:11 GMT

Redirect headers

Date
Fri, 24 Aug 2018 17:54:12 GMT
Last-Modified
Wed, 04 Apr 2018 18:37:39 GMT
Server
Apache
ETag
"115e2100d163a3d87ac532e0b7ef66d5:1522867059"
Vary
Accept-Encoding
Content-Type
text/html
Location
https://www.fireeye.com/content/dam/fireeye-www/fw/f/651819/F3FCCD5E6343B3320.css
Cache-Control
must-revalidate, private
Connection
keep-alive
X-HCo-pid
14
Content-Length
154
Expires
Fri, 24 August 2018 17:54:11 GMT
clientlibs_fw.min.css
www.fireeye.com/etc/designs/fireeye-www/
183 KB
36 KB
Stylesheet
General
Full URL
https://www.fireeye.com/etc/designs/fireeye-www/clientlibs_fw.min.css
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , Israel, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
a24ddd4945c0e8db5ac7beb2d48a647fc808ec25d63dd5376fc442cb91f60061
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/etc/designs/fireeye-www/clientlibs_fw.min.css
pragma
no-cache
cookie
visid_incap_153517=bqTb70a6T7OCoPHdIwlU10JGgFsAAAAAQUIPAAAAAADHPWzsXmNs6EOq5RPtecPT; incap_ses_535_153517=qqGWWoCFiF9ffPhOabRsB0JGgFsAAAAA1Q8eNenHnrXQgtwl0udw3g==
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/css,*/*;q=0.1
cache-control
no-cache
:authority
www.fireeye.com
referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
:scheme
https
:method
GET
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 16 Aug 2018 08:06:18 GMT
etag
"2da45-57388eaf19280-gzip"
x-frame-options
SAMEORIGIN
content-type
text/css
status
200
x-iinfo
8-42040072-0 0CNN RT(1535133250918 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=43200, public
date
Fri, 24 Aug 2018 17:54:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
content-length
36365
x-xss-protection
1; mode=block
expires
Sat, 25 Aug 2018 05:54:10 GMT
clientlibs_base.min.css
www.fireeye.com/etc/clientlibs/fireeye-blog/
287 B
311 B
Stylesheet
General
Full URL
https://www.fireeye.com/etc/clientlibs/fireeye-blog/clientlibs_base.min.css
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , Israel, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
f7de8a302ba63e8067adeb89eb0e53327b17996ce20d2026466f681c83394002
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/etc/clientlibs/fireeye-blog/clientlibs_base.min.css
pragma
no-cache
cookie
visid_incap_153517=bqTb70a6T7OCoPHdIwlU10JGgFsAAAAAQUIPAAAAAADHPWzsXmNs6EOq5RPtecPT; incap_ses_535_153517=qqGWWoCFiF9ffPhOabRsB0JGgFsAAAAA1Q8eNenHnrXQgtwl0udw3g==
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/css,*/*;q=0.1
cache-control
no-cache
:authority
www.fireeye.com
referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
:scheme
https
:method
GET
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 16 Aug 2018 10:30:57 GMT
etag
"11f-5738af0409a40-gzip"
x-frame-options
SAMEORIGIN
content-type
text/css
status
200
x-iinfo
8-42040075-0 0CNN RT(1535133250919 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=43200, public
date
Fri, 24 Aug 2018 17:54:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
content-length
181
x-xss-protection
1; mode=block
expires
Sat, 25 Aug 2018 05:54:10 GMT
clientlibs_analytics.min.js
www.fireeye.com/etc/designs/fireeye-www/
2 KB
931 B
Script
General
Full URL
https://www.fireeye.com/etc/designs/fireeye-www/clientlibs_analytics.min.js
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , Israel, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
eb9f5c6e7887dbc763d63af2d1dffc086d71210b2501abf22768310d7d3db092
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/etc/designs/fireeye-www/clientlibs_analytics.min.js
pragma
no-cache
cookie
visid_incap_153517=bqTb70a6T7OCoPHdIwlU10JGgFsAAAAAQUIPAAAAAADHPWzsXmNs6EOq5RPtecPT; incap_ses_535_153517=qqGWWoCFiF9ffPhOabRsB0JGgFsAAAAA1Q8eNenHnrXQgtwl0udw3g==
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
www.fireeye.com
referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
:scheme
https
:method
GET
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 16 Aug 2018 08:05:40 GMT
etag
"846-57388e8adbd00-gzip"
x-frame-options
SAMEORIGIN
content-type
application/javascript
status
200
x-iinfo
8-42040076-0 0CNN RT(1535133250920 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=86400, public
date
Fri, 24 Aug 2018 17:54:10 GMT
content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
content-length
801
x-xss-protection
1; mode=block
expires
Sat, 25 Aug 2018 17:54:10 GMT
utils.min.js
www.fireeye.com/etc.clientlibs/clientlibs/granite/
9 KB
4 KB
Script
General
Full URL
https://www.fireeye.com/etc.clientlibs/clientlibs/granite/utils.min.js
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , Israel, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
08ada830a022251d78d15cefd38549eda4c4f24ba25845ff2280d23cafe2a178
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/etc.clientlibs/clientlibs/granite/utils.min.js
pragma
no-cache
cookie
visid_incap_153517=bqTb70a6T7OCoPHdIwlU10JGgFsAAAAAQUIPAAAAAADHPWzsXmNs6EOq5RPtecPT; incap_ses_535_153517=qqGWWoCFiF9ffPhOabRsB0JGgFsAAAAA1Q8eNenHnrXQgtwl0udw3g==
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
www.fireeye.com
referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
:scheme
https
:method
GET
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 16 Aug 2018 08:05:40 GMT
etag
"255b-57388e8adbd00-gzip"
x-frame-options
SAMEORIGIN
content-type
application/javascript
status
200
x-iinfo
8-42040077-0 0CNN RT(1535133250923 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=86400, public
date
Fri, 24 Aug 2018 17:54:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
content-length
3555
x-xss-protection
1; mode=block
expires
Sat, 25 Aug 2018 17:54:10 GMT
granite.min.js
www.fireeye.com/etc.clientlibs/clientlibs/granite/jquery/
3 KB
2 KB
Script
General
Full URL
https://www.fireeye.com/etc.clientlibs/clientlibs/granite/jquery/granite.min.js
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , Israel, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
5b0454427cef5e4c09cad48c5b421f4d23d9a0689f4519f17956af263bf77d3b
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/etc.clientlibs/clientlibs/granite/jquery/granite.min.js
pragma
no-cache
cookie
visid_incap_153517=bqTb70a6T7OCoPHdIwlU10JGgFsAAAAAQUIPAAAAAADHPWzsXmNs6EOq5RPtecPT; incap_ses_535_153517=qqGWWoCFiF9ffPhOabRsB0JGgFsAAAAA1Q8eNenHnrXQgtwl0udw3g==
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
www.fireeye.com
referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
:scheme
https
:method
GET
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 16 Aug 2018 08:06:19 GMT
etag
"db3-57388eb00d4c0-gzip"
x-frame-options
SAMEORIGIN
content-type
application/javascript
status
200
x-iinfo
8-42040078-0 0CNN RT(1535133250924 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=86400, public
date
Fri, 24 Aug 2018 17:54:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
content-length
1522
x-xss-protection
1; mode=block
expires
Sat, 25 Aug 2018 17:54:10 GMT
jquery.min.js
www.fireeye.com/etc/clientlibs/foundation/
16 B
137 B
Script
General
Full URL
https://www.fireeye.com/etc/clientlibs/foundation/jquery.min.js
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , Israel, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
c084b47104c493fb377b6d35d8c08df67d773f6dcf8294c0a7360710cd8cacbd
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/etc/clientlibs/foundation/jquery.min.js
pragma
no-cache
cookie
visid_incap_153517=bqTb70a6T7OCoPHdIwlU10JGgFsAAAAAQUIPAAAAAADHPWzsXmNs6EOq5RPtecPT; incap_ses_535_153517=qqGWWoCFiF9ffPhOabRsB0JGgFsAAAAA1Q8eNenHnrXQgtwl0udw3g==
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
www.fireeye.com
referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
:scheme
https
:method
GET
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 16 Aug 2018 08:06:19 GMT
etag
"10-57388eb00d4c0"
x-frame-options
SAMEORIGIN
content-type
application/javascript
status
200
x-iinfo
8-42040079-0 0CNN RT(1535133250924 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=86400, public
date
Fri, 24 Aug 2018 17:54:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
content-length
36
x-xss-protection
1; mode=block
expires
Sat, 25 Aug 2018 17:54:10 GMT
shared.min.js
www.fireeye.com/etc/clientlibs/foundation/
23 KB
7 KB
Script
General
Full URL
https://www.fireeye.com/etc/clientlibs/foundation/shared.min.js
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , Israel, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
5e4a8318d1cc410dbb2beaa0c3480335b5a71cd67728c97288ad619e34169058
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/etc/clientlibs/foundation/shared.min.js
pragma
no-cache
cookie
visid_incap_153517=bqTb70a6T7OCoPHdIwlU10JGgFsAAAAAQUIPAAAAAADHPWzsXmNs6EOq5RPtecPT; incap_ses_535_153517=qqGWWoCFiF9ffPhOabRsB0JGgFsAAAAA1Q8eNenHnrXQgtwl0udw3g==
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
www.fireeye.com
referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
:scheme
https
:method
GET
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 16 Aug 2018 08:05:40 GMT
etag
"5e73-57388e8adbd00-gzip"
x-frame-options
SAMEORIGIN
content-type
application/javascript
status
200
x-iinfo
8-42040080-0 0CNN RT(1535133250925 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=86400, public
date
Fri, 24 Aug 2018 17:54:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
content-length
6841
x-xss-protection
1; mode=block
expires
Sat, 25 Aug 2018 17:54:10 GMT
modern.min.js
www.fireeye.com/etc.clientlibs/clientlibs/granite/lodash/
33 KB
11 KB
Script
General
Full URL
https://www.fireeye.com/etc.clientlibs/clientlibs/granite/lodash/modern.min.js
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , Israel, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
c94a7abd974c79856c19536bcc51acbfd28c72d8027980e5a46fede8f0064481
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/etc.clientlibs/clientlibs/granite/lodash/modern.min.js
pragma
no-cache
cookie
visid_incap_153517=bqTb70a6T7OCoPHdIwlU10JGgFsAAAAAQUIPAAAAAADHPWzsXmNs6EOq5RPtecPT; incap_ses_535_153517=qqGWWoCFiF9ffPhOabRsB0JGgFsAAAAA1Q8eNenHnrXQgtwl0udw3g==
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
www.fireeye.com
referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
:scheme
https
:method
GET
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 16 Aug 2018 08:06:18 GMT
etag
"87c8-57388eaf19280-gzip"
x-frame-options
SAMEORIGIN
content-type
application/javascript
status
200
x-iinfo
8-42040081-0 0CNN RT(1535133250925 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=86400, public
date
Fri, 24 Aug 2018 17:54:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
content-length
11647
x-xss-protection
1; mode=block
expires
Sat, 25 Aug 2018 17:54:10 GMT
kernel.min.js
www.fireeye.com/etc/clientlibs/foundation/personalization/
113 KB
25 KB
Script
General
Full URL
https://www.fireeye.com/etc/clientlibs/foundation/personalization/kernel.min.js
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , Israel, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
9cb61d1b77963810d54c18b32a133870a6094c5e5afa82da0684575dad823099
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/etc/clientlibs/foundation/personalization/kernel.min.js
pragma
no-cache
cookie
visid_incap_153517=bqTb70a6T7OCoPHdIwlU10JGgFsAAAAAQUIPAAAAAADHPWzsXmNs6EOq5RPtecPT; incap_ses_535_153517=qqGWWoCFiF9ffPhOabRsB0JGgFsAAAAA1Q8eNenHnrXQgtwl0udw3g==
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
www.fireeye.com
referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
:scheme
https
:method
GET
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 16 Aug 2018 08:06:18 GMT
etag
"1cf5f-57388eaf19280-gzip"
x-frame-options
SAMEORIGIN
content-type
application/javascript
status
200
x-iinfo
8-42040082-0 0CNN RT(1535133250926 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=86400, public
date
Fri, 24 Aug 2018 17:54:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
content-length
25864
x-xss-protection
1; mode=block
expires
Sat, 25 Aug 2018 17:54:10 GMT
fireeye-2-color.png
www.fireeye.com/content/dam/fireeye-www/fw/images/
5 KB
5 KB
Image
General
Full URL
https://www.fireeye.com/content/dam/fireeye-www/fw/images/fireeye-2-color.png
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , Israel, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
a9e460758dbcc0782220f053b3c7962542e8ce5e8acfb2cf0648a601ed0591bc
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/content/dam/fireeye-www/fw/images/fireeye-2-color.png
pragma
no-cache
cookie
visid_incap_153517=bqTb70a6T7OCoPHdIwlU10JGgFsAAAAAQUIPAAAAAADHPWzsXmNs6EOq5RPtecPT; incap_ses_535_153517=qqGWWoCFiF9ffPhOabRsB0JGgFsAAAAA1Q8eNenHnrXQgtwl0udw3g==
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
www.fireeye.com
referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
:scheme
https
:method
GET
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
x-content-type-options
nosniff
last-modified
Thu, 16 Aug 2018 08:03:20 GMT
etag
"19b5-57388e0558200"
x-frame-options
SAMEORIGIN
content-type
image/png
status
200
x-iinfo
8-42040083-0 0CNN RT(1535133250926 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=900, public
date
Fri, 24 Aug 2018 17:54:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
content-length
5029
x-xss-protection
1; mode=block
expires
Fri, 24 Aug 2018 18:09:10 GMT
Fig1a.png
www.fireeye.com/content/dam/fireeye-www/blog/images/FELIXROOT/
53 KB
53 KB
Image
General
Full URL
https://www.fireeye.com/content/dam/fireeye-www/blog/images/FELIXROOT/Fig1a.png
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , Israel, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
1d43da43d38da44cd99af5ae3ef3a6619d10027b46d4ba3df4f8ee0f59951a07
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/content/dam/fireeye-www/blog/images/FELIXROOT/Fig1a.png
pragma
no-cache
cookie
visid_incap_153517=bqTb70a6T7OCoPHdIwlU10JGgFsAAAAAQUIPAAAAAADHPWzsXmNs6EOq5RPtecPT; incap_ses_535_153517=qqGWWoCFiF9ffPhOabRsB0JGgFsAAAAA1Q8eNenHnrXQgtwl0udw3g==
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
www.fireeye.com
referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
:scheme
https
:method
GET
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
x-content-type-options
nosniff
last-modified
Thu, 16 Aug 2018 08:07:06 GMT
etag
"de2a-57388edcdfe80"
x-frame-options
SAMEORIGIN
content-type
image/png
status
200
x-iinfo
8-42040084-0 0CNN RT(1535133250926 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=900, public
date
Fri, 24 Aug 2018 17:54:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
content-length
54429
x-xss-protection
1; mode=block
expires
Fri, 24 Aug 2018 18:09:10 GMT
Fig2.png
www.fireeye.com/content/dam/fireeye-www/blog/images/FELIXROOT/
131 KB
131 KB
Image
General
Full URL
https://www.fireeye.com/content/dam/fireeye-www/blog/images/FELIXROOT/Fig2.png
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , Israel, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
81ab8dfb5ecffa4d5b35f87a6e1d8ebdd5b62563ae1fc26d4c72fd176f3c394a
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/content/dam/fireeye-www/blog/images/FELIXROOT/Fig2.png
pragma
no-cache
cookie
visid_incap_153517=bqTb70a6T7OCoPHdIwlU10JGgFsAAAAAQUIPAAAAAADHPWzsXmNs6EOq5RPtecPT; incap_ses_535_153517=qqGWWoCFiF9ffPhOabRsB0JGgFsAAAAA1Q8eNenHnrXQgtwl0udw3g==
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
www.fireeye.com
referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
:scheme
https
:method
GET
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
x-content-type-options
nosniff
last-modified
Thu, 16 Aug 2018 08:14:14 GMT
etag
"24f49-573890750c180"
x-frame-options
SAMEORIGIN
content-type
image/png
status
200
x-iinfo
8-42040086-0 0CNN RT(1535133250927 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=900, public
date
Fri, 24 Aug 2018 17:54:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
content-length
134110
x-xss-protection
1; mode=block
expires
Fri, 24 Aug 2018 18:09:10 GMT
Fig3.png
www.fireeye.com/content/dam/fireeye-www/blog/images/FELIXROOT/
7 KB
7 KB
Image
General
Full URL
https://www.fireeye.com/content/dam/fireeye-www/blog/images/FELIXROOT/Fig3.png
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , Israel, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
fa5936e1d4063bf0c97f3fa0a5ea55b8a36de857c638fb8497510d2ba4396f8e
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/content/dam/fireeye-www/blog/images/FELIXROOT/Fig3.png
pragma
no-cache
cookie
visid_incap_153517=bqTb70a6T7OCoPHdIwlU10JGgFsAAAAAQUIPAAAAAADHPWzsXmNs6EOq5RPtecPT; incap_ses_535_153517=qqGWWoCFiF9ffPhOabRsB0JGgFsAAAAA1Q8eNenHnrXQgtwl0udw3g==
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
www.fireeye.com
referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
:scheme
https
:method
GET
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
x-content-type-options
nosniff
last-modified
Thu, 16 Aug 2018 08:07:06 GMT
etag
"4a2e-57388edcdfe80"
x-frame-options
SAMEORIGIN
content-type
image/png
status
200
x-iinfo
8-42040088-0 0CNN RT(1535133250928 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=900, public
date
Fri, 24 Aug 2018 17:54:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
content-length
7115
x-xss-protection
1; mode=block
expires
Fri, 24 Aug 2018 18:09:10 GMT
Fig4.png
www.fireeye.com/content/dam/fireeye-www/blog/images/FELIXROOT/
22 KB
22 KB
Image
General
Full URL
https://www.fireeye.com/content/dam/fireeye-www/blog/images/FELIXROOT/Fig4.png
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , Israel, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
b98760d7e5051e8f96a6e05873aabf360e26f9569b68f50f8444055c993748a2
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/content/dam/fireeye-www/blog/images/FELIXROOT/Fig4.png
pragma
no-cache
cookie
visid_incap_153517=bqTb70a6T7OCoPHdIwlU10JGgFsAAAAAQUIPAAAAAADHPWzsXmNs6EOq5RPtecPT; incap_ses_535_153517=qqGWWoCFiF9ffPhOabRsB0JGgFsAAAAA1Q8eNenHnrXQgtwl0udw3g==
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
www.fireeye.com
referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
:scheme
https
:method
GET
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
x-content-type-options
nosniff
last-modified
Thu, 16 Aug 2018 08:23:12 GMT
etag
"7da8-573892761fc00"
x-frame-options
SAMEORIGIN
content-type
image/png
status
200
x-iinfo
8-42040090-0 0CNN RT(1535133250931 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=900, public
date
Fri, 24 Aug 2018 17:54:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
content-length
22770
x-xss-protection
1; mode=block
expires
Fri, 24 Aug 2018 18:09:10 GMT
Fig5.png
www.fireeye.com/content/dam/fireeye-www/blog/images/FELIXROOT/
21 KB
22 KB
Image
General
Full URL
https://www.fireeye.com/content/dam/fireeye-www/blog/images/FELIXROOT/Fig5.png
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , Israel, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
c22c981024f4eee7d3fe84d0b54a199922ad14098e74c8fa17145397d9775d4a
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/content/dam/fireeye-www/blog/images/FELIXROOT/Fig5.png
pragma
no-cache
cookie
visid_incap_153517=bqTb70a6T7OCoPHdIwlU10JGgFsAAAAAQUIPAAAAAADHPWzsXmNs6EOq5RPtecPT; incap_ses_535_153517=qqGWWoCFiF9ffPhOabRsB0JGgFsAAAAA1Q8eNenHnrXQgtwl0udw3g==
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
www.fireeye.com
referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
:scheme
https
:method
GET
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
x-content-type-options
nosniff
last-modified
Thu, 16 Aug 2018 08:14:14 GMT
etag
"852b-573890750c180"
x-frame-options
SAMEORIGIN
content-type
image/png
status
200
x-iinfo
8-42040092-0 0CNN RT(1535133250932 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=900, public
date
Fri, 24 Aug 2018 17:54:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
content-length
21932
x-xss-protection
1; mode=block
expires
Fri, 24 Aug 2018 18:09:10 GMT
Fig6.png
www.fireeye.com/content/dam/fireeye-www/blog/images/FELIXROOT/
11 KB
11 KB
Image
General
Full URL
https://www.fireeye.com/content/dam/fireeye-www/blog/images/FELIXROOT/Fig6.png
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , Israel, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
3627daa1cd7b219aeeb56450d73bbf7fe0bbe363ab8c3a28879dd687b4af20b4
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/content/dam/fireeye-www/blog/images/FELIXROOT/Fig6.png
pragma
no-cache
cookie
visid_incap_153517=bqTb70a6T7OCoPHdIwlU10JGgFsAAAAAQUIPAAAAAADHPWzsXmNs6EOq5RPtecPT; incap_ses_535_153517=qqGWWoCFiF9ffPhOabRsB0JGgFsAAAAA1Q8eNenHnrXQgtwl0udw3g==
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
www.fireeye.com
referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
:scheme
https
:method
GET
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
x-content-type-options
nosniff
last-modified
Thu, 16 Aug 2018 08:07:06 GMT
etag
"7b76-57388edcdfe80"
x-frame-options
SAMEORIGIN
content-type
image/png
status
200
x-iinfo
8-42040094-0 0CNN RT(1535133250932 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=900, public
date
Fri, 24 Aug 2018 17:54:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
content-length
10767
x-xss-protection
1; mode=block
expires
Fri, 24 Aug 2018 18:09:10 GMT
Fig7.png
www.fireeye.com/content/dam/fireeye-www/blog/images/FELIXROOT/
13 KB
13 KB
Image
General
Full URL
https://www.fireeye.com/content/dam/fireeye-www/blog/images/FELIXROOT/Fig7.png
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , Israel, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
3b5aa428cefbf6e005cdfd186f0fb3422a8810e9ef21af9f37a97ec2ee70da54
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/content/dam/fireeye-www/blog/images/FELIXROOT/Fig7.png
pragma
no-cache
cookie
visid_incap_153517=bqTb70a6T7OCoPHdIwlU10JGgFsAAAAAQUIPAAAAAADHPWzsXmNs6EOq5RPtecPT; incap_ses_535_153517=qqGWWoCFiF9ffPhOabRsB0JGgFsAAAAA1Q8eNenHnrXQgtwl0udw3g==
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
www.fireeye.com
referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
:scheme
https
:method
GET
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
x-content-type-options
nosniff
last-modified
Thu, 16 Aug 2018 08:24:33 GMT
etag
"9711-573892c35f240"
x-frame-options
SAMEORIGIN
content-type
image/png
status
200
x-iinfo
8-42040096-0 0CNN RT(1535133250933 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=900, public
date
Fri, 24 Aug 2018 17:54:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
content-length
13463
x-xss-protection
1; mode=block
expires
Fri, 24 Aug 2018 18:09:10 GMT
Fig8.png
www.fireeye.com/content/dam/fireeye-www/blog/images/FELIXROOT/
6 KB
6 KB
Image
General
Full URL
https://www.fireeye.com/content/dam/fireeye-www/blog/images/FELIXROOT/Fig8.png
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , Israel, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
395f1bb5a6f5f9ca91043b0d1f3520e7ca6a540d16baf1ca32eb98e270f0dabb
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/content/dam/fireeye-www/blog/images/FELIXROOT/Fig8.png
pragma
no-cache
cookie
visid_incap_153517=bqTb70a6T7OCoPHdIwlU10JGgFsAAAAAQUIPAAAAAADHPWzsXmNs6EOq5RPtecPT; incap_ses_535_153517=qqGWWoCFiF9ffPhOabRsB0JGgFsAAAAA1Q8eNenHnrXQgtwl0udw3g==
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
www.fireeye.com
referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
:scheme
https
:method
GET
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
x-content-type-options
nosniff
last-modified
Thu, 16 Aug 2018 08:24:34 GMT
etag
"25ef-573892c453480"
x-frame-options
SAMEORIGIN
content-type
image/png
status
200
x-iinfo
8-42040099-0 0CNN RT(1535133250933 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=900, public
date
Fri, 24 Aug 2018 17:54:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
content-length
5876
x-xss-protection
1; mode=block
expires
Fri, 24 Aug 2018 18:09:10 GMT
Fig9.png
www.fireeye.com/content/dam/fireeye-www/blog/images/FELIXROOT/
78 KB
78 KB
Image
General
Full URL
https://www.fireeye.com/content/dam/fireeye-www/blog/images/FELIXROOT/Fig9.png
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , Israel, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
3e27833ceccc8ba3f9aeb85e887d1c2f1f8bc08358cf3c9e4fb170efa843f3e7
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/content/dam/fireeye-www/blog/images/FELIXROOT/Fig9.png
pragma
no-cache
cookie
visid_incap_153517=bqTb70a6T7OCoPHdIwlU10JGgFsAAAAAQUIPAAAAAADHPWzsXmNs6EOq5RPtecPT; incap_ses_535_153517=qqGWWoCFiF9ffPhOabRsB0JGgFsAAAAA1Q8eNenHnrXQgtwl0udw3g==
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
www.fireeye.com
referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
:scheme
https
:method
GET
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
x-content-type-options
nosniff
last-modified
Thu, 16 Aug 2018 08:07:06 GMT
etag
"1ba34-57388edcdfe80"
x-frame-options
SAMEORIGIN
content-type
image/png
status
200
x-iinfo
8-42040102-0 0CNN RT(1535133250934 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=900, public
date
Fri, 24 Aug 2018 17:54:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
content-length
79874
x-xss-protection
1; mode=block
expires
Fri, 24 Aug 2018 18:09:10 GMT
Fig10.png
www.fireeye.com/content/dam/fireeye-www/blog/images/FELIXROOT/
191 KB
191 KB
Image
General
Full URL
https://www.fireeye.com/content/dam/fireeye-www/blog/images/FELIXROOT/Fig10.png
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , Israel, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
24fcd0a4c287c27588057b26feb88936f6a9f65706d687cd368e78804bc70a7a
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/content/dam/fireeye-www/blog/images/FELIXROOT/Fig10.png
pragma
no-cache
cookie
visid_incap_153517=bqTb70a6T7OCoPHdIwlU10JGgFsAAAAAQUIPAAAAAADHPWzsXmNs6EOq5RPtecPT; incap_ses_535_153517=qqGWWoCFiF9ffPhOabRsB0JGgFsAAAAA1Q8eNenHnrXQgtwl0udw3g==
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
www.fireeye.com
referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
:scheme
https
:method
GET
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
x-content-type-options
nosniff
last-modified
Thu, 16 Aug 2018 08:07:06 GMT
etag
"44463-57388edcdfe80"
x-frame-options
SAMEORIGIN
content-type
image/png
status
200
x-iinfo
8-42040104-0 0CNN RT(1535133250934 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=900, public
date
Fri, 24 Aug 2018 17:54:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
content-length
195105
x-xss-protection
1; mode=block
expires
Fri, 24 Aug 2018 18:09:10 GMT
Fig11.png
www.fireeye.com/content/dam/fireeye-www/blog/images/FELIXROOT/
19 KB
19 KB
Image
General
Full URL
https://www.fireeye.com/content/dam/fireeye-www/blog/images/FELIXROOT/Fig11.png
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , Israel, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
7ed6ac2c5472d79591246ec8c4d39d2cdbe387f8a7c481b05e5a5c95d53d1dd6
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/content/dam/fireeye-www/blog/images/FELIXROOT/Fig11.png
pragma
no-cache
cookie
visid_incap_153517=bqTb70a6T7OCoPHdIwlU10JGgFsAAAAAQUIPAAAAAADHPWzsXmNs6EOq5RPtecPT; incap_ses_535_153517=qqGWWoCFiF9ffPhOabRsB0JGgFsAAAAA1Q8eNenHnrXQgtwl0udw3g==
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
www.fireeye.com
referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
:scheme
https
:method
GET
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
x-content-type-options
nosniff
last-modified
Thu, 16 Aug 2018 08:07:06 GMT
etag
"c858-57388edcdfe80"
x-frame-options
SAMEORIGIN
content-type
image/png
status
200
x-iinfo
8-42040106-0 0CNN RT(1535133250935 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=900, public
date
Fri, 24 Aug 2018 17:54:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
content-length
19321
x-xss-protection
1; mode=block
expires
Fri, 24 Aug 2018 18:09:10 GMT
Fig12.png
www.fireeye.com/content/dam/fireeye-www/blog/images/FELIXROOT/
244 KB
244 KB
Image
General
Full URL
https://www.fireeye.com/content/dam/fireeye-www/blog/images/FELIXROOT/Fig12.png
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , Israel, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
369ab28880fd9a6db78f62108a7edaa49a729f16b73a5e9073b102c755448ef6
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/content/dam/fireeye-www/blog/images/FELIXROOT/Fig12.png
pragma
no-cache
cookie
visid_incap_153517=bqTb70a6T7OCoPHdIwlU10JGgFsAAAAAQUIPAAAAAADHPWzsXmNs6EOq5RPtecPT; incap_ses_535_153517=qqGWWoCFiF9ffPhOabRsB0JGgFsAAAAA1Q8eNenHnrXQgtwl0udw3g==
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
www.fireeye.com
referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
:scheme
https
:method
GET
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
x-content-type-options
nosniff
last-modified
Thu, 16 Aug 2018 08:07:06 GMT
etag
"582af-57388edcdfe80"
x-frame-options
SAMEORIGIN
content-type
image/png
status
200
x-iinfo
8-42040108-0 0CNN RT(1535133250936 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=900, public
date
Fri, 24 Aug 2018 17:54:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
content-length
249610
x-xss-protection
1; mode=block
expires
Fri, 24 Aug 2018 18:09:10 GMT
Fig13.png
www.fireeye.com/content/dam/fireeye-www/blog/images/FELIXROOT/
256 KB
257 KB
Image
General
Full URL
https://www.fireeye.com/content/dam/fireeye-www/blog/images/FELIXROOT/Fig13.png
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , Israel, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
30c33ccc7f53be5fdfcc773605a1812855e023ba0ba30acc6a129123788b78dc
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/content/dam/fireeye-www/blog/images/FELIXROOT/Fig13.png
pragma
no-cache
cookie
visid_incap_153517=bqTb70a6T7OCoPHdIwlU10JGgFsAAAAAQUIPAAAAAADHPWzsXmNs6EOq5RPtecPT; incap_ses_535_153517=qqGWWoCFiF9ffPhOabRsB0JGgFsAAAAA1Q8eNenHnrXQgtwl0udw3g==
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
www.fireeye.com
referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
:scheme
https
:method
GET
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
x-content-type-options
nosniff
last-modified
Thu, 16 Aug 2018 08:07:06 GMT
etag
"5c78c-57388edcdfe80"
x-frame-options
SAMEORIGIN
content-type
image/png
status
200
x-iinfo
8-42040110-0 0CNN RT(1535133250938 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=900, public
date
Fri, 24 Aug 2018 17:54:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
content-length
262515
x-xss-protection
1; mode=block
expires
Fri, 24 Aug 2018 18:09:10 GMT
Fig14.png
www.fireeye.com/content/dam/fireeye-www/blog/images/FELIXROOT/
6 KB
6 KB
Image
General
Full URL
https://www.fireeye.com/content/dam/fireeye-www/blog/images/FELIXROOT/Fig14.png
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , Israel, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
5e0beae4c0b13239ff1eac7a07bce99525350d08fcef21eb5ae893a4dd046d7f
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/content/dam/fireeye-www/blog/images/FELIXROOT/Fig14.png
pragma
no-cache
cookie
visid_incap_153517=bqTb70a6T7OCoPHdIwlU10JGgFsAAAAAQUIPAAAAAADHPWzsXmNs6EOq5RPtecPT; incap_ses_535_153517=qqGWWoCFiF9ffPhOabRsB0JGgFsAAAAA1Q8eNenHnrXQgtwl0udw3g==
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
www.fireeye.com
referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
:scheme
https
:method
GET
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
x-content-type-options
nosniff
last-modified
Thu, 16 Aug 2018 08:22:01 GMT
etag
"4d46-5738923269c40"
x-frame-options
SAMEORIGIN
content-type
image/png
status
200
x-iinfo
8-42040112-0 0CNN RT(1535133250939 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=900, public
date
Fri, 24 Aug 2018 17:54:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
content-length
5799
x-xss-protection
1; mode=block
expires
Fri, 24 Aug 2018 18:09:10 GMT
Fig15.png
www.fireeye.com/content/dam/fireeye-www/blog/images/FELIXROOT/
28 KB
28 KB
Image
General
Full URL
https://www.fireeye.com/content/dam/fireeye-www/blog/images/FELIXROOT/Fig15.png
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , Israel, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
6a5693863292de1aabc2597093412dc77fae1e5429488ce7284ec62b242ed65e
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/content/dam/fireeye-www/blog/images/FELIXROOT/Fig15.png
pragma
no-cache
cookie
visid_incap_153517=bqTb70a6T7OCoPHdIwlU10JGgFsAAAAAQUIPAAAAAADHPWzsXmNs6EOq5RPtecPT; incap_ses_535_153517=qqGWWoCFiF9ffPhOabRsB0JGgFsAAAAA1Q8eNenHnrXQgtwl0udw3g==
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
www.fireeye.com
referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
:scheme
https
:method
GET
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
x-content-type-options
nosniff
last-modified
Thu, 16 Aug 2018 08:14:14 GMT
etag
"a6a8-573890750c180"
x-frame-options
SAMEORIGIN
content-type
image/png
status
200
x-iinfo
8-42040116-0 0CNN RT(1535133250940 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=900, public
date
Fri, 24 Aug 2018 17:54:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
content-length
28411
x-xss-protection
1; mode=block
expires
Fri, 24 Aug 2018 18:09:10 GMT
Fig16.png
www.fireeye.com/content/dam/fireeye-www/blog/images/FELIXROOT/
107 KB
107 KB
Image
General
Full URL
https://www.fireeye.com/content/dam/fireeye-www/blog/images/FELIXROOT/Fig16.png
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , Israel, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
18ad069a01e5d14399007134cd081cec588abf25b9f87382b1f153e274b2c0ef
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/content/dam/fireeye-www/blog/images/FELIXROOT/Fig16.png
pragma
no-cache
cookie
visid_incap_153517=bqTb70a6T7OCoPHdIwlU10JGgFsAAAAAQUIPAAAAAADHPWzsXmNs6EOq5RPtecPT; incap_ses_535_153517=qqGWWoCFiF9ffPhOabRsB0JGgFsAAAAA1Q8eNenHnrXQgtwl0udw3g==
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
www.fireeye.com
referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
:scheme
https
:method
GET
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
x-content-type-options
nosniff
last-modified
Thu, 16 Aug 2018 08:23:13 GMT
etag
"2fa6a-5738927713e40"
x-frame-options
SAMEORIGIN
content-type
image/png
status
200
x-iinfo
8-42040118-0 0CNN RT(1535133250941 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=900, public
date
Fri, 24 Aug 2018 17:54:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
content-length
109645
x-xss-protection
1; mode=block
expires
Fri, 24 Aug 2018 18:09:10 GMT
fe-cds-2018-blog.png
www.fireeye.com/content/dam/fireeye-www/blog/images/
176 KB
176 KB
Image
General
Full URL
https://www.fireeye.com/content/dam/fireeye-www/blog/images/fe-cds-2018-blog.png
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , Israel, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
342bd815927cfd9b3498a1998e8ac768d76c13ee7fb13f2c05a3dd7f7ef7cc3a
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/content/dam/fireeye-www/blog/images/fe-cds-2018-blog.png
pragma
no-cache
cookie
visid_incap_153517=bqTb70a6T7OCoPHdIwlU10JGgFsAAAAAQUIPAAAAAADHPWzsXmNs6EOq5RPtecPT; incap_ses_535_153517=qqGWWoCFiF9ffPhOabRsB0JGgFsAAAAA1Q8eNenHnrXQgtwl0udw3g==
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
www.fireeye.com
referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
:scheme
https
:method
GET
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
x-content-type-options
nosniff
last-modified
Tue, 21 Aug 2018 21:51:15 GMT
etag
"2c06e-573f9066c3c30"
x-frame-options
SAMEORIGIN
content-type
image/png
status
200
x-iinfo
8-42040121-0 0CNN RT(1535133250942 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=900, public
date
Fri, 24 Aug 2018 17:54:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
content-length
180334
x-xss-protection
1; mode=block
expires
Fri, 24 Aug 2018 18:09:10 GMT
forms2.min.js
www2.fireeye.com/js/forms2/js/
169 KB
57 KB
Script
General
Full URL
https://www2.fireeye.com/js/forms2/js/forms2.min.js
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.74.206 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
fbf63674053e3b35a34473fc7568df63730cb5e71f7e81aa8432e75374c758a3
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

:path
/js/forms2/js/forms2.min.js
pragma
no-cache
cookie
visid_incap_153517=bqTb70a6T7OCoPHdIwlU10JGgFsAAAAAQUIPAAAAAADHPWzsXmNs6EOq5RPtecPT; incap_ses_535_153517=qqGWWoCFiF9ffPhOabRsB0JGgFsAAAAA1Q8eNenHnrXQgtwl0udw3g==
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
www2.fireeye.com
referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
:scheme
https
:method
GET
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 24 Aug 2018 17:54:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
last-modified
Mon, 18 Jun 2018 17:51:59 GMT
server
cloudflare
etag
"320cc8-2a214-56eee38df8dc0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
public, max-age=14400
set-cookie
__cfduid=d1ba3796dbd72b6cab4fc508bf7a6ffef1535133251; expires=Sat, 24-Aug-19 17:54:11 GMT; path=/; domain=.www2.fireeye.com; HttpOnly
cf-ray
44f7aec818c864d5-FRA
expires
Fri, 24 Aug 2018 21:54:11 GMT
rss.png
www.fireeye.com/content/dam/legacy/images/blog/
1 KB
1 KB
Image
General
Full URL
https://www.fireeye.com/content/dam/legacy/images/blog/rss.png
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , Israel, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
0914d1fb1c58b2a0f48800b98fa271603e0b01dfdae72c53d622f0ea754c84ea
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/content/dam/legacy/images/blog/rss.png
pragma
no-cache
cookie
visid_incap_153517=bqTb70a6T7OCoPHdIwlU10JGgFsAAAAAQUIPAAAAAADHPWzsXmNs6EOq5RPtecPT; incap_ses_535_153517=qqGWWoCFiF9ffPhOabRsB0JGgFsAAAAA1Q8eNenHnrXQgtwl0udw3g==
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
www.fireeye.com
referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
:scheme
https
:method
GET
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
x-content-type-options
nosniff
last-modified
Thu, 16 Aug 2018 08:03:59 GMT
etag
"427-57388e2a899c0"
x-frame-options
SAMEORIGIN
content-type
image/png
status
200
x-iinfo
8-42040124-0 0CNN RT(1535133250942 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=900, public
date
Fri, 24 Aug 2018 17:54:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
content-length
1063
x-xss-protection
1; mode=block
expires
Fri, 24 Aug 2018 18:09:10 GMT
clientlibs_fw.min.js
www.fireeye.com/etc/designs/fireeye-www/
153 KB
46 KB
Script
General
Full URL
https://www.fireeye.com/etc/designs/fireeye-www/clientlibs_fw.min.js
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , Israel, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
2d3cc3817bb723114711b1c8fbe55a1c52d6dc2b858e1e3aec427845fae4181a
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/etc/designs/fireeye-www/clientlibs_fw.min.js
pragma
no-cache
cookie
visid_incap_153517=bqTb70a6T7OCoPHdIwlU10JGgFsAAAAAQUIPAAAAAADHPWzsXmNs6EOq5RPtecPT; incap_ses_535_153517=qqGWWoCFiF9ffPhOabRsB0JGgFsAAAAA1Q8eNenHnrXQgtwl0udw3g==
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
www.fireeye.com
referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
:scheme
https
:method
GET
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 16 Aug 2018 08:07:08 GMT
etag
"27206-57388edec8300-gzip"
x-frame-options
SAMEORIGIN
content-type
application/javascript
status
200
x-iinfo
8-42040115-0 0CNN RT(1535133250939 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=86400, public
date
Fri, 24 Aug 2018 17:54:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
content-length
46739
x-xss-protection
1; mode=block
expires
Sat, 25 Aug 2018 17:54:10 GMT
me
js.maxmind.com/geoip/v2.1/country/
93 B
410 B
XHR
General
Full URL
https://js.maxmind.com/geoip/v2.1/country/me?referrer=https%3A%2F%2Fwww.fireeye.com
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/etc/designs/fireeye-www/clientlibs_nav.min.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2400:cb00:2048:1::6810:262f , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
2c8f585f6eb6a9e8760ab07a76ea5e5c4d0b55631ed86d393e345594242e939e

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Origin
https://www.fireeye.com

Response headers

date
Fri, 24 Aug 2018 17:54:11 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
status
402
content-type
application/vnd.maxmind.com-error+json; charset=UTF-8; version=2.1
access-control-allow-origin
*
cf-ray
44f7aec72c072738-FRA
content-length
93
satelliteLib-018e5c8fee015d61f6e2636ab102f2624be19551.js
assets.adobedtm.com/1790e736b614e0afecbbbf9be7069b90b875fdd6/
110 KB
34 KB
Script
General
Full URL
https://assets.adobedtm.com/1790e736b614e0afecbbbf9be7069b90b875fdd6/satelliteLib-018e5c8fee015d61f6e2636ab102f2624be19551.js
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/etc/designs/fireeye-www/clientlibs_analytics.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.23 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
a20e7e269dcfd108ca39cc2bab41e0d7620b039b623b19ed4d7c3c22186b6cd0

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Fri, 24 Aug 2018 17:54:12 GMT
Content-Encoding
gzip
Last-Modified
Fri, 13 Apr 2018 07:00:13 GMT
Server
Apache
ETag
"33604faa188b69651b1d4d6850a4b590:1523602813"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=3600
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*, *, *
Content-Length
34089
Expires
Fri, 24 Aug 2018 18:54:12 GMT
id
dpm.demdex.net/
219 B
965 B
XHR
General
Full URL
https://dpm.demdex.net/id?d_visid_ver=1.6.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=12390CDB53E9CC840A490D4E%40AdobeOrg&d_nsid=0&ts=1535133252119
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/1790e736b614e0afecbbbf9be7069b90b875fdd6/satelliteLib-018e5c8fee015d61f6e2636ab102f2624be19551.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.51.131.19 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-51-131-19.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
f8546a45f06f0624a1b42786b6d5cbe3b4eaafdeb805f8b361dea53f03b20591

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Origin
https://www.fireeye.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

DCS
irl1-prod-dcs-03c9cc29f.edge-irl1.demdex.com 5.36.2.20180809152735 3ms
Pragma
no-cache
X-TID
6A9T9JRwROg=
Vary
Origin, Accept-Encoding, User-Agent
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://www.fireeye.com
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json;charset=utf-8
Content-Length
219
Expires
Thu, 01 Jan 1970 00:00:00 GMT
mbox-contents-b8c0af0f30e70fb0504427e46d7b77a937a9d4a7.js
assets.adobedtm.com/1790e736b614e0afecbbbf9be7069b90b875fdd6/
40 KB
12 KB
Script
General
Full URL
https://assets.adobedtm.com/1790e736b614e0afecbbbf9be7069b90b875fdd6/mbox-contents-b8c0af0f30e70fb0504427e46d7b77a937a9d4a7.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/1790e736b614e0afecbbbf9be7069b90b875fdd6/satelliteLib-018e5c8fee015d61f6e2636ab102f2624be19551.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.23 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
69070c1ea5fb699759e671e04096910961b0b075dd7269d141f705f0d79d6202

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Fri, 24 Aug 2018 17:54:12 GMT
Content-Encoding
gzip
Last-Modified
Fri, 13 Apr 2018 07:00:13 GMT
Server
Apache
ETag
"ddc4d7f59520cd7fb2e3fb9c9bfbb36a:1523602813"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=3600
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*, *, *, *, *, *, *
Content-Length
11896
Expires
Fri, 24 Aug 2018 18:54:12 GMT
target.js
cdn.tt.omtrdc.net/cdn/
43 KB
14 KB
Script
General
Full URL
https://cdn.tt.omtrdc.net/cdn/target.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/1790e736b614e0afecbbbf9be7069b90b875fdd6/mbox-contents-b8c0af0f30e70fb0504427e46d7b77a937a9d4a7.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.240.216 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-240-216.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
52a51ec8c008b080e8417ddb122ac4a5e58a547b5eaf0a6a40fd6865ec66fc0c

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Fri, 24 Aug 2018 17:54:12 GMT
Content-Encoding
gzip
Last-Modified
Thu, 26 Jul 2018 03:53:50 GMT
Server
Apache
ETag
"1fcee-aa3e-571def16db5f6"
Vary
Accept-Encoding
Content-Type
text/javascript; charset=utf-8
Cache-Control
must-revalidate, max-age=3600
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
14200
utag.js
tags.tiqcdn.com/utag/fireeye/main/prod/
27 KB
9 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/fireeye/main/prod/utag.js
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.215.136 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-215-136.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
6f7260d870f1d1a75db8699e7b2eaf1aa44c0d684923054743aeee5acab76098

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 24 Aug 2018 17:54:12 GMT
content-encoding
gzip
last-modified
Thu, 09 Aug 2018 21:31:13 GMT
server
Apache
etag
"6d759b68fd022e8c962c0d847b600fcb:1533850273"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=300
accept-ranges
bytes
content-length
9120
expires
Fri, 24 Aug 2018 17:59:12 GMT
hpb-bg-testimonial-blue.jpg
www.fireeye.com/content/dam/fireeye-www/brand/homepage-banner-images/
35 KB
35 KB
Image
General
Full URL
https://www.fireeye.com/content/dam/fireeye-www/brand/homepage-banner-images/hpb-bg-testimonial-blue.jpg
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , Israel, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
017bf8b7865aa3589f54e881370a1bcf1d4251ffead66504e0f15fdfad7ffceb
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/content/dam/fireeye-www/brand/homepage-banner-images/hpb-bg-testimonial-blue.jpg
pragma
no-cache
cookie
visid_incap_153517=bqTb70a6T7OCoPHdIwlU10JGgFsAAAAAQUIPAAAAAADHPWzsXmNs6EOq5RPtecPT; incap_ses_535_153517=qqGWWoCFiF9ffPhOabRsB0JGgFsAAAAA1Q8eNenHnrXQgtwl0udw3g==; AMCV_12390CDB53E9CC840A490D4E%40AdobeOrg=817868104%7CMCIDTS%7C17768; mbox=check#true#1535133313|session#c55cb80b5cb44fb6b9bbad399a6986b6#1535135113
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
www.fireeye.com
referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
:scheme
https
:method
GET
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
x-content-type-options
nosniff
last-modified
Thu, 16 Aug 2018 08:04:00 GMT
etag
"8f7e-57388e2b7dc00"
x-frame-options
SAMEORIGIN
content-type
image/jpeg
status
200
x-iinfo
8-42040185-0 0CNN RT(1535133251486 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=900, public
date
Fri, 24 Aug 2018 17:54:11 GMT
strict-transport-security
max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
content-length
35769
x-xss-protection
1; mode=block
expires
Fri, 24 Aug 2018 18:09:11 GMT
truncated
/
13 KB
0
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
47ab2c68d4d2a483c9acca1adfa39a747e60d90ebc2d4a20e286f4395f5b155d

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Origin
https://www.fireeye.com

Response headers

Access-Control-Allow-Origin
*
Content-Type
application/x-font-woff2
truncated
/
13 KB
0
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0d1e4ec6235dcfe83b8acd4b53c23c0219f907814d53e3f7802bee9a6a30d6d7

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Origin
https://www.fireeye.com

Response headers

Access-Control-Allow-Origin
*
Content-Type
application/x-font-woff2
truncated
/
13 KB
0
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9c4592519a4cfc8940c9f97d6e2474547e5727f21672bc4f6207f96bb9d43211

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Origin
https://www.fireeye.com

Response headers

Access-Control-Allow-Origin
*
Content-Type
application/x-font-woff2
fireicons.woff
www.fireeye.com/content/dam/fireeye-www/fw/f/
70 KB
35 KB
Font
General
Full URL
https://www.fireeye.com/content/dam/fireeye-www/fw/f/fireicons.woff?mva1rj
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , Israel, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
131a708362e03033c4d288cb86215931c3eb004172dc2d8f5c630fe5fac898da
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/content/dam/fireeye-www/fw/f/fireicons.woff?mva1rj
pragma
no-cache
cookie
visid_incap_153517=bqTb70a6T7OCoPHdIwlU10JGgFsAAAAAQUIPAAAAAADHPWzsXmNs6EOq5RPtecPT; incap_ses_535_153517=qqGWWoCFiF9ffPhOabRsB0JGgFsAAAAA1Q8eNenHnrXQgtwl0udw3g==; AMCV_12390CDB53E9CC840A490D4E%40AdobeOrg=817868104%7CMCIDTS%7C17768; mbox=check#true#1535133313|session#c55cb80b5cb44fb6b9bbad399a6986b6#1535135113
origin
https://www.fireeye.com
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
www.fireeye.com
referer
https://www.fireeye.com/etc/designs/fireeye-www/clientlibs_fw.min.css
:scheme
https
:method
GET
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.fireeye.com/etc/designs/fireeye-www/clientlibs_fw.min.css
Origin
https://www.fireeye.com

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
content-encoding
gzip
x-content-type-options
nosniff
etag
"c382f3f5"
x-frame-options
SAMEORIGIN
content-type
application/x-font-woff
status
200
x-iinfo
8-42040188-0 0CNN RT(1535133251493 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=43200, public
date
Fri, 24 Aug 2018 17:54:11 GMT
strict-transport-security
max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
content-length
36162
x-xss-protection
1; mode=block
expires
Sat, 25 Aug 2018 05:54:11 GMT
truncated
/
13 KB
0
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
752c7139c09399f8cddbab1d71aeb083524c9b8c03bd2e4b90a966f5a2bdc763

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Origin
https://www.fireeye.com

Response headers

Access-Control-Allow-Origin
*
Content-Type
application/x-font-woff2
getForm
www2.fireeye.com/index.php/form/
12 KB
3 KB
Script
General
Full URL
https://www2.fireeye.com/index.php/form/getForm?munchkinId=848-DID-242&form=3353&url=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html&callback=jQuery112404017378125481117_1535133252257&_=1535133252258
Requested by
Host: www2.fireeye.com
URL: https://www2.fireeye.com/js/forms2/js/forms2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.74.206 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e65dc322def14c639a0f2d16646c6cb09a778902a1f038f34f0d0bd8b9b12e96
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

:path
/index.php/form/getForm?munchkinId=848-DID-242&form=3353&url=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html&callback=jQuery112404017378125481117_1535133252257&_=1535133252258
pragma
no-cache
cookie
visid_incap_153517=bqTb70a6T7OCoPHdIwlU10JGgFsAAAAAQUIPAAAAAADHPWzsXmNs6EOq5RPtecPT; incap_ses_535_153517=qqGWWoCFiF9ffPhOabRsB0JGgFsAAAAA1Q8eNenHnrXQgtwl0udw3g==; __cfduid=d1ba3796dbd72b6cab4fc508bf7a6ffef1535133251; AMCV_12390CDB53E9CC840A490D4E%40AdobeOrg=817868104%7CMCIDTS%7C17768; mbox=check#true#1535133313|session#c55cb80b5cb44fb6b9bbad399a6986b6#1535135113
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
www2.fireeye.com
referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
:scheme
https
:method
GET
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 24 Aug 2018 17:54:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
application/javascript; charset=utf-8
status
200
set-cookie
BIGipServersjiweb-app_https=!X4nsv/NGSjYBw2er6jIaQ+dbpC/uGnSdssPDQQmf0+Odx2tGNql9Bj4HvCGVk3N0s77WDz+E5LdnBH4=; path=/; Httponly; Secure
cf-ray
44f7aecaabe964d5-FRA
id
fireeye.sc.omtrdc.net/
3 B
528 B
XHR
General
Full URL
https://fireeye.sc.omtrdc.net/id?d_visid_ver=1.6.0&d_fieldgroup=A&mcorgid=12390CDB53E9CC840A490D4E%40AdobeOrg&mid=70152402576349584344075138915481583704&ts=1535133252276
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/1790e736b614e0afecbbbf9be7069b90b875fdd6/satelliteLib-018e5c8fee015d61f6e2636ab102f2624be19551.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.117.29.227 Lehi, United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),
Reverse DNS
Software
Omniture DC/2.0.0 /
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Origin
https://www.fireeye.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

Date
Fri, 24 Aug 2018 17:54:12 GMT
X-Content-Type-Options
nosniff
Server
Omniture DC/2.0.0
xserver
www36
Vary
Origin
Access-Control-Allow-Methods
GET, POST, DELETE
P3P
CP="This is not a P3P policy"
Access-Control-Allow-Origin
https://www.fireeye.com
Cache-Control
no-cache, no-store, max-age=0, no-transform, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/x-javascript
Content-Length
3
X-XSS-Protection
1; mode=block
X-C
ms-6.4.0
truncated
/
4 KB
0
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
af3448cd96702455db358ac221e082df9ffb5f43bb3c69df18b9ae2fe4a552b5

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Origin
https://www.fireeye.com

Response headers

Access-Control-Allow-Origin
*
Content-Type
application/x-font-woff2
truncated
/
4 KB
0
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
41c3f798bdde59c64755a4c33767a0e71b52dd39c21f4ab89fd12634582f3bed

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Origin
https://www.fireeye.com

Response headers

Access-Control-Allow-Origin
*
Content-Type
application/x-font-woff2
truncated
/
4 KB
0
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3def2fdee0e6288ea076c7c2d0db897efec9762062cfb7a52b0d4087eeb212eb

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Origin
https://www.fireeye.com

Response headers

Access-Control-Allow-Origin
*
Content-Type
application/x-font-woff2
truncated
/
4 KB
0
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bcf5ca1256b444bb0c6f30c83a6b56833fea661c7ebaa04e66b245cf8e3c2aef

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Origin
https://www.fireeye.com

Response headers

Access-Control-Allow-Origin
*
Content-Type
application/x-font-woff2
/
servedby.flashtalking.com/container/6639;55678;5918;iframe/ Frame 0EA3
0
0
Document
General
Full URL
https://servedby.flashtalking.com/container/6639;55678;5918;iframe/?ft_referrer=https%3A//www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html&ns=&cb=817567.7974965676
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.185.216.42 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
map2.hwcdn.net
Software
prod-xre-app10.frk11 /
Resource Hash

Request headers

Host
servedby.flashtalking.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
E2FA0CCD12E24503D6A7E777C5BFB8A4
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html

Response headers

Date
Fri, 24 Aug 2018 17:54:12 GMT
Connection
close
Cache-Control
no-cache, no-store
Content-Type
text/html
Server
prod-xre-app10.frk11
Pragma
no-cache
X-HW
1535133252.dop016.fr8.t,1535133252.cds006.fr8.shn,1535133252.dop016.fr8.t,1535133252.cds133.fr8.sc,1535133252.cds133.fr8.p
addthis_widget.js
s7.addthis.com/js/300/
348 KB
112 KB
Script
General
Full URL
https://s7.addthis.com/js/300/addthis_widget.js
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
104.108.68.8 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-108-68-8.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
57620b3bf3745b0e870b6e5bc7310d98fb1f5d5f94e875782177f660e01e5d9c

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 24 Aug 2018 17:54:12 GMT
content-encoding
gzip
surrogate-key
client_dist
last-modified
Wed, 15 Aug 2018 15:14:06 GMT
etag
"5b74433e-571c4"
vary
Accept-Encoding
x-distribution
99
cache-tag
client_dist
status
200
cache-control
public, max-age=600
x-host
s7.addthis.com
accept-ranges
bytes
timing-allow-origin
*
content-type
application/javascript
_Incapsula_Resource
www.fireeye.com/
112 KB
16 KB
Script
General
Full URL
https://www.fireeye.com/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=1&cb=166362639
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , Israel, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
6e27d24679a84d9b357bb173b8d948edc46d0203ab7a9235b6eb1456b640108f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

:path
/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=1&cb=166362639
pragma
no-cache
cookie
visid_incap_153517=bqTb70a6T7OCoPHdIwlU10JGgFsAAAAAQUIPAAAAAADHPWzsXmNs6EOq5RPtecPT; incap_ses_535_153517=qqGWWoCFiF9ffPhOabRsB0JGgFsAAAAA1Q8eNenHnrXQgtwl0udw3g==; mbox=check#true#1535133313|session#c55cb80b5cb44fb6b9bbad399a6986b6#1535135113; AMCVS_12390CDB53E9CC840A490D4E%40AdobeOrg=1; AMCV_12390CDB53E9CC840A490D4E%40AdobeOrg=817868104%7CMCIDTS%7C17768%7CMCMID%7C70152402576349584344075138915481583704%7CMCAAMLH-1535738052%7C6%7CMCAAMB-1535738052%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1535140452s%7CNONE
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
www.fireeye.com
referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
:scheme
https
:method
GET
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status
200
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
cache-control
no-cache
content-length
16387
content-type
application/javascript
parsys-navigation.html
www.fireeye.com/shared/megamenus/jcr:content/
15 KB
2 KB
XHR
General
Full URL
https://www.fireeye.com/shared/megamenus/jcr:content/parsys-navigation.html
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/etc.clientlibs/clientlibs/granite/jquery.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , Israel, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
224de79a0603142f39ac08fcdc955ab03d9e64035582cab34d7a67b10d128adc
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/shared/megamenus/jcr:content/parsys-navigation.html
pragma
no-cache
cookie
visid_incap_153517=bqTb70a6T7OCoPHdIwlU10JGgFsAAAAAQUIPAAAAAADHPWzsXmNs6EOq5RPtecPT; incap_ses_535_153517=qqGWWoCFiF9ffPhOabRsB0JGgFsAAAAA1Q8eNenHnrXQgtwl0udw3g==; mbox=check#true#1535133313|session#c55cb80b5cb44fb6b9bbad399a6986b6#1535135113; AMCVS_12390CDB53E9CC840A490D4E%40AdobeOrg=1; AMCV_12390CDB53E9CC840A490D4E%40AdobeOrg=817868104%7CMCIDTS%7C17768%7CMCMID%7C70152402576349584344075138915481583704%7CMCAAMLH-1535738052%7C6%7CMCAAMB-1535738052%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1535140452s%7CNONE
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
www.fireeye.com
x-requested-with
XMLHttpRequest
:scheme
https
referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
:method
GET
Accept
*/*
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 24 Aug 2018 17:27:44 GMT
etag
"4acc-57431b1868e55-gzip"
x-frame-options
SAMEORIGIN
content-type
text/html; charset=UTF-8
status
200
x-iinfo
8-42040212-0 0CNN RT(1535133251633 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=300, public
date
Fri, 24 Aug 2018 17:54:11 GMT
strict-transport-security
max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
content-length
2317
x-xss-protection
1; mode=block
expires
Fri, 24 Aug 2018 17:59:11 GMT
segmentation.segment.js
www.fireeye.com/etc/
12 KB
1 KB
XHR
General
Full URL
https://www.fireeye.com/etc/segmentation.segment.js?_=1535133251672
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/etc.clientlibs/clientlibs/granite/jquery.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , Israel, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
794726d8c8a0537a40788be73391b64e6ba84d8b3e9d1e4a477967fe9a8fb7b3
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/etc/segmentation.segment.js?_=1535133251672
pragma
no-cache
cookie
visid_incap_153517=bqTb70a6T7OCoPHdIwlU10JGgFsAAAAAQUIPAAAAAADHPWzsXmNs6EOq5RPtecPT; incap_ses_535_153517=qqGWWoCFiF9ffPhOabRsB0JGgFsAAAAA1Q8eNenHnrXQgtwl0udw3g==; mbox=check#true#1535133313|session#c55cb80b5cb44fb6b9bbad399a6986b6#1535135113; AMCVS_12390CDB53E9CC840A490D4E%40AdobeOrg=1; AMCV_12390CDB53E9CC840A490D4E%40AdobeOrg=817868104%7CMCIDTS%7C17768%7CMCMID%7C70152402576349584344075138915481583704%7CMCAAMLH-1535738052%7C6%7CMCAAMB-1535738052%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1535140452s%7CNONE
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
cache-control
no-cache
:authority
www.fireeye.com
x-requested-with
XMLHttpRequest
:scheme
https
referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
:method
GET
Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
content-encoding
gzip
etag
"2f0b-5739dd62ebc00-gzip"
dispatcher
${DISP_NUM}
status
200
x-iinfo
8-42040214-42040123 2NNN RT(1535133251635 0) q(0 0 0 -1) r(16 16) U18
strict-transport-security
max-age=31536000; includeSubDomains
content-length
779
x-xss-protection
1; mode=block
last-modified
Fri, 17 Aug 2018 09:03:44 GMT
x-frame-options
SAMEORIGIN
date
Fri, 24 Aug 2018 17:54:12 GMT
vary
Accept-Encoding,User-Agent
content-type
application/javascript
cache-control
no-cache="set-cookie"
set-cookie
AWSELB=5F2B578318E89D8E08CFED7804764C1968F619D94F001E6A5759DB2F3814FCBBF078D9D23F5AB9798EEF5F63FC077FDEA1B6582BCB6461C8E020873CD8D7BD7510F5FABE37;PATH=/;MAX-AGE=900 nlbi_153517=9yBpBBVIHjYfAqIk9aJbDAAAAABY/SNyUAVLwYQppeiVszO9; path=/; Domain=.fireeye.com
accept-ranges
bytes
x-content-type-options
nosniff
stores.init.js
www.fireeye.com/etc/clientcontext/default/content/jcr:content/
5 KB
2 KB
XHR
General
Full URL
https://www.fireeye.com/etc/clientcontext/default/content/jcr:content/stores.init.js?path=%2Fcontent%2Ffireeye-www%2Fen_US%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor&_=1535133251673
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/etc.clientlibs/clientlibs/granite/jquery.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , Israel, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
4d0132345b2e6c83642e43779f851d7b43703705f147c3ccc186eb77b21caedf
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/etc/clientcontext/default/content/jcr:content/stores.init.js?path=%2Fcontent%2Ffireeye-www%2Fen_US%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor&_=1535133251673
pragma
no-cache
cookie
visid_incap_153517=bqTb70a6T7OCoPHdIwlU10JGgFsAAAAAQUIPAAAAAADHPWzsXmNs6EOq5RPtecPT; incap_ses_535_153517=qqGWWoCFiF9ffPhOabRsB0JGgFsAAAAA1Q8eNenHnrXQgtwl0udw3g==; mbox=check#true#1535133313|session#c55cb80b5cb44fb6b9bbad399a6986b6#1535135113; AMCVS_12390CDB53E9CC840A490D4E%40AdobeOrg=1; AMCV_12390CDB53E9CC840A490D4E%40AdobeOrg=817868104%7CMCIDTS%7C17768%7CMCMID%7C70152402576349584344075138915481583704%7CMCAAMLH-1535738052%7C6%7CMCAAMB-1535738052%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1535140452s%7CNONE
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
cache-control
no-cache
:authority
www.fireeye.com
x-requested-with
XMLHttpRequest
:scheme
https
referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
:method
GET
Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
content-encoding
gzip
x-content-type-options
nosniff nosniff
dispatcher
${DISP_NUM}
x-frame-options
SAMEORIGIN
date
Fri, 24 Aug 2018 17:54:12 GMT
vary
Accept-Encoding,User-Agent
content-type
text/javascript; charset=UTF-8
status
200
x-iinfo
8-42040215-42038535 2NNN RT(1535133251638 0) q(0 0 0 -1) r(2 2) U18
cache-control
no-cache="set-cookie"
strict-transport-security
max-age=31536000; includeSubDomains
content-length
1208
set-cookie
AWSELB=5F2B578318E89D8E08CFED7804764C1968F619D94FD17C38A41A6BD9A191299823FFB8F15FA80D0B0DCA421C304FA45FC2B8DC265F96266DC22058073F7283791BC9BFBB69;PATH=/;MAX-AGE=900 nlbi_153517=YWcNC9HbmQvG8q+h9aJbDAAAAABjgvlZX9t1Xh4lJFCM8bM+; path=/; Domain=.fireeye.com
x-xss-protection
1; mode=block
s-code-contents-9ce38d55235aac587fd33aff852adda8ed05817d.js
assets.adobedtm.com/1790e736b614e0afecbbbf9be7069b90b875fdd6/
56 KB
21 KB
Script
General
Full URL
https://assets.adobedtm.com/1790e736b614e0afecbbbf9be7069b90b875fdd6/s-code-contents-9ce38d55235aac587fd33aff852adda8ed05817d.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/1790e736b614e0afecbbbf9be7069b90b875fdd6/satelliteLib-018e5c8fee015d61f6e2636ab102f2624be19551.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.23 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
433fb5a9934811099ea8158aa37244f52e86495cd0ce8a43dbdea8e1f2073900

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Fri, 24 Aug 2018 17:54:12 GMT
Content-Encoding
gzip
Last-Modified
Fri, 13 Apr 2018 07:00:13 GMT
Server
Apache
ETag
"4ce0244428c665a384b4bb0b58b1fef1:1523602813"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=3600
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*, *, *, *
Content-Length
21199
Expires
Fri, 24 Aug 2018 18:54:12 GMT
jukebox.js
app.cdn.lookbookhq.com/production/jukebox/current/
119 KB
33 KB
Script
General
Full URL
https://app.cdn.lookbookhq.com/production/jukebox/current/jukebox.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/fireeye/main/prod/utag.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.168.135 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-222-168-135.fra54.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
8cb21d6f49f567954188672affc56e8c990312e15f67bebd7bc2db6bbcb5e71e

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 20 Aug 2018 19:59:23 GMT
content-encoding
gzip
last-modified
Mon, 20 Aug 2018 19:59:02 GMT
server
AmazonS3
age
78825
vary
Accept-Encoding
x-cache
Hit from cloudfront
x-amz-version-id
FF9zc6BFIWsWWOJsC_ugSYW3wYmHiX1f
status
200
content-type
text/javascript
x-amz-cf-id
9MBhZH0nfYoHuKJ0U9jAH7i6IRSyixYnrVjGu2xqA0e8z47XQxUDFg==
via
1.1 93c5c2940efa6748481c787e7c245f82.cloudfront.net (CloudFront)
utag.23.js
tags.tiqcdn.com/utag/fireeye/main/prod/
4 KB
2 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/fireeye/main/prod/utag.23.js?utv=ut4.45.201808081615
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/fireeye/main/prod/utag.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.215.136 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-215-136.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
15b9ee7cbc2b1aabc5b9e285a0e06689a4fa3699afb29a781b675d35f6af10b4

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 24 Aug 2018 17:54:12 GMT
content-encoding
gzip
last-modified
Wed, 08 Aug 2018 16:15:22 GMT
server
Apache
etag
"76df3ebcb54aa4fdbada84613295ceeb:1533744922"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=1296000
accept-ranges
bytes
content-length
1776
expires
Sat, 08 Sep 2018 17:54:12 GMT
ajax
fireeye.tt.omtrdc.net/m2/fireeye/mbox/
259 B
438 B
Script
General
Full URL
https://fireeye.tt.omtrdc.net/m2/fireeye/mbox/ajax?mboxHost=www.fireeye.com&mboxPage=c55cb80b5cb44fb6b9bbad399a6986b6&screenHeight=1200&screenWidth=1600&browserWidth=1600&browserHeight=1200&browserTimeOffset=0&colorDepth=24&mboxSession=c55cb80b5cb44fb6b9bbad399a6986b6&mboxCount=1&mboxTime=1535133252148&DTMisStage=%25DTMisStage%25&buildDate=%25buildDate%25&mbox=target-global-mbox&mboxId=0&mboxMCSDID=5D014D09BCF66F84-45344435A9955133&mboxMCGVID=70152402576349584344075138915481583704&mboxAAMB=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&mboxMCGLH=6&vst.trk=fireeye.d5.sc.omtrdc.net&vst.trks=fireeye.sc.omtrdc.net&mboxURL=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html&mboxReferrer=&mboxVersion=63
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/1790e736b614e0afecbbbf9be7069b90b875fdd6/mbox-contents-b8c0af0f30e70fb0504427e46d7b77a937a9d4a7.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.117.29.11 Lehi, United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),
Reverse DNS
Software
/
Resource Hash
a504d2cc281ce055778d3a9bd8f5532ace4f57b66c3c92fb117589494297cb67

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 24 Aug 2018 17:54:12 GMT
content-type
text/javascript;charset=utf-8
status
200
cache-control
no-cache
timing-allow-origin
*
content-length
259
x-application-context
edge:prod,prod-prod26,prod-prod26-app,prod26:11180
utag.46.js
tags.tiqcdn.com/utag/fireeye/main/prod/
24 KB
6 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/fireeye/main/prod/utag.46.js?utv=ut4.45.201808092131
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/fireeye/main/prod/utag.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.215.136 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-215-136.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
f5f821484c258ecf7aed8e599916c657bbf4245ae44cb5bec4dc287497bd674b

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 24 Aug 2018 17:54:12 GMT
content-encoding
gzip
last-modified
Thu, 09 Aug 2018 21:31:14 GMT
server
Apache
etag
"25e2270ccd45ce20b40d511ceaddc005:1533850274"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=1296000
accept-ranges
bytes
content-length
5919
expires
Sat, 08 Sep 2018 17:54:12 GMT
utag.12.js
tags.tiqcdn.com/utag/fireeye/main/prod/
6 KB
2 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/fireeye/main/prod/utag.12.js?utv=ut4.45.201808081615
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/fireeye/main/prod/utag.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.215.136 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-215-136.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
98e95df00ab367cf63b030e659820f5d41522379bb40bc380c777ac4d4e74f1a

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 24 Aug 2018 17:54:12 GMT
content-encoding
gzip
last-modified
Wed, 08 Aug 2018 16:15:22 GMT
server
Apache
etag
"ee87aa6d5fa5ecc70a432f00183ef4b1:1533744922"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=1296000
accept-ranges
bytes
content-length
2341
expires
Sat, 08 Sep 2018 17:54:12 GMT
utag.14.js
tags.tiqcdn.com/utag/fireeye/main/prod/
3 KB
2 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/fireeye/main/prod/utag.14.js?utv=ut4.45.201808081615
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/fireeye/main/prod/utag.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.215.136 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-215-136.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
9ceb17a3e74404c6d5c9243858774edc3ebee27e3e7104588e158555bfb63aec

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 24 Aug 2018 17:54:12 GMT
content-encoding
gzip
last-modified
Wed, 08 Aug 2018 16:15:23 GMT
server
Apache
etag
"dce561adad4e06d5dfc1bb954d240a43:1533744923"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=1296000
accept-ranges
bytes
content-length
1344
expires
Sat, 08 Sep 2018 17:54:12 GMT
utag.15.js
tags.tiqcdn.com/utag/fireeye/main/prod/
10 KB
4 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/fireeye/main/prod/utag.15.js?utv=ut4.45.201808081615
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/fireeye/main/prod/utag.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.215.136 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-215-136.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
0a6c0fbd26ef027249f41efe9febcf9ed320fe0d55f9790bb64feb93a9e0c04e

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 24 Aug 2018 17:54:12 GMT
content-encoding
gzip
last-modified
Wed, 08 Aug 2018 16:15:22 GMT
server
Apache
etag
"ec7d0b7fe27b55beea9e6374d1a66da8:1533744922"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=1296000
accept-ranges
bytes
content-length
3496
expires
Sat, 08 Sep 2018 17:54:12 GMT
utag.16.js
tags.tiqcdn.com/utag/fireeye/main/prod/
7 KB
3 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/fireeye/main/prod/utag.16.js?utv=ut4.45.201808081615
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/fireeye/main/prod/utag.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.215.136 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-215-136.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
3a3b7012374f26af694a5ab8b23b7f3fc202c36bc22a33000a7bb7187e9e6577

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 24 Aug 2018 17:54:12 GMT
content-encoding
gzip
last-modified
Wed, 08 Aug 2018 16:15:22 GMT
server
Apache
etag
"660490e3da0069dba1d0ed47dd3d6751:1533744922"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=1296000
accept-ranges
bytes
content-length
2679
expires
Sat, 08 Sep 2018 17:54:12 GMT
utag.17.js
tags.tiqcdn.com/utag/fireeye/main/prod/
3 KB
2 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/fireeye/main/prod/utag.17.js?utv=ut4.45.201808092131
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/fireeye/main/prod/utag.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.215.136 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-215-136.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e7b27976d3b20eba5a02765e242caa7a742e09c14150cf014efece591c8b3909

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 24 Aug 2018 17:54:12 GMT
content-encoding
gzip
last-modified
Wed, 08 Aug 2018 16:15:21 GMT
server
Apache
etag
"3dcdf0d0b07b979d06607ab944f92292:1533744921"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=1296000
accept-ranges
bytes
content-length
1371
expires
Sat, 08 Sep 2018 17:54:12 GMT
utag.25.js
tags.tiqcdn.com/utag/fireeye/main/prod/
3 KB
2 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/fireeye/main/prod/utag.25.js?utv=ut4.45.201808081615
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/fireeye/main/prod/utag.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.215.136 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-215-136.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
6f97ee68083451c794a83efdfd582e6ffe162297447796ccdef240197f51ea92

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 24 Aug 2018 17:54:12 GMT
content-encoding
gzip
last-modified
Wed, 08 Aug 2018 16:15:22 GMT
server
Apache
etag
"a6a2e32cbba6342fa0f984acb2fdc586:1533744922"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=1296000
accept-ranges
bytes
content-length
1647
expires
Sat, 08 Sep 2018 17:54:12 GMT
utag.26.js
tags.tiqcdn.com/utag/fireeye/main/prod/
2 KB
1 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/fireeye/main/prod/utag.26.js?utv=ut4.45.201808081615
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/fireeye/main/prod/utag.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.215.136 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-215-136.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
4d2a3a7f363ae1f7490b3e16a914e937e59a2ae422822f74d952addd986b96d9

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 24 Aug 2018 17:54:12 GMT
content-encoding
gzip
last-modified
Wed, 08 Aug 2018 16:15:21 GMT
server
Apache
etag
"408725bbd500e520fff8615d04924a7e:1533744921"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=1296000
accept-ranges
bytes
content-length
1215
expires
Sat, 08 Sep 2018 17:54:12 GMT
utag.34.js
tags.tiqcdn.com/utag/fireeye/main/prod/
2 KB
1 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/fireeye/main/prod/utag.34.js?utv=ut4.45.201808090433
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/fireeye/main/prod/utag.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.215.136 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-215-136.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
f06f385a44ba7d250bda26122e46d98a045b6790ed72210d3f2593c751afea8b

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 24 Aug 2018 17:54:12 GMT
content-encoding
gzip
last-modified
Thu, 09 Aug 2018 04:33:50 GMT
server
Apache
etag
"07c67a8b5337e4b6065efee236d1fcc0:1533789230"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=1296000
accept-ranges
bytes
content-length
1283
expires
Sat, 08 Sep 2018 17:54:12 GMT
s16865963120135
fireeye.sc.omtrdc.net/b/ss/fireeyev1prod/1/JS-1.6.2-D7QN/
43 B
591 B
Image
General
Full URL
https://fireeye.sc.omtrdc.net/b/ss/fireeyev1prod/1/JS-1.6.2-D7QN/s16865963120135?AQB=1&ndh=1&pf=1&t=24%2F7%2F2018%2017%3A54%3A12%205%200&sdid=5D014D09BCF66F84-45344435A9955133&D=D%3D&mid=70152402576349584344075138915481583704&aamlh=6&ce=UTF-8&pageName=us-en%3Ablog%3Athreat-research%3A2018%3A07%3Amicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor&g=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html&cc=USD&ch=FireEye%20Blogs&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c9=D%3Dv9&v9=FireEye%20Blogs&c10=D%3Dv10&v10=Threat%20Research&c11=US&v11=US&c20=D%3Dv27&c22=%2Fundefined%2Fundefined%2F&c23=Microsoft%20Office%20Vulnerabilities%20Used%20to%20Distribut...%0A&v27=%25Content%20Category%3A%20Level%203%25&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.117.29.227 Lehi, United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),
Reverse DNS
Software
Omniture DC/2.0.0 /
Resource Hash
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Fri, 24 Aug 2018 17:54:12 GMT
X-Content-Type-Options
nosniff
X-C
ms-6.4.0
P3P
CP="This is not a P3P policy"
Connection
keep-alive
Content-Length
43
X-XSS-Protection
1; mode=block
Pragma
no-cache
Last-Modified
Sat, 25 Aug 2018 17:54:12 GMT
Server
Omniture DC/2.0.0
xserver
www36
ETag
"3296673556258127872-5032635163960477931"
Vary
*
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, max-age=0, no-transform, private
Expires
Thu, 23 Aug 2018 17:54:12 GMT
progress-events.js
play.vidyard.com/v1/
10 KB
3 KB
Script
General
Full URL
https://play.vidyard.com/v1/progress-events.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/fireeye/main/prod/utag.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.113.181 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
07e1e26b8ad991c4bfc14c0cbebd330a52593b70618ead3cf875b9151a6ad576
Security Headers
Name Value
X-Frame-Options ALLOWALL

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 24 Aug 2018 17:54:12 GMT
content-encoding
gzip
age
7596438
accept-ranges
bytes
x-cache
HIT, HIT
status
200
x-amz-request-id
B822F6F4555F1AB8
x-amz-id-2
HJPGFqCUlOnbz+fPZFe8PP2LafvZsJgfGi9tp+sz5O06FGqzc1/J4Lkkzwg0ItDJ2c2vfezA3QY=
vy-wt
true
x-served-by
cache-iad2147-IAD, cache-hhn1549-HHN
access-control-allow-origin
*
last-modified
Fri, 25 May 2018 22:35:19 GMT
server
AmazonS3
x-timer
S1535133252.466491,VS0,VE0
x-frame-options
ALLOWALL
etag
"d6eb63133288db68fe89a0f1de21d9e6"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 varnish, 1.1 varnish
cache-control
public, max-age=15
content-length
2839
x-vidyard-renderer
GT
x-cache-hits
2, 3
_Incapsula_Resource
www.fireeye.com/
1 B
89 B
Image
General
Full URL
https://www.fireeye.com/_Incapsula_Resource?SWKMTFSR=1&e=0.881018304025716
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , Israel, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

:path
/_Incapsula_Resource?SWKMTFSR=1&e=0.881018304025716
pragma
no-cache
cookie
visid_incap_153517=bqTb70a6T7OCoPHdIwlU10JGgFsAAAAAQUIPAAAAAADHPWzsXmNs6EOq5RPtecPT; incap_ses_535_153517=qqGWWoCFiF9ffPhOabRsB0JGgFsAAAAA1Q8eNenHnrXQgtwl0udw3g==; mbox=check#true#1535133313|session#c55cb80b5cb44fb6b9bbad399a6986b6#1535135113; AMCVS_12390CDB53E9CC840A490D4E%40AdobeOrg=1; utag_main=v_id:01656d127b0c002e4e2a46e876b400078008007000b08$_sn:1$_ss:1$_st:1535135052365$ses_id:1535133252365%3Bexp-session$_pn:1%3Bexp-session; AMCV_12390CDB53E9CC840A490D4E%40AdobeOrg=817868104%7CMCIDTS%7C17768%7CMCMID%7C70152402576349584344075138915481583704%7CMCAAMLH-1535738052%7C6%7CMCAAMB-1535738052%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1535140452s%7CNONE%7CMCAID%7CNONE; tp=12504; s_ppv=us-en%253Ablog%253Athreat-research%253A2018%253A07%253Amicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor%2C10%2C10%2C1200; s_cc=true; ___utmvc=y5q0qXSOwXBcsK/gIu9tTDX1D7wZNpc5W1kAqP0CyInXvmS5eEkrhbn3S5VqdJQEc+zQ/0ksGUSBwVVv22TZlT0mVuuDZnL6xdX3oDOf2ust+k/VSRChB0FR9S5m2/I6cxJTVO3shEUYbsszcM+qr54YkmV9Yk2/PDLSPLBv7f5itdDUt7VxO+7jkHp26me9oQg1ubv8TZ8M5OrUloo1XOHG7JfrixJ+R1yHRwR4eFk7sY1temaCu2w7EEH6NaboiO/u1/3nSqAYo09m4TgD9G25vsjmEfE0DPktZk8JwuVipvPbvEFRKbJVQYnVUUZQhz7DYNp63Puz3sZzjeZvVKRDtcvPnKRUY72J5LSfPTMwCxurhaR8gsZAHCnxsoTc0bo8ccPv5wY8bqgqyKZkcGnffuF4G6rvEOVHLWz4AvQ1L3dEYMuegFPdY6dI71657jyJNYyvkQkfr+rjRG6Fps9xW1V1AShkGcfdWIYXcseWe/YHPEFLClmOBZHJs33SXqHMU6BmADssEu3Mq1N/RiAdD6OxfkqTAZGRvkTIPUCJHWwq2DL0Ff0C0gZfNV+yL2jk9aXnvRJgz6/VEN6FDRMo3Bqa7BfiATj4b0lioCAQN3BuMgSbiDSJLCqEBdbthmjI0lcsMt/hPnlYZ5wvTHZYarWqLETXOUSqBjScde+VDMDh7c+4rPsduRIGCmJseEd3CTe0ii5loItwINQ51fmLnvfkuOmt7l3j5cvXpA+49ecBFFBpw7UWNK1Ae0aYmrPDf1/9X0OYMTFPjovjYn4ozybGxVUCcr6wZUy7oEKplCmEeJycYb21IEnGgxmc3qCrfF+xf+uoLnFivMn7xIMJEMPRaaxNn3tbQ1wMa+FTE0oiFs91kLrkwS/ylgcqUvH07Cdwt+EpcpivNXD8dRZ5H10aNz4df1WgJ2xZwM2GmEhbfmtCJV100WGoF6Uq3b4aAqIvAGN5O+Syfwj01V86btKHaUtNNkkX77CwqprGgbdGjxxeyWksXU43kSe7GAVMOeP5FTCnvk2DoFTSGpW0K+6cCpaNUCCroqb7QyXzRkKQ4j00fhDB2nD73WakBJZfwuDpcpPE+afyYbS5Pw+HSrtiZL0QXvzf5zRL2bbTE5KCsqRnvsx97I/Tyindk3SqXsI8NhFPPZZMV2mAa5NPU3EZ1FXsLGRpZ2VzdD04NzIwNyxzPTliODg4OThhODFhMzg1NmE2NTg5NjM2OTk0OTlhYzZlNmNhN2E2N2U5ZGFiNzM5ZjdmNmY5MDgzYTZhMmEzN2U3OTgxOWY2ZDdlOTk2ZDc0
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
www.fireeye.com
referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
:scheme
https
:method
GET
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status
200
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
no-cache
set-cookie
___utmvc=a; Max-Age=0; path=/; expires=Sun, 19 Aug 2018 10:02:42 GMT
content-length
1
content-type
text/plain
ytc.js
s.yimg.com/wi/
15 KB
5 KB
Script
General
Full URL
https://s.yimg.com/wi/ytc.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/fireeye/main/prod/utag.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1288:80:800::7000 , United Kingdom, ASN203220 (YAHOO-DEB, DE),
Reverse DNS
Software
ATS /
Resource Hash
bd999047408eaf20ae15ab916d344330d118fa72b0703fa1784deb648d36bb7a
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 24 Aug 2018 17:54:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
0
status
200
vary
Accept-Encoding
content-length
4111
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 17 May 2018 13:01:08 GMT
server
ATS
x-frame-options
DENY
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=15552000
content-type
application/javascript
via
http/1.1 spdc0027.pbp.ir2.yahoo.com (ApacheTrafficServer), https/1.1 e1.ycpi.deb.yahoo.com (ApacheTrafficServer [cMsSf ])
public-key-pins-report-only
max-age=2592000; pin-sha256="2fRAUXyxl4A1/XHrKNBmc8bTkzA7y4FB/GLJuNAzCqY="; pin-sha256="2oALgLKofTmeZvoZ1y/fSZg7R9jPMix8eVA6DH4o/q8="; pin-sha256="Gtk3r1evlBrs0hG3fm3VoM19daHexDWP//OCmeeMr5M="; pin-sha256="I/Lt/z7ekCWanjD0Cvj5EqXls2lOaThEA0H2Bg4BT/o="; pin-sha256="JbQbUG5JMJUoI6brnx0x3vZF6jilxsapbXGVfjhN8Fg="; pin-sha256="SVqWumuteCQHvVIaALrOZXuzVVVeS7f4FGxxu6V+es4="; pin-sha256="UZJDjsNp1+4M5x9cbbdflB779y5YRBcV6Z6rBMLIrO4="; pin-sha256="Wd8xe/qfTwq3ylFNd3IpaqLHZbh2ZNCLluVzmeNkcpw="; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="cAajgxHlj7GTSEIzIYIQxmEloOSoJq7VOaxWHfv72QM="; pin-sha256="dolnbtzEBnELx/9lOEQ22e6OZO/QNb6VSSX2XHA3E7A="; pin-sha256="i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY="; pin-sha256="iduNzFNKpwYZ3se/XV+hXcbUonlLw09QPa6AYUwpu4M="; pin-sha256="lnsM2T/O9/J84sJFdnrpsFp3awZJ+ZZbYpCWhGloaHI="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="; pin-sha256="uUwZgwDOxcBXrQcntwu+kYFpkiVkOaezL0WYEZ3anJc="; includeSubdomains; report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only"
accept-ranges
bytes
munchkin.js
munchkin.marketo.net/
1 KB
2 KB
Script
General
Full URL
https://munchkin.marketo.net/munchkin.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/fireeye/main/prod/utag.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.242.254 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-242-254.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
82bbf4a0f25757d1c9b9f18672eabf510965e4873e9d989a407823eac0d99259

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Fri, 24 Aug 2018 17:54:12 GMT
Content-Encoding
gzip
Last-Modified
Tue, 12 Jun 2018 01:36:41 GMT
Server
Apache
ETag
"8a1ad47bd9401d0c4cde2aab48eeb571:1528767401"
X-Serial
1
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
X-Check-Cacheable
YES
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/x-javascript
Content-Length
752
/
b91.yahoo.co.jp/pagead/conversion/1000244663/
42 B
695 B
Image
General
Full URL
https://b91.yahoo.co.jp/pagead/conversion/1000244663/?random=1535133252478&cv=6&fst=1535133252478&num=1&fmt=3&value=0&label=ppcGCKvb3mcQ_c2swgM&bg=666666&hl=jp&guid=ON&disvt=true&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&url=https%3A//www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
182.22.67.123 Tokyo, Japan, ASN23816 (YAHOO Yahoo Japan Corporation, JP),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 24 Aug 2018 17:54:13 GMT
X-Content-Type-Options
nosniff
Timing-Allow-Origin
*
Age
0
P3P
policyref="http://privacy.yahoo.co.jp/w3c/p3p_jp.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Cache-Control
no-cache, must-revalidate, private
Connection
close
Content-Type
image/gif
Content-Length
42
X-XSS-Protection
1; mode=block
Expires
Fri, 01 Jan 1990 00:00:00 GMT
insight.min.js
snap.licdn.com/li.lms-analytics/
13 KB
4 KB
Script
General
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/fireeye/main/prod/utag.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:296::25ea , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
/
Resource Hash
0e61af2bfebca120ae344dc48386bbd2b6d24486524cf98ed55327b084bf1702

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Fri, 24 Aug 2018 17:54:12 GMT
Content-Encoding
gzip
Last-Modified
Mon, 06 Aug 2018 22:17:52 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=64739
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
4105
bat.js
bat.bing.com/
22 KB
7 KB
Script
General
Full URL
https://bat.bing.com/bat.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/fireeye/main/prod/utag.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.107.21.200 Redmond, United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
/
Resource Hash
3a9b1aaf047d7ab5119bb338a86bee9788c4e79392d4abb12408d62bec6e86fb

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 24 Aug 2018 17:54:11 GMT
content-encoding
gzip
last-modified
Thu, 26 Jul 2018 13:15:21 GMT
x-msedge-ref
Ref A: 4E47C5CDDF5D4FADB4CEA1B283A13EC6 Ref B: FRAEDGE0812 Ref C: 2018-08-24T17:54:12Z
status
200
etag
"80ba7eb4e224d41:0"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
7020
analytics.js
www.google-analytics.com/
34 KB
14 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/fireeye/main/prod/utag.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:81a::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
3fab1c883847e4b5a02f3749a9f4d9eab15cd4765873d3b2904a1a4c8755fba3
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 18 May 2018 01:10:24 GMT
server
Golfe2
age
6083
date
Fri, 24 Aug 2018 16:12:49 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
14386
expires
Fri, 24 Aug 2018 18:12:49 GMT
fbevents.js
connect.facebook.net/en_US/
43 KB
13 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/fireeye/main/prod/utag.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
2fd8f852b0cc7f021bcc7ad1ad3e868b1e9e7934790725ac42720ce42e590915
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
public
x-fb-debug
8l7V1oVyiUfhfcUmVaWHp9DnvD/xH2Ed+AmP0TX7tw5wWe9pKMlGwLXiq2cgFrNKRv88zV1yQ6sEKizv6lrBXg==
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 24 Aug 2018 17:54:12 GMT
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
status
200
cache-control
public, max-age=1200
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
strict-transport-security
max-age=31536000; preload; includeSubDomains
vary
Accept-Encoding
content-length
13550
x-xss-protection
0
expires
Sat, 01 Jan 2000 00:00:00 GMT
js
www.googletagmanager.com/gtag/
70 KB
25 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=DC-8443343
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/fireeye/main/prod/utag.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:81e::2008 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Google Tag Manager (scaffolding) /
Resource Hash
a1b97ac62d170be75ae5f6170b615ef51342406701d7d425752eae997dbb14f2
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 24 Aug 2018 17:54:12 GMT
content-encoding
gzip
server
Google Tag Manager (scaffolding)
access-control-allow-headers
Cache-Control
status
200
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
http://www.googletagmanager.com
cache-control
private, max-age=900
access-control-allow-credentials
true
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
25023
x-xss-protection
1; mode=block
expires
Fri, 24 Aug 2018 17:54:12 GMT
41dad6d0.min.js
scripts.demandbase.com/
54 KB
15 KB
Script
General
Full URL
https://scripts.demandbase.com/41dad6d0.min.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/fireeye/main/prod/utag.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.168.110 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-222-168-110.fra54.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d88befa93ef8a34b8c3d133d93ec7c61c2a0277552daaf7366991d5f3749f3f4

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 16 Aug 2018 18:21:37 GMT
content-encoding
gzip
last-modified
Thu, 16 Aug 2018 17:51:27 GMT
server
AmazonS3
age
1890
vary
Accept-Encoding
x-cache
Hit from cloudfront
x-amz-version-id
XQTuUw8u9kxvt9VEGrGIsCxfi6jTHhyW
status
200
cache-control
public, max-age=3600
content-type
application/javascript
x-amz-cf-id
FnAMfChNZowEWtKGw7aOTa10LOuRj8P1g711-DLTGR8VfswE6aItkg==
via
1.1 616f617776e843142ab5d87231cb3526.cloudfront.net (CloudFront)
utag.v.js
tags.tiqcdn.com/utag/tiqapp/
2 B
195 B
Script
General
Full URL
https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=fireeye/main/201808092131&cb=1535133252492
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/fireeye/main/prod/utag.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.215.136 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-215-136.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 24 Aug 2018 17:54:12 GMT
last-modified
Thu, 14 Apr 2016 16:57:51 GMT
server
Apache
etag
"7bc0ee636b3b83484fc3b9348863bd22:1460653071"
content-type
application/x-javascript
status
200
cache-control
max-age=600
accept-ranges
bytes
content-length
2
expires
Fri, 24 Aug 2018 18:04:12 GMT
collect
www.google-analytics.com/
35 B
99 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j68&a=335365679&t=pageview&_s=1&dl=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html&ul=en-us&de=UTF-8&dt=Microsoft%20Office%20Vulnerabilities%20Used%20to%20Distribute%20FELIXROOT%20Backdoor%20in%20Recent%20Campaign%20%C2%AB%20Microsoft%20Office%20Vulnerabilities%20Used%20to%20Distribute%20FELIXROOT%20Backdoor%20in%20Recent%20Campaign%20%7C%20FireEye%20Inc&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=YEBAAAAB~&cid=1114491127.1535133253&tid=UA-363943-1&_gid=1761862753.1535133253&cd5=blog&cd17=Form&cd18=3353&cd19=Microsoft%20Office%20Vulnerabilities%20Used%20to%20Distribute%20FELIXROOT%20Backdoor%20in%20Recent%20Campaign%20%C2%AB%20Microsoft%20Office%20Vulnerabilities%20Used%20to%20Distribute%20FELIXROOT%20Backdoor%20in%20Recent%20Campaign%20%7C%20FireEye%20Inc&cd1=FireEye%20Blogs&cd2=Threat%20Research&cd10=2018&cd22=blog&z=767980377
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:81a::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 17 Aug 2018 17:07:28 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
607604
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
1847206522249226
connect.facebook.net/signals/config/
82 KB
16 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/1847206522249226?v=2.8.25&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
e01dca01dd1f8a6924b26f9e1ccde56945207919728b05aef7689583d3e564e4
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
content-encoding
gzip
x-content-type-options
nosniff
status
200
vary
Origin, Accept-Encoding
content-length
16565
x-xss-protection
0
pragma
public
x-fb-debug
n750hxt/qOiJJNwTx2x+UGmphfnrxHxjCzqL18ZxhskRZfeVI4a3YWazLJkPxQCR0EErB3CpiC4+TCjtjzU5cA==
x-frame-options
DENY
date
Fri, 24 Aug 2018 17:54:12 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
access-control-allow-methods
OPTIONS
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://connect.facebook.net
access-control-expose-headers
X-FB-Debug, X-Loader-Length
cache-control
public, max-age=1200
access-control-allow-credentials
true
expires
Sat, 01 Jan 2000 00:00:00 GMT
munchkin.js
munchkin.marketo.net/154/
8 KB
5 KB
Script
General
Full URL
https://munchkin.marketo.net/154/munchkin.js
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.242.254 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-242-254.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
9298a280eda6b54290d3c69fda3ae7da0cec1a0169d01d4e5944af63d68939d5

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Fri, 24 Aug 2018 17:54:12 GMT
Content-Encoding
gzip
X-Check-Cacheable
YES
Server
Apache
ETag
"808fc844032f646c32adce24553838be:1526611527"
X-Serial
10776
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control
max-age=8640000
Last-Modified
Fri, 18 May 2018 02:45:27 GMT
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/x-javascript
Content-Length
3700
Expires
Sun, 02 Dec 2018 17:54:12 GMT
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.6.1/css/
28 KB
7 KB
Stylesheet
General
Full URL
https://maxcdn.bootstrapcdn.com/font-awesome/4.6.1/css/font-awesome.min.css
Requested by
Host: app.cdn.lookbookhq.com
URL: https://app.cdn.lookbookhq.com/production/jukebox/current/jukebox.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.197.3.15 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
vip0x00f.map2.ssl.hwcdn.net
Software
/
Resource Hash
b5d7707ea8fc00aae40bf500ac7498d7f32f6b1bbff7b4fde976a40345eb5f9d

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Fri, 24 Aug 2018 17:54:12 GMT
Content-Encoding
gzip
Last-Modified
Sat, 17 Feb 2018 21:46:17 GMT
Connection
Keep-Alive
ETag
"1518903977"
Vary
Accept-Encoding
X-Cache
HIT
Content-Type
text/css; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=31536000
X-Hello-Human
Say hello back! @getBootstrapCDN on Twitter
Accept-Ranges
bytes
Content-Length
6591
css
fonts.googleapis.com/
4 KB
741 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Roboto:400,700
Requested by
Host: app.cdn.lookbookhq.com
URL: https://app.cdn.lookbookhq.com/production/jukebox/current/jukebox.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:81a::200a , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
ESF /
Resource Hash
0cbeef1cf3fbe7e0874802b1cb90e875f3bdbd49e2473bf73bd0efc1f2abac1d
Security Headers
Name Value
Strict-Transport-Security max-age=3600
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=3600
content-encoding
gzip
last-modified
Fri, 24 Aug 2018 17:54:12 GMT
server
ESF
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
status
200
date
Fri, 24 Aug 2018 17:54:12 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
x-xss-protection
1; mode=block
expires
Fri, 24 Aug 2018 17:54:12 GMT
website_experience
jukebox.lookbookhq.com/api/public/v1/
0
401 B
XHR
General
Full URL
https://jukebox.lookbookhq.com/api/public/v1/website_experience?clientId=LB-9AC90F09-10427&url=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Requested by
Host: app.cdn.lookbookhq.com
URL: https://app.cdn.lookbookhq.com/production/jukebox/current/jukebox.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.164.248.58 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-54-164-248-58.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Access-Control-Request-Method
GET
Origin
https://www.fireeye.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Access-Control-Request-Headers
content-type

Response headers

date
Fri, 24 Aug 2018 17:54:12 GMT
access-control-allow-origin
https://www.fireeye.com
access-control-max-age
1728000
access-control-allow-methods
GET, PUT, POST, PATCH, OPTIONS
content-type
text/plain
status
200
access-control-expose-headers
access-control-allow-credentials
true
access-control-allow-headers
content-type
loader.json
www.fireeye.com/etc/clientcontext/default/contextstores/twitterprofiledata/
64 B
203 B
XHR
General
Full URL
https://www.fireeye.com/etc/clientcontext/default/contextstores/twitterprofiledata/loader.json?authorizableId=anonymous
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/etc.clientlibs/clientlibs/granite/jquery.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , Israel, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
5529960538c68ee9fae25260035ba2191ea3141953179b00be4efdb47595d1f2
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/etc/clientcontext/default/contextstores/twitterprofiledata/loader.json?authorizableId=anonymous
pragma
no-cache
cookie
visid_incap_153517=bqTb70a6T7OCoPHdIwlU10JGgFsAAAAAQUIPAAAAAADHPWzsXmNs6EOq5RPtecPT; incap_ses_535_153517=qqGWWoCFiF9ffPhOabRsB0JGgFsAAAAA1Q8eNenHnrXQgtwl0udw3g==; AMCVS_12390CDB53E9CC840A490D4E%40AdobeOrg=1; utag_main=v_id:01656d127b0c002e4e2a46e876b400078008007000b08$_sn:1$_ss:1$_st:1535135052365$ses_id:1535133252365%3Bexp-session$_pn:1%3Bexp-session; AMCV_12390CDB53E9CC840A490D4E%40AdobeOrg=817868104%7CMCIDTS%7C17768%7CMCMID%7C70152402576349584344075138915481583704%7CMCAAMLH-1535738052%7C6%7CMCAAMB-1535738052%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1535140452s%7CNONE%7CMCAID%7CNONE; tp=12504; s_ppv=us-en%253Ablog%253Athreat-research%253A2018%253A07%253Amicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor%2C10%2C10%2C1200; s_cc=true; mbox=check#true#1535133313|session#c55cb80b5cb44fb6b9bbad399a6986b6#1535135113|PC#c55cb80b5cb44fb6b9bbad399a6986b6.26_30#1536342853; _ga=GA1.2.1114491127.1535133253; _gid=GA1.2.1761862753.1535133253; AWSELB=5F2B578318E89D8E08CFED7804764C1968F619D94FD17C38A41A6BD9A191299823FFB8F15FA80D0B0DCA421C304FA45FC2B8DC265F96266DC22058073F7283791BC9BFBB69; nlbi_153517=YWcNC9HbmQvG8q+h9aJbDAAAAABjgvlZX9t1Xh4lJFCM8bM+
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
www.fireeye.com
x-requested-with
XMLHttpRequest
:scheme
https
referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
:method
GET
Accept
*/*
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
content-encoding
gzip
x-content-type-options
nosniff nosniff
x-frame-options
SAMEORIGIN
date
Fri, 24 Aug 2018 17:54:12 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/json; charset=UTF-8
status
200
x-iinfo
8-42040240-42040241 NNNN CT(0 0 0) RT(1535133251865 0) q(0 0 0 -1) r(2 2) U10000
dispatcher
${DISP_NUM}
vary
User-Agent
x-xss-protection
1; mode=block
loader.json
www.fireeye.com/etc/clientcontext/default/contextstores/fbprofiledata/
63 B
317 B
XHR
General
Full URL
https://www.fireeye.com/etc/clientcontext/default/contextstores/fbprofiledata/loader.json?authorizableId=anonymous
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/etc.clientlibs/clientlibs/granite/jquery.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , Israel, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
3a81ad9bc69582468671824f1bd4b9e3c3c82ce201480394e47b04a534cb7094
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/etc/clientcontext/default/contextstores/fbprofiledata/loader.json?authorizableId=anonymous
pragma
no-cache
cookie
visid_incap_153517=bqTb70a6T7OCoPHdIwlU10JGgFsAAAAAQUIPAAAAAADHPWzsXmNs6EOq5RPtecPT; incap_ses_535_153517=qqGWWoCFiF9ffPhOabRsB0JGgFsAAAAA1Q8eNenHnrXQgtwl0udw3g==; AMCVS_12390CDB53E9CC840A490D4E%40AdobeOrg=1; utag_main=v_id:01656d127b0c002e4e2a46e876b400078008007000b08$_sn:1$_ss:1$_st:1535135052365$ses_id:1535133252365%3Bexp-session$_pn:1%3Bexp-session; AMCV_12390CDB53E9CC840A490D4E%40AdobeOrg=817868104%7CMCIDTS%7C17768%7CMCMID%7C70152402576349584344075138915481583704%7CMCAAMLH-1535738052%7C6%7CMCAAMB-1535738052%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1535140452s%7CNONE%7CMCAID%7CNONE; tp=12504; s_ppv=us-en%253Ablog%253Athreat-research%253A2018%253A07%253Amicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor%2C10%2C10%2C1200; s_cc=true; mbox=check#true#1535133313|session#c55cb80b5cb44fb6b9bbad399a6986b6#1535135113|PC#c55cb80b5cb44fb6b9bbad399a6986b6.26_30#1536342853; _ga=GA1.2.1114491127.1535133253; _gid=GA1.2.1761862753.1535133253; AWSELB=5F2B578318E89D8E08CFED7804764C1968F619D94FD17C38A41A6BD9A191299823FFB8F15FA80D0B0DCA421C304FA45FC2B8DC265F96266DC22058073F7283791BC9BFBB69; nlbi_153517=YWcNC9HbmQvG8q+h9aJbDAAAAABjgvlZX9t1Xh4lJFCM8bM+
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
www.fireeye.com
x-requested-with
XMLHttpRequest
:scheme
https
referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
:method
GET
Accept
*/*
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
content-encoding
gzip
x-content-type-options
nosniff nosniff
x-frame-options
SAMEORIGIN
date
Fri, 24 Aug 2018 17:54:12 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/json; charset=UTF-8
status
200
x-iinfo
8-42040254-42040241 PNNN RT(1535133252052 0) q(0 0 0 -1) r(2 2) U10000
dispatcher
${DISP_NUM}
vary
User-Agent
x-xss-protection
1; mode=block
loader.json
www.fireeye.com/etc/clientcontext/default/contextstores/fbinterestsdata/
5 B
135 B
XHR
General
Full URL
https://www.fireeye.com/etc/clientcontext/default/contextstores/fbinterestsdata/loader.json?authorizableId=anonymous
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/etc.clientlibs/clientlibs/granite/jquery.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:e980:d::ba , Israel, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software
/
Resource Hash
7b86d506062bf09d8db4e081fbf442b773929e5c13a70f415243e12185f37767
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/etc/clientcontext/default/contextstores/fbinterestsdata/loader.json?authorizableId=anonymous
pragma
no-cache
cookie
visid_incap_153517=bqTb70a6T7OCoPHdIwlU10JGgFsAAAAAQUIPAAAAAADHPWzsXmNs6EOq5RPtecPT; incap_ses_535_153517=qqGWWoCFiF9ffPhOabRsB0JGgFsAAAAA1Q8eNenHnrXQgtwl0udw3g==; AMCVS_12390CDB53E9CC840A490D4E%40AdobeOrg=1; utag_main=v_id:01656d127b0c002e4e2a46e876b400078008007000b08$_sn:1$_ss:1$_st:1535135052365$ses_id:1535133252365%3Bexp-session$_pn:1%3Bexp-session; AMCV_12390CDB53E9CC840A490D4E%40AdobeOrg=817868104%7CMCIDTS%7C17768%7CMCMID%7C70152402576349584344075138915481583704%7CMCAAMLH-1535738052%7C6%7CMCAAMB-1535738052%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1535140452s%7CNONE%7CMCAID%7CNONE; tp=12504; s_ppv=us-en%253Ablog%253Athreat-research%253A2018%253A07%253Amicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor%2C10%2C10%2C1200; s_cc=true; mbox=check#true#1535133313|session#c55cb80b5cb44fb6b9bbad399a6986b6#1535135113|PC#c55cb80b5cb44fb6b9bbad399a6986b6.26_30#1536342853; _ga=GA1.2.1114491127.1535133253; _gid=GA1.2.1761862753.1535133253; AWSELB=5F2B578318E89D8E08CFED7804764C1968F619D94FD17C38A41A6BD9A191299823FFB8F15FA80D0B0DCA421C304FA45FC2B8DC265F96266DC22058073F7283791BC9BFBB69; nlbi_153517=YWcNC9HbmQvG8q+h9aJbDAAAAABjgvlZX9t1Xh4lJFCM8bM+
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
www.fireeye.com
x-requested-with
XMLHttpRequest
:scheme
https
referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
:method
GET
Accept
*/*
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
content-encoding
gzip
x-content-type-options
nosniff nosniff
x-frame-options
SAMEORIGIN
date
Fri, 24 Aug 2018 17:54:13 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/json; charset=UTF-8
status
200
x-iinfo
8-42040273-42040241 PNNN RT(1535133252226 0) q(0 0 0 -1) r(1 1) U10000
dispatcher
${DISP_NUM}
vary
User-Agent
x-xss-protection
1; mode=block
visitWebPage
848-did-242.mktoresp.com/webevents/
43 B
622 B
XHR
General
Full URL
https://848-did-242.mktoresp.com/webevents/visitWebPage?_mchNc=1535133253121&_mchCn=&_mchId=848-DID-242&_mchTk=_mch-fireeye.com-1535133253121-31024&_mchHo=www.fireeye.com&_mchPo=&_mchRu=%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html&_mchPc=https%3A&_mchVr=154&_mchHa=&_mchRe=&_mchQp=
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/154/munchkin.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
199.15.215.200 San Mateo, United States, ASN53580 (MARKETO - MARKETO, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
cbbd42bb1d88693e6805bd9d676840424af5ecf3e13d874fd06e6b57d53d8d40
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Origin
https://www.fireeye.com

Response headers

Pragma
no-cache
Date
Fri, 24 Aug 2018 17:54:14 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 24 Aug 2018 12:54:14 -0500
Server
Apache
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
Keep-Alive
Content-Type
image/gif
Keep-Alive
timeout=5, max=100
Content-Length
43
Expires
-1
ip.json
api.company-target.com/api/v2/
420 B
908 B
XHR
General
Full URL
https://api.company-target.com/api/v2/ip.json?referrer=&page=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html&page_title=Microsoft%20Office%20Vulnerabilities%20Used%20to%20Distribute%20FELIXROOT%20Backdoor%20in%20Recent%20Campaign%20%C2%AB%20Microsoft%20Office%20Vulnerabilities%20Used%20to%20Distribute%20FELIXROOT%20Backdoor%20in%20Recent%20Campaign%20%7C%20FireEye%20Inc&key=8d2742040a7c03554594027a7fa2daa0&src=tag
Requested by
Host: scripts.demandbase.com
URL: https://scripts.demandbase.com/41dad6d0.min.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.32.223.46 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-13-32-223-46.fra56.r.cloudfront.net
Software
nginx /
Resource Hash
e580c8dd11c99f0c0cd192eae38111da3b261a0716afacb231ee5ead5f1aac69

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Origin
https://www.fireeye.com

Response headers

date
Fri, 24 Aug 2018 17:54:13 GMT
content-encoding
gzip
access-control-allow-origin
https://www.fireeye.com
x-cache
Miss from cloudfront
status
200
access-control-max-age
1728000
request-id
40e2b297-8c72-4998-8f1d-a9d3f0bf54e8
content-length
236
pragma
no-cache
server
nginx
vary
Accept-Encoding, Origin
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
content-type
application/json;charset=utf-8
via
1.1 1136b0fc7377c6211173282a3992a814.cloudfront.net (CloudFront)
access-control-expose-headers
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
api-version
v2
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
MpJbkIZguYcEYUEAJAUCUfHmgZC8GM9gHk5vA0Ujiq1bN2fn5Wk-Jg==
expires
Thu, 23 Aug 2018 17:54:13 GMT
pixel
d.company-target.com/ul_cb/
Redirect Chain
  • https://d.company-target.com/pixel?type=js&id=15318698543518&page=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-...
  • https://d.company-target.com/ul_cb/pixel?type=js&id=15318698543518&page=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-feli...
283 B
283 B
Image
General
Full URL
https://d.company-target.com/ul_cb/pixel?type=js&id=15318698543518&page=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.190.27.37 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
37.27.190.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 24 Aug 2018 17:54:13 GMT
via
1.1 google
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
status
200
cache-control
no-cache, no-store, must-revalidate
content-type
text/javascript; charset=UTF-8
alt-svc
clear
content-length
283

Redirect headers

date
Fri, 24 Aug 2018 17:54:13 GMT
via
1.1 google
status
302
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://d.company-target.com/ul_cb/pixel?type=js&id=15318698543518&page=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
cache-control
no-cache, no-store, must-revalidate
alt-svc
clear
content-length
0
pixel
d.company-target.com/
43 B
116 B
Image
General
Full URL
https://d.company-target.com/pixel?type=js&id=15318698546646&page=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.190.27.37 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
37.27.190.35.bc.googleusercontent.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 24 Aug 2018 17:54:13 GMT
via
1.1 google
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
status
200
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
alt-svc
clear
content-length
43
log
segments.company-target.com/
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/demandbase
  • https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1
  • https://segments.company-target.com/log?vendor=choca&user_id=AARhN063AI0AACtZaXoGDg
26 B
483 B
Image
General
Full URL
https://segments.company-target.com/log?vendor=choca&user_id=AARhN063AI0AACtZaXoGDg
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.168.50 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-222-168-50.fra54.r.cloudfront.net
Software
/
Resource Hash
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Fri, 24 Aug 2018 17:54:14 GMT
Via
1.1 1d32f672764a20290d04a16248d04c57.cloudfront.net (CloudFront)
Connection
keep-alive
Content-Length
26
X-Amz-Cf-Id
qksoQGclX1qP1o6WNEmTvh-_mKfSo7vD7V8LsTMpqCGNBUcrTFSWaw==
X-Cache
Miss from cloudfront
Content-Type
image/gif

Redirect headers

location
https://segments.company-target.com/log?vendor=choca&user_id=AARhN063AI0AACtZaXoGDg
Date
Fri, 24 Aug 2018 17:54:13 GMT
Server
nginx
Connection
keep-alive
Content-Length
0
wtk
segments.company-target.com/
Redirect Chain
  • https://id.rlcdn.com/464526.gif
  • https://id.rlcdn.com/464526.gif?redirect=1
  • https://segments.company-target.com/wtk?vendor=liveramp&lrid=Xc1297UoQdxHxS9b4pjsNzwhKAy29iF32CFdqQM6tqtZNpTUQ
26 B
483 B
Image
General
Full URL
https://segments.company-target.com/wtk?vendor=liveramp&lrid=Xc1297UoQdxHxS9b4pjsNzwhKAy29iF32CFdqQM6tqtZNpTUQ
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.168.130 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-222-168-130.fra54.r.cloudfront.net
Software
/
Resource Hash
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Fri, 24 Aug 2018 17:54:14 GMT
Via
1.1 23d92aa442d5ae9ed0313643d8764687.cloudfront.net (CloudFront)
Connection
keep-alive
Content-Length
26
X-Amz-Cf-Id
GuFPFTTDSYGqi2Q3KH1PmjN5UlILYPafEL05h2VZtdROdhUHSNeuBA==
X-Cache
Miss from cloudfront
Content-Type
image/gif

Redirect headers

Location
https://segments.company-target.com/wtk?vendor=liveramp&lrid=Xc1297UoQdxHxS9b4pjsNzwhKAy29iF32CFdqQM6tqtZNpTUQ
P3P
CP: "NON DSP COR PSDo SAMo BUS IND UNI COM NAV INT POL PRE"
status
302
Cache-Control
no-cache, no-store
Connection
keep-alive
Content-Type
image/gif; charset=ISO-8859-1
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
website_experience
jukebox.lookbookhq.com/api/public/v1/
251 B
804 B
XHR
General
Full URL
https://jukebox.lookbookhq.com/api/public/v1/website_experience?clientId=LB-9AC90F09-10427&url=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.164.248.58 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-54-164-248-58.compute-1.amazonaws.com
Software
/
Resource Hash
78d980bf90414a62a5ca55b43346fb5841c5b029c9eedbc33fd26ed01be6da05
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
application/json
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Origin
https://www.fireeye.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/json

Response headers

x-runtime
0.010216
date
Fri, 24 Aug 2018 17:54:13 GMT
x-content-type-options
nosniff
status
200
etag
W/"78d980bf90414a62a5ca55b43346fb58"
access-control-max-age
1728000
access-control-allow-methods
GET, PUT, POST, PATCH, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.fireeye.com
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
vary
Origin
x-request-id
0e827944-9d65-4222-a2b1-dc54f556878b
0
bat.bing.com/action/
0
172 B
Image
General
Full URL
https://bat.bing.com/action/0?ti=5870833&Ver=2&mid=3b8485d7-50ed-3447-c6c6-18a2f873f398&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=Microsoft%20Office%20Vulnerabilities%20Used%20to%20Distribute%20FELIXROOT%20Backdoor%20in%20Recent%20Campaign%20%C2%AB%20Microsoft%20Office%20Vulnerabilities%20Used%20to%20Distribute%20FELIXROOT%20Backdoor%20in%20Recent%20Campaign%20%7C%20FireEye%20Inc&p=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html&r=&lt=761&evt=pageLoad&msclkid=N&rn=532929
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.107.21.200 Redmond, United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status
204
pragma
no-cache
date
Fri, 24 Aug 2018 17:54:12 GMT
cache-control
no-cache, must-revalidate
x-msedge-ref
Ref A: 2186217F2A4B4DCD8EAE8ADE9B6DA6EA Ref B: FRAEDGE0812 Ref C: 2018-08-24T17:54:13Z
access-control-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
sp.pl
sp.analytics.yahoo.com/
0
874 B
Script
General
Full URL
https://sp.analytics.yahoo.com/sp.pl?a=10000&jsonp=YAHOO.ywa.I13N.handleJSONResponse&d=Fri%2C%2024%20Aug%202018%2017%3A54%3A13%20GMT&n=0&b=Microsoft%20Office%20Vulnerabilities%20Used%20to%20Distribute%20FELIXROOT%20Backdoor%20in%20Recent%20Campaign%20%C2%AB%20Microsoft%20Office%20Vulnerabilities%20Used%20to%20Distribute%20FELIXROOT%20Backdoor%20in%20Recent%20Campaign%20%7C%20FireEye%20Inc&.yp=435600&f=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html&enc=UTF-8&et=custom
Requested by
Host: s.yimg.com
URL: https://s.yimg.com/wi/ytc.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
188.125.66.33 , Ireland, ASN34010 (YAHOO-IRD, GB),
Reverse DNS
spdc.pbp.vip.ir2.yahoo.com
Software
ATS /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 24 Aug 2018 17:54:13 GMT
via
http/1.1 spdc0011.pbp.ir2.yahoo.com (ApacheTrafficServer)
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
public-key-pins-report-only
max-age=2592000; pin-sha256="2fRAUXyxl4A1/XHrKNBmc8bTkzA7y4FB/GLJuNAzCqY="; pin-sha256="I/Lt/z7ekCWanjD0Cvj5EqXls2lOaThEA0H2Bg4BT/o="; pin-sha256="K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q="; pin-sha256="Wd8xe/qfTwq3ylFNd3IpaqLHZbh2ZNCLluVzmeNkcpw="; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="cGuxAXyFXFkWm61cF4HPWX8S0srS9j0aSqN0k4AP+4A="; pin-sha256="dolnbtzEBnELx/9lOEQ22e6OZO/QNb6VSSX2XHA3E7A="; pin-sha256="i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="; pin-sha256="uUwZgwDOxcBXrQcntwu+kYFpkiVkOaezL0WYEZ3anJc="; includeSubdomains; report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only"
status
204
x-xss-protection
1; mode=block
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
/
www.facebook.com/tr/
44 B
144 B
Image
General
Full URL
https://www.facebook.com/tr/?id=1847206522249226&ev=PageView&dl=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html&rl=&if=false&ts=1535133253177&sw=1600&sh=1200&v=2.8.25&r=stable&a=tmtealium&ec=0&o=30&it=1535133252520
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a03:2880:f11c:8186:face:b00c:0:50fb , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 24 Aug 2018 17:54:13 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
content-length
44
expires
Fri, 24 Aug 2018 17:54:13 GMT
forms2.css
www2.fireeye.com/js/forms2/css/
13 KB
3 KB
Stylesheet
General
Full URL
https://www2.fireeye.com/js/forms2/css/forms2.css
Requested by
Host: www2.fireeye.com
URL: https://www2.fireeye.com/js/forms2/js/forms2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.74.206 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
397d07fbfb19b6ac538d7b8bcdf5ebf7be881c9f9ad3982278d9d4f3a02c160b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

:path
/js/forms2/css/forms2.css
pragma
no-cache
cookie
visid_incap_153517=bqTb70a6T7OCoPHdIwlU10JGgFsAAAAAQUIPAAAAAADHPWzsXmNs6EOq5RPtecPT; incap_ses_535_153517=qqGWWoCFiF9ffPhOabRsB0JGgFsAAAAA1Q8eNenHnrXQgtwl0udw3g==; __cfduid=d1ba3796dbd72b6cab4fc508bf7a6ffef1535133251; AMCVS_12390CDB53E9CC840A490D4E%40AdobeOrg=1; utag_main=v_id:01656d127b0c002e4e2a46e876b400078008007000b08$_sn:1$_ss:1$_st:1535135052365$ses_id:1535133252365%3Bexp-session$_pn:1%3Bexp-session; AMCV_12390CDB53E9CC840A490D4E%40AdobeOrg=817868104%7CMCIDTS%7C17768%7CMCMID%7C70152402576349584344075138915481583704%7CMCAAMLH-1535738052%7C6%7CMCAAMB-1535738052%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1535140452s%7CNONE%7CMCAID%7CNONE; tp=12504; s_ppv=us-en%253Ablog%253Athreat-research%253A2018%253A07%253Amicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor%2C10%2C10%2C1200; s_cc=true; mbox=check#true#1535133313|session#c55cb80b5cb44fb6b9bbad399a6986b6#1535135113|PC#c55cb80b5cb44fb6b9bbad399a6986b6.26_30#1536342853; _ga=GA1.2.1114491127.1535133253; _gid=GA1.2.1761862753.1535133253; nlbi_153517=YWcNC9HbmQvG8q+h9aJbDAAAAABjgvlZX9t1Xh4lJFCM8bM+; BIGipServersjiweb-app_https=!X4nsv/NGSjYBw2er6jIaQ+dbpC/uGnSdssPDQQmf0+Odx2tGNql9Bj4HvCGVk3N0s77WDz+E5LdnBH4=; _mkto_trk=id:848-DID-242&token:_mch-fireeye.com-1535133253121-31024
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/css,*/*;q=0.1
cache-control
no-cache
:authority
www2.fireeye.com
referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
:scheme
https
:method
GET
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 24 Aug 2018 17:54:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
status
200
content-length
2610
last-modified
Fri, 07 Apr 2017 19:34:58 GMT
server
cloudflare
etag
"2c0fef-33f8-54c98b884bc80"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=14400
accept-ranges
bytes
cf-ray
44f7aed08aa964d5-FRA
expires
Fri, 24 Aug 2018 21:54:13 GMT
forms2-theme-simple.css
www2.fireeye.com/js/forms2/css/
826 B
407 B
Stylesheet
General
Full URL
https://www2.fireeye.com/js/forms2/css/forms2-theme-simple.css
Requested by
Host: www2.fireeye.com
URL: https://www2.fireeye.com/js/forms2/js/forms2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.74.206 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
14c8c62dc692fd8faa04434e3fed25e7c23d596b732f9db88f6e9f9ff5dfa61c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

:path
/js/forms2/css/forms2-theme-simple.css
pragma
no-cache
cookie
visid_incap_153517=bqTb70a6T7OCoPHdIwlU10JGgFsAAAAAQUIPAAAAAADHPWzsXmNs6EOq5RPtecPT; incap_ses_535_153517=qqGWWoCFiF9ffPhOabRsB0JGgFsAAAAA1Q8eNenHnrXQgtwl0udw3g==; __cfduid=d1ba3796dbd72b6cab4fc508bf7a6ffef1535133251; AMCVS_12390CDB53E9CC840A490D4E%40AdobeOrg=1; utag_main=v_id:01656d127b0c002e4e2a46e876b400078008007000b08$_sn:1$_ss:1$_st:1535135052365$ses_id:1535133252365%3Bexp-session$_pn:1%3Bexp-session; AMCV_12390CDB53E9CC840A490D4E%40AdobeOrg=817868104%7CMCIDTS%7C17768%7CMCMID%7C70152402576349584344075138915481583704%7CMCAAMLH-1535738052%7C6%7CMCAAMB-1535738052%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1535140452s%7CNONE%7CMCAID%7CNONE; tp=12504; s_ppv=us-en%253Ablog%253Athreat-research%253A2018%253A07%253Amicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor%2C10%2C10%2C1200; s_cc=true; mbox=check#true#1535133313|session#c55cb80b5cb44fb6b9bbad399a6986b6#1535135113|PC#c55cb80b5cb44fb6b9bbad399a6986b6.26_30#1536342853; _ga=GA1.2.1114491127.1535133253; _gid=GA1.2.1761862753.1535133253; nlbi_153517=YWcNC9HbmQvG8q+h9aJbDAAAAABjgvlZX9t1Xh4lJFCM8bM+; BIGipServersjiweb-app_https=!X4nsv/NGSjYBw2er6jIaQ+dbpC/uGnSdssPDQQmf0+Odx2tGNql9Bj4HvCGVk3N0s77WDz+E5LdnBH4=; _mkto_trk=id:848-DID-242&token:_mch-fireeye.com-1535133253121-31024
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/css,*/*;q=0.1
cache-control
no-cache
:authority
www2.fireeye.com
referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
:scheme
https
:method
GET
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 24 Aug 2018 17:54:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
status
200
content-length
242
last-modified
Fri, 07 Apr 2017 19:34:58 GMT
server
cloudflare
etag
"562e62-33a-54c98b884bc80"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=14400
accept-ranges
bytes
cf-ray
44f7aed08aaa64d5-FRA
expires
Fri, 24 Aug 2018 21:54:13 GMT
activityi;dc_pre=CIyu-IGhht0CFcEWGwodWO4Bag;src=8443343;type=sitew0;cat=firee0;ord=9568677702357;gtm=d86;u2=Microsoft%20Office%20Vulnerabilities%20Used%20to%20Distribute%20FELIXROOT%20Backdoor%20in...
8443343.fls.doubleclick.net/ Frame 0FD1
Redirect Chain
  • https://8443343.fls.doubleclick.net/activityi;src=8443343;type=sitew0;cat=firee0;ord=9568677702357;gtm=d86;u2=Microsoft%20Office%20Vulnerabilities%20Used%20to%20Distribute%20FELIXROOT%20Backdoor%20...
  • https://8443343.fls.doubleclick.net/activityi;dc_pre=CIyu-IGhht0CFcEWGwodWO4Bag;src=8443343;type=sitew0;cat=firee0;ord=9568677702357;gtm=d86;u2=Microsoft%20Office%20Vulnerabilities%20Used%20to%20Di...
0
0
Document
General
Full URL
https://8443343.fls.doubleclick.net/activityi;dc_pre=CIyu-IGhht0CFcEWGwodWO4Bag;src=8443343;type=sitew0;cat=firee0;ord=9568677702357;gtm=d86;u2=Microsoft%20Office%20Vulnerabilities%20Used%20to%20Distribute%20FELIXROOT%20Backdoor%20in%20Recent%20Campaign%20%C2%AB%20Microsoft%20Office%20Vulnerabilities%20Used%20to%20Distribute%20FELIXROOT%20Backdoor%20in%20Recent%20Campaign%20%7C%20FireEye%20Inc;u1=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html;~oref=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html?
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-8443343
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
172.217.22.6 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s14-in-f6.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
8443343.fls.doubleclick.net
:scheme
https
:path
/activityi;dc_pre=CIyu-IGhht0CFcEWGwodWO4Bag;src=8443343;type=sitew0;cat=firee0;ord=9568677702357;gtm=d86;u2=Microsoft%20Office%20Vulnerabilities%20Used%20to%20Distribute%20FELIXROOT%20Backdoor%20in%20Recent%20Campaign%20%C2%AB%20Microsoft%20Office%20Vulnerabilities%20Used%20to%20Distribute%20FELIXROOT%20Backdoor%20in%20Recent%20Campaign%20%7C%20FireEye%20Inc;u1=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html;~oref=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html?
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
accept-encoding
gzip, deflate
cookie
test_cookie=CheckForPermission
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
E2FA0CCD12E24503D6A7E777C5BFB8A4
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
date
Fri, 24 Aug 2018 17:54:13 GMT
expires
Fri, 24 Aug 2018 17:54:13 GMT
cache-control
private, max-age=0
strict-transport-security
max-age=21600
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
480
x-xss-protection
1; mode=block
set-cookie
IDE=AHWqTUn-3HFQr5os0-6s7DyEvTMOrtiK1q3B4zGQIRdecTCFGPKfpgnpl4SM6R-E; expires=Sun, 23-Aug-2020 17:54:13 GMT; path=/; domain=.doubleclick.net; HttpOnly test_cookie=; domain=.doubleclick.net; path=/; expires=Mon, 21 Jul 2008 23:59:00 GMT
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"

Redirect headers

status
302
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
date
Fri, 24 Aug 2018 17:54:13 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
follow-only-when-prerender-shown
1
strict-transport-security
max-age=21600
location
https://8443343.fls.doubleclick.net/activityi;dc_pre=CIyu-IGhht0CFcEWGwodWO4Bag;src=8443343;type=sitew0;cat=firee0;ord=9568677702357;gtm=d86;u2=Microsoft%20Office%20Vulnerabilities%20Used%20to%20Distribute%20FELIXROOT%20Backdoor%20in%20Recent%20Campaign%20%C2%AB%20Microsoft%20Office%20Vulnerabilities%20Used%20to%20Distribute%20FELIXROOT%20Backdoor%20in%20Recent%20Campaign%20%7C%20FireEye%20Inc;u1=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html;~oref=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html?
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
server
cafe
content-length
0
x-xss-protection
1; mode=block
set-cookie
test_cookie=CheckForPermission; expires=Fri, 24-Aug-2018 18:09:13 GMT; path=/; domain=.doubleclick.net
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
jukebox.js
app.cdn.lookbookhq.com/production/jukebox/current/
119 KB
33 KB
Script
General
Full URL
https://app.cdn.lookbookhq.com/production/jukebox/current/jukebox.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/fireeye/main/prod/utag.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.168.135 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-222-168-135.fra54.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
8cb21d6f49f567954188672affc56e8c990312e15f67bebd7bc2db6bbcb5e71e

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 20 Aug 2018 19:59:23 GMT
content-encoding
gzip
last-modified
Mon, 20 Aug 2018 19:59:02 GMT
server
AmazonS3
age
78826
vary
Accept-Encoding
x-cache
Hit from cloudfront
x-amz-version-id
FF9zc6BFIWsWWOJsC_ugSYW3wYmHiX1f
status
200
content-type
text/javascript
x-amz-cf-id
iqCdJxkQthu3Lizo4ui-fv8aj9kce4rp-SeJ510cvf1t_Jr3WGEPtQ==
via
1.1 93c5c2940efa6748481c787e7c245f82.cloudfront.net (CloudFront)
clickLink
848-did-242.mktoresp.com/webevents/
43 B
622 B
XHR
General
Full URL
https://848-did-242.mktoresp.com/webevents/clickLink?_mchNc=1535133253308&_mchId=848-DID-242&_mchTk=_mch-fireeye.com-1535133253121-31024&_mchCn=&_mchHo=www.fireeye.com&_mchPo=&_mchRu=%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html&_mchPc=https%3A&_mchVr=154&
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/154/munchkin.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
199.15.215.200 San Mateo, United States, ASN53580 (MARKETO - MARKETO, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
cbbd42bb1d88693e6805bd9d676840424af5ecf3e13d874fd06e6b57d53d8d40
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Origin
https://www.fireeye.com

Response headers

Pragma
no-cache
Date
Fri, 24 Aug 2018 17:54:13 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 24 Aug 2018 12:54:13 -0500
Server
Apache
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
Keep-Alive
Content-Type
image/gif
Keep-Alive
timeout=5, max=100
Content-Length
43
Expires
-1
visitWebPage
848-did-242.mktoresp.com/webevents/
43 B
472 B
XHR
General
Full URL
https://848-did-242.mktoresp.com/webevents/visitWebPage?_mchNc=1535133254026&_mchRu=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html&_mchId=848-DID-242&_mchTk=_mch-fireeye.com-1535133253121-31024&_mchHo=www.fireeye.com&_mchPo=&_mchPc=https%3A&_mchVr=154&_mchRe=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/154/munchkin.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
199.15.215.200 San Mateo, United States, ASN53580 (MARKETO - MARKETO, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
cbbd42bb1d88693e6805bd9d676840424af5ecf3e13d874fd06e6b57d53d8d40
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Origin
https://www.fireeye.com

Response headers

Pragma
no-cache
Date
Fri, 24 Aug 2018 17:54:14 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 24 Aug 2018 12:54:14 -0500
Server
Apache
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
Keep-Alive
Content-Type
image/gif
Keep-Alive
timeout=5, max=99
Content-Length
43
Expires
-1
s11530122219704
fireeye.sc.omtrdc.net/b/ss/fireeyev1prod/1/JS-1.6.2-D7QN/
43 B
585 B
Image
General
Full URL
https://fireeye.sc.omtrdc.net/b/ss/fireeyev1prod/1/JS-1.6.2-D7QN/s11530122219704?AQB=1&ndh=1&pf=1&t=24%2F7%2F2018%2017%3A54%3A13%205%200&D=D%3D&mid=70152402576349584344075138915481583704&aamlh=6&ce=UTF-8&pageName=us-en%3Ablog%3Athreat-research%3A2018%3A07%3Amicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor&g=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html&cc=USD&events=event24&c21=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html&v28=3353&v29=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html&v30=Microsoft%20Office%20Vulnerabilities%20Used%20to%20Distribute%20FELIXROOT%20Backdoor%20in%20Recent%20Campaign%20%C2%AB%20Microsoft%20Office%20Vulnerabilities%20Used%20to%20Distribute%20FELIXROOT%20Backdoor%20in%20Recent%20Campaign%20%7C%20FireEye%20Inc&pe=lnk_o&pev2=marketo%20form%20view&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.117.29.227 Lehi, United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),
Reverse DNS
Software
Omniture DC /
Resource Hash
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Fri, 24 Aug 2018 17:54:14 GMT
X-Content-Type-Options
nosniff
X-C
ms-6.4.0
P3P
CP="This is not a P3P policy"
Connection
keep-alive
Content-Length
43
X-XSS-Protection
1; mode=block
Pragma
no-cache
Last-Modified
Sat, 25 Aug 2018 17:54:14 GMT
Server
Omniture DC
xserver
www61
ETag
"3296673560553095168-6141294741901310203"
Vary
*
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, max-age=0, no-transform, private
Expires
Thu, 23 Aug 2018 17:54:14 GMT
collect
www.google-analytics.com/
35 B
99 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j68&a=335365679&t=event&_s=2&dl=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html&ul=en-us&de=UTF-8&dt=Microsoft%20Office%20Vulnerabilities%20Used%20to%20Distribute%20FELIXROOT%20Backdoor%20in%20Recent%20Campaign%20%C2%AB%20Microsoft%20Office%20Vulnerabilities%20Used%20to%20Distribute%20FELIXROOT%20Backdoor%20in%20Recent%20Campaign%20%7C%20FireEye%20Inc&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&ec=view&ea=form_view&el=form&_u=aHBAAAAB~&cid=1114491127.1535133253&tid=UA-363943-1&_gid=1761862753.1535133253&cd5=form_view&cd17=Form&cd18=3353&cd19=Microsoft%20Office%20Vulnerabilities%20Used%20to%20Distribute%20FELIXROOT%20Backdoor%20in%20Recent%20Campaign%20%C2%AB%20Microsoft%20Office%20Vulnerabilities%20Used%20to%20Distribute%20FELIXROOT%20Backdoor%20in%20Recent%20Campaign%20%7C%20FireEye%20Inc&cd3=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html&z=1952817976
Requested by
Host: www.fireeye.com
URL: https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:81a::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 17 Aug 2018 17:07:28 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
607606
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
activityi;dc_pre=CLOgqYKhht0CFU4WGwodcjUEHA;src=8443343;type=sitew0;cat=firee0;ord=6147580650397;gtm=d86;u2=Microsoft%20Office%20Vulnerabilities%20Used%20to%20Distribute%20FELIXROOT%20Backdoor%20in...
8443343.fls.doubleclick.net/ Frame E855
Redirect Chain
  • https://8443343.fls.doubleclick.net/activityi;src=8443343;type=sitew0;cat=firee0;ord=6147580650397;gtm=d86;u2=Microsoft%20Office%20Vulnerabilities%20Used%20to%20Distribute%20FELIXROOT%20Backdoor%20...
  • https://8443343.fls.doubleclick.net/activityi;dc_pre=CLOgqYKhht0CFU4WGwodcjUEHA;src=8443343;type=sitew0;cat=firee0;ord=6147580650397;gtm=d86;u2=Microsoft%20Office%20Vulnerabilities%20Used%20to%20Di...
0
0
Document
General
Full URL
https://8443343.fls.doubleclick.net/activityi;dc_pre=CLOgqYKhht0CFU4WGwodcjUEHA;src=8443343;type=sitew0;cat=firee0;ord=6147580650397;gtm=d86;u2=Microsoft%20Office%20Vulnerabilities%20Used%20to%20Distribute%20FELIXROOT%20Backdoor%20in%20Recent%20Campaign%20%C2%AB%20Microsoft%20Office%20Vulnerabilities%20Used%20to%20Distribute%20FELIXROOT%20Backdoor%20in%20Recent%20Campaign%20%7C%20FireEye%20Inc;u1=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html;~oref=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html?
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-8443343
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
172.217.22.6 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s14-in-f6.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
8443343.fls.doubleclick.net
:scheme
https
:path
/activityi;dc_pre=CLOgqYKhht0CFU4WGwodcjUEHA;src=8443343;type=sitew0;cat=firee0;ord=6147580650397;gtm=d86;u2=Microsoft%20Office%20Vulnerabilities%20Used%20to%20Distribute%20FELIXROOT%20Backdoor%20in%20Recent%20Campaign%20%C2%AB%20Microsoft%20Office%20Vulnerabilities%20Used%20to%20Distribute%20FELIXROOT%20Backdoor%20in%20Recent%20Campaign%20%7C%20FireEye%20Inc;u1=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html;~oref=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html?
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
accept-encoding
gzip, deflate
cookie
IDE=AHWqTUn-3HFQr5os0-6s7DyEvTMOrtiK1q3B4zGQIRdecTCFGPKfpgnpl4SM6R-E
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
E2FA0CCD12E24503D6A7E777C5BFB8A4
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
date
Fri, 24 Aug 2018 17:54:14 GMT
expires
Fri, 24 Aug 2018 17:54:14 GMT
cache-control
private, max-age=0
strict-transport-security
max-age=21600
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
483
x-xss-protection
1; mode=block
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"

Redirect headers

status
302
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
date
Fri, 24 Aug 2018 17:54:14 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
follow-only-when-prerender-shown
1
strict-transport-security
max-age=21600
location
https://8443343.fls.doubleclick.net/activityi;dc_pre=CLOgqYKhht0CFU4WGwodcjUEHA;src=8443343;type=sitew0;cat=firee0;ord=6147580650397;gtm=d86;u2=Microsoft%20Office%20Vulnerabilities%20Used%20to%20Distribute%20FELIXROOT%20Backdoor%20in%20Recent%20Campaign%20%C2%AB%20Microsoft%20Office%20Vulnerabilities%20Used%20to%20Distribute%20FELIXROOT%20Backdoor%20in%20Recent%20Campaign%20%7C%20FireEye%20Inc;u1=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html;~oref=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html?
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
server
cafe
content-length
0
x-xss-protection
1; mode=block
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
/
www.facebook.com/tr/ Frame 09A5
0
0
Document
General
Full URL
https://www.facebook.com/tr/
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a03:2880:f11c:8186:face:b00c:0:50fb , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash

Request headers

:method
POST
:authority
www.facebook.com
:scheme
https
:path
/tr/
content-length
4375
pragma
no-cache
cache-control
no-cache
origin
https://www.fireeye.com
upgrade-insecure-requests
1
content-type
application/x-www-form-urlencoded
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
accept-encoding
gzip, deflate
cookie
fr=0RLFif3GIDoeAihWd..BbgEZE...1.0.BbgEZE.
Origin
https://www.fireeye.com
Upgrade-Insecure-Requests
1
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
E2FA0CCD12E24503D6A7E777C5BFB8A4
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html

Response headers

status
200
content-type
text/plain
content-length
0
server
proxygen-bolt
date
Fri, 24 Aug 2018 17:54:14 GMT
XDFrame
www2.fireeye.com/index.php/form/ Frame F463
2 KB
731 B
Document
General
Full URL
https://www2.fireeye.com/index.php/form/XDFrame
Requested by
Host: www2.fireeye.com
URL: https://www2.fireeye.com/js/forms2/js/forms2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.74.206 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
209f0594f470dd81e958be83e324d48aa07d394c7ec39f196fb38ca1b8de3690
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

:method
GET
:authority
www2.fireeye.com
:scheme
https
:path
/index.php/form/XDFrame
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
accept-encoding
gzip, deflate
cookie
visid_incap_153517=bqTb70a6T7OCoPHdIwlU10JGgFsAAAAAQUIPAAAAAADHPWzsXmNs6EOq5RPtecPT; incap_ses_535_153517=qqGWWoCFiF9ffPhOabRsB0JGgFsAAAAA1Q8eNenHnrXQgtwl0udw3g==; __cfduid=d1ba3796dbd72b6cab4fc508bf7a6ffef1535133251; AMCVS_12390CDB53E9CC840A490D4E%40AdobeOrg=1; AMCV_12390CDB53E9CC840A490D4E%40AdobeOrg=817868104%7CMCIDTS%7C17768%7CMCMID%7C70152402576349584344075138915481583704%7CMCAAMLH-1535738052%7C6%7CMCAAMB-1535738052%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1535140452s%7CNONE%7CMCAID%7CNONE; tp=12504; s_ppv=us-en%253Ablog%253Athreat-research%253A2018%253A07%253Amicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor%2C10%2C10%2C1200; s_cc=true; mbox=check#true#1535133313|session#c55cb80b5cb44fb6b9bbad399a6986b6#1535135113|PC#c55cb80b5cb44fb6b9bbad399a6986b6.26_30#1536342853; _ga=GA1.2.1114491127.1535133253; _gid=GA1.2.1761862753.1535133253; BIGipServersjiweb-app_https=!X4nsv/NGSjYBw2er6jIaQ+dbpC/uGnSdssPDQQmf0+Odx2tGNql9Bj4HvCGVk3N0s77WDz+E5LdnBH4=; _mkto_trk=id:848-DID-242&token:_mch-fireeye.com-1535133253121-31024; utag_main=v_id:01656d127b0c002e4e2a46e876b400078008007000b08$_sn:1$_ss:0$_st:1535135053301$ses_id:1535133252365%3Bexp-session$_pn:1%3Bexp-session; nlbi_153517=9yBpBBVIHjYfAqIk9aJbDAAAAABY/SNyUAVLwYQppeiVszO9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
E2FA0CCD12E24503D6A7E777C5BFB8A4
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html

Response headers

status
200
date
Fri, 24 Aug 2018 17:54:14 GMT
content-type
text/html; charset=utf-8
x-content-type-options
nosniff
vary
Accept-Encoding
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
44f7aed5f95264d5-FRA
content-encoding
gzip
forms2.min.js
www2.fireeye.com/js/forms2/js/ Frame F463
169 KB
57 KB
Script
General
Full URL
https://www2.fireeye.com/js/forms2/js/forms2.min.js
Requested by
Host: www2.fireeye.com
URL: https://www2.fireeye.com/index.php/form/XDFrame
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.74.206 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
fbf63674053e3b35a34473fc7568df63730cb5e71f7e81aa8432e75374c758a3
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

:path
/js/forms2/js/forms2.min.js
pragma
no-cache
cookie
visid_incap_153517=bqTb70a6T7OCoPHdIwlU10JGgFsAAAAAQUIPAAAAAADHPWzsXmNs6EOq5RPtecPT; incap_ses_535_153517=qqGWWoCFiF9ffPhOabRsB0JGgFsAAAAA1Q8eNenHnrXQgtwl0udw3g==; __cfduid=d1ba3796dbd72b6cab4fc508bf7a6ffef1535133251; AMCVS_12390CDB53E9CC840A490D4E%40AdobeOrg=1; AMCV_12390CDB53E9CC840A490D4E%40AdobeOrg=817868104%7CMCIDTS%7C17768%7CMCMID%7C70152402576349584344075138915481583704%7CMCAAMLH-1535738052%7C6%7CMCAAMB-1535738052%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1535140452s%7CNONE%7CMCAID%7CNONE; tp=12504; s_ppv=us-en%253Ablog%253Athreat-research%253A2018%253A07%253Amicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor%2C10%2C10%2C1200; s_cc=true; mbox=check#true#1535133313|session#c55cb80b5cb44fb6b9bbad399a6986b6#1535135113|PC#c55cb80b5cb44fb6b9bbad399a6986b6.26_30#1536342853; _ga=GA1.2.1114491127.1535133253; _gid=GA1.2.1761862753.1535133253; BIGipServersjiweb-app_https=!X4nsv/NGSjYBw2er6jIaQ+dbpC/uGnSdssPDQQmf0+Odx2tGNql9Bj4HvCGVk3N0s77WDz+E5LdnBH4=; _mkto_trk=id:848-DID-242&token:_mch-fireeye.com-1535133253121-31024; utag_main=v_id:01656d127b0c002e4e2a46e876b400078008007000b08$_sn:1$_ss:0$_st:1535135053301$ses_id:1535133252365%3Bexp-session$_pn:1%3Bexp-session; nlbi_153517=9yBpBBVIHjYfAqIk9aJbDAAAAABY/SNyUAVLwYQppeiVszO9
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
www2.fireeye.com
referer
https://www2.fireeye.com/index.php/form/XDFrame
:scheme
https
:method
GET
Referer
https://www2.fireeye.com/index.php/form/XDFrame
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 24 Aug 2018 17:54:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
last-modified
Mon, 18 Jun 2018 17:51:59 GMT
server
cloudflare
etag
"320cc8-2a214-56eee38df8dc0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
public, max-age=14400
cf-ray
44f7aed82c4264d5-FRA
expires
Fri, 24 Aug 2018 21:54:14 GMT
cookie-iframe.html
jukebox.lookbookhq.com/ Frame 5A2F
0
0
Document
General
Full URL
https://jukebox.lookbookhq.com/cookie-iframe.html
Requested by
Host: app.cdn.lookbookhq.com
URL: https://app.cdn.lookbookhq.com/production/jukebox/current/jukebox.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.204.162.94 Cambridge, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-18-204-162-94.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

:method
GET
:authority
jukebox.lookbookhq.com
:scheme
https
:path
/cookie-iframe.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
accept-encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
E2FA0CCD12E24503D6A7E777C5BFB8A4
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html

Response headers

status
200
date
Fri, 24 Aug 2018 17:54:14 GMT
content-type
text/html
content-length
1913
set-cookie
AWSALB=jdt1R1jgY+/0UMz2XyMQI2K57NZDpAroOH76NX49dOJ9RpJAIh4+8NAnBsMab1qcuJQxEpsyaEiFlM2u4LF0FZ0jaNWd+sdyDHbm4j2Ji740lfUumV69EmySBPQN; Expires=Fri, 31 Aug 2018 17:54:14 GMT; Path=/
last-modified
Wed, 20 Jun 2018 21:28:24 GMT
/
px.ads.linkedin.com/collect/
Redirect Chain
  • https://px.ads.linkedin.com/collect/?time=1535133254485&pid=6572&url=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixro...
  • https://px.ads.linkedin.com/collect/?time=1535133254485&pid=6572&url=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixro...
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%2F%3Ftime%3D1535133254485%26pid%3D6572%26url%3Dhttps%253A%252F%252Fwww.fireeye.com%252Fblog%252Fthreat-resea...
  • https://px.ads.linkedin.com/collect/?time=1535133254485&pid=6572&url=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixro...
0
111 B
Script
General
Full URL
https://px.ads.linkedin.com/collect/?time=1535133254485&pid=6572&url=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html&pageUrl=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html&ref=&fmt=js&s=1&cookiesTest=true&liSync=true
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:f500:10:101::b93f:9105 , Ireland, ASN14413 (LINKEDIN - LinkedIn Corporation, US),
Reverse DNS
Software
Play /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 24 Aug 2018 17:54:15 GMT
content-encoding
gzip
server
Play
vary
Accept-Encoding
x-li-fabric
prod-lva1
status
200
x-li-proto
http/2
x-li-pop
prod-efr5
content-type
application/javascript
content-length
20
x-li-uuid
Wacw2Y/jTRVQOKVNXysAAA==

Redirect headers

date
Fri, 24 Aug 2018 17:54:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
302
vary
Accept-Encoding
content-length
20
x-li-uuid
F4tG0o/jTRUQ0s5IXX8AAA==
server
Play
pragma
no-cache
x-li-pop
prod-efr5-nkern
x-frame-options
sameorigin
strict-transport-security
max-age=2592000
x-li-fabric
prod-lva1
location
https://px.ads.linkedin.com/collect/?time=1535133254485&pid=6572&url=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html&pageUrl=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html&ref=&fmt=js&s=1&cookiesTest=true&liSync=true
x-xss-protection
1; mode=block
cache-control
no-cache, no-store
content-security-policy
default-src *; connect-src 'self' static.licdn.com media.licdn.com static-exp1.licdn.com static-exp2.licdn.com media-exp1.licdn.com media-exp2.licdn.com https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' platform.linkedin.com spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=l
x-li-proto
http/2
expires
Thu, 01 Jan 1970 00:00:00 GMT
_ate.track.config_resp
m.addthisedge.com/live/boost/fewebadmin/
2 KB
909 B
Script
General
Full URL
https://m.addthisedge.com/live/boost/fewebadmin/_ate.track.config_resp
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
104.108.68.8 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-108-68-8.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
6b14ea5fc64171a1b09271b769c1f0e13315a7cb42713a2726d84d66b4e328f4

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 24 Aug 2018 17:54:14 GMT
content-encoding
gzip
surrogate-key
fewebadmin
etag
1602101382
vary
Accept-Encoding
cache-tag
fewebadmin
status
200
cache-control
public, max-age=15, s-maxage=86400
content-disposition
attachment; filename=1.txt
content-type
application/javascript;charset=UTF-8
content-length
701
layers.1457328982467cc82fb7.js
s7.addthis.com/static/
261 KB
74 KB
Script
General
Full URL
https://s7.addthis.com/static/layers.1457328982467cc82fb7.js
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
104.108.68.8 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-108-68-8.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
7595f7c4287157b8d4c95ae6a5d06d4ecfc601dbb89b36f92647d7b38be0f7be

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 24 Aug 2018 17:54:14 GMT
content-encoding
gzip
last-modified
Wed, 15 Aug 2018 15:14:06 GMT
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
public, max-age=86313600
x-host
s7.addthis.com
accept-ranges
bytes
timing-allow-origin
*
sdk.js
connect.facebook.net/en_US/
229 KB
70 KB
Script
General
Full URL
https://connect.facebook.net/en_US/sdk.js
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
ca7f924d2bb604fd5371fc081b61a9766d7fdf256c872f3cba64aaaa9c77861b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
xqnxLaJ5KODwa7XMUUSv7w==
status
200
content-length
71278
x-xss-protection
0
x-fb-debug
sr4jdgBPzKJXQ51vrTkuvS9KTWqcEqBj9u3cL4nImxTt7prxTE50r7m8Z/e7xbkSpPigNnLOVsjkB2fRBx1utw==
x-fb-content-md5
b5261e80abdc0d528ac980528850c427
x-frame-options
DENY
date
Fri, 24 Aug 2018 17:54:14 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=1200,stale-while-revalidate=3600
etag
"487550ca30cf257fdc0fbb9c3ca997cd"
timing-allow-origin
*
expires
Fri, 24 Aug 2018 17:54:42 GMT
widgets.js
platform.twitter.com/
119 KB
35 KB
Script
General
Full URL
https://platform.twitter.com/widgets.js
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/418E) /
Resource Hash
4db400704c5e6440fb901e922d96042278d754a254491f1f23b81167a6251c88

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Fri, 24 Aug 2018 17:54:14 GMT
Content-Encoding
gzip
Last-Modified
Wed, 22 Aug 2018 19:38:25 GMT
Server
ECS (fcn/418E)
Etag
"d3a6cdb4e9a8a7fef34bed385d118230+gzip"
Vary
Accept-Encoding
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Cache-Control
public, max-age=1800
Content-Type
application/javascript; charset=utf-8
Content-Length
35545
plusone.js
apis.google.com/js/
43 KB
17 KB
Script
General
Full URL
https://apis.google.com/js/plusone.js
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:81e::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
ESF /
Resource Hash
b4ecdae580ac9b63ce24ec2652da1afcc570d8599b0f3c9725ca070b6a839492
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 24 Aug 2018 17:54:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
script-src 'report-sample' 'nonce-deKcrh3zWnxQijzLWNoXVC2JgWQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
status
200
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge, chrome=1
server
ESF
x-frame-options
SAMEORIGIN
etag
"5f37e71602b03be4ed494d0be11bf7f7"
strict-transport-security
max-age=31536000
content-type
application/javascript; charset=utf-8
cache-control
private, max-age=1800, stale-while-revalidate=1800
timing-allow-origin
*
expires
Fri, 24 Aug 2018 17:54:14 GMT
linkedin.html
s7.addthis.com/static/ Frame 433B
0
0
Document
General
Full URL
https://s7.addthis.com/static/linkedin.html
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
104.108.68.8 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-108-68-8.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash

Request headers

:method
GET
:authority
s7.addthis.com
:scheme
https
:path
/static/linkedin.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
accept-encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
E2FA0CCD12E24503D6A7E777C5BFB8A4
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html

Response headers

status
200
server
nginx
content-type
text/html; charset=UTF-8
last-modified
Thu, 21 Jun 2018 18:06:46 GMT
timing-allow-origin
*
cache-control
public, max-age=86313600
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
date
Fri, 24 Aug 2018 17:54:15 GMT
content-length
15628
x-host
s7.addthis.com
131.8e8819822a8cc01bc51e.js
s7.addthis.com/static/
418 B
588 B
Script
General
Full URL
https://s7.addthis.com/static/131.8e8819822a8cc01bc51e.js
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
104.108.68.8 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-108-68-8.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
57b1913f4babd59ab97fd3ed90555dae5d1d17a37f841b49e0a3782441d82bc1

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 24 Aug 2018 17:54:14 GMT
last-modified
Wed, 15 Aug 2018 15:14:06 GMT
content-type
application/javascript
status
200
cache-control
public, max-age=86313600
x-host
s7.addthis.com
accept-ranges
bytes
timing-allow-origin
*
content-length
418
truncated
/
443 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5876d235b697479a9e5f476a33115aea1ddc21fd4b4740dd7180398c6224fdba

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/png
cb=gapi.loaded_0
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.NDts6jsgkBs.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=wQ/rs=AGLTcCPG-dYdd3tpWAVzPFHtje9XGKwktg/
131 KB
46 KB
Script
General
Full URL
https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.NDts6jsgkBs.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=wQ/rs=AGLTcCPG-dYdd3tpWAVzPFHtje9XGKwktg/cb=gapi.loaded_0
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/plusone.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:81e::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
13121a91240e36ac3f36a2015943c04411deac01c0fee22240fe6fd41fa755f6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 23 Aug 2018 22:29:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 22 Aug 2018 23:07:19 GMT
server
sffe
age
69856
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
status
200
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
46713
x-xss-protection
1; mode=block
expires
Fri, 23 Aug 2019 22:29:58 GMT
cb=gapi.loaded_1
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.NDts6jsgkBs.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/am=wQ/rs=AGLTcCPG-dYdd3tpWAVzPFHtje9XGKwktg/
98 KB
35 KB
Script
General
Full URL
https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.NDts6jsgkBs.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/am=wQ/rs=AGLTcCPG-dYdd3tpWAVzPFHtje9XGKwktg/cb=gapi.loaded_1
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/plusone.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:81e::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
0c025be514399a59201a7c563debb4d6b155466c7439fc780f744b7257e2a68a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 23 Aug 2018 22:29:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 22 Aug 2018 23:07:19 GMT
server
sffe
age
69855
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
status
200
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
35326
x-xss-protection
1; mode=block
expires
Fri, 23 Aug 2019 22:29:59 GMT
fastbutton
apis.google.com/se/0/_/+1/ Frame EC89
0
0
Document
General
Full URL
https://apis.google.com/se/0/_/+1/fastbutton?usegapi=1&size=tall&annotation=none&hl=en-US&origin=https%3A%2F%2Fwww.fireeye.com&url=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.NDts6jsgkBs.O%2Fam%3DwQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPG-dYdd3tpWAVzPFHtje9XGKwktg%2Fm%3D__features__
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/plusone.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:81e::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
apis.google.com
:scheme
https
:path
/se/0/_/+1/fastbutton?usegapi=1&size=tall&annotation=none&hl=en-US&origin=https%3A%2F%2Fwww.fireeye.com&url=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.NDts6jsgkBs.O%2Fam%3DwQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPG-dYdd3tpWAVzPFHtje9XGKwktg%2Fm%3D__features__
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
accept-encoding
gzip, deflate
cookie
NID=137=mn2Y9U4ywwFiBrLfK01g7qXd8vtmTBW6gGyh_SjnDyHLAAfvb1RveEGYrQm1W8hgc9J-Ga_ncqX4errXrztdH1_hfwt72ahLhsGkllyqDfKbZpeNhA0_G_qFb_PRY5kX
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
E2FA0CCD12E24503D6A7E777C5BFB8A4
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html

Response headers

status
200
content-type
text/html; charset=utf-8
x-ua-compatible
IE=edge, chrome=1
vary
Accept-Encoding
timing-allow-origin
*
expires
Fri, 24 Aug 2018 17:54:15 GMT
date
Fri, 24 Aug 2018 17:54:15 GMT
cache-control
private, max-age=3600
content-security-policy-report-only
script-src 'report-sample' 'nonce-kwbGXCx/WzMQi5LMiS7L6ujiZa4' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /se/0/_/cspreport
content-encoding
gzip
server
ESF
x-xss-protection
1; mode=block
x-content-type-options
nosniff
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
widget_iframe.5b37191c1b7fd23797a519962bf78683.html
platform.twitter.com/widgets/ Frame 07A2
0
0
Document
General
Full URL
https://platform.twitter.com/widgets/widget_iframe.5b37191c1b7fd23797a519962bf78683.html?origin=https%3A%2F%2Fwww.fireeye.com&settingsEndpoint=https%3A%2F%2Fsyndication.twitter.com%2Fsettings
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/40E3) /
Resource Hash

Request headers

Host
platform.twitter.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
E2FA0CCD12E24503D6A7E777C5BFB8A4
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html

Response headers

Content-Encoding
gzip
Cache-Control
public, max-age=315360000
Content-Type
text/html; charset=utf-8
Date
Fri, 24 Aug 2018 17:54:15 GMT
Etag
"6f4bb4155518386526ca164541e6b1ce+gzip"
Last-Modified
Wed, 22 Aug 2018 19:35:24 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (fcn/40E3)
Vary
Accept-Encoding
X-Cache
HIT
Content-Length
5868
button.460b6e50c797f0f03177332228ca7d20.js
platform.twitter.com/js/
4 KB
2 KB
Script
General
Full URL
https://platform.twitter.com/js/button.460b6e50c797f0f03177332228ca7d20.js
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/40E1) /
Resource Hash
132ee3ea2c2d7aed9575eef76eb750cbf4e04727233051aee5edfee818c21b94

Request headers

Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Fri, 24 Aug 2018 17:54:14 GMT
Content-Encoding
gzip
Last-Modified
Wed, 22 Aug 2018 19:35:19 GMT
Server
ECS (fcn/40E1)
Etag
"f1d93f31b2232cda31d4978d008e1564+gzip"
Vary
Accept-Encoding
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Cache-Control
public, max-age=315360000
Content-Type
application/javascript; charset=utf-8
Content-Length
1395
QX17B8fU-Vm.js
staticxx.facebook.com/connect/xd_arbiter/r/ Frame 7DF5
0
0
Document
General
Full URL
https://staticxx.facebook.com/connect/xd_arbiter/r/QX17B8fU-Vm.js?version=42
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
staticxx.facebook.com
:scheme
https
:path
/connect/xd_arbiter/r/QX17B8fU-Vm.js?version=42
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
accept-encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
E2FA0CCD12E24503D6A7E777C5BFB8A4
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html

Response headers

status
200
expires
Fri, 23 Aug 2019 23:13:17 GMT
cache-control
public,max-age=31536000,immutable
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
x-xss-protection
0
strict-transport-security
max-age=15552000; preload
content-type
text/html; charset=utf-8
x-content-type-options
nosniff
vary
Accept-Encoding
content-encoding
gzip
x-fb-debug
fLI4lwiQl64d1ZpYmgQxloBI/x2U420v3tUbUWuso8dApw6KJJPwVStgTTEVWurOWMUinlkaVgif5lquWOrfQA==
content-length
13933
date
Fri, 24 Aug 2018 17:54:15 GMT
share_button.php
www.facebook.com/v2.6/plugins/ Frame D208
0
0
Document
General
Full URL
https://www.facebook.com/v2.6/plugins/share_button.php?app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter%2Fr%2FQX17B8fU-Vm.js%3Fversion%3D42%23cb%3Df3263bad93b4dac%26domain%3Dwww.fireeye.com%26origin%3Dhttps%253A%252F%252Fwww.fireeye.com%252Ff322b6adc6e91ac%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html&layout=button&locale=en_US&sdk=joey
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a03:2880:f11c:8186:face:b00c:0:50fb , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
www.facebook.com
:scheme
https
:path
/v2.6/plugins/share_button.php?app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter%2Fr%2FQX17B8fU-Vm.js%3Fversion%3D42%23cb%3Df3263bad93b4dac%26domain%3Dwww.fireeye.com%26origin%3Dhttps%253A%252F%252Fwww.fireeye.com%252Ff322b6adc6e91ac%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.fireeye.com%2Fblog%2Fthreat-research%2F2018%2F07%2Fmicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html&layout=button&locale=en_US&sdk=joey
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
accept-encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
E2FA0CCD12E24503D6A7E777C5BFB8A4
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html

Response headers

status
200
expires
Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version
v2.7
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; preload
cache-control
private, no-cache, no-store, must-revalidate
timing-allow-origin
*
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expect-ct
max-age=86400, report-uri="http://reports.fb.com/expectct/"
pragma
no-cache
x-xss-protection
0
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html; charset="utf-8"
x-fb-debug
DqO7jdJhHHi/EBYGVJvuwCUzZy/QVSxbxCl7clTqUJwoA7AKmYSN6cDLX8nx56u0Fc0CSPGUDvxx6KivCzjXeQ==
date
Fri, 24 Aug 2018 17:54:15 GMT
postmessageRelay
accounts.google.com/o/oauth2/ Frame D975
0
0
Document
General
Full URL
https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fwww.fireeye.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.NDts6jsgkBs.O%2Fam%3DwQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPG-dYdd3tpWAVzPFHtje9XGKwktg%2Fm%3D__features__
Requested by
Host: apis.google.com
URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.NDts6jsgkBs.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/am=wQ/rs=AGLTcCPG-dYdd3tpWAVzPFHtje9XGKwktg/cb=gapi.loaded_1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:81e::200d , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-wioyyGxaEmc6/Nu9ZreBcvp0iWE' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'none';report-uri /o/cspreport
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
accounts.google.com
:scheme
https
:path
/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fwww.fireeye.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.NDts6jsgkBs.O%2Fam%3DwQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPG-dYdd3tpWAVzPFHtje9XGKwktg%2Fm%3D__features__
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
accept-encoding
gzip, deflate
cookie
NID=137=mn2Y9U4ywwFiBrLfK01g7qXd8vtmTBW6gGyh_SjnDyHLAAfvb1RveEGYrQm1W8hgc9J-Ga_ncqX4errXrztdH1_hfwt72ahLhsGkllyqDfKbZpeNhA0_G_qFb_PRY5kX
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
E2FA0CCD12E24503D6A7E777C5BFB8A4
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html

Response headers

status
200
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Fri, 24 Aug 2018 17:54:15 GMT
content-security-policy
script-src 'report-sample' 'nonce-wioyyGxaEmc6/Nu9ZreBcvp0iWE' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'none';report-uri /o/cspreport
content-encoding
gzip
server
ESF
x-xss-protection
1; mode=block
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
tweet_button.5b37191c1b7fd23797a519962bf78683.en.html
platform.twitter.com/widgets/ Frame 3C39
0
0
Document
General
Full URL
https://platform.twitter.com/widgets/tweet_button.5b37191c1b7fd23797a519962bf78683.en.html
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/4199) /
Resource Hash

Request headers

Host
platform.twitter.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
E2FA0CCD12E24503D6A7E777C5BFB8A4
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html

Response headers

Content-Encoding
gzip
Cache-Control
public, max-age=315360000
Content-Type
text/html; charset=utf-8
Date
Fri, 24 Aug 2018 17:54:15 GMT
Etag
"20791512e754207acf1f8b07cb80f6ba+gzip"
Last-Modified
Wed, 22 Aug 2018 19:35:22 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (fcn/4199)
Vary
Accept-Encoding
X-Cache
HIT
Content-Length
12523
custom_domains
jukebox.lookbookhq.com/api/public/v1/
0
402 B
XHR
General
Full URL
https://jukebox.lookbookhq.com/api/public/v1/custom_domains?clientId=LB-9AC90F09-10427
Requested by
Host: app.cdn.lookbookhq.com
URL: https://app.cdn.lookbookhq.com/production/jukebox/current/jukebox.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.164.248.58 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-54-164-248-58.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Access-Control-Request-Method
GET
Origin
https://www.fireeye.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Access-Control-Request-Headers
content-type

Response headers

date
Fri, 24 Aug 2018 17:54:15 GMT
access-control-allow-origin
https://www.fireeye.com
access-control-max-age
1728000
access-control-allow-methods
GET, PUT, POST, PATCH, OPTIONS
content-type
text/plain
status
200
access-control-expose-headers
access-control-allow-credentials
true
access-control-allow-headers
content-type
custom_domains
jukebox.lookbookhq.com/api/public/v1/
82 B
632 B
XHR
General
Full URL
https://jukebox.lookbookhq.com/api/public/v1/custom_domains?clientId=LB-9AC90F09-10427
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.164.248.58 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-54-164-248-58.compute-1.amazonaws.com
Software
/
Resource Hash
24c2a48ca24aa8a0e2a18f696da013a0645adfbea5c5cd0e7b559ddf4b6c202a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
application/json
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Origin
https://www.fireeye.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/json

Response headers

x-runtime
0.006374
date
Fri, 24 Aug 2018 17:54:15 GMT
x-content-type-options
nosniff
status
200
etag
W/"24c2a48ca24aa8a0e2a18f696da013a0"
access-control-max-age
1728000
access-control-allow-methods
GET, PUT, POST, PATCH, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.fireeye.com
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
vary
Origin
x-request-id
3a52e7b8-9cda-491f-a20c-9b53953f1010
cookie-iframe.html
content.fireeye.com/ Frame FF6D
2 KB
2 KB
Document
General
Full URL
https://content.fireeye.com/cookie-iframe.html
Requested by
Host: app.cdn.lookbookhq.com
URL: https://app.cdn.lookbookhq.com/production/jukebox/current/jukebox.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.203.52.189 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-203-52-189.compute-1.amazonaws.com
Software
/
Resource Hash
31625bc45e5bb23e03a2946d9cfffd15661b603a7c1a5d22bfb6ed503735b1fe

Request headers

:method
GET
:authority
content.fireeye.com
:scheme
https
:path
/cookie-iframe.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
accept-encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
E2FA0CCD12E24503D6A7E777C5BFB8A4
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html

Response headers

status
200
date
Fri, 24 Aug 2018 17:54:15 GMT
content-type
text/html
content-length
1913
set-cookie
AWSALB=s7b2rHD3D5gtwE7KtoTKMk1jQp94vgyhJmEy4BUuY5qsm8bP3Opx9nXF/V6bQqDofWWboUTWQVOiDDthKyWoF1vHP6dJVmu/bA8g4nYZZtJoi2+J9qCJYWi94C+8; Expires=Fri, 31 Aug 2018 17:54:15 GMT; Path=/
last-modified
Wed, 20 Jun 2018 21:28:24 GMT
jot.html
platform.twitter.com/ Frame 4477
Redirect Chain
  • https://syndication.twitter.com/i/jot
  • https://platform.twitter.com/jot.html
0
0
Document
General
Full URL
https://platform.twitter.com/jot.html
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/41A4) /
Resource Hash

Request headers

Host
platform.twitter.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
Origin
null
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
E2FA0CCD12E24503D6A7E777C5BFB8A4

Response headers

Accept-Ranges
bytes
Cache-Control
public, max-age=315360000
Content-Type
text/html; charset=utf-8
Date
Fri, 24 Aug 2018 17:54:15 GMT
Etag
"d9592a6c704736fa4da218d4357976dd"
Last-Modified
Wed, 22 Aug 2018 19:38:24 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (fcn/41A4)
X-Cache
HIT
Content-Length
80

Redirect headers

status
302 302 Found
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-length
0
content-type
text/html;charset=utf-8
date
Fri, 24 Aug 2018 17:54:15 GMT
expires
Tue, 31 Mar 1981 05:00:00 GMT
last-modified
Fri, 24 Aug 2018 17:54:15 GMT
location
https://platform.twitter.com/jot.html
pragma
no-cache
server
tsa_o
strict-transport-security
max-age=631138519
x-connection-hash
ccc855d06f0d35f44be32f41f18bc9f9
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-response-time
117
x-transaction
00be7437007167cf
x-tsa-request-body-time
0
x-twitter-response-tags
BouncerCompliant
x-xss-protection
0
page_views
jukebox.lookbookhq.com/api/public/v1/
0
401 B
XHR
General
Full URL
https://jukebox.lookbookhq.com/api/public/v1/page_views
Requested by
Host: app.cdn.lookbookhq.com
URL: https://app.cdn.lookbookhq.com/production/jukebox/current/jukebox.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.164.248.58 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-54-164-248-58.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Access-Control-Request-Method
POST
Origin
https://www.fireeye.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Access-Control-Request-Headers
content-type

Response headers

date
Fri, 24 Aug 2018 17:54:15 GMT
access-control-allow-origin
https://www.fireeye.com
access-control-max-age
1728000
access-control-allow-methods
GET, PUT, POST, PATCH, OPTIONS
content-type
text/plain
status
200
access-control-expose-headers
access-control-allow-credentials
true
access-control-allow-headers
content-type
page_views
jukebox.lookbookhq.com/api/public/v1/
2 B
555 B
XHR
General
Full URL
https://jukebox.lookbookhq.com/api/public/v1/page_views
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.164.248.58 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-54-164-248-58.compute-1.amazonaws.com
Software
/
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
application/json
Referer
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
Origin
https://www.fireeye.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/json

Response headers

x-runtime
0.026543
date
Fri, 24 Aug 2018 17:54:16 GMT
x-content-type-options
nosniff
status
200
etag
W/"44136fa355b3678a1146ad16f7e8649e"
access-control-max-age
1728000
access-control-allow-methods
GET, PUT, POST, PATCH, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.fireeye.com
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
vary
Origin
x-request-id
a7684d2b-e190-458d-a705-2ec67ad9faa5

Verdicts & Comments Add Verdict or Comment

281 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery object| matched object| browser object| fdc object| geoip2 undefined| cookiesOK function| onAccept function| onDecline function| ipLocation string| userAgent boolean| gomezAgent boolean| prtgAgent object| addthis_config object| addthis_share string| host boolean| sputnikbotAgent boolean| uptimerobotAgent boolean| slackbotbingbotAgent boolean| ahcAgent boolean| rogerbotAgent boolean| caliperbotAgent boolean| scoutjetAgent boolean| ahrefsbotAgent boolean| superfeedrAgent boolean| twitterbotAgent boolean| mj12botAgent boolean| yandexbotAgent boolean| yahooslurpAgent boolean| googlebotAgent boolean| bingbotAgent object| Configuration function| Visitor boolean| A boolean| B object| _satellite object| s_c_il number| s_c_in function| targetPageParams object| digitalData string| mboxCopyright object| TNT function| se function| we function| ye function| Re function| mboxUrlBuilder function| mboxStandardFetcher function| mboxAjaxFetcher function| mboxMap function| mboxList function| mboxSignaler function| mboxLocatorDefault function| mboxLocatorNode function| mboxOfferContent function| mboxOfferAjax function| mboxOfferDefault function| mboxCookieManager function| mboxSession function| mboxPC function| mboxGetPageParameter function| mboxCookiePageDomain function| mboxShiftArray function| mboxGenerateId function| mboxScreenHeight function| mboxScreenWidth function| mboxBrowserWidth function| mboxBrowserHeight function| mboxBrowserTimeOffset function| mboxScreenColorDepth function| mbox function| mboxFactory object| mboxFactories object| mboxFactoryDefault number| mboxVersion function| mboxCreate function| mboxDefine function| mboxUpdate function| mboxVizTargetUrl function| mboxSetCookie function| mboxGetCookie object| _AT function| getSizzleForTarget object| utag_data object| Granite object| _g function| $CQ object| CQ undefined| G_XHR_HOOK undefined| G_RELOAD_HOOK undefined| G_IS_HOOKED undefined| G_CONTENT_PATH function| _ function| generateURLSignature function| initializeTeaserLoader function| initializeLandingPageLoader object| CQ_Analytics object| CQ_Context boolean| CQ_trackTeasersStats boolean| CQ_trackLandingPagesStats object| ClientContext object| ContextCloud object| MktoForms2 function| replaceQueryParam number| slideTotal number| currentSlide string| target function| getCurrentSlide function| showHideControls string| activeLbox function| calculateTopMargin function| closec08 function| updatec08 function| fixCta function| showNav function| showNavSub function| showNavMore function| initNav number| totalSlides function| changeSlide function| initCarousel function| msieversion undefined| intervalId function| showSuggestions function| getParameterByName string| content_category_1 string| content_category_2 string| content_category_3 number| flag function| validateMarketoform function| marketoFormViewTealiumEvent function| marketoFormSubmitTealiumEvent function| bannerEvent function| getContentCategory undefined| startTimer object| jQuery112404238337509466379 object| html5 object| Modernizr function| yepnope object| respond object| ft_onetag_5918 boolean| utag_condload object| utag function| lbhq object| ps number| c undefined| sacct_env string| s_account object| s object| visitor function| s_doPlugins function| AppMeasurement_Module_Integrate function| AppMeasurement_Module_Media function| AppMeasurement_Module_ActivityMap function| AppMeasurement function| s_gi function| s_pgicq number| s_objectID number| s_giq object| s_YTO function| onYouTubePlayerReady function| s_YTp function| s_YTisa function| s_YTism function| s_YTgk function| onYouTubePlayerAPIReady function| s_YTdi function| s_YTei function| s_YTut function| s_YTdv function| s_YTv function| s_aE function| s_YTi object| s_i_fireeyev1prod object| dotq function| yahoo_gacSend number| yahoo_conversion_id object| google_conversion_id string| yahoo_conversion_label object| google_conversion_label string| yahoo_conversion_value object| google_conversion_value string| yahoo_conversion_language object| google_conversion_language object| google_conversion_format string| yahoo_conversion_color object| google_conversion_color object| google_conversion_domain object| google_disable_viewthrough object| google_conversion_date object| google_conversion_time number| google_conversion_snippets number| google_conversion_first_time object| google_conversion_js_version object| gacImg object| google_conversion_type object| google_conversion_order_id object| google_conversion_items object| google_custom_params object| _linkedin string| _linkedin_data_partner_id object| uetq string| GoogleAnalyticsObject function| ga function| fbq function| _fbq string| gtagRename object| dataLayer function| gtag function| VidyardProgressEvents object| gaplugins object| gaGlobal object| gaData function| mktoMunchkinFunction object| Munchkin function| mktoMunchkin boolean| jukeboxInitialized function| atwpjp string| _atd function| _euc function| _duc object| _atc string| _atr object| addthis string| addthis_pub function| emdot object| _ate object| _adr object| addthis_conf function| addthis_open function| addthis_close function| addthis_sendto object| campaigns object| queryString object| object number| qIndex object| MunchkinTracker function| __extends object| Demandbase object| __db function| DBSegment function| UET object| YAHOO undefined| I13N_Conf undefined| YWA_Global_Conf object| google_tag_manager object| jQuery112404017378125481117 function| _bizo_local_logger function| _bizo_fire_partners boolean| _bizo_main_already_called function| __orig__fbAsyncInit function| fbAsyncInit object| ___gcfg function| _at_plusonecallback function| _at_pluscallback object| _atw string| addthis_exclude boolean| addthis_use_personalization string| addthis_options_default string| addthis_options_rank string| addthis_options object| __callbacks object| FB number| len object| gapi object| ___jsl object| ___gu function| __twttrll object| twttr object| __twttr object| osapi object| gadgets object| shindig object| iframer function| ToolbarApi object| iframes function| IframeBase function| Iframe function| IframeProxy function| IframeWindow object| __gapi_jstiming__

20 Cookies

Domain/Path Name / Value
.www2.fireeye.com/ Name: __cfduid
Value: d1ba3796dbd72b6cab4fc508bf7a6ffef1535133251
.doubleclick.net/ Name: IDE
Value: AHWqTUn-3HFQr5os0-6s7DyEvTMOrtiK1q3B4zGQIRdecTCFGPKfpgnpl4SM6R-E
.flashtalking.com/ Name: __qca
Value: P0-555087030-1535133252504
www.fireeye.com/ Name: __atuvs
Value: 5b80464411122fa3000
.fireeye.com/ Name: nlbi_153517
Value: 9yBpBBVIHjYfAqIk9aJbDAAAAABY/SNyUAVLwYQppeiVszO9
.fireeye.com/ Name: utag_main
Value: v_id:01656d127b0c002e4e2a46e876b400078008007000b08$_sn:1$_ss:0$_st:1535135053301$ses_id:1535133252365%3Bexp-session$_pn:1%3Bexp-session
.fireeye.com/ Name: _mkto_trk
Value: id:848-DID-242&token:_mch-fireeye.com-1535133253121-31024
.fireeye.com/ Name: s_ppv
Value: us-en%253Ablog%253Athreat-research%253A2018%253A07%253Amicrosoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor%2C10%2C10%2C1200
.fireeye.com/ Name: _gid
Value: GA1.2.1761862753.1535133253
www2.fireeye.com/ Name: BIGipServersjiweb-app_https
Value: !X4nsv/NGSjYBw2er6jIaQ+dbpC/uGnSdssPDQQmf0+Odx2tGNql9Bj4HvCGVk3N0s77WDz+E5LdnBH4=
www.fireeye.com/ Name: AWSELB
Value: 5F2B578318E89D8E08CFED7804764C1968F619D94F001E6A5759DB2F3814FCBBF078D9D23F5AB9798EEF5F63FC077FDEA1B6582BCB6461C8E020873CD8D7BD7510F5FABE37
.fireeye.com/ Name: mbox
Value: check#true#1535133313|session#c55cb80b5cb44fb6b9bbad399a6986b6#1535135113|PC#c55cb80b5cb44fb6b9bbad399a6986b6.26_30#1536342853
.fireeye.com/ Name: s_cc
Value: true
.fireeye.com/ Name: _ga
Value: GA1.2.1114491127.1535133253
.fireeye.com/ Name: tp
Value: 12504
www.fireeye.com/ Name: __atuvc
Value: 1%7C34
.fireeye.com/ Name: AMCVS_12390CDB53E9CC840A490D4E%40AdobeOrg
Value: 1
.fireeye.com/ Name: incap_ses_535_153517
Value: qqGWWoCFiF9ffPhOabRsB0JGgFsAAAAA1Q8eNenHnrXQgtwl0udw3g==
.fireeye.com/ Name: AMCV_12390CDB53E9CC840A490D4E%40AdobeOrg
Value: 817868104%7CMCIDTS%7C17768%7CMCMID%7C70152402576349584344075138915481583704%7CMCAAMLH-1535738052%7C6%7CMCAAMB-1535738052%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1535140452s%7CNONE%7CMCAID%7CNONE
.fireeye.com/ Name: visid_incap_153517
Value: bqTb70a6T7OCoPHdIwlU10JGgFsAAAAAQUIPAAAAAADHPWzsXmNs6EOq5RPtecPT

5 Console Messages

Source Level URL
Text
console-api log URL: https://tags.tiqcdn.com/utag/fireeye/main/prod/utag.23.js?utv=ut4.45.201808081615(Line 5)
Message:
in Vidyard Listener callback
console-api log URL: https://www.fireeye.com/etc/clientlibs/foundation/personalization/kernel.min.js(Line 1)
Message:
authorizableId is anonymous
console-api log URL: https://www.fireeye.com/etc/clientlibs/foundation/personalization/kernel.min.js(Line 1)
Message:
https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
console-api log URL: https://www.fireeye.com/etc/clientlibs/foundation/personalization/kernel.min.js(Line 1)
Message:
object is null
console-api warning URL: https://app.cdn.lookbookhq.com/production/jukebox/current/jukebox.js(Line 1)
Message:
Multiple instances of jukebox were added to this page.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

8443343.fls.doubleclick.net
848-did-242.mktoresp.com
accounts.google.com
api.company-target.com
apis.google.com
app.cdn.lookbookhq.com
assets.adobedtm.com
b91.yahoo.co.jp
bat.bing.com
cdn.tt.omtrdc.net
cloud.typography.com
connect.facebook.net
content.fireeye.com
d.company-target.com
dpm.demdex.net
fireeye.sc.omtrdc.net
fireeye.tt.omtrdc.net
fonts.googleapis.com
id.rlcdn.com
js.maxmind.com
jukebox.lookbookhq.com
m.addthisedge.com
match.prod.bidr.io
maxcdn.bootstrapcdn.com
munchkin.marketo.net
platform.twitter.com
play.vidyard.com
px.ads.linkedin.com
s.yimg.com
s7.addthis.com
scripts.demandbase.com
segments.company-target.com
servedby.flashtalking.com
snap.licdn.com
sp.analytics.yahoo.com
staticxx.facebook.com
syndication.twitter.com
tags.tiqcdn.com
www.facebook.com
www.fireeye.com
www.google-analytics.com
www.googletagmanager.com
www.linkedin.com
www2.fireeye.com
104.108.68.8
104.111.215.136
104.111.226.25
104.111.240.216
104.111.242.254
104.17.74.206
104.244.42.200
13.107.21.200
13.32.223.46
151.101.113.181
172.217.22.6
18.204.162.94
182.22.67.123
188.125.66.33
199.15.215.200
2.18.232.23
205.185.216.42
209.197.3.15
2400:cb00:2048:1::6810:262f
2606:2800:234:59:254c:406:2366:268c
2a00:1288:80:800::7000
2a00:1450:4001:81a::200a
2a00:1450:4001:81a::200e
2a00:1450:4001:81e::2008
2a00:1450:4001:81e::200d
2a00:1450:4001:81e::200e
2a02:26f0:6c00:296::25ea
2a02:e980:d::ba
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8186:face:b00c:0:50fb
2a05:f500:10:101::b93f:9101
2a05:f500:10:101::b93f:9105
34.193.197.252
35.190.27.37
52.203.52.189
52.222.168.110
52.222.168.130
52.222.168.135
52.222.168.50
52.30.190.93
52.51.131.19
54.164.248.58
66.117.29.11
66.117.29.227
017bf8b7865aa3589f54e881370a1bcf1d4251ffead66504e0f15fdfad7ffceb
07e1e26b8ad991c4bfc14c0cbebd330a52593b70618ead3cf875b9151a6ad576
08ada830a022251d78d15cefd38549eda4c4f24ba25845ff2280d23cafe2a178
0914d1fb1c58b2a0f48800b98fa271603e0b01dfdae72c53d622f0ea754c84ea
0a6c0fbd26ef027249f41efe9febcf9ed320fe0d55f9790bb64feb93a9e0c04e
0c025be514399a59201a7c563debb4d6b155466c7439fc780f744b7257e2a68a
0cbeef1cf3fbe7e0874802b1cb90e875f3bdbd49e2473bf73bd0efc1f2abac1d
0d1e4ec6235dcfe83b8acd4b53c23c0219f907814d53e3f7802bee9a6a30d6d7
0e61af2bfebca120ae344dc48386bbd2b6d24486524cf98ed55327b084bf1702
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
13121a91240e36ac3f36a2015943c04411deac01c0fee22240fe6fd41fa755f6
131a708362e03033c4d288cb86215931c3eb004172dc2d8f5c630fe5fac898da
132ee3ea2c2d7aed9575eef76eb750cbf4e04727233051aee5edfee818c21b94
14c8c62dc692fd8faa04434e3fed25e7c23d596b732f9db88f6e9f9ff5dfa61c
14f5c3507c3529201adf46f8d0bd4cac4cf8ee74b08c1143020dc577a86a66ef
15b9ee7cbc2b1aabc5b9e285a0e06689a4fa3699afb29a781b675d35f6af10b4
18ad069a01e5d14399007134cd081cec588abf25b9f87382b1f153e274b2c0ef
1d43da43d38da44cd99af5ae3ef3a6619d10027b46d4ba3df4f8ee0f59951a07
209f0594f470dd81e958be83e324d48aa07d394c7ec39f196fb38ca1b8de3690
224de79a0603142f39ac08fcdc955ab03d9e64035582cab34d7a67b10d128adc
24c2a48ca24aa8a0e2a18f696da013a0645adfbea5c5cd0e7b559ddf4b6c202a
24fcd0a4c287c27588057b26feb88936f6a9f65706d687cd368e78804bc70a7a
2c8f585f6eb6a9e8760ab07a76ea5e5c4d0b55631ed86d393e345594242e939e
2d3cc3817bb723114711b1c8fbe55a1c52d6dc2b858e1e3aec427845fae4181a
2fd8f852b0cc7f021bcc7ad1ad3e868b1e9e7934790725ac42720ce42e590915
30c33ccc7f53be5fdfcc773605a1812855e023ba0ba30acc6a129123788b78dc
31625bc45e5bb23e03a2946d9cfffd15661b603a7c1a5d22bfb6ed503735b1fe
342bd815927cfd9b3498a1998e8ac768d76c13ee7fb13f2c05a3dd7f7ef7cc3a
3627daa1cd7b219aeeb56450d73bbf7fe0bbe363ab8c3a28879dd687b4af20b4
369ab28880fd9a6db78f62108a7edaa49a729f16b73a5e9073b102c755448ef6
395f1bb5a6f5f9ca91043b0d1f3520e7ca6a540d16baf1ca32eb98e270f0dabb
397d07fbfb19b6ac538d7b8bcdf5ebf7be881c9f9ad3982278d9d4f3a02c160b
3a3b7012374f26af694a5ab8b23b7f3fc202c36bc22a33000a7bb7187e9e6577
3a81ad9bc69582468671824f1bd4b9e3c3c82ce201480394e47b04a534cb7094
3a9b1aaf047d7ab5119bb338a86bee9788c4e79392d4abb12408d62bec6e86fb
3b5aa428cefbf6e005cdfd186f0fb3422a8810e9ef21af9f37a97ec2ee70da54
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
3def2fdee0e6288ea076c7c2d0db897efec9762062cfb7a52b0d4087eeb212eb
3e27833ceccc8ba3f9aeb85e887d1c2f1f8bc08358cf3c9e4fb170efa843f3e7
3fab1c883847e4b5a02f3749a9f4d9eab15cd4765873d3b2904a1a4c8755fba3
41c3f798bdde59c64755a4c33767a0e71b52dd39c21f4ab89fd12634582f3bed
433fb5a9934811099ea8158aa37244f52e86495cd0ce8a43dbdea8e1f2073900
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
47ab2c68d4d2a483c9acca1adfa39a747e60d90ebc2d4a20e286f4395f5b155d
4d0132345b2e6c83642e43779f851d7b43703705f147c3ccc186eb77b21caedf
4d2a3a7f363ae1f7490b3e16a914e937e59a2ae422822f74d952addd986b96d9
4db400704c5e6440fb901e922d96042278d754a254491f1f23b81167a6251c88
5289840c115a8725f816552aae25f03c928c019256a7547a9f8652a19f05ceba
52a51ec8c008b080e8417ddb122ac4a5e58a547b5eaf0a6a40fd6865ec66fc0c
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5529960538c68ee9fae25260035ba2191ea3141953179b00be4efdb47595d1f2
57620b3bf3745b0e870b6e5bc7310d98fb1f5d5f94e875782177f660e01e5d9c
57b1913f4babd59ab97fd3ed90555dae5d1d17a37f841b49e0a3782441d82bc1
5876d235b697479a9e5f476a33115aea1ddc21fd4b4740dd7180398c6224fdba
5b0454427cef5e4c09cad48c5b421f4d23d9a0689f4519f17956af263bf77d3b
5e0beae4c0b13239ff1eac7a07bce99525350d08fcef21eb5ae893a4dd046d7f
5e4a8318d1cc410dbb2beaa0c3480335b5a71cd67728c97288ad619e34169058
67a99837e80451fd25c1abdf9c96a984bf2aff964034155311361e47213f748b
69070c1ea5fb699759e671e04096910961b0b075dd7269d141f705f0d79d6202
6a5693863292de1aabc2597093412dc77fae1e5429488ce7284ec62b242ed65e
6b14ea5fc64171a1b09271b769c1f0e13315a7cb42713a2726d84d66b4e328f4
6e27d24679a84d9b357bb173b8d948edc46d0203ab7a9235b6eb1456b640108f
6f7260d870f1d1a75db8699e7b2eaf1aa44c0d684923054743aeee5acab76098
6f97ee68083451c794a83efdfd582e6ffe162297447796ccdef240197f51ea92
752c7139c09399f8cddbab1d71aeb083524c9b8c03bd2e4b90a966f5a2bdc763
7595f7c4287157b8d4c95ae6a5d06d4ecfc601dbb89b36f92647d7b38be0f7be
78d980bf90414a62a5ca55b43346fb5841c5b029c9eedbc33fd26ed01be6da05
794726d8c8a0537a40788be73391b64e6ba84d8b3e9d1e4a477967fe9a8fb7b3
7b86d506062bf09d8db4e081fbf442b773929e5c13a70f415243e12185f37767
7ed6ac2c5472d79591246ec8c4d39d2cdbe387f8a7c481b05e5a5c95d53d1dd6
81ab8dfb5ecffa4d5b35f87a6e1d8ebdd5b62563ae1fc26d4c72fd176f3c394a
82bbf4a0f25757d1c9b9f18672eabf510965e4873e9d989a407823eac0d99259
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8cb21d6f49f567954188672affc56e8c990312e15f67bebd7bc2db6bbcb5e71e
9298a280eda6b54290d3c69fda3ae7da0cec1a0169d01d4e5944af63d68939d5
98e95df00ab367cf63b030e659820f5d41522379bb40bc380c777ac4d4e74f1a
9c4592519a4cfc8940c9f97d6e2474547e5727f21672bc4f6207f96bb9d43211
9c9430c197476f80275443261f9c704c4fa44209e1a73a70acc5432df543c7f0
9cb61d1b77963810d54c18b32a133870a6094c5e5afa82da0684575dad823099
9ceb17a3e74404c6d5c9243858774edc3ebee27e3e7104588e158555bfb63aec
a1b97ac62d170be75ae5f6170b615ef51342406701d7d425752eae997dbb14f2
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a20e7e269dcfd108ca39cc2bab41e0d7620b039b623b19ed4d7c3c22186b6cd0
a24ddd4945c0e8db5ac7beb2d48a647fc808ec25d63dd5376fc442cb91f60061
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
a504d2cc281ce055778d3a9bd8f5532ace4f57b66c3c92fb117589494297cb67
a9e460758dbcc0782220f053b3c7962542e8ce5e8acfb2cf0648a601ed0591bc
af3448cd96702455db358ac221e082df9ffb5f43bb3c69df18b9ae2fe4a552b5
b4ecdae580ac9b63ce24ec2652da1afcc570d8599b0f3c9725ca070b6a839492
b5d7707ea8fc00aae40bf500ac7498d7f32f6b1bbff7b4fde976a40345eb5f9d
b98760d7e5051e8f96a6e05873aabf360e26f9569b68f50f8444055c993748a2
bcf5ca1256b444bb0c6f30c83a6b56833fea661c7ebaa04e66b245cf8e3c2aef
bd999047408eaf20ae15ab916d344330d118fa72b0703fa1784deb648d36bb7a
c084b47104c493fb377b6d35d8c08df67d773f6dcf8294c0a7360710cd8cacbd
c22c981024f4eee7d3fe84d0b54a199922ad14098e74c8fa17145397d9775d4a
c94a7abd974c79856c19536bcc51acbfd28c72d8027980e5a46fede8f0064481
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
ca7f924d2bb604fd5371fc081b61a9766d7fdf256c872f3cba64aaaa9c77861b
cbbd42bb1d88693e6805bd9d676840424af5ecf3e13d874fd06e6b57d53d8d40
d88befa93ef8a34b8c3d133d93ec7c61c2a0277552daaf7366991d5f3749f3f4
e01dca01dd1f8a6924b26f9e1ccde56945207919728b05aef7689583d3e564e4
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4ac9b53333ae44a1ec507077fbbdcf808167f547462ff431063878610623c37
e580c8dd11c99f0c0cd192eae38111da3b261a0716afacb231ee5ead5f1aac69
e65dc322def14c639a0f2d16646c6cb09a778902a1f038f34f0d0bd8b9b12e96
e7b27976d3b20eba5a02765e242caa7a742e09c14150cf014efece591c8b3909
eb9f5c6e7887dbc763d63af2d1dffc086d71210b2501abf22768310d7d3db092
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f06f385a44ba7d250bda26122e46d98a045b6790ed72210d3f2593c751afea8b
f5f821484c258ecf7aed8e599916c657bbf4245ae44cb5bec4dc287497bd674b
f7de8a302ba63e8067adeb89eb0e53327b17996ce20d2026466f681c83394002
f8546a45f06f0624a1b42786b6d5cbe3b4eaafdeb805f8b361dea53f03b20591
fa5936e1d4063bf0c97f3fa0a5ea55b8a36de857c638fb8497510d2ba4396f8e
fbf63674053e3b35a34473fc7568df63730cb5e71f7e81aa8432e75374c758a3