www.huntress.com Open in urlscan Pro
2606:2c40::c73c:671c Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Submission: On June 03 via manual (June 3rd 2022, 12:52:38 am UTC) from JP — Scanned from JP

Summary HTTP 86 Redirects Links 25 Behaviour Indicators

Summary

This website contacted 33 IPs in 5 countries across 25 domains to perform 86 HTTP transactions. The main IP is 2606:2c40::c73c:671c, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is www.huntress.com. The Cisco Umbrella rank of the primary domain is 940059.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on December 21st 2021. Valid for: a year.

This is the only time www.huntress.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
30	2606:2c40::c7... 2606:2c40::c73c:671c	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
2	2001:4de0:ac1... 2001:4de0:ac18::1:a:1b	20446 (STACKPATH...) (STACKPATH-CDN)
1	2606:2800:247... 2606:2800:247:5d5f:ace7:192d:5a4b:d3b8	15133 (EDGECAST) (EDGECAST)
1	2606:4700::68... 2606:4700::6811:f2cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2606:4700::68... 2606:4700::6813:9b53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	23.45.60.123 23.45.60.123	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:5714	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	99.84.128.100 99.84.128.100	16509 (AMAZON-02) (AMAZON-02)
4	34.96.102.137 34.96.102.137	15169 (GOOGLE) (GOOGLE)
2	2606:4700:440... 2606:4700:4400::ac40:9ad8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	23.44.53.234 23.44.53.234	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	143.204.126.66 143.204.126.66	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f00... 2a03:2880:f00f:8:face:b00c:0:1	32934 (FACEBOOK) (FACEBOOK)
2	151.101.108.157 151.101.108.157	54113 (FASTLY) (FASTLY)
3	2606:4700:440... 2606:4700:4400::ac40:9a55	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:47b0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:e6cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:70b0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:83ab	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	3.219.15.230 3.219.15.230	14618 (AMAZON-AES) (AMAZON-AES)
1	2606:4700::68... 2606:4700::6813:9a53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700::68... 2606:4700::6810:5805	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	13.225.159.33 13.225.159.33	16509 (AMAZON-02) (AMAZON-02)
1	13.33.210.76 13.33.210.76	16509 (AMAZON-02) (AMAZON-02)
1	52.19.160.254 52.19.160.254	16509 (AMAZON-02) (AMAZON-02)
1	2404:6800:400... 2404:6800:4004:825::200a	15169 (GOOGLE) (GOOGLE)
1	104.244.42.72 104.244.42.72	13414 (TWITTER) (TWITTER)
2	2606:4700::68... 2606:4700::6810:5605	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	13.32.50.92 13.32.50.92	16509 (AMAZON-02) (AMAZON-02)
2	99.84.142.31 99.84.142.31	16509 (AMAZON-02) (AMAZON-02)
1	34.240.97.48 34.240.97.48	16509 (AMAZON-02) (AMAZON-02)
86	33

30 2606:2c40::c73c:671c (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

www.huntress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4de0:ac18::1:a:1b (Netherlands)

ASN20446 (STACKPATH-CDN, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:247:5d5f:ace7:192d:5a4b:d3b8 (United States)

ASN15133 (EDGECAST, US)

platform.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:f2cc (United States)

ASN13335 (CLOUDFLARENET, US)

cdn2.hubspot.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6813:9b53 (United States)

ASN13335 (CLOUDFLARENET, US)

no-cache.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.45.60.123 (Tokyo, Japan)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-45-60-123.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
v1.addthisedge.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
m.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5714 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 99.84.128.100 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-128-100.nrt57.r.cloudfront.net

static.userback.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.96.102.137 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 137.102.96.34.bc.googleusercontent.com

dev.visualwebsiteoptimizer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:4400::ac40:9ad8 (United States)

ASN13335 (CLOUDFLARENET, US)

3911692.fs1.hubspotusercontent-na1.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.44.53.234 (Tokyo, Japan)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-44-53-234.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.126.66 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-126-66.nrt20.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f00f:8:face:b00c:0:1 (Tokyo, Japan)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.108.157 (Tokyo, Japan)

ASN54113 (FASTLY, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:4400::ac40:9a55 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:47b0 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:e6cc (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsleadflows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:70b0 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:83ab (United States)

ASN13335 (CLOUDFLARENET, US)

js.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.219.15.230 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-219-15-230.compute-1.amazonaws.com

api.userback.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6813:9a53 (United States)

ASN13335 (CLOUDFLARENET, US)

forms.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:5805 (United States)

ASN13335 (CLOUDFLARENET, US)

perf.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.159.33 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-159-33.nrt12.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.33.210.76 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-210-76.nrt57.r.cloudfront.net

vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.19.160.254 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-19-160-254.eu-west-1.compute.amazonaws.com

in.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2404:6800:4004:825::200a (Australia)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.72 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:5605 (United States)

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
perf.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.32.50.92 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-50-92.nrt57.r.cloudfront.net

beacon-v2.helpscout.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 99.84.142.31 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-142-31.nrt57.r.cloudfront.net

d3hb14vkzrxvla.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.240.97.48 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-240-97-48.eu-west-1.compute.amazonaws.com

ws2.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
30	huntress.com www.huntress.com — Cisco Umbrella Rank: 940059	2 MB
7	hubspot.com no-cache.hubspot.com — Cisco Umbrella Rank: 10045 app.hubspot.com — Cisco Umbrella Rank: 5898 cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 10595 forms.hubspot.com — Cisco Umbrella Rank: 3005 track.hubspot.com — Cisco Umbrella Rank: 2049	7 KB
5	hsforms.com perf.hsforms.com — Cisco Umbrella Rank: 8836 forms.hsforms.com — Cisco Umbrella Rank: 4421	2 KB
5	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 584 script.hotjar.com — Cisco Umbrella Rank: 713 vars.hotjar.com — Cisco Umbrella Rank: 832 in.hotjar.com — Cisco Umbrella Rank: 1585 ws2.hotjar.com — Cisco Umbrella Rank: 50935	68 KB
4	visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com — Cisco Umbrella Rank: 4989	50 KB
3	helpscout.net beacon-v2.helpscout.net — Cisco Umbrella Rank: 10418	33 KB
3	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 1967	16 KB
3	twitter.com platform.twitter.com — Cisco Umbrella Rank: 643 syndication.twitter.com — Cisco Umbrella Rank: 881	133 KB
3	userback.io static.userback.io — Cisco Umbrella Rank: 87414 api.userback.io — Cisco Umbrella Rank: 85707	150 KB
3	addthis.com s7.addthis.com — Cisco Umbrella Rank: 1401 m.addthis.com — Cisco Umbrella Rank: 1364	141 KB
2	cloudfront.net d3hb14vkzrxvla.cloudfront.net	819 B
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 144	85 KB
2	hubspotusercontent-na1.net 3911692.fs1.hubspotusercontent-na1.net	61 KB
2	jquery.com code.jquery.com — Cisco Umbrella Rank: 624	35 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 42	1 KB
1	addthisedge.com v1.addthisedge.com — Cisco Umbrella Rank: 1603	207 B
1	hscollectedforms.net js.hscollectedforms.net — Cisco Umbrella Rank: 4882	25 KB
1	hsadspixel.net js.hsadspixel.net — Cisco Umbrella Rank: 3011	3 KB
1	hsleadflows.net js.hsleadflows.net — Cisco Umbrella Rank: 3970	88 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 1960	20 KB
1	moatads.com z.moatads.com — Cisco Umbrella Rank: 341	1 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 419	2 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 206	16 KB
1	hubspot.net cdn2.hubspot.net — Cisco Umbrella Rank: 6870	2 KB
1	linkedin.com platform.linkedin.com — Cisco Umbrella Rank: 3007	159 KB
86	25

	Domain	Requested by
30	www.huntress.com	www.huntress.com
4	dev.visualwebsiteoptimizer.com	www.huntress.com dev.visualwebsiteoptimizer.com
3	track.hubspot.com
3	beacon-v2.helpscout.net	www.huntress.com beacon-v2.helpscout.net
3	perf.hsforms.com	www.huntress.com
3	js.hs-banner.com	www.huntress.com js.hs-banner.com
2	d3hb14vkzrxvla.cloudfront.net	beacon-v2.helpscout.net
2	forms.hsforms.com	www.huntress.com
2	platform.twitter.com	www.huntress.com platform.twitter.com
2	connect.facebook.net	www.huntress.com connect.facebook.net
2	3911692.fs1.hubspotusercontent-na1.net	www.huntress.com
2	static.userback.io	www.huntress.com static.userback.io
2	s7.addthis.com	www.huntress.com s7.addthis.com
2	code.jquery.com	www.huntress.com
1	ws2.hotjar.com	script.hotjar.com
1	syndication.twitter.com	platform.twitter.com
1	fonts.googleapis.com	static.userback.io
1	in.hotjar.com	script.hotjar.com
1	vars.hotjar.com	static.hotjar.com
1	script.hotjar.com	static.hotjar.com
1	forms.hubspot.com	js.hscollectedforms.net
1	cta-service-cms2.hubspot.com	www.huntress.com
1	m.addthis.com	s7.addthis.com
1	v1.addthisedge.com	s7.addthis.com
1	api.userback.io	static.userback.io
1	app.hubspot.com	www.huntress.com
1	js.hscollectedforms.net	www.huntress.com
1	js.hsadspixel.net	www.huntress.com
1	js.hsleadflows.net	www.huntress.com
1	js.hs-analytics.net	www.huntress.com
1	static.hotjar.com	www.huntress.com
1	z.moatads.com	s7.addthis.com
1	cdn.jsdelivr.net	www.huntress.com
1	cdnjs.cloudflare.com	www.huntress.com
1	no-cache.hubspot.com	www.huntress.com
1	cdn2.hubspot.net	www.huntress.com
1	platform.linkedin.com	www.huntress.com
86	37

This site contains links to these domains. Also see Links.

Domain
huntress.io
support.huntress.io
msrc-blog.microsoft.com
msrc.microsoft.com
twitter.com
app.any.run
billdemirkapi.me
benjamin-altpeter.de
gist.github.com
docs.microsoft.com
cyberdrain.com
doublepulsar.com
www.reddit.com
www.linkedin.com
www.facebook.com
www.youtube.com
www.bizratings.com

Subject Issuer	Validity	Valid
www.huntress.com Cloudflare Inc ECC CA-3	`2021-12-21` - `2022-12-21`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2021-07-14` - `2022-08-14`	a year	crt.sh
platform.linkedin.com DigiCert SHA2 Secure Server CA	`2021-09-10` - `2022-09-10`	a year	crt.sh
hubspot.net Cloudflare Inc ECC CA-3	`2022-05-06` - `2023-05-06`	a year	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2022-03-08` - `2023-03-07`	a year	crt.sh
odc-addthis-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2022-02-27` - `2023-02-28`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-09-21` - `2022-09-20`	a year	crt.sh
*.userback.io Amazon	`2021-09-24` - `2022-10-23`	a year	crt.sh
*.visualwebsiteoptimizer.com Starfield Secure Certificate Authority - G2	`2020-06-19` - `2022-07-06`	2 years	crt.sh
hubspotusercontent-na1.net Cloudflare Inc ECC CA-3	`2022-02-24` - `2023-02-23`	a year	crt.sh
moatads.com DigiCert SHA2 Secure Server CA	`2021-11-27` - `2022-11-29`	a year	crt.sh
*.hotjar.com Amazon	`2021-11-25` - `2022-12-23`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-03-12` - `2022-06-10`	3 months	crt.sh
platform.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-29` - `2022-07-29`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-05-09` - `2022-08-01`	3 months	crt.sh
syndication.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2022-01-24` - `2023-01-23`	a year	crt.sh
*.helpscout.net Amazon	`2022-04-18` - `2023-05-16`	a year	crt.sh
*.cloudfront.net Amazon	`2022-02-01` - `2023-01-31`	a year	crt.sh

This page contains 5 frames:

Primary Page: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Frame ID: 509F000D6E33D59D51197053592E6A3A
Requests: 79 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: 10F3A721E3F35F9A2C9DF9124B561B49
Requests: 1 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: 1A2E37F67319FA42E097264561282CEA
Requests: 1 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-63c3a81830bf549dafe40b369003f751.html
Frame ID: 379367E3DC2051D40B35B55536A3AE72
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.d7fc2fc075c61f6fa34d79a0cbbf1e34.html?origin=https%3A%2F%2Fwww.huntress.com
Frame ID: E361CF650E41337903FA86B8AF6F4171
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Rapid Response: Microsoft Office RCE - “Follina” MSDT Attack

Detected technologies

AMP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

<link rel="amphtml"

AddThis (Widgets) Expand

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.linkedin\.com/in\.js

Moat (Analytics) Expand

Overall confidence: 100%
Detected patterns

moatads\.com

Polyfill (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/polyfill\.min\.js

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

86
Requests

99 %
HTTPS

56 %
IPv6

25
Domains

37
Subdomains

33
IPs

5
Countries

3113 kB
Transfer

6592 kB
Size

21
Cookies

25 Outgoing links

These are links going to different origins than the main page.

URL: https://huntress.io/
Title: Partner Login

Search URL Search Domain Scan URL

URL: https://support.huntress.io/
Title: Support Documentation

Search URL Search Domain Scan URL

URL: https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/
Title: https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/

Search URL Search Domain Scan URL

URL: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30190
Title: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30190

Search URL Search Domain Scan URL

URL: https://twitter.com/nao_sec/status/1530196847679401984
Title: first shared by @nao_sec

Search URL Search Domain Scan URL

URL: https://app.any.run/tasks/713f05d2-fe78-4b9d-a744-f7c133e3fafb/
Title: ANY.RUN’s dynamic analysis

Search URL Search Domain Scan URL

URL: https://twitter.com/_JohnHammond/status/1531125503725289472
Title: served a benign payload that would display a message

Search URL Search Domain Scan URL

URL: https://twitter.com/buffaloverflow/status/1531168929925713923
Title: Rich Warren shared

Search URL Search Domain Scan URL

URL: https://billdemirkapi.me/unpacking-cve-2021-40444-microsoft-office-rce/
Title: a blog from Bill Demirkapi

Search URL Search Domain Scan URL

URL: https://twitter.com/_JohnHammond/status/1531170265039781888
Title: any files with fewer than 4096 bytes would not invoke the payload

Search URL Search Domain Scan URL

URL: https://twitter.com/KyleHanslovan/status/1531138449536958465
Title: just the Preview Pane within Windows Explorer

Search URL Search Domain Scan URL

URL: https://benjamin-altpeter.de/shell-openexternal-dangers/
Title: other methods to take advantage of MSDT

Search URL Search Domain Scan URL

URL: https://twitter.com/KyleHanslovan/status/1531114931973767168
Title: its subsequent payload processes

Search URL Search Domain Scan URL

URL: https://gist.github.com/matthewB-huntress/14ab9d309f25a05fc9305a8e7f351089
Title: here

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction?view=o365-worldwide
Title: Attack Surface Reduction

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-worldwide#block-all-office-applications-from-creating-child-processes
Title: Block all Office applications from creating child processes

Search URL Search Domain Scan URL

URL: https://twitter.com/DidierStevens/status/1531033449561264128
Title: remove the file type association for ms-msdt (can be done in Windows Registry HKCR:\ms-msdt or with

Search URL Search Domain Scan URL

URL: https://cyberdrain.com/automating-with-powershell-enable-m365-activity-based-time-out-office-code-execution-fix/
Title: Kelvin Tegelaar’s PowerShell snippet

Search URL Search Domain Scan URL

URL: https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e
Title: Kevin Beaumont’s Blog & Analysis

Search URL Search Domain Scan URL

URL: https://www.reddit.com/r/msp/comments/v0tuvs/ms_office_vuln_polite_warning_about_nearterm/
Title: r/MSP Reddit Community Discussion

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/huntress-labs/

Search URL Search Domain Scan URL

URL: https://twitter.com/huntresslabs

Search URL Search Domain Scan URL

URL: https://www.facebook.com/huntresslabs

Search URL Search Domain Scan URL

URL: https://www.youtube.com/c/Huntress/featured

Search URL Search Domain Scan URL

URL: https://www.bizratings.com/Huntress-Labs-Incorporated

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

86 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request microsoft-office-remote-code-execution-follina-msdt-bug Show response
www.huntress.com/blog/ 124 KB
26 KB 287ms
36ms Document
text/html 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / HubSpot

Resource Hash

d17f3dbf0b86f2099247c1d96e21b11e159db2d76f754218b24519cf918bf7c2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: jp-JP,jp;q=0.9

Response headers

cache-control: s-maxage=14400, max-age=0
cf-ray: 71547247dfaf0ac8-NRT
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Fri, 03 Jun 2022 00:52:30 GMT
edge-cache-tag: CT-41801818451,CT-51600661298,CT-57916149348,CT-74847633462,CG-39343107504,P-3911692,L-37647219354,L-38940492861,L-39910029162,W-38387675447,W-38395296852,W-38397117900,CW-37647184939,CW-37647184945,CW-37647219358,CW-37648091485,CW-37648262592,CW-72308060713,E-37640723000,E-37647164007,E-37647184944,E-67886983812,MENU-38387675447,MENU-38395296852,MENU-38397117900,PGS-ALL,SW-4,GC-38395296829,GC-40541068411
etag: W/"e71fdf895a8715a7106a3f1eb9e2b1b0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
last-modified: Wed, 01 Jun 2022 23:31:49 GMT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer-when-downgrade
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tXtBDzxCYMRAfgwUa%2FqG5g2Uo9aMH2hsG4JWiEQfhyoEsxL3BQSdeo5DWJ6inVdIxASHngJxP7rRVzkWbvTZCBmiddFae1ezMZ6Fc34gwA9PBTAGP%2FgmqFUM%2FaPHCpDAl0Vq7XQjZybJGQmjBDo%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-hs-cache-config: BrowserCache-5s-EdgeCache-180s
x-hs-cache-control: s-maxage=14400, max-age=0
x-hs-cf-cache-status: HIT
x-hs-combine-css: Disabled
x-hs-content-id: 74847633462
x-hs-hub-id: 3911692
x-hs-prerendered: Wed, 01 Jun 2022 23:31:49 GMT
x-powered-by: HubSpot

GET
H2 200 module_37647219358_POWER_Blog_Post_Header.min.css
www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/37647219358/1639032908209/ 74 B
664 B 361ms
361ms Stylesheet
text/css 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/37647219358/1639032908209/module_37647219358_POWER_Blog_Post_Header.min.css
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 24846a3f194b09919bf75cec2a1d012653257442cea9342c648d618c8bddd844

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1639032908209
date: Fri, 03 Jun 2022 00:52:30 GMT
via: 1.1 3d65275b81abaf880be10de6f2c71e9a.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-P1
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
content-encoding: br
x-amz-request-id: EP4NQ26A976RCWHF
x-amz-id-2: lkX0smG6nWTK23FfCQStVQPt3PlJS1pKpD7KXeUaJoBZ6WOrKh7QHXPA+yKLm8VF5KnNE16e9jo=
last-modified: Thu, 09 Dec 2021 06:55:09 GMT
server: cloudflare
etag: W/"69dec35879b2f3061c26e9b58f93b109"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BZKBq1JmUIeWgAvuRaPmWcMaN66QzdUt6KynZUacN%2FB6ncL%2BmucwVqaVozEdbRrWMo1vIZEFfd3vFvKx5lCha1CncSvM48mreVB05TJZdB5k6CzkBn5IK4Iep18ywz%2F8jIhV98njLdxOSfNFZR8%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: 49upZA48BAIxdOk80QHxcPVW7u781vZq
cf-ray: 715472482fec0ac8-NRT
x-amz-cf-id: dawD7ipQAmukqLXr2S0e_mp7hmtxXMgo2lrZ3mZi3tE61je0Ovz5Qg==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 module_37648262592_POWER_Blog_Post.min.css
www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/37648262592/1649228115024/ 2 KB
1 KB 338ms
336ms Stylesheet
text/css 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/37648262592/1649228115024/module_37648262592_POWER_Blog_Post.min.css
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6a69ee8c3372833b418bb6364b4b3b746900c95bd077be380e9ba121c0f9f1e1

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1649228115024
date: Fri, 03 Jun 2022 00:52:30 GMT
via: 1.1 349b149961d8d2361c29d4be4b5847f2.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-P1
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
content-encoding: br
x-amz-request-id: 7DCGKX1E9ZHXWF3Z
x-amz-id-2: z2vjObNTAWXhxwhp8snsxhzZsjhigZ9H0SEDw9/KONaUcEUyy8D9v8iTb+qN0bbo6JNTtvJpLJ0=
last-modified: Wed, 06 Apr 2022 06:55:16 GMT
server: cloudflare
etag: W/"5321b460677f8b367503f906b9614ac2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qeOR9lUXX5zEhEr3HpqnZP9o0mvb2WH18Wp6DLdVCgC4Amrge8TaQW3aiBQjk9nby4Kx3rtD15uSFMXp0Ci4w47CenCMv5GcbZHLOwSllQyYP4GlLNwF7tmRKquvihpDS9ZQ7BNL6eIAcZiVsrc%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: CprVW4MoarJlPQi.GVmQbPXM8vYg97WA
cf-ray: 715472483fed0ac8-NRT
x-amz-cf-id: T1OPNtPmBNhGMnPCowRucewuD1Cr8K7zbjqeZoJ2Fd10ZsITgnJy0Q==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 module_72308060713_Blog_Related_post.min.css
www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/72308060713/1652340455542/ 991 B
1 KB 29ms
28ms Stylesheet
text/css 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/72308060713/1652340455542/module_72308060713_Blog_Related_post.min.css
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1f636be67ca5dd2c876b52162f64c68999ec15ac9542a0707082fc1bdb35b726

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1652340455542
date: Fri, 03 Jun 2022 00:52:30 GMT
via: 1.1 92ed8a6103fa735c31caf49b92d4efb6.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1299
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
content-encoding: br
x-amz-request-id: 889YWVNMTWRNXGMT
x-amz-id-2: cmAjqaofp+PfyqO5p6/20jmpwwepwr7D693hpLxtPPhwizizMy4tRGpfs2ayrjwygu4wjaNwxNg=
last-modified: Thu, 12 May 2022 07:27:36 GMT
server: cloudflare
etag: W/"5933fe28c88a2d1cd57bda0181962919"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7NewNT%2F%2FGMZW4Y33BLWZEcrskyLMIYhTr5hjdaTxGxfjXRHUzeOmcWrNE2DeKrRLnZLa%2BTIN%2B39Xh7cNMhTSxN2I%2B4QoX8SpNO%2FDuPEfSN2b66sr48tqjz8dXHXUGA2y1KonZi9Bylx59d9OpdI%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: De1.HUGpQL6_Cf4wDHFopVGIKnHhYjJp
x-amz-cf-pop: IAD89-P2
cf-ray: 715472483fee0ac8-NRT
x-amz-cf-id: wpB-Y9ztH4ddn2ZRY9v3gGKP5ITxfQn-ufAWc54Q6Mllo3fSz0_nag==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 module_37648091485_POWER_Footer_Full.min.css
www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/37648091485/1641794761457/ 162 B
749 B 24ms
23ms Stylesheet
text/css 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/37648091485/1641794761457/module_37648091485_POWER_Footer_Full.min.css
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 63be16a13fa3622f6851b62878300d9826ad06ab20d7ea95910f8c9727b8fe1d

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1641794761457
date: Fri, 03 Jun 2022 00:52:30 GMT
via: 1.1 920629f47fa586ce02a1a1af8b626578.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 528
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
content-encoding: br
x-amz-request-id: MQ7SSHFD0PE9B6DY
x-amz-id-2: qq6jKWn/5tXuj98kDLlU9eOnUUtB7EDxCPXF9QQ0gCsLzOKlouS53+VmveeokENcFMgDtcGUf7w=
last-modified: Mon, 10 Jan 2022 06:06:02 GMT
server: cloudflare
etag: W/"acca7405b94b9bccf54bb7cb32501b72"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VKmhXYHcI5T%2FYs2l4zwL62NfFzTdLA8FlAZl1lvy3MlbzxahTG%2BM6DLNWr%2BYVdHD44%2F0jathb0i5GOKmuh0S%2Fspcu9ZMYVnSo5ojlgZegILhxY6%2F30pXqxwy5iFyF9t6RGsI3bMTZWuu2WsZ%2Fv0%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: 8k.8rvhdgUP.uHixoMh9cgTMERm0Cev5
x-amz-cf-pop: IAD89-P1
cf-ray: 715472483fef0ac8-NRT
x-amz-cf-id: uXRGG_TzrESCcU2L6UGOCQ2vP5XgYYPV5Xbh34eZxJTp9PZw6efFtQ==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 jquery-3.6.0.min.js Show response
code.jquery.com/ 87 KB
30 KB 342ms
109ms Script
application/javascript 2001:4de0:ac18::1:a:1b
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.6.0.min.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:1b , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: nginx /
Resource Hash: ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Origin: https://www.huntress.com
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Fri, 03 Jun 2022 00:52:30 GMT
content-encoding: gzip
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
server: nginx
etag: W/"611feac9-15d9d"
vary: Accept-Encoding
x-hw: 1654217550.dop207.sj3.t,1654217550.cds206.sj3.hn,1654217550.cds046.sj3.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30875

GET
H2 200 jquery-migrate-3.3.2.min.js Show response
code.jquery.com/ 11 KB
4 KB 473ms
240ms Script
application/javascript 2001:4de0:ac18::1:a:1b
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-migrate-3.3.2.min.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:1b , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: nginx /
Resource Hash: 029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Request headers

Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Origin: https://www.huntress.com
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Fri, 03 Jun 2022 00:52:30 GMT
content-encoding: gzip
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
server: nginx
etag: W/"611feac9-2bd8"
vary: Accept-Encoding
x-hw: 1654217550.dop207.sj3.t,1654217550.cds206.sj3.hn,1654217550.cds209.sj3.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 4165

GET
H2 200 in.js Show response
platform.linkedin.com/ 507 KB
159 KB 199ms
6ms Script
text/javascript 2606:2800:247:5d5f:ace7:192d:5a4b:d3b8
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.linkedin.com/in.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:247:5d5f:ace7:192d:5a4b:d3b8 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (tka/89D7) /
Resource Hash: 993599eac3e65b09a6fac3bd33ebabdc83fed0cf845bbfceeedcbf931e0698e1

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Fri, 03 Jun 2022 00:52:30 GMT
content-encoding: gzip
x-cdn-client-ip-version: IPV6
x-cdn: ECST
age: 1182
x-cache: HIT
x-cdn-proto: HTTP2
content-length: 162501
x-li-uuid: AAXggEMIbSaqxadzkcaw4g==
server: ECAcc (tka/89D7)
last-modified: Fri, 03 Jun 2022 00:32:48 GMT
x-li-pop: prod-ltx1-x
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
accept-ranges: bytes
x-li-proto: http/1.1
x-li-fabric: prod-ltx1
expires: Fri, 3 Jun 2022 01:32:48 GMT

GET
H2 200 layout.min.css
cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1654103064229/hubspot/hubspot_default/shared/responsive/ 5 KB
2 KB 36ms
22ms Stylesheet
text/css 2606:4700::6811:f2cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1654103064229/hubspot/hubspot_default/shared/responsive/layout.min.css
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f2cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 77f9c86a7751fed6c3160467a7633bc8b88149a2a4b4aec240c63559f37ea78c

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1654103065198
date: Fri, 03 Jun 2022 00:52:30 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 114451
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wMdTFTorSDVYPt9uetoAJO5LqwaYtA9WEEgSMEjpSZqERw8gQZyLKgkYFfT%2BTk6C2rWVywF9NORdHdy8cIcRdkPch3MNHDPzPrzemn%2BCB6iUtg6lL0TqudiExSgwQiTnMSa8mroE1Pnow%2BhVBtQ%3D"}],"group":"cf-nel","max_age":604800}
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
last-modified: Wed, 01 Jun 2022 17:04:26 GMT
server: cloudflare
etag: W/"20ff0791aedba8315495ccbc59ae5e3e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-cf-pop: IAD89-P2
cf-ray: 7154724848348083-NRT
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 pwr.min.css
www.huntress.com/hs-fs/hub/3911692/hub_generated/template_assets/37640723000/1653281052125/HL_Theme_2021/Coded_Files/ 249 KB
42 KB 372ms
372ms Stylesheet
text/css 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.huntress.com/hs-fs/hub/3911692/hub_generated/template_assets/37640723000/1653281052125/HL_Theme_2021/Coded_Files/pwr.min.css
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 96af1198e5efb6aaa0cc4a654068b4095799d36a1ccdce8f9f6b35d1234e3064

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1653281052853
date: Fri, 03 Jun 2022 00:52:30 GMT
via: 1.1 8c1cde7cef0a6f5dc839234d2bb2bca4.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-P1
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
content-encoding: br
x-amz-request-id: 84DDT88AHS00RPZ9
x-amz-id-2: v3RiblduCbyufbiWrQ4zZSKfPJ9od6c8PnXz6nk3leBbg/ZDdyOunxCZINWdx1sU6lyQTlvM0VI=
last-modified: Mon, 23 May 2022 04:44:13 GMT
server: cloudflare
etag: W/"4a04b3d5c7ad6ca79e2e14ece1119e7f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2VgSz%2B0kSsfT7WDvU2pbv0N1kj%2FPuVqyAAYUm1sIHvzmMcPFYNxb3mPLyNI14Vf7sYnj9NeDLaS2y6eWs3x7elMgcw7%2F42WdMU19nJH4%2B5m49C0F26f3GARCYox7NGbUzbyBtuG9jfGc2pSn8Tw%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: _VM9zrJgidR.qBg6qO.jzyhuCXKU9Egp
cf-ray: 715472483ff10ac8-NRT
x-amz-cf-id: -Otw-g-kdPGJ4NjpjsFK01kplw0Ou8mz9OYhHg2Rl69eKJvKoxm1sw==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 custom-styles.min.css
www.huntress.com/hs-fs/hub/3911692/hub_generated/template_assets/37647184944/1652445298503/HL_Theme_2021/Coded_Files/ 5 KB
2 KB 21ms
20ms Stylesheet
text/css 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.huntress.com/hs-fs/hub/3911692/hub_generated/template_assets/37647184944/1652445298503/HL_Theme_2021/Coded_Files/custom-styles.min.css
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4adb21f3fb8f2c89998efab4262933ba3eedf06ca49473157002193cf21a1c78

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1652445298563
date: Fri, 03 Jun 2022 00:52:30 GMT
via: 1.1 1b6db55df4d0459558669f7d008cda9c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1298
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
content-encoding: br
x-amz-request-id: YKWH9D9WAHTPNVP7
x-amz-id-2: Z+OyRnxA5ktn90UjGZnPy97v+gGnJU8qTVTjvMpbOxa+RL47aLQJSXDUnhsKh+SC3x9md4U+QV0=
last-modified: Fri, 13 May 2022 12:34:59 GMT
server: cloudflare
etag: W/"afbac7d16ae2994b2b83e81a3da8adbd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ywrxdn0abhcNuMo9LfjT6TMbj8ii3BX3WsNTySfve8qBZlF0JcYcE9zmWkFewNArrEM1ExatObFXXLX96ajYSXAigGn3mkmB2ENkJWa8qyvx5OXNK5w4WBHwvJ2gnO%2Bc9qdBl%2B8p78scGWPaSQQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: CcViKn8DI_r037oze9i.40t6YCf0i9uZ
x-amz-cf-pop: IAD89-P1
cf-ray: 715472483ff20ac8-NRT
x-amz-cf-id: KN4zj2F80OirDaPX0OIX98N0xiqv3OKhnC2KZMEuUZzsBC7BVMYiNA==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 40e39240-8f28-4247-989e-af913fc5ff6d.png
no-cache.hubspot.com/cta/default/3911692/ 1 KB
2 KB 294ms
278ms Image
image/png 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/3911692/40e39240-8f28-4247-989e-af913fc5ff6d.png

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f7bdf8f9ec125444bedd4c013d5b956636ea5b8407e0b60c991a361f65beab99

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Fri, 03 Jun 2022 00:52:30 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: NNC95V2W8W8ETY4J
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1039
x-amz-id-2: FSar/otT3sfE540Zz7ayeUNMg+UPHqHf9tQ2fX9IspRgo5lXXsTAmsQgP/QV3NzSubJQVCH0xvc=
last-modified: Wed, 21 Jul 2021 14:21:28 GMT
server: cloudflare
etag: "79b5475fbb2abb884386550a797d2e28"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4cUNHPy46KWl0Pcbs6hiVFWMRYbz%2B57NP%2F2VQirsLJN14e9mI7JdOyze4YlgYLuN0DR9VQ26PkUywhQ7Sm0alDcmhmLceJ0cSKYIaGJJwgZn8ajxChdgAWNzurAvxBmnokK2XhF4McS0sIIuEoq4yQRa"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: no-cache, no-store
accept-ranges: bytes
cf-ray: 7154724b6caf8a54-NRT

GET
H2 200 current.js Show response
www.huntress.com/hs/cta/cta/ 16 KB
6 KB 22ms
21ms Script
application/javascript 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/hs/cta/cta/current.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

46b48c2cb2ba7e9deae742d0ee002166e145e11961de0bee3a58fb2cf59ec58d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Fri, 03 Jun 2022 00:52:30 GMT
via: 1.1 7afe17509cf46af31fd4ba3c3d932fa6.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 497
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=cta-embed-js/static-1.79/bundles/current.js&cfRay=7154662824320b9f-IAD
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-encoding: br
cf-ray: 7154724b2a230ac8-NRT
last-modified: Tue, 26 Apr 2022 03:48:51 UTC
server: cloudflare
etag: W/"5987c6bd527810fdff046c43530ff512"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OqzB0C6i5NwQIyYxxrK5iavBQdJeLT0okmtjjMaMeNHLi7eqsoQGZScNkZ6FJ7r19CXsUpG9dlSQRfWSTjA4Nb7YXIxLU7yOPVd4CpipquJPfyPH%2B0NfgFog03RwcCl9SWU73x0LAVBrpdtHE54%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 4c3vhOthrOiBsQHUYobIqea6mR1gtgs.
cache-control: max-age=600
x-hs-cache-status: HIT
x-amz-cf-pop: IAD89-P1
content-type: application/javascript; charset=utf-8
x-amz-cf-id: M3u27JdgUCUH6BAFdFuq9WD7pM_iWkpGdumtOk8a8lM28iRzPMK3Bg==
x-hs-target-asset: cta-embed-js/static-1.79/bundles/current.js

GET
H2 200 Huntress-1.svg
www.huntress.com/hubfs/ 17 KB
14 KB 29ms
28ms Image
image/svg+xml 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.huntress.com/hubfs/Huntress-1.svg
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e5fae83c7b1bc318026072592130f5d8ac977970ad81b79218dd442235a59b6e

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-encoding: br
x-amz-meta-cache-tag: F-39773583794,P-3911692,FLS-ALL
age: 518018
x-amz-server-side-encryption: AES256
edge-cache-tag: F-39773583794,P-3911692,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
x-amz-request-id: WJ3GGKJNKEZV4N8G
etag: W/"5eb7f12b49ec4085bccb33be62bc3fe9"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
x-amz-meta-created-unix-time-millis: 1609832613811
date: Fri, 03 Jun 2022 00:52:30 GMT
via: 1.1 0c04e836dfe22246a870a0f54a2d4746.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: SFO5-P2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-meta-index-tag: all
x-amz-id-2: Dio2l6CapXfSFs1njfK01qt24AHVHgkelLQsbydVONaJMcKfJ4yKOaaaQKM49gua4fe7TmME5C4=
last-modified: Tue, 05 Jan 2021 07:43:34 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FzY%2FxO9%2FKqA%2BRcA1BbqF3igZBVqAnhGmfQdCpUK3CxQ%2FG1ChVavB9MckH%2BC2Yj290Ss7%2BiRJ3rikDi22OlHiRZQLSgnxPsbiwanroUWdMbirXt9vsNBz05WCgktBrDzEGdQkWB5SeaSDe2SoBt0%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: jsS8.Qyl076AnWtAah4sMmKUd0P8VNuI
cf-ray: 7154724b6a4f0ac8-NRT
x-amz-cf-id: kFr-2V7WP0U8VhVi9LAx8G81gKDUA3ovAMYXHH1MzbPFYGt-CtGJNQ==

GET
H2 200 addthis_widget.js Show response
s7.addthis.com/js/300/ 353 KB
114 KB 246ms
7ms Script
application/javascript 23.45.60.123
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/300/addthis_widget.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.45.60.123 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-45-60-123.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
server: nginx/1.15.8
etag: W/"5f971164-5834c"
vary: Accept-Encoding
x-distribution: 99
content-type: application/javascript
cache-control: public, max-age=600
date: Fri, 03 Jun 2022 00:52:30 GMT
x-host: s7.addthis.com
content-length: 116361

GET
H2 200 John%20Hammond.jpeg
www.huntress.com/hs-fs/hubfs/ 74 KB
74 KB 39ms
37ms Image
image/webp 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.huntress.com/hs-fs/hubfs/John%20Hammond.jpeg?width=290&name=John%20Hammond.jpeg
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2cf5fbf0146a6e2e553f3ce52a1ed5a36127f61c739a745a2b9b8a8d0e1e480a

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Fri, 03 Jun 2022 00:52:30 GMT
via: 1.1 4e6e9c8ad6e40529a0e7659f2f4c5f28.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 510761
cf-polished: origFmt=png, origSize=140876
edge-cache-tag: F-40724769622,P-3911692,FLS-ALL
content-disposition: inline; filename="John%20Hammond.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
content-length: 75390
x-amz-server-side-encryption: AES256
last-modified: Tue, 10 May 2022 02:50:51 GMT
server: cloudflare
x-cache: RefreshHit from cloudfront
etag: "f605cbc8399942d730ea6d586346326c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pgbJTw3OoT9%2BO60WtnF3Zty2oW6twTxoBBw3NGTvNeK%2FgslrZorUoy7OvDOhz6NC31GbGqG%2BdZn2wAah1yYXyQGyhWvaSsxsHEr%2FG71BisoKPDZGTVVmuIHKcpi1ALletxIgoJOgHIcORH0fem0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-P2
accept-ranges: bytes
cf-ray: 7154724b6a510ac8-NRT
x-amz-cf-id: -G10EL_Weace9Xkry6HwhhwtLeHb5NkJ6YWRxjrcIceyYxn1aMBTsA==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 Biz-1.svg
www.huntress.com/hubfs/ 2 KB
2 KB 34ms
32ms Image
image/svg+xml 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.huntress.com/hubfs/Biz-1.svg
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8635796c350308ea6419713250a1cae02120881c6cc990f3b0562821201e7266

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-encoding: br
x-amz-meta-cache-tag: F-55369190472,P-3911692,FLS-ALL
age: 510761
x-amz-server-side-encryption: AES256
edge-cache-tag: F-55369190472,P-3911692,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
x-amz-request-id: WJ3R5SBGGXEW140V
etag: W/"10aa3cb3029e1f043563140e89d76c8d"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
x-amz-meta-created-unix-time-millis: 1631771480774
date: Fri, 03 Jun 2022 00:52:30 GMT
via: 1.1 b6d577696b14c86cbfeb5b3459f38c50.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: SFO5-P2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-meta-index-tag: all
x-amz-id-2: PMirtrEnuqngjLjRbKAbcqnZO93LnCwe7dgnPIXRQUJdc1GnmkhKyq6FCqcoWuU1Wy+u+cDdgsI=
last-modified: Thu, 16 Sep 2021 05:51:21 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SREZZ44atbyOOrn467DCAxIrxmnCVxm4Vq0E%2FdrP6AqnT1NcnNwactEcvuaFU29f04McjiaQwNCrZTm2Iz%2FBiBQfIqFJm7yG%2BMrD0czuNN7PACd9YRATc3S2EYuMp9t15oq18k0GF0hrPXDK%2Ft8%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: pb30Lhh_yVZl.AlHg0LSscg9tyoyIBsR
cf-ray: 7154724b6a520ac8-NRT
x-amz-cf-id: 5IjNfgfAFb3WZjDXdv5iI5UMbe6IF_8ajzb_aI9DsFVXBXw9gx1_vw==

GET
H2 200 pwr.min.js Show response
www.huntress.com/hs-fs/hub/3911692/hub_generated/template_assets/37647164007/1637133935735/HL_Theme_2021/Coded_Files/ 152 KB
39 KB 31ms
28ms Script
application/javascript 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.huntress.com/hs-fs/hub/3911692/hub_generated/template_assets/37647164007/1637133935735/HL_Theme_2021/Coded_Files/pwr.min.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: a08b4400caa63756c56947620874d75d9d5cc728a8e835467950bc1f7a7afe7f

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1637133937943
date: Fri, 03 Jun 2022 00:52:30 GMT
via: 1.1 979084a90b32fe3f5fdc377fb6e67b76.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1298
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
content-encoding: br
x-amz-request-id: 5E4DWVM1A2AYJ0BA
x-amz-id-2: /26ZaL/uknRXk+PMYo7bUBzQZAipgulpAnpT+hYyZzdRw/qFCoKehS76x1Co+Dy8e8Vom9O0fAk=
last-modified: Wed, 17 Nov 2021 07:25:38 GMT
server: cloudflare
etag: W/"f6ba5af59dfedb9a5e806ec21f8e0e02"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ClQ%2FDkgep9w3ARG1EjD%2BcoRQo8LeWXhlMTIe6vaylu4fwlkuHOVaBd0dXl%2BlPQNNcOZSdriPmg7rJkr3ECpBEJ7f%2B99HAm71YuiRWibhmYo2aJBtAPf%2BfwEg7mY6FKufQt%2B012bAqYlepHJDXkg%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: GQ1VeV_WP9RlDo4Ls73CSaJMLMGGo1BD
x-amz-cf-pop: IAD89-P1
cf-ray: 7154724b6a470ac8-NRT
x-amz-cf-id: -dRCkoprXy7mB2u2Yg7x02OmrLQ4ndEj4uJjkCme8eSQpc46vhCKUw==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 project.js Show response
www.huntress.com/hs/hsstatic/cos-i18n/static-1.53/bundles/ 1 KB
996 B 35ms
32ms Script
application/javascript 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Fri, 03 Jun 2022 00:52:30 GMT
via: 1.1 e5d9f64fd048dbacd8c4f25d5f4de343.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 17739953
x-amz-server-side-encryption: AES256
cf-ray: 7154724b6a490ac8-NRT
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-encoding: br
last-modified: Tue, 09 Nov 2021 16:12:42 GMT
server: cloudflare
etag: W/"61ca66de658cab9587e4636894680d5d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Yjm3OyfV1OlcI06CgZ093EFQTi4UNjKc%2FJoyFF4Li8wjM9YE0LeaTLAUYl2o%2B4YCM7TTHnl80IyjD50K8%2FlKTCxh4OssCIIvVLUmZktLPGvetjgCNLkxu0OfVsSWevwtMsvLTE%2BpUxKRSu8x1cw%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
cache-control: public, max-age=31536000
x-amz-cf-pop: NRT57-P1
content-type: application/javascript
x-amz-cf-id: c8ZMp-AuH45_HsUDXYAP4sJdfy1qr_YZIQBYECOMj2P4on5AFDjfSA==
expires: Sat, 03 Jun 2023 00:52:30 GMT

GET
H2 200 project.js Show response
www.huntress.com/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/ 2 KB
985 B 32ms
30ms Script
application/javascript 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fb56af9f7623a55839dfb9cf019b05664a62e1b41671d925f3ed587c506443b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Fri, 03 Jun 2022 00:52:30 GMT
via: 1.1 c6d377025c9d9baa894e9ccc8a2e4817.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 5549440
x-amz-server-side-encryption: AES256
cf-ray: 7154724b6a4a0ac8-NRT
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
content-encoding: br
last-modified: Wed, 19 Aug 2020 22:24:11 GMT
server: cloudflare
etag: W/"ef84f26c310485299d6b75777414eddb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Be3Dj4sDwNZqRoeNlRH872hgCTJE92qepRhwRtXXpnphsSlYvt9kDiEx4v1ImPdJzvUBWXM0aa1%2FWs%2BxSu2x9gYXVweaZqBNUwC3l1rbH1dOhlfZ6MrgSi6fLuel2atYMGqDbcABlFVrVnb7tsQ%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: gEenO44eZUewxnIWfgj9q6LB.g9OszNv
cache-control: public, max-age=31536000
x-amz-cf-pop: NRT57-C1
content-type: application/javascript
x-amz-cf-id: RCkjyccqmyoo1uSVafoDXaGqqEhqjRFwR0i7J6F9jrEyAvSMR_IaQA==
expires: Sat, 03 Jun 2023 00:52:30 GMT

GET
H2 200 sticky.min.js Show response
www.huntress.com/hs-fs/hub/3911692/hub_generated/template_assets/67886983812/1646636852236/HL_Theme_2021/Coded_Files/ 3 KB
2 KB 836ms
834ms Script
application/javascript 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.huntress.com/hs-fs/hub/3911692/hub_generated/template_assets/67886983812/1646636852236/HL_Theme_2021/Coded_Files/sticky.min.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 11bcaa66e2e5486338bbf15bc2af4136962618bd84574c350c82c501d64f6868

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1646636852583
date: Fri, 03 Jun 2022 00:52:31 GMT
via: 1.1 7a887c7cb9fe4a7abca02d85e8b196e8.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-P2
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
content-encoding: br
x-amz-request-id: 8W8JVKCFCPAMEYZJ
x-amz-id-2: Shq2a4JzxSSd94InaFVH1TYn74QUmnSpivOWLmY0SH8kcq8CiuIRCDTJ5RRzrbAifm9oqJRR84o=
last-modified: Mon, 07 Mar 2022 07:07:33 GMT
server: cloudflare
etag: W/"55ae62a2138b0ac2dad2cd6f3fc3decb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a9iqNRqmeUaq17Z18Wol8dWhVYY%2BUOh0GcK%2FjwIQWosjiK%2BAWEMLWpfCrrzXIC3d1HBdbP9ZQYf%2FMTxETcXkRfRUPaSam1K4LbcidH6tKWcz3BM6XSEZzyKL4LwizWRczYInEfUHAq7%2BuOxKa1A%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: oIU6rHYsVQSZOhrGoqvW7sFAXkwuMMSC
cf-ray: 7154724b6a4b0ac8-NRT
x-amz-cf-id: mr07UEmsBxLLoukqa0_GYjQCwvRaJlQC-jPqdGVCdRuWxciigB0J0A==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 module_72308060713_Blog_Related_post.min.js Show response
www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/72308060713/1652340455413/ 365 B
1 KB 305ms
303ms Script
application/javascript 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.huntress.com/hs-fs/hub/3911692/hub_generated/module_assets/72308060713/1652340455413/module_72308060713_Blog_Related_post.min.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3367498692c5f6cdc662369af915c0c2f13b7f6af9e67a522d2e7fc1b3299364

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1652340455413
date: Fri, 03 Jun 2022 00:52:30 GMT
via: 1.1 3d65275b81abaf880be10de6f2c71e9a.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-P1
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
content-encoding: br
x-amz-request-id: NHEW8Z5DYATHG939
x-amz-id-2: 2WjrnkbZ4anVllG3S6WZtzYCtgmDfEeQhOSFx1vhlYiGu19sLPGMSwaXSvZTy+ElH6pKuqCWQQ0=
last-modified: Thu, 12 May 2022 07:27:36 GMT
server: cloudflare
etag: W/"136cb371b82e4f0a84d11b654e92bb11"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xnnMVyd2wGblhfDgo2FhKX0QmWXSCY0IPDXe%2BVyE%2FlsmJ3dZkdqQP3BerpedqGTkoeTRbNvoQHAFzd5lZTrYKBmNwioALWkreTWQ%2Bdux4UdctDGfYUGtXrjmDR6rex8Vg8Y0%2BsLZcm3xAHhM7pc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: By5VD22S9plIcLXworDDDM2qz0x5DE.a
cf-ray: 7154724b6a4c0ac8-NRT
x-amz-cf-id: ro4QTJo3dG045eE-Zvj5JwNCVoYvf21LPG0LE8RB-Xifb951r27_qA==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 v2.js Show response
www.huntress.com/_hcms/forms/ 585 KB
147 KB 36ms
34ms Script
application/javascript 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/_hcms/forms/v2.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

99b339bc73a2fc0d4b5d522d9ea92e14cbcc7fd6d09c01d0468ee8ff3f5d76c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Fri, 03 Jun 2022 00:52:30 GMT
via: 1.1 d591fee4e3f29cf0e3380368d25b4a40.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 565
x-amz-server-side-encryption: AES256
cf-ray: 7154724b6a4d0ac8-NRT
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-encoding: br
last-modified: Thu, 26 May 2022 10:16:33 UTC
server: cloudflare
etag: W/"8e787568a774ef6576b357a500149886"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=65klTOTwZ%2BR6md6lA6uertnsCQwim0gXsfC%2FdnK%2FA0lfkoKnXofPI6L3w2InmzhncRVuml8TfTqCPVXc2PI%2F1QPIBqC8S%2Be6lok%2Fmmgw5syCh0ulVg2tUTfwg4NKUOB82d1WO9UP1IzPXeK78AE%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: p6q9N0Kk3x.Xx1vsG_I4Xpq2EH4VShWu
access-control-allow-origin: *
cache-control: s-maxage=600, max-age=0
x-hs-cache-status: HIT
x-amz-cf-pop: IAD89-P1
content-type: application/javascript; charset=utf-8
x-amz-cf-id: GAvQ3NBjIaYfkSwW7KmDqBw8EgIFK00YHsjNEjQ0trQD4hpSvM40RA==
x-hs-target-asset: FormsNext/static-5.502/bundles/project_with_deps.js

GET
H2 200 3911692.js Show response
www.huntress.com/hs/scriptloader/ 2 KB
1 KB 30ms
28ms Script
application/javascript 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.huntress.com/hs/scriptloader/3911692.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: a94c003b3ea5ebb9d0841582df0639914d0ca84c4d3b4a2636747cae34cccfe3

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Fri, 03 Jun 2022 00:52:30 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 36
cf-polished: origSize=2517
cf-bgj: minify
x-hubspot-correlation-id: 9b206f24-52b5-4a35-89c4-1ac4290ff9bd
last-modified: Fri, 03 Jun 2022 00:51:54 GMT
server: cloudflare
x-trace: 2BCACE2D6A852B9BA60468433D327AE53A4F8DD814000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3600
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Pmov3ulgZa%2BkKXM5wS%2FCDRWgpxobqD9d5V9KkE%2BrDhFxL58iO%2Fr94ayxAabdkRExMpWSU8XBcvjxU84vFb6gDRx6EUaj%2FL5cI1L3fJmeHI9c2E3s0QCq0MHvyMATbSRAt1Fssvjjx5l5xg19Y7Q%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.huntress.com
cache-control: public, max-age=60
access-control-allow-credentials: true
cf-ray: 7154724b6a530ac8-NRT
expires: Fri, 03 Jun 2022 00:53:30 GMT

GET
H2 200 index.js Show response
www.huntress.com/hs/hsstatic/HubspotToolsMenu/static-1.128/js/ 11 KB
4 KB 30ms
29ms Script
application/javascript 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/hs/hsstatic/HubspotToolsMenu/static-1.128/js/index.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f8b8c8146d6359d62410c5da0c4573717f95f8a2e79fcdf1c3ab242a70d10488

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Fri, 03 Jun 2022 00:52:30 GMT
via: 1.1 2c07d3fc34c6f66467a7d865d90b3498.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 5139489
x-amz-server-side-encryption: AES256
cf-ray: 7154724b6a540ac8-NRT
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-encoding: br
last-modified: Fri, 25 Mar 2022 12:04:14 GMT
server: cloudflare
etag: W/"fabb1243bed29fd93cc5e0ce02ce9114"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IAZY21HxNbAHLVhSBcaU4%2F1v%2FAikniv%2B9N6veTDPxwoZAXK4OHpNb2nXUvKdcwKheRjeIr3lvpXhFgFjWghJgJy7pRVNDC1iiHH0X6RU%2FtRTuoz3EK5qARJShAjwMvBPfxk%2BZebKnpgXUJ%2Fv1dY%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: ye98kzU383wl95_ydpYD.3IraNY6l134
cache-control: public, max-age=31536000
x-amz-cf-pop: NRT57-P1
content-type: application/javascript
x-amz-cf-id: 0QIttmEJl7XwtR288XQe-ZTNAAavFGQuv6n45qDNKB87F3wQl9iJ3g==
expires: Sat, 03 Jun 2023 00:52:30 GMT

GET
H2 200 polyfill.min.js Show response
cdnjs.cloudflare.com/ajax/libs/js-polyfills/0.1.42/ 69 KB
16 KB 19ms
7ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/js-polyfills/0.1.42/polyfill.min.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd77c41d41a299d224e36572ee84e734bb53f2c56b3babe78619ec413d56d68a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Fri, 03 Jun 2022 00:52:30 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1867092
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 15998
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:11:50 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec6-11405"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gzQufSAzmEcrjB2WWVxiTiAf5Xvrr9ZNvxBBvX%2BT5JBaybsqsP5%2FEdd2%2FZfdfPoxDo1Eo145HrXYvuyFKIsSOQymrZhkG9NQgb9ox3HlOzJbBZ4S6jVMnSGRdZbqiSU3afld4iXrYDZCge7hXaFuZRL%2B"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 7154724b696eaf9d-NRT
expires: Wed, 24 May 2023 00:52:30 GMT

GET
H2 200 lozad.min.js Show response
cdn.jsdelivr.net/npm/lozad/dist/ 3 KB
2 KB 24ms
10ms Script
application/javascript 2606:4700::6810:5714
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/lozad/dist/lozad.min.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

98e15110586a9877906d7a4ada5a789c0deaa285600027e1f3c7e925fb4b05b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Fri, 03 Jun 2022 00:52:30 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 3841
x-jsd-version: 1.16.0
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19132-FRA, cache-itm18846-ITM
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"c17-/CtD5WDEW7iHrdmPF7CEBoqSMss"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NiO4kywq8b%2FG%2FvIxMOdg879FLCq3A5H208%2BsEl1dN9sPA688HQ%2BL7XFvSH3lASY7Hgta3rLeU0mOqGwpLxfYOt9gwYYWxPLOo902TQ7h91CL5B7%2BLxnVUQtxmXlOg7qmWSTsj4DngkYFYJ3v%2Bjg%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
cf-ray: 7154724b69cbaf3a-NRT

GET
H2 200 v1.js Show response
static.userback.io/widget/ 464 KB
137 KB 26ms
2ms Script
application/javascript 99.84.128.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.userback.io/widget/v1.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.128.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-128-100.nrt57.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c53ad8789e6d3a8dbd84a6de5ed8d5f22742d194b3d1a60fe60ec53118987c0e

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Thu, 02 Jun 2022 11:52:51 GMT
content-encoding: gzip
last-modified: Wed, 01 Jun 2022 11:52:12 GMT
server: AmazonS3
age: 46782
etag: W/"f3e5de4cab52897eeab15000683cd143"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 9095214c63a79378c44a32c3efc102da.cloudfront.net (CloudFront)
x-amz-cf-pop: NRT57-C3
x-amz-cf-id: LfJlfpfKFp6wEc2AsWxaPUHEz_lxt0NvzTEeU_TOsK4ko5O1yIq6Mw==

GET
H2 200 j.php Show response
dev.visualwebsiteoptimizer.com/ 5 KB
2 KB 37ms
24ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=620982&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fmicrosoft-office-remote-code-execution-follina-msdt-bug&f=1&r=0.5414583390299177
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gtok1 /
Resource Hash: 51aacc56d3bbb7ccc9aed3f3281774bd4329939e8c19e5cf9ac96f2ca4e52f13

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 03 Jun 2022 00:52:30 GMT
via: 1.1 google
server: gtok1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H2 200 HKNova-Regular.woff2
3911692.fs1.hubspotusercontent-na1.net/hubfs/3911692/HT_2021/fonts/HK_Nova/ 32 KB
33 KB 34ms
23ms Font
application/font-woff2 2606:4700:4400::ac40:9ad8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://3911692.fs1.hubspotusercontent-na1.net/hubfs/3911692/HT_2021/fonts/HK_Nova/HKNova-Regular.woff2
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/hs-fs/hub/3911692/hub_generated/template_assets/37640723000/1653281052125/HL_Theme_2021/Coded_Files/pwr.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9ad8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d9cdf9b8cd47c0a17356ff68e2581021800a4c86dd8d71aaf0ad5cfe025b114e

Request headers

Referer: https://www.huntress.com/
Origin: https://www.huntress.com
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-38491779608,FD-38491499040,P-3911692,FLS-ALL
age: 928826
x-amz-server-side-encryption: AES256
edge-cache-tag: F-38491779608,FD-38491499040,P-3911692,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
x-amz-request-id: N09928PA7JNYP181
etag: "5a3239585a66868a9109bab6273f0a26"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
x-amz-meta-created-unix-time-millis: 1607406808501
date: Fri, 03 Jun 2022 00:52:30 GMT
via: 1.1 8d9b5e8482bf535887ab85bd4a6a4830.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-cf-pop: LAX50-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-meta-index-tag: all
content-length: 32892
x-amz-id-2: qdrA+hbtQaMDCAYDDyToU6pJC21NRtdzKGqxDj5DS5Zjhp6yjXlcRFnBWPYHT31RdBdSwZsjZ1s=
last-modified: Tue, 08 Dec 2020 05:53:29 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-amz-version-id: y1_7cBbebzu1P55qghtsCfIzqKHObY4N
accept-ranges: bytes
cf-ray: 7154724b785580fb-NRT
x-amz-cf-id: 5jQxR1ORD9QEKxvfMwKx19R7Uc0126QxI2Cg61WHvmLFita49Zx7Eg==

GET
H2 200 Blog-ThreatAnalysis_Follina%200-day.png
www.huntress.com/hubfs/ 814 KB
816 KB 21ms
19ms Image
image/webp 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.huntress.com/hubfs/Blog-ThreatAnalysis_Follina%200-day.png
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 53557947eac2a467943dff75fae4a77a36bde47bda10a75f03ccfa5167ba6909

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-74883237767,P-3911692,FLS-ALL
age: 268135
x-amz-server-side-encryption: AES256
edge-cache-tag: F-74883237767,P-3911692,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="Blog-ThreatAnalysis_Follina%200-day.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
x-amz-request-id: N41PANSZRDGKEBCK
cf-bgj: imgq:85,h2pri
etag: "b63b9033119292d4e92d7ebb20521eac"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
x-amz-meta-created-unix-time-millis: 1653925620924
date: Fri, 03 Jun 2022 00:52:30 GMT
via: 1.1 58f9a50682bb94842197f3e957919c60.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: SFO5-P2
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=1244775
x-cache: RefreshHit from cloudfront
x-amz-meta-index-tag: all
content-length: 833790
x-amz-id-2: dxg2gsspVgbmbA9X6oH4W+H2I6octmgl89gcNsQl9b1fYEjofrgadhoEce3hJeIUkOgbnStQW78=
last-modified: Mon, 30 May 2022 15:47:02 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j9nA%2B1Id6uw6kqZ9behZZuFLdxvcqP%2BJWITCK%2FXkjnEI87UBhxfKFqt0dWuxOK4OnO5VcvOZABAsaaG900pGBSchNGJMyjTT481KleHpxAGVF%2Ba56VLbrlcEIN0MOv0jCY4NSpDYAHaR1Jm%2BTXg%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: PUHWmc5XlRNXxa3hgut7JUKa_pLPmmRv
accept-ranges: bytes
cf-ray: 7154724b9a740ac8-NRT
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-cf-id: H5el9naU6YWPDLToviXT5ZcPNVDx5cNzjGWv10invJN0jbAshvYhJw==

GET
H2 200 visuelt-black.woff2
3911692.fs1.hubspotusercontent-na1.net/hubfs/3911692/HT_2021/fonts/Visuelt/ 28 KB
28 KB 19ms
16ms Font
application/font-woff2 2606:4700:4400::ac40:9ad8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://3911692.fs1.hubspotusercontent-na1.net/hubfs/3911692/HT_2021/fonts/Visuelt/visuelt-black.woff2
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/hs-fs/hub/3911692/hub_generated/template_assets/37640723000/1653281052125/HL_Theme_2021/Coded_Files/pwr.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9ad8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b990552df973348baaa61af6a11d527c465edb14339f38e25d112b2a1a72ab0e

Request headers

Referer: https://www.huntress.com/
Origin: https://www.huntress.com
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-38492600914,FD-38492172814,P-3911692,FLS-ALL
age: 928827
x-amz-server-side-encryption: AES256
edge-cache-tag: F-38492600914,FD-38492172814,P-3911692,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
x-amz-request-id: CP9R225Q2KGRB2D8
etag: "80407703322249fe13bbef5596e9e414"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
x-amz-meta-created-unix-time-millis: 1607408610505
date: Fri, 03 Jun 2022 00:52:30 GMT
via: 1.1 45c4483283158df91c6aa04a2f4efc0a.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-cf-pop: LAX50-P1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-meta-index-tag: all
content-length: 28504
x-amz-id-2: Q47rARZ4zW5fx0b90PEt9/jw+e+3r9z9B5Uk1+Eynnumn4yrff3WAaNjNfN6Qzm9fHbtjiOMYfs=
last-modified: Tue, 08 Dec 2020 06:23:31 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-amz-version-id: zgv.hEhHVdSF2XuwUP4L0JY36hLML11L
accept-ranges: bytes
cf-ray: 7154724b887280fb-NRT
x-amz-cf-id: IYX0Aqu--vyFlTr-xpd-e-32CtTxvNiL4xgwkmRq0D1fueD5KbSzvA==

GET
H3 200 tag-efd477e32d663d7fef3f165433e8f9d0.js Show response
dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWdxdWVyeQ==/ 167 KB
47 KB 24ms
10ms Script
text/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWdxdWVyeQ==/tag-efd477e32d663d7fef3f165433e8f9d0.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/j.php?a=620982&u=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fmicrosoft-office-remote-code-execution-follina-msdt-bug&f=1&r=0.5414583390299177
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gtok1 /
Resource Hash: b783f02f4b04f811eb732aad8f8924e9a6255e56e321c8af469b3a7db82c0bfb

Request headers

Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Origin: https://www.huntress.com
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Fri, 03 Jun 2022 00:52:30 GMT
content-encoding: br
last-modified: Thu, 02 Jun 2022 12:18:10 GMT
server: gtok1
etag: "6298aa82-bcaf"
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48303
via: 1.1 google

GET
H2 200 v.gif
dev.visualwebsiteoptimizer.com/ 35 B
214 B 164ms
163ms Image
image/gif 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=620982&d=huntress.com&u=DBEB4C247AC8A596E23C6A8880B16F413&h=04e734b7ba926f1b7caa23117f6b44ce&t=false&r=0.36170468207817774

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

137.102.96.34.bc.googleusercontent.com

Software

gnv1c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 03 Jun 2022 00:52:30 GMT
via: 1.1 google
x-content-type-options: nosniff
server: gnv1c
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 10 Jan 2005 00:00:01 GMT

GET
H3 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 859 B
530 B 6ms
6ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=620982&settings_type=1&vn=7.0&r=0.42043505321801145
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWdxdWVyeQ==/tag-efd477e32d663d7fef3f165433e8f9d0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gtok1 /
Resource Hash: d77743b5e14f7329db6ae2c42c696960a49cda585f29c09035154d78880a49ed

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Fri, 03 Jun 2022 00:52:30 GMT
via: 1.1 google
server: gtok1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H2 200 moatframe.js Show response
z.moatads.com/addthismoatframe568911941483/ 2 KB
1 KB 85ms
3ms Script
application/x-javascript 23.44.53.234
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.44.53.234 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-44-53-234.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Fri, 03 Jun 2022 00:52:30 GMT
content-encoding: gzip
last-modified: Fri, 08 Nov 2019 20:13:52 GMT
server: AmazonS3
x-amz-request-id: 1B84A45482DD6A2C
etag: "f14b4e1f799b14f798a195f43cf58376"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=40041
accept-ranges: bytes
content-length: 948
x-amz-id-2: APp8RPk3VQL4poY6SbECmJnvVEBMc8a2hilkF9qPMyTJpjeNIPXZMDbHPZZhD7eLbl+7YMLs9M8=

GET
H2 200 Blog-Virtual-event-exploit.png
www.huntress.com/hs-fs/hubfs/ 92 KB
93 KB 19ms
19ms Image
image/webp 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.huntress.com/hs-fs/hubfs/Blog-Virtual-event-exploit.png?width=600&name=Blog-Virtual-event-exploit.png
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9374d6c171d32b82502fa4cc8dcf759faeb35119c7bcb6d1482f693278dfc98a

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Fri, 03 Jun 2022 00:52:30 GMT
via: 1.1 3500e6db5ae43764ed5ca43fc6d56058.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 404872
cf-polished: origFmt=png, origSize=178223
edge-cache-tag: F-41802000531,P-3911692,FLS-ALL
x-amz-storage-class: INTELLIGENT_TIERING
content-disposition: inline; filename="Blog-Virtual-event-exploit.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
content-length: 94422
x-amz-server-side-encryption: AES256
last-modified: Tue, 10 May 2022 19:20:11 GMT
server: cloudflare
x-cache: RefreshHit from cloudfront
etag: "f5889a79171e92fec0dbbf05c57def47"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6MfI2Dr1ydfpjy3c%2FbHfciiar36h%2Fc77P1VCnlNOFDcTdPeFI3b3NisSJYif7IdNempmDUmn9cK1xW3SSxvspQhraPWojPcwH%2B%2BCLZ9%2F88jexVKxQUEJ4re9nmwr58H6yHwRnh4fmIkOlwALaj0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-P1
accept-ranges: bytes
cf-ray: 7154724d1b510ac8-NRT
x-amz-cf-id: aqtzq1_Hgm-3biRYQkl05hvZFsm4xSMyo6rwbfFBOhTLhA6j1g9a_w==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 Huntress-Blog-Assisted-Remediation-in-Action-Final.png
www.huntress.com/hs-fs/hubfs/ 158 KB
159 KB 17ms
17ms Image
image/webp 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.huntress.com/hs-fs/hubfs/Huntress-Blog-Assisted-Remediation-in-Action-Final.png?width=600&name=Huntress-Blog-Assisted-Remediation-in-Action-Final.png
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2cc396bc55397996a318aa9d4302d467c9deca7af71fb809f8da89f317693e36

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Fri, 03 Jun 2022 00:52:30 GMT
via: 1.1 615f410a3a080a335933e9fa08c15260.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 175452
cf-polished: origFmt=png, origSize=290013
edge-cache-tag: F-51604825895,P-3911692,FLS-ALL
x-amz-storage-class: INTELLIGENT_TIERING
content-disposition: inline; filename="Huntress-Blog-Assisted-Remediation-in-Action-Final.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
content-length: 162092
x-amz-server-side-encryption: AES256
last-modified: Tue, 31 May 2022 20:26:06 GMT
server: cloudflare
x-cache: RefreshHit from cloudfront
etag: "cd3f7311e23aa79c8bb954e236310d15"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9wL%2FpDVr6X5gW6A2SIdOq6MEoYUKRhLtrX4us9sOf7bwAOOWASsLDnj8vef%2FZQOGkPqAvXFed2I9BAbaMJgJH4TzM%2FaOWArCZv1yiy0eXGqTp90nbXZsh8%2FEg0zN4GIm%2FHSkjnCUylqPprtX20E%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-P1
accept-ranges: bytes
cf-ray: 7154724d1b530ac8-NRT
x-amz-cf-id: X32HLPMlHsQk2FDclq02rAVSpoOeMjwvuF7PNUDAL39dHAf8AJAKEg==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 Blog-ThreatAnalysis-BQE.png
www.huntress.com/hs-fs/hubfs/ 79 KB
79 KB 23ms
23ms Image
image/webp 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.huntress.com/hs-fs/hubfs/Blog-ThreatAnalysis-BQE.png?width=600&name=Blog-ThreatAnalysis-BQE.png
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 41a3f1ffe1c2c8ef087dc9a0574ba968422e6bcd9d4baca76eaa533b834bc8b4

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Fri, 03 Jun 2022 00:52:30 GMT
via: 1.1 0459f0f7053eeb224fd9fe0f5db5970a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 94857
cf-polished: origFmt=png, origSize=163406
edge-cache-tag: F-57917229335,P-3911692,FLS-ALL
x-amz-storage-class: INTELLIGENT_TIERING
content-disposition: inline; filename="Blog-ThreatAnalysis-BQE.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
content-length: 80386
x-amz-server-side-encryption: AES256
last-modified: Wed, 01 Jun 2022 17:52:33 GMT
server: cloudflare
x-cache: RefreshHit from cloudfront
etag: "39dd56bd0d14fdd41889b7d49a43c8aa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cYfeNBKoiUfcEujGhXdgi1XZEWtI%2FKcoaLYHhmyLQIp2JgRFpRC4KmaGMnvPiV7uRcoQ3m9U0GKIQ%2BUMhQrBvYBVwV8iMibJPGEmFORDSqETeDdBMoQhe0NIIOVbci2aGErARZKd2PnfGteNEUk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-P2
accept-ranges: bytes
cf-ray: 7154724d1b540ac8-NRT
x-amz-cf-id: AKGp29A5AaIh_azKXxmStI_9MmTrC1V8hCpsuJzev6kb7NdOlp8RNQ==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 AGk0z-Nw863bCoqJyqzHawiKjw85aE9B9niLdyjI8nP81oRTrKc3jO2Nc8LQJsFb1HBEWOTC3ARSMY2bdKpAWlse1ZI3UO7LLPrsOmzH8A8=s940.png
www.huntress.com/hs-fs/hubfs/Imported%20sitepage%20images/ 78 KB
80 KB 35ms
34ms Image
image/webp 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.huntress.com/hs-fs/hubfs/Imported%20sitepage%20images/AGk0z-Nw863bCoqJyqzHawiKjw85aE9B9niLdyjI8nP81oRTrKc3jO2Nc8LQJsFb1HBEWOTC3ARSMY2bdKpAWlse1ZI3UO7LLPrsOmzH8A8=s940.png?width=800&name=AGk0z-Nw863bCoqJyqzHawiKjw85aE9B9niLdyjI8nP81oRTrKc3jO2Nc8LQJsFb1HBEWOTC3ARSMY2bdKpAWlse1ZI3UO7LLPrsOmzH8A8=s940.png
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 208a3e1f89faac87d6265ada98bddb6c97c8e3ad8515a49333771cd0fccba8a7

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-74852991414,FD-74854980023,P-3911692,FLS-ALL
age: 241905
x-amz-server-side-encryption: AES256
edge-cache-tag: F-74852991414,FD-74854980023,P-3911692,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="AGk0z-Nw863bCoqJyqzHawiKjw85aE9B9niLdyjI8nP81oRTrKc3jO2Nc8LQJsFb1HBEWOTC3ARSMY2bdKpAWlse1ZI3UO7LLPrsOmzH8A8=s940.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
x-amz-request-id: N6293WPTWYDPQ3QS
cf-bgj: imgq:85,h2pri
etag: "628672b4bb3bc1cdcc09d7451d91cb87"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
x-amz-meta-created-unix-time-millis: 1653902142240
date: Fri, 03 Jun 2022 00:52:30 GMT
via: 1.1 61729b32280fd6715c2a3b0dbb7e571a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: SFO5-C1
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=133352
x-cache: RefreshHit from cloudfront
x-amz-meta-index-tag: all
content-length: 80368
x-amz-id-2: c08j6tRWKFakxCGOn6OfpnFZSGJdhum2KhyMvniP/Cp5z7Sh6FFoA7XTEFjfhWIP3i3JVOjUEHs=
last-modified: Mon, 30 May 2022 09:15:43 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e1xPvTgVqNRXXOLzW88q50eQ3%2BIsqNmJrwgzEjw6K13PlMLKrqfKk9LBnsjAA1FtJE4X4T1cqeFHEZ2cgyDXizFdaLMZScxJvo%2Bg7dQ8zjB4%2BRBZAO%2BJgcK86FV9VcMV9DIDww8tnrLPNZdCZp0%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: xTTnfB3IlwJkere8XPfUiXqahGRWAFKD
accept-ranges: bytes
cf-ray: 7154724d3b6c0ac8-NRT
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-cf-id: d72C8HBo1SfptJE0kkzETRoJGQmCR8OyEj7rD03H5QM9anXyF1ExVg==

GET
H2 200 AGk0z-Mh2jUKtAL6bGu7KnQBIxCBYLzG96FJhvWysAiXJhfMjqPJhB55rQrc-ObOELbgQ6YMcXD5LX4SS-1aoqsRsx-Rt_cfslfz151U1FA=s1600.png
www.huntress.com/hs-fs/hubfs/Imported%20sitepage%20images/ 178 KB
179 KB 23ms
21ms Image
image/webp 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.huntress.com/hs-fs/hubfs/Imported%20sitepage%20images/AGk0z-Mh2jUKtAL6bGu7KnQBIxCBYLzG96FJhvWysAiXJhfMjqPJhB55rQrc-ObOELbgQ6YMcXD5LX4SS-1aoqsRsx-Rt_cfslfz151U1FA=s1600.png?width=800&name=AGk0z-Mh2jUKtAL6bGu7KnQBIxCBYLzG96FJhvWysAiXJhfMjqPJhB55rQrc-ObOELbgQ6YMcXD5LX4SS-1aoqsRsx-Rt_cfslfz151U1FA=s1600.png
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: ab43689f857d368e24794db3a32682ac8f39e1502495a6d6804399b9bc004208

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Fri, 03 Jun 2022 00:52:30 GMT
via: 1.1 e453cfec7ab7b0f50057381607edb486.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 90542
cf-polished: origFmt=png, origSize=235960
edge-cache-tag: F-74853078801,FD-74854980023,P-3911692,FLS-ALL
x-amz-storage-class: INTELLIGENT_TIERING
content-disposition: inline; filename="AGk0z-Mh2jUKtAL6bGu7KnQBIxCBYLzG96FJhvWysAiXJhfMjqPJhB55rQrc-ObOELbgQ6YMcXD5LX4SS-1aoqsRsx-Rt_cfslfz151U1FA=s1600.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
content-length: 181900
x-amz-server-side-encryption: AES256
last-modified: Mon, 30 May 2022 09:26:11 GMT
server: cloudflare
x-cache: RefreshHit from cloudfront
etag: "f5e0be1efc28bfed599b83d4a083faba"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TrBRx4KkT29mWaAT44Ok7c%2FY%2BRyRQej6ZMy0SuC%2Fc35EccAoMsuFVblUoF%2BiKPgZSjCM5gXWnrgjmHGnoxdE5duVZiAVr2DMhgj9GzPkVND7Swg707UYnyEh%2F0z8TH4cahp%2FBs9M1x4C3zM11ng%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-P2
accept-ranges: bytes
cf-ray: 7154724d3b6d0ac8-NRT
x-amz-cf-id: TLykB_bygiw3zE5v3SbXDjzD6Vii5ry5zIFg8XaQ-KH3C6UbPOmqBg==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 AGk0z-NzyeIhzJVD1QdOetaZ2sUrDFl6qNPO5AcWdKj6sBXrxC1e42aj2wED0QUnClPyvP-YY18KALWbKqCziwpSJPvjiWCn5F0q_JbyLQc=s1592.png
www.huntress.com/hs-fs/hubfs/Imported%20sitepage%20images/ 22 KB
23 KB 37ms
35ms Image
image/webp 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.huntress.com/hs-fs/hubfs/Imported%20sitepage%20images/AGk0z-NzyeIhzJVD1QdOetaZ2sUrDFl6qNPO5AcWdKj6sBXrxC1e42aj2wED0QUnClPyvP-YY18KALWbKqCziwpSJPvjiWCn5F0q_JbyLQc=s1592.png?width=800&name=AGk0z-NzyeIhzJVD1QdOetaZ2sUrDFl6qNPO5AcWdKj6sBXrxC1e42aj2wED0QUnClPyvP-YY18KALWbKqCziwpSJPvjiWCn5F0q_JbyLQc=s1592.png
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: ae12c234365e8bcc6511fedeb8dbf2d7df8ce2f3d32fd2d634abcdb54da91959

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-74852991609,FD-74854980023,P-3911692,FLS-ALL
age: 263713
x-amz-server-side-encryption: AES256
edge-cache-tag: F-74852991609,FD-74854980023,P-3911692,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="AGk0z-NzyeIhzJVD1QdOetaZ2sUrDFl6qNPO5AcWdKj6sBXrxC1e42aj2wED0QUnClPyvP-YY18KALWbKqCziwpSJPvjiWCn5F0q_JbyLQc=s1592.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
x-amz-request-id: XT6FH2G3GRQGED5B
cf-bgj: imgq:85,h2pri
etag: "accf7f30242ee5ec73adbdb93d762755"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
x-amz-meta-created-unix-time-millis: 1653902260158
date: Fri, 03 Jun 2022 00:52:30 GMT
via: 1.1 eff294f75dc5e54c1eeab4c7f8b45886.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: LAX50-P1
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=60762
x-cache: RefreshHit from cloudfront
x-amz-meta-index-tag: all
content-length: 22868
x-amz-id-2: UP8x44Y3bMTPH6MsAAptwK+50i/DmALybn2ZZ8iK/u6VLtQYbyfBokj4RMnUlEawj9rq8E+hjzo=
last-modified: Mon, 30 May 2022 09:17:41 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jsj3Wj2cg7MpcXxpx6%2Bgdnbh0Z0OyQifJJk0ItAZNpH%2BkBoALzuEw1LuI2XcVPQ7cv0Kae7H%2FH%2BkCpPBCwO8ayLVFB5%2Fws1SFzz1V2%2FiaTNESucezuV5ADsyIZwszPrTv7cikb0VRcEClWnaHcQ%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: E1qk1s_IGf8_Iwsjtgeg7PsUAOJ28ztj
accept-ranges: bytes
cf-ray: 7154724d3b6e0ac8-NRT
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-cf-id: xarlxTCsLM2JTvxBw_kh7C37GsXrgbkuhOYJnIw_RWYwUrTSPyQxvQ==

GET
H2 200 AGk0z-MJoFmNdQJPwfxEz5YrwtbzKby74JE1PYdd2HNcbRZkFnm9kxt36GHjiocX_zFwUoeOypcH-KE7wjK27CVOSvLzjI2pWqVWHyPWE1c=s1600.png
www.huntress.com/hs-fs/hubfs/Imported%20sitepage%20images/ 212 KB
213 KB 28ms
26ms Image
image/webp 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.huntress.com/hs-fs/hubfs/Imported%20sitepage%20images/AGk0z-MJoFmNdQJPwfxEz5YrwtbzKby74JE1PYdd2HNcbRZkFnm9kxt36GHjiocX_zFwUoeOypcH-KE7wjK27CVOSvLzjI2pWqVWHyPWE1c=s1600.png?width=800&name=AGk0z-MJoFmNdQJPwfxEz5YrwtbzKby74JE1PYdd2HNcbRZkFnm9kxt36GHjiocX_zFwUoeOypcH-KE7wjK27CVOSvLzjI2pWqVWHyPWE1c=s1600.png
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf95112a502127623014f195fe42fdf0636238e0f70389b8fc931dab411b6272

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Fri, 03 Jun 2022 00:52:30 GMT
via: 1.1 de349bd2105a0a744704f391ff854e62.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 239337
cf-polished: origFmt=png, origSize=346673
edge-cache-tag: F-74853078944,FD-74854980023,P-3911692,FLS-ALL
x-amz-storage-class: INTELLIGENT_TIERING
content-disposition: inline; filename="AGk0z-MJoFmNdQJPwfxEz5YrwtbzKby74JE1PYdd2HNcbRZkFnm9kxt36GHjiocX_zFwUoeOypcH-KE7wjK27CVOSvLzjI2pWqVWHyPWE1c=s1600.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
content-length: 217312
x-amz-server-side-encryption: AES256
last-modified: Mon, 30 May 2022 09:31:24 GMT
server: cloudflare
x-cache: RefreshHit from cloudfront
etag: "2b8047176d2ff7e1a08a2b4cab688ab6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KQBpLjnoXEnKLIH6mLbGmszLOL6XksuF%2BQMTsMLDF35hZnBZE9orgdD6vd0lQ%2Bujopxgn6ji5MD1sLKxfdwA3H%2FhjL2N1ZrnGxCDj7%2F0rGgOdR5BtP%2BQiFZsoRGd0ZJQIzmmfVGvOvAXN7gcptw%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-P1
accept-ranges: bytes
cf-ray: 7154724d3b6f0ac8-NRT
x-amz-cf-id: KQtcCRFW-QgKB0KcObc4lpgElnDjx7HqBxLgZMBuNEgby1K2LcMJ7g==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 json Show response
www.huntress.com/_hcms/forms//embed/v3/form/3911692/0f842dff-d924-4a4a-9858-febb784ae367/ 7 KB
3 KB 730ms
729ms XHR
application/json 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/_hcms/forms//embed/v3/form/3911692/0f842dff-d924-4a4a-9858-febb784ae367/json?hutk=

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/_hcms/forms/v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4aef4bd1350b9113754a42b15fe3eb1414e09d4a110376660ee95d799b3d542a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept: application/json, text/javascript
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
X-Requested-With: XMLHttpRequest
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-origin-hublet: na1
date: Fri, 03 Jun 2022 00:52:32 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: bdbd53bf-2ff5-41de-8a2d-6460a3664921
cf-ray: 71547250dddd0ac8-NRT
access-control-allow-methods: OPTIONS, GET
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
x-trace: 2B4AF83C224C226FB8C0631F80CEEF92765411AAA1000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 180
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y6aG4e57oZ2EmxRGYVbuYoku4WVBmtUshxKGg6xgJt5YQfiiiGcdygJ0TpwELSZ7%2Fx17kLiiJawoJaiWlOSAiaNg4wmOYb1gTfeluFjM%2FNh1DdI9ZCRpXca7kes8xoy5K0I6cg1%2F0Xo0cYaVIvs%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json;charset=utf-8
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
access-control-allow-headers: *

GET
H2 200 hotjar-2159185.js Show response
static.hotjar.com/c/ 4 KB
2 KB 326ms
208ms Script
application/javascript 143.204.126.66
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2159185.js?sv=6

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.126.66 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-126-66.nrt20.r.cloudfront.net

Software

Resource Hash

8d85be67e2f4b7add266bb86a838be3e47bdf9551d1bd7a63a4c222b9cd50f94

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Fri, 03 Jun 2022 00:52:31 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
x-amz-cf-pop: NRT20-C2
etag: W/e4384cde2cd32fa91eb210e754be22ed
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
cross-origin-resource-policy: cross-origin
x-amz-cf-id: TKbJzb3KFSwXvHQZBx3X5ZsLcGoBFiOhgZ1HFGhqb_RadqY1xjesvQ==
via: 1.1 0e84d94f31561a6c5d6d0d266f8e3fd0.cloudfront.net (CloudFront)

GET
H2 200 all.js Show response
connect.facebook.net/en_GB/ 3 KB
2 KB 20ms
2ms Script
application/x-javascript 2a03:2880:f00f:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/all.js

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f00f:8:face:b00c:0:1 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b94acb87b2f1cd9ef8c3bdfdb74fcb6b79f2fc4e493567ee15550d9f41c91020

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: g9l7g0GwVuAmiQ/mx4ZYBA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 1687
x-fb-rlafr: 0
x-fb-debug: gqJz5LE5/+1q9B7RzlNT/QoOxBMIdQg9o62IumhlQXiAOX0Bh8iPPvCbDyUxJx77UYJKtqiA2PJXAY/UlcMCfQ==
x-fb-trip-id: 382461245
x-fb-content-md5: 12b34683454575dc4f793e72a3070278
x-frame-options: DENY
date: Fri, 03 Jun 2022 00:52:31 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "135d6896f29b747c8dafeadd91cd02bd"
timing-allow-origin: *
expires: Fri, 03 Jun 2022 00:58:01 GMT

GET
H2 200 widgets.js Show response
platform.twitter.com/ 97 KB
29 KB 639ms
2ms Script
application/javascript 151.101.108.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.108.157 Tokyo, Japan, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: dccafac57a7fcedce0d95d35007b502104f45b82f43f052159c370258ef13a53

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Fri, 03 Jun 2022 00:52:32 GMT
content-encoding: gzip
last-modified: Thu, 02 Jun 2022 18:12:37 GMT
etag: "5d21dece96ce474f5f1ac122cbdef6eb+gzip"
vary: Accept-Encoding
access-control-allow-methods: GET
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=1800
x-cache: HIT, HIT
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 29459
tw-cdn: FT
x-served-by: cache-iad-kjyo7100129-IAD, cache-tyo11954-TYO

GET
H2 200 3911692.js Show response
js.hs-banner.com/ 60 KB
16 KB 744ms
731ms Script
text/javascript 2606:4700:4400::ac40:9a55
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/3911692.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/hs/scriptloader/3911692.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9a55 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b72a7de5ea5adb72b4deb50850995f81c875a8610f8963b7c6621520bd0a7fd8

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Fri, 03 Jun 2022 00:52:32 GMT
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: PQVACBWADH89CPZH
x-amz-server-side-encryption: AES256
content-type: text/javascript; charset=UTF-8
access-control-max-age: 604800
x-amz-id-2: BbGYaM77r2e9iM9DVBJsk58LjH9f9v3EybtsqJAWaKkkuueeo9IvUvcIt6pNgW0Wmq+tDHQ2ECE=
timing-allow-origin: *
last-modified: Fri, 27 May 2022 15:47:56 GMT
server: cloudflare
etag: W/"2033f6872556311493101c65eceb4f3e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-amz-version-id: WxSqFydhKthFKF1PLYL7_0RuOWyAO0In
access-control-allow-origin: https://www.huntress.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300, public
access-control-allow-credentials: true
cf-ray: 71547250f814af7c-NRT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
expires: Fri, 03 Jun 2022 00:57:32 GMT

GET
H2 200 3911692.js Show response
js.hs-analytics.net/analytics/1654217400000/ 62 KB
20 KB 262ms
246ms Script
text/javascript 2606:4700::6811:47b0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1654217400000/3911692.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/hs/scriptloader/3911692.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:47b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 548fbd7d6ae9c307f6c00cf6b7f87f83853918ce97f13954e8b9ce3417897734

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Fri, 03 Jun 2022 00:52:31 GMT
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: G3XPK9A0TWKKM2SZ
x-amz-server-side-encryption: AES256
cf-ray: 71547250fff3f8bb-NRT
x-amz-id-2: DghajboBcCm5wNtZ64C26/PP5XLNlvFopw5fDGYy1LMm+Xc77SUaW0eEYoDKMn8qlYRVfeVvJ0A=
last-modified: Thu, 14 Apr 2022 15:17:41 GMT
server: cloudflare
etag: W/"bdb79f6cd9352ac52dbdb8ed0cedffde"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: null
cache-control: max-age=300, public
access-control-allow-credentials: false
content-type: text/javascript
expires: Fri, 03 Jun 2022 00:57:31 GMT

GET
H2 200 leadflows.js Show response
js.hsleadflows.net/ 547 KB
88 KB 34ms
18ms Script
application/javascript 2606:4700::6811:e6cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hsleadflows.net/leadflows.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/hs/scriptloader/3911692.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:e6cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5ddf3bce83b11af6e050f824bb5e154741057fecd0d79b9e26a262755ad58be2

Request headers

Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Origin: https://www.huntress.com
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Fri, 03 Jun 2022 00:52:31 GMT
via: 1.1 066fc17b108820c747336d8f45e8ea54.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 45918
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=lead-flows-js/static-1.1091/bundle/main/lead-flows-release.js&cfRay=71501145fde7af85-IAD
x-cache: Hit from cloudfront
access-control-max-age: 3000
x-amz-replication-status: COMPLETED
content-encoding: br
cf-ray: 71547250f990af46-NRT
last-modified: Thu, 02 Jun 2022 09:22:51 UTC
server: cloudflare
etag: W/"d0e7428efcc3691296896936278c2a97"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
x-amz-version-id: Trl1mZOSoldPXKe79dlBjPknEVROE7M_
access-control-allow-origin: *
cache-control: s-maxage=86400, max-age=0
x-hs-cache-status: MISS
x-amz-cf-pop: IAD89-P1
content-type: application/javascript; charset=utf-8
x-amz-cf-id: xjsCO00_AaC8hcktjy5IEev5kYWRAkrn2Zu5_8WN0bCTD7rTWZyqiw==
x-hs-target-asset: lead-flows-js/static-1.1091/bundle/main/lead-flows-release.js

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 5 KB
3 KB 28ms
13ms Script
application/javascript 2606:4700::6811:70b0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hsadspixel.net/fb.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/hs/scriptloader/3911692.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:70b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7f77149b1beed108b3d3ad88b9170a8a27e1c6eedb0ed30c698492b4586372d3

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Fri, 03 Jun 2022 00:52:31 GMT
via: 1.1 0920aeb1eced22df07c9ece1cab0a554.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 281
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=adsscriptloaderstatic/static-1.280/bundles/pixels-release.js&cfRay=71546b723d6e1eab-NRT
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
x-amz-replication-status: COMPLETED
content-encoding: br
last-modified: Mon, 23 May 2022 07:52:59 UTC
server: cloudflare
etag: W/"b2851680cfd5ddf0808f77f92bc6969d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: LETuWsZMnftQGCDTSmAdJHQ8_upu6cZ6
cache-control: max-age=600
x-hs-cache-status: HIT
x-amz-cf-pop: IAD89-P1
cf-ray: 71547250fb191eaf-NRT
x-amz-cf-id: bYd09Q3MmeCHokePBqP--Uu2t_ivJbCwmmJlace5J3AVraCtQ9ZGdg==
x-hs-target-asset: adsscriptloaderstatic/static-1.280/bundles/pixels-release.js

GET
H2 200 collectedforms.js Show response
js.hscollectedforms.net/ 72 KB
25 KB 27ms
11ms Script
application/javascript 2606:4700::6811:83ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hscollectedforms.net/collectedforms.js
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/hs/scriptloader/3911692.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:83ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8309531b6b2107c16edd77efa774374f935a7924a84c7bae72973f19b962e0e5

Request headers

Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Origin: https://www.huntress.com
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Fri, 03 Jun 2022 00:52:31 GMT
via: 1.1 126bc2e5c4c1b9ac0ffa004edc6f02c4.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 35709
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=collected-forms-embed-js/static-1.278/bundles/project.js&cfRay=71510a8029f8781f-IAD
x-cache: Hit from cloudfront
access-control-max-age: 3000
x-amz-replication-status: COMPLETED
content-encoding: br
cf-ray: 71547250fbafaf8b-NRT
last-modified: Thu, 19 May 2022 12:56:36 UTC
server: cloudflare
etag: W/"9bdc82a581dc188ff306ce5ac3c3e170"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
x-amz-version-id: w6kD440dVLHBLSxXlQNkz9NYzxhkbh3c
access-control-allow-origin: *
cache-control: s-maxage=86400, max-age=0
x-hs-cache-status: MISS
x-amz-cf-pop: IAD89-P1
content-type: application/javascript; charset=utf-8
x-amz-cf-id: Z1J5smZCvYoPk9oDeKzRmZynpD9oTyKxrBLXHGfzquv28JQhc4wOXQ==
x-hs-target-asset: collected-forms-embed-js/static-1.278/bundles/project.js

GET
H2 204 has-permission Show response
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 0
270 B 241ms
235ms Script
text/plain 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission?portalId=3911692&callback=jsonpHandler

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/hs/hsstatic/HubspotToolsMenu/static-1.128/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-hs-worker-debug-mode: false
server: cloudflare
x-hubspot-correlation-id: 2d50b09e-5d32-4a0f-b97c-c9f06a6fc896
x-trace: 2BC389AFFB47C195D4E3A417F7E5085960AF7FCE8C000000000000000000
date: Fri, 03 Jun 2022 00:52:31 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET
cf-cache-status: DYNAMIC
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://exceptions.hubspot.com/csp/reports?cfRay=71547250eb3d8a54&resource=unknown"}]}
cache-control: max-age=0
access-control-allow-credentials: true
cf-ray: 71547250eb3d8a54-NRT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

POST
H2 200 / Show response
api.userback.io/ 3 KB
2 KB 538ms
184ms XHR
application/json 3.219.15.230
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.userback.io/?loadWidgetConfig
Requested by: Host: static.userback.io
URL: https://static.userback.io/widget/v1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.219.15.230 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-219-15-230.compute-1.amazonaws.com
Software: nginx/1.20.0 / PHP/7.4.21
Resource Hash: 6affe796f981f272faee073e278d8b29879ed4c7543a2717863e0f8508009230

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 03 Jun 2022 00:52:31 GMT
content-encoding: gzip
server: nginx/1.20.0
x-powered-by: PHP/7.4.21
content-type: application/json
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 _ate.track.config_resp Show response
v1.addthisedge.com/live/boost/YOUR_ID/ 27 B
207 B 173ms
166ms Script
application/javascript 23.45.60.123
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://v1.addthisedge.com/live/boost/YOUR_ID/_ate.track.config_resp
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.45.60.123 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-45-60-123.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 19a26d6046c4fcfe9e3efbc1fb7532f424c6b0b7590b9e193788e30bce8b9836

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Fri, 03 Jun 2022 00:52:31 GMT
content-encoding: gzip
content-disposition: attachment; filename=1.txt
cache-control: public, max-age=35, s-maxage=86400
content-length: 47
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8

GET
H2 200 300lo.json Show response
m.addthis.com/live/red_lojson/ 101 B
954 B 546ms
182ms Script
application/javascript 23.45.60.123
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://m.addthis.com/live/red_lojson/300lo.json?si=62995b4ed318ada1&bkl=0&bl=1&pdt=306&sid=62995b4ed318ada1&pub=YOUR_ID&rev=v8.28.8-wp&ln=en&pc=men&cb=0&ab=-&dp=www.huntress.com&fp=blog%2Fmicrosoft-office-remote-code-execution-follina-msdt-bug&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&colc=1654217551521&jsl=1&uvs=62995b4e766a9aff000&skipb=1&callback=addthis.cbs.jsonp__58617587421782980
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.45.60.123 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-45-60-123.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 999851e73532bde6fbd02755825dc5fe6db93f9a14c24a509bf388efe3fee8d3

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 03 Jun 2022 00:52:32 GMT
cache-control: max-age=0, no-cache, no-store, no-transform
content-disposition: attachment; filename=1.txt
p3p: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
content-length: 101
content-type: application/javascript;charset=utf-8

GET sh.f48a1a04fe8dbf021b4cda1d.html
s7.addthis.com/static/ Frame 10F3 0
0

GET
H2 200 sh.f48a1a04fe8dbf021b4cda1d.html Show response
s7.addthis.com/static/ Frame 1A2E 71 KB
26 KB 11ms
11ms Document
text/html 23.45.60.123
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.45.60.123 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-45-60-123.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

7b6bfa13f0778c40bb2a00af9819bea2f07afcb4d071e7e4f436196953a5db4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: jp-JP,jp;q=0.9

Response headers

cache-control: public, max-age=86313600
content-encoding: gzip
content-length: 26421
content-type: text/html
date: Fri, 03 Jun 2022 00:52:31 GMT
etag: W/"5f971164-11adc"
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
p3p: CP="NON ADM OUR DEV IND COM STA"
server: nginx/1.15.8
strict-transport-security: max-age=15724800; includeSubDomains
timing-allow-origin: *
vary: Accept-Encoding
x-host: s7.addthis.com

GET
H2 200 cta-json Show response
cta-service-cms2.hubspot.com/ctas/v2/public/cs/ 3 KB
2 KB 202ms
195ms XHR
application/json 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/cta-json?canon=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fmicrosoft-office-remote-code-execution-follina-msdt-bug&pageId=74847633462&pid=3911692&sv=cta-embed-js-static-1.79&rdy=1&cos=1&df=t&pg=40e39240-8f28-4247-989e-af913fc5ff6d&pg=40e39240-8f28-4247-989e-af913fc5ff6d

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/hs/cta/cta/current.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b82164023ffeb63ce744ab4acb2297464d1a8fa4bba966181109ec17f6d9fe9c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-origin-hublet: na1
date: Fri, 03 Jun 2022 00:52:31 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 26c76517-f6ef-423c-8e9d-c4672cf4d6ca
access-control-allow-methods: OPTIONS, GET
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-robots-tag: noindex, follow
server: cloudflare
x-trace: 2BD2B09140072AA2CDFE4919026595CE65F3F4CDEF000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 180
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=APymoFQChAMpwQ2jXhiuY%2FZferFNBcA8%2FCx3AvzCccoGnSm9wXon1rM%2FmjQzXXw%2Fo2Xsl26qELikJ3dhJGUI6ZgNxsozpZOEEGY0Xy7I3VI6rHZ1FHcRiVp6%2Bv2dB23CkogjoOK9Erv5xVkyj8kQbaTiXVUSFvgb7Rk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.huntress.com
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
cf-ray: 715472511b6a8a54-NRT
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent

GET
H3 200 all.js Show response
connect.facebook.net/en_GB/ 291 KB
82 KB 7ms
3ms Script
application/x-javascript 2a03:2880:f00f:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/all.js?hash=2c78f9ade9734fe4b7e3b95d82650f37

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_GB/all.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f00f:8:face:b00c:0:1 Tokyo, Japan, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f8d46b39818ba85bdaa6d47dbfc8e9fd2b6c18dc78ba5bbe0497958b9208b2dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Origin: https://www.huntress.com
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: Ed/8F3/WREYFkDKGDZyd7g==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
expires: Fri, 02 Jun 2023 22:40:35 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 84189
x-fb-rlafr: 0
x-fb-debug: jK/CkgZVcrLPVUJr22cBrpAa4AQ/b0aZlarrJTqoYGebfQo0Zr1LDxO/lYpiwW2ScPOmAHnOmjpJdYXAR+6kYw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: 53c7fbac0c554410315363be70243d3a
cross-origin-opener-policy: same-origin-allow-popups
date: Fri, 03 Jun 2022 00:52:31 GMT
x-frame-options: DENY
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "e7e5121a8abd9d0d4457655b32601625"
timing-allow-origin: *
priority: u=3,i
access-control-expose-headers: X-FB-Content-MD5

GET
H2 200 json Show response
forms.hubspot.com/collected-forms/v1/config/ 115 B
1 KB 230ms
218ms XHR
application/json 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hubspot.com/collected-forms/v1/config/json?portalId=3911692&utk=

Requested by

Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5d247e1c2efc38a727967b2f5f9e99b961d0cbe2b0aa1ddcf170bd6933409403

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Fri, 03 Jun 2022 00:52:31 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 49ee3556-c0b9-454c-a1f9-2caabce5eb74
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 180
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g02jVSZS%2B5xyBjdJW1Iv5BFXxr1JNvCtloSwIIo6ZM1MGFfzRtcyNDHroWpb5I8Sda0CU2dxBgj9IMmyr4cH%2FCpwueCc%2F%2F8Pg9d%2ByR9rHPgd8JDzIqlVhXP2c0MFdTGwWkC2cRmJvmUYi5VSI7a9"}],"group":"cf-nel","max_age":604800}
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.huntress.com
x-robots-tag: none
access-control-allow-credentials: false
cf-ray: 71547251beeff8f3-NRT
access-control-allow-headers: *

GET
H2 200 cta-loaded.js Show response
www.huntress.com/hs/cta/ctas/v2/public/cs/ 0
727 B 204ms
203ms Script
text/plain 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.huntress.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=3911692&pg=40e39240-8f28-4247-989e-af913fc5ff6d&lt=1654217550631&dt=1654217550634&at=1654217551742&an=1

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/hs/cta/cta/current.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-origin-hublet: na1
date: Fri, 03 Jun 2022 00:52:31 GMT
vary: Accept-Encoding
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: cdb150b9-6cf9-4175-b819-33bb35f18d01
cf-ray: 715472525ecd0ac8-NRT
last-modified: Fri, 03 Jun 2022 00:52:31 GMT
server: cloudflare
x-trace: 2BE958EF71D1191FEC604824AC012E8DFA53823BE8000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Yfvsnklgr5HAYwqLhUOcT5Ur9xSmvTQRGHu8M7q7q9NHZcZyxB8KXJaK7cD0KfNHyWox9NhWTJDzn5u7Mahu30hdTMkI1KEVW%2BxmT5d%2BwXgGMyzYMzaE9fxl2SEVL3aYKVYiX9KoL0HwTo9ADNY%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
x-robots-tag: noindex, follow

GET
H2 200 counters.gif
perf.hsforms.com/embed/v3/ 35 B
172 B 221ms
207ms Image
image/gif 2606:4700::6810:5805
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-json-success&value=1

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5805 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Fri, 03 Jun 2022 00:52:31 GMT
vary: Accept-Encoding
cf-cache-status: MISS
x-hubspot-correlation-id: 1cca48aa-69a4-4a7c-87e2-63e9a089a547
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 35
x-robots-tag: none
last-modified: Fri, 03 Jun 2022 00:52:31 GMT
server: cloudflare
x-trace: 2B704E447DAB8CA7A06FBE6EE65956205F3E5DDC13000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/gif
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 71547252781eef9e-NRT

GET
H2 200 counters.gif
perf.hsforms.com/embed/v3/ 35 B
546 B 212ms
198ms Image
image/gif 2606:4700::6810:5805
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-render-success&value=1

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5805 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Fri, 03 Jun 2022 00:52:31 GMT
vary: Accept-Encoding
cf-cache-status: MISS
x-hubspot-correlation-id: 25f35168-1202-44e2-92c3-e79c37b8b581
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 35
x-robots-tag: none
last-modified: Fri, 03 Jun 2022 00:52:31 GMT
server: cloudflare
x-trace: 2BA8D9C598C5EDE0377ABB6696F1EEF21FCF0C7B81000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/gif
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 71547252781fef9e-NRT

GET
H2 200 modules.d0961e771164cd91e405.js Show response
script.hotjar.com/ 243 KB
63 KB 87ms
3ms Script
application/javascript 13.225.159.33
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.d0961e771164cd91e405.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2159185.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.159.33 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-159-33.nrt12.r.cloudfront.net

Software

Resource Hash

dd6afc5ca21e20fba6c0f8063017e22fcbcf5f94d9ad50db0b5320133f0cfbb4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Tue, 31 May 2022 07:34:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 235104
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 64057
access-control-allow-origin: *
last-modified: Tue, 31 May 2022 07:33:23 GMT
etag: "1ed5739adb19197da798013ab080794d"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 8c514bad47ce61be54e27d904796d20c.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: NRT12-C4
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: aKzz6oCM53VcAW9ugkHB8Gw8kJN9wxc9daZmI_ZnXK5W0vwNnHRLWw==

GET
H2 200 counters.gif
forms.hsforms.com/embed/v3/ 35 B
201 B 211ms
207ms Image
image/gif 2606:4700::6810:5805
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=2

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5805 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Fri, 03 Jun 2022 00:52:32 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
x-hubspot-correlation-id: fa88e1c5-2e0b-4a66-9348-72bfe3787a96
cf-ray: 715472532874ef9e-NRT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 35
server: cloudflare
x-trace: 2B78409AD71A24E1718EE50EDCBAD6B75D2EBBD612000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/gif
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none

GET
H2 200 box-63c3a81830bf549dafe40b369003f751.html Show response
vars.hotjar.com/ Frame 3793 2 KB
1 KB 78ms
2ms Document
text/html 13.33.210.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-63c3a81830bf549dafe40b369003f751.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2159185.js?sv=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.210.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-210-76.nrt57.r.cloudfront.net
Software: /
Resource Hash: f05ac9ba83369cd58d06d8ee2e5f8d61c040d30d044e20752153f95577627dc6

Request headers

Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: jp-JP,jp;q=0.9

Response headers

accept-ranges: bytes
age: 235104
cache-control: max-age=31536000
content-encoding: br
content-length: 1044
content-type: text/html
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 31 May 2022 07:34:07 GMT
etag: "e6fb1304cb60a0dea0f76f7077cb13c6"
last-modified: Tue, 31 May 2022 07:33:23 GMT
vary: Accept-Encoding
via: 1.1 abe046ca8f382a3e3c80ce07e7fad7c0.cloudfront.net (CloudFront)
x-amz-cf-id: sbtcKffcrmJUNzCYAkGFzaUeTlImKMoC68l16Qhi91_2bhLYBKEhDA==
x-amz-cf-pop: NRT57-C2
x-cache: Hit from cloudfront
x-robots-tag: none

POST
H2 200 visit-data Show response
in.hotjar.com/api/v2/client/sites/2159185/ 147 B
322 B 770ms
257ms XHR
application/json 52.19.160.254
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.hotjar.com/api/v2/client/sites/2159185/visit-data?sv=6
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.d0961e771164cd91e405.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.19.160.254 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-19-160-254.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 4c88237efbd80053668d55dfb4f84f10c756d3d69142f801bd440d5ca4c46468

Request headers

Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

date: Fri, 03 Jun 2022 00:52:32 GMT
content-encoding: br
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-cache, no-store
access-control-allow-credentials: true

GET
H2 200 v1.css
static.userback.io/widget/ 92 KB
12 KB 2ms
2ms Stylesheet
text/css 99.84.128.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.userback.io/widget/v1.css
Requested by: Host: static.userback.io
URL: https://static.userback.io/widget/v1.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.128.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-128-100.nrt57.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f495e5937d0495eefc0951070a96dc7b10d4d96d7f436afc994f17dbd54cc58b

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Thu, 02 Jun 2022 11:53:01 GMT
content-encoding: gzip
last-modified: Wed, 01 Jun 2022 11:52:12 GMT
server: AmazonS3
age: 46783
etag: W/"128e60b86505e99945a26fc5f67c9a3c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
via: 1.1 9095214c63a79378c44a32c3efc102da.cloudfront.net (CloudFront)
x-amz-cf-pop: NRT57-C3
x-amz-cf-id: gczmgx6aYSj8xMcZJAEYbO0aKljoIG22tIGPxltI1g4XEbPPwx4wCA==

GET
H2 200 css2
fonts.googleapis.com/ 5 KB
1 KB 127ms
40ms Stylesheet
text/css 2404:6800:4004:825::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Poppins:wght@300;400;500;600;700&display=swap

Requested by

Host: static.userback.io
URL: https://static.userback.io/widget/v1.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4004:825::200a , Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7e44d592889d9f5915ae6254f0a68a71196a5bc2540db9620b81effd976eba5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://static.userback.io/widget/v1.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 03 Jun 2022 00:48:17 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Fri, 03 Jun 2022 00:52:32 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 03 Jun 2022 00:52:32 GMT

GET
H2 200 widget_iframe.d7fc2fc075c61f6fa34d79a0cbbf1e34.html Show response
platform.twitter.com/widgets/ Frame E361 319 KB
103 KB 2ms
2ms Document
text/html 151.101.108.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.d7fc2fc075c61f6fa34d79a0cbbf1e34.html?origin=https%3A%2F%2Fwww.huntress.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.108.157 Tokyo, Japan, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e

Request headers

Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: jp-JP,jp;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: public, max-age=315360000
content-encoding: gzip
content-length: 105433
content-type: text/html; charset=utf-8
date: Fri, 03 Jun 2022 00:52:32 GMT
etag: "8321d7cf58d70200c1423dfa0bca40f6+gzip"
last-modified: Thu, 02 Jun 2022 18:01:40 GMT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
tw-cdn: FT
vary: Accept-Encoding
x-cache: HIT, HIT
x-served-by: cache-iad-kcgs7200026-IAD, cache-tyo11954-TYO

GET
H2 200 settings Show response
syndication.twitter.com/ Frame E361 332 B
475 B 674ms
198ms Fetch
application/json 104.244.42.72
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=f4cad055ce83f0891a0620734318d3d7e503a766

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.d7fc2fc075c61f6fa34d79a0cbbf1e34.html?origin=https%3A%2F%2Fwww.huntress.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.72 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_m /

Resource Hash

eaa894732bc901fc0aba390cd8bf6e8887d5903fb2afc83de091ca60e5505718

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-response-time: 105
date: Fri, 03 Jun 2022 00:52:32 GMT
content-encoding: gzip
last-modified: Fri, 03 Jun 2022 00:52:32 GMT
server: tsa_m
vary: Origin
strict-transport-security: max-age=631138519
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
x-connection-hash: d17b54c722264937eb8c5cc7536176ed91c618d818bfbbb69d648949b2758276
content-length: 193

GET
H3 200 counters.gif
forms.hsforms.com/embed/v3/ 35 B
473 B 216ms
211ms Image
image/gif 2606:4700::6810:5605
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=1

Requested by

Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:5605 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Fri, 03 Jun 2022 00:52:32 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
x-hubspot-correlation-id: f49744b3-360d-4bcf-b795-30554069f9bf
cf-ray: 71547255cb1a0b8b-NRT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 35
server: cloudflare
x-trace: 2B8CB845329996063323DCDC9C2F77EBCAAE9AA277000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/gif
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none

OPTIONS
H2 200 view
js.hs-banner.com/cookie-banner-public/v1/activity/ Frame 0
0 192ms
186ms Preflight
application/octet-stream 2606:4700:4400::ac40:9a55
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/cookie-banner-public/v1/activity/view
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9a55 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.huntress.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://www.huntress.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-max-age: 604800
cf-cache-status: DYNAMIC
cf-ray: 71547257aeae8093-NRT
content-length: 0
content-type: application/octet-stream
date: Fri, 03 Jun 2022 00:52:32 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
timing-allow-origin: *

GET
H2 200 / Show response
beacon-v2.helpscout.net/ 458 B
715 B 26ms
3ms Script
application/javascript 13.32.50.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://beacon-v2.helpscout.net/
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.50.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-50-92.nrt57.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5f24f835fafb7f57cc08914155dfc02e59ac4c233f06c4bfc14e8bf26d64e106

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Fri, 03 Jun 2022 00:50:41 GMT
content-encoding: gzip
last-modified: Fri, 27 May 2022 15:01:08 GMT
server: AmazonS3
age: 116
etag: "47df53578838fa6625607da639ae2154"
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 2f2cf39e75c120f26131abff835e3548.cloudfront.net (CloudFront)
cache-control: max-age=120, s-maxage=120, public
x-amz-cf-pop: NRT57-C1
accept-ranges: bytes
content-length: 328
x-amz-cf-id: VZv5_G26pHZyLB3iL32TvFJBDr_wqytObx--YUnoIH_VnSevVueRew==

GET
H3 200 counters.gif
perf.hsforms.com/embed/v3/ 35 B
459 B 198ms
197ms Image
image/gif 2606:4700::6810:5605
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-with-analytics&value=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:5605 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Fri, 03 Jun 2022 00:52:32 GMT
vary: Accept-Encoding
cf-cache-status: MISS
x-hubspot-correlation-id: 683b6b81-2992-4255-8266-3112085c3ea4
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 35
x-robots-tag: none
last-modified: Fri, 03 Jun 2022 00:52:32 GMT
server: cloudflare
x-trace: 2BA217D77C04502EB4FC03F6BC35DAABC65D30F3AC000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/gif
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 715472578c130b8b-NRT

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
460 B 201ms
194ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%2240e39240-8f28-4247-989e-af913fc5ff6d%22%2C%2211f3d86c-bd5d-4c54-8656-c84ab64a3af1%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2252185681&v=1.1&a=3911692&pi=74847633462&ct=blog-post&ccu=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fmicrosoft-office-remote-code-execution-follina-msdt-bug&cpi=74847633462&cgi=39343107504&lpi=74847633462&lvi=74847633462&lvc=en&pu=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fmicrosoft-office-remote-code-execution-follina-msdt-bug&t=Rapid+Response%3A+Microsoft+Office+RCE+-+%E2%80%9CFollina%E2%80%9D+MSDT+Attack&cts=1654217552552&vi=9cffd8c88ddb0bd09fb98fc92071d1cc&nc=true&ce=false&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Fri, 03 Jun 2022 00:52:32 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 43369fea-920c-446e-b840-f92ab1141565
cf-ray: 715472579a608a54-NRT
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ilIytkese2eW1ddNjki7FERrQSYUYfmS77ONODR2oMHwvqjW7KPio4hcwOPV%2BBY2vN3Hjyn3kluVJ%2F3AZqvoObTqyyA4szlz2yWTK%2FWZA5mCEmfLX1M8lAqemDVLRU6Sz3P5H7AbZhAERIUhS4wx"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
452 B 204ms
197ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2252185681&v=1.1&a=3911692&pi=74847633462&ct=blog-post&ccu=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fmicrosoft-office-remote-code-execution-follina-msdt-bug&cpi=74847633462&cgi=39343107504&lpi=74847633462&lvi=74847633462&lvc=en&pu=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fmicrosoft-office-remote-code-execution-follina-msdt-bug&t=Rapid+Response%3A+Microsoft+Office+RCE+-+%E2%80%9CFollina%E2%80%9D+MSDT+Attack&cts=1654217552558&vi=9cffd8c88ddb0bd09fb98fc92071d1cc&nc=true&ce=false&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Fri, 03 Jun 2022 00:52:32 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: c2d821c7-afaf-4a68-942f-8829317f8855
cf-ray: 715472579a638a54-NRT
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rWg5CaK%2FD3StsOMR5iBZQqMUYfUbp3j1%2BQ5SHZoqg3qiWjUXydOtvQdrR%2FqjLLNGSl8HL1mStWEG%2BE5psmX0RDv%2FaTsSm46velBNW9xpathyOrA%2FvgP16Yyuv7%2FA5VWKJfupQtgPhp6dcsdoim3u"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
463 B 219ms
212ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=0f842dff-d924-4a4a-9858-febb784ae367&fci=0454c44e-b226-4c5a-90f9-5927710120dd&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2252185681&v=1.1&a=3911692&pi=74847633462&ct=blog-post&ccu=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fmicrosoft-office-remote-code-execution-follina-msdt-bug&cpi=74847633462&cgi=39343107504&lpi=74847633462&lvi=74847633462&lvc=en&pu=https%3A%2F%2Fwww.huntress.com%2Fblog%2Fmicrosoft-office-remote-code-execution-follina-msdt-bug&t=Rapid+Response%3A+Microsoft+Office+RCE+-+%E2%80%9CFollina%E2%80%9D+MSDT+Attack&cts=1654217552565&vi=9cffd8c88ddb0bd09fb98fc92071d1cc&nc=true&ce=false&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Fri, 03 Jun 2022 00:52:32 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 8bd7c9a7-a292-4ad0-8741-6422d7641aa8
cf-ray: 715472579a648a54-NRT
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uXxH5lwvNW8IR9Ptcz2WLaRkNwuBDX5ee%2BICi%2Bi0adtSKhUIn8VrhJ15ebMO%2B3ZHHnR5gVLpAs1KACq7wX9T5EULp%2B45K6DQdSAjzaQzdt9aGPh1rCwmyn5T9jnamVl2ueRwukk3Vtnuh0SUO0GZ"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

POST
H2 204 view Show response
js.hs-banner.com/cookie-banner-public/v1/activity/ 0
137 B 212ms
210ms XHR
text/plain 2606:4700:4400::ac40:9a55
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/cookie-banner-public/v1/activity/view
Requested by: Host: js.hs-banner.com
URL: https://js.hs-banner.com/3911692.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9a55 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: application/json

Response headers

timing-allow-origin: *
date: Fri, 03 Jun 2022 00:52:32 GMT
cf-cache-status: DYNAMIC
server: cloudflare
x-hubspot-correlation-id: a7e2bbba-556a-4dad-9922-99bbefbaf91c
x-trace: 2BDB719B69EFA1E21DFE9BFF9B47574A16F0A21BDA000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://www.huntress.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-allow-credentials: true
cf-ray: 71547258dfb48093-NRT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id

GET
H2 200 vendor.90fe6783.js Show response
beacon-v2.helpscout.net/static/js/ 65 KB
23 KB 3ms
3ms Script
application/javascript 13.32.50.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://beacon-v2.helpscout.net/static/js/vendor.90fe6783.js
Requested by: Host: beacon-v2.helpscout.net
URL: https://beacon-v2.helpscout.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.50.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-50-92.nrt57.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 74ad0cc3a8d1b4b067fbe95b5ac82afec11745572d4a1dea9e674ffdaae1f15f

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Fri, 03 Jun 2022 00:40:44 GMT
content-encoding: gzip
last-modified: Thu, 19 May 2022 16:06:16 GMT
server: AmazonS3
age: 709
etag: "3351718f2beb7cf16b8282c044783bd5"
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 2f2cf39e75c120f26131abff835e3548.cloudfront.net (CloudFront)
cache-control: max-age=315360000, s-maxage=7200, public
x-amz-cf-pop: NRT57-C1
accept-ranges: bytes
content-length: 22710
x-amz-cf-id: IIu4KdpuwlN9obJfI1NgfT3BtNkM38z01-StT8SXcxAA45OVDmfTkw==

GET
H2 200 main.e62f983e.js Show response
beacon-v2.helpscout.net/static/js/ 25 KB
10 KB 4ms
3ms Script
application/javascript 13.32.50.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://beacon-v2.helpscout.net/static/js/main.e62f983e.js
Requested by: Host: beacon-v2.helpscout.net
URL: https://beacon-v2.helpscout.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.50.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-50-92.nrt57.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c43b4b8b9145718f73a236c8f9ff27a0d23a92f890b7693a9475dbceaa352cbb

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Fri, 03 Jun 2022 00:39:22 GMT
content-encoding: gzip
last-modified: Fri, 27 May 2022 15:01:08 GMT
server: AmazonS3
age: 4872
etag: "6842ced4bf198216a846bf3dab1f73ac"
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 2f2cf39e75c120f26131abff835e3548.cloudfront.net (CloudFront)
cache-control: max-age=315360000, s-maxage=7200, public
x-amz-cf-pop: NRT57-C1
accept-ranges: bytes
content-length: 9882
x-amz-cf-id: ZQ-vgZ6LUF6Xq9sB3utPmidPTQn4BwBVe5i5yOMqIcawdGp4uwO-gA==

OPTIONS
H2 200 a2ec884d-10aa-4e68-849f-686ccbb0037c
d3hb14vkzrxvla.cloudfront.net/v1/ Frame 0
0 499ms
483ms Preflight 99.84.142.31
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://d3hb14vkzrxvla.cloudfront.net/v1/a2ec884d-10aa-4e68-849f-686ccbb0037c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.84.142.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-84-142-31.nrt57.r.cloudfront.net

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: beacon-device-id,correlationid,helpscout-origin,helpscout-release
Access-Control-Request-Method: GET
Origin: https://www.huntress.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: beacon-device-id, correlationid, helpscout-origin, helpscout-release
access-control-allow-methods: GET
access-control-allow-origin: https://www.huntress.com
allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
content-length: 0
date: Fri, 03 Jun 2022 00:52:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Origin,Access-Control-Request-Method
via: 1.1 2abe7c09e4d4e443ea558b0b94988836.cloudfront.net (CloudFront)
x-amz-cf-id: 8sv8RRGrmiNu1YsyfybbaBjC3N5XNLufpqxWYaPbN8tR3qsLNYP2bw==
x-amz-cf-pop: NRT57-C3
x-cache: Miss from cloudfront
x-ratelimit-limit-attachments-hour: 10
x-ratelimit-limit-chat-tokens-hour: 25
x-ratelimit-limit-conversations-hour: 10
x-ratelimit-limit-general-minute: 60
x-ratelimit-limit-identify-hour: 25
x-ratelimit-remaining-attachments-hour: 10
x-ratelimit-remaining-chat-tokens-hour: 25
x-ratelimit-remaining-conversations-hour: 10
x-ratelimit-remaining-general-minute: 60
x-ratelimit-remaining-identify-hour: 25

GET
H2 404 a2ec884d-10aa-4e68-849f-686ccbb0037c Show response
d3hb14vkzrxvla.cloudfront.net/v1/ 118 B
819 B 188ms
187ms XHR
application/json 99.84.142.31
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://d3hb14vkzrxvla.cloudfront.net/v1/a2ec884d-10aa-4e68-849f-686ccbb0037c

Requested by

Host: beacon-v2.helpscout.net
URL: https://beacon-v2.helpscout.net/static/js/vendor.90fe6783.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.84.142.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-84-142-31.nrt57.r.cloudfront.net

Software

Resource Hash

7cfaad31996f471104f017a77bb7d8cd9d5ef85d83a438a64bd609737fae8de4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

correlationId: 99f0a7db-e2a4-42b9-88c6-1a68a1fe0813
Helpscout-Release: 2.2.13
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Accept: application/json, text/plain, */*
Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Beacon-Device-ID: 0908796e-6692-443d-a853-12d9c15ff227
Helpscout-Origin: Beacon-Embed

Response headers

date: Fri, 03 Jun 2022 00:52:33 GMT
via: 1.1 2abe7c09e4d4e443ea558b0b94988836.cloudfront.net (CloudFront)
x-amz-cf-pop: NRT57-C3
x-ratelimit-remaining-general-minute: 60
x-cache: Error from cloudfront
x-ratelimit-remaining-identify-hour: 25
x-ratelimit-limit-general-minute: 60
x-ratelimit-remaining-conversations-hour: 10
x-ratelimit-limit-identify-hour: 25
x-ratelimit-remaining-chat-tokens-hour: 25
x-ratelimit-limit-conversations-hour: 10
vary: Origin,Access-Control-Request-Method
strict-transport-security: max-age=31536000; includeSubDomains
x-ratelimit-remaining-attachments-hour: 10
access-control-allow-origin: https://www.huntress.com
access-control-expose-headers: Resource-ID
access-control-allow-credentials: true
content-type: application/json
x-amz-cf-id: UKJXI4yt3TtqyfVgzwTJ4lbf4tsezErbm784e5nx06EbqOm9PCyajg==
x-ratelimit-limit-attachments-hour: 10
x-ratelimit-limit-chat-tokens-hour: 25

POST
H2 200 content Show response
ws2.hotjar.com/api/v2/sites/2159185/recordings/ 66 B
260 B 2003ms
779ms XHR
application/json 34.240.97.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ws2.hotjar.com/api/v2/sites/2159185/recordings/content
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.d0961e771164cd91e405.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.240.97.48 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-240-97-48.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 3e0c0826c3a4726a52236c38c457216e7dc6d806e4acfda655afe329a89a6a61

Request headers

Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

date: Fri, 03 Jun 2022 00:52:34 GMT
content-encoding: br
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-cache, no-store
access-control-allow-credentials: true

POST
H2 200 perf Show response
www.huntress.com/_hcms/ 2 B
417 B 216ms
216ms XHR
text/plain 2606:2c40::c73c:671c
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.huntress.com/_hcms/perf
Requested by: Host: www.huntress.com
URL: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-type: application/json

Response headers

cf-ray: 71547269dd230ac8-NRT
date: Fri, 03 Jun 2022 00:52:35 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-hubspot-correlation-id: 49388983-70f1-4641-8b26-5f9ce807f6b6
x-trace: 2B72C0CD2C53E389A52C920CC8F066F13ADE778CB8000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VUe04aW5Ta5BhT6PnZxCWG1C%2BwwVSqiwN%2Bg9r4FfqPuqa8Tu6swwV0o5vvg5LcqoDO0NDRJAn93Bb7EAxuKOSmDohghttoLb7Y06cipq6EqrNnN%2FkNBNQ5xgPm%2FCNr5a2PTI4uqy%2FAfngGix9iM%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
access-control-allow-credentials: false
x-robots-tag: none
content-length: 2

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: s7.addthis.com
URL: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Verdicts & Comments Add Verdict or Comment

187 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

21 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.www.huntress.com/	1969-12-31 23:59:59	Name: __cfruid Value: 39d7ec45d70b2ec24d8ceb945188feec8f902cd6-1654217550
.huntress.com/	1970-01-20 12:17:19	Name: _vwo_uuid_v2 Value: DBEB4C247AC8A596E23C6A8880B16F413\|04e734b7ba926f1b7caa23117f6b44ce
.huntress.com/	1970-01-20 05:54:17	Name: _vis_opt_s Value: 1%7C
.huntress.com/	1969-12-31 23:59:59	Name: _vis_opt_test_cookie Value: 1
.hubspot.com/	1970-01-20 03:30:19	Name: __cf_bm Value: aEzRVB_KfmrY2FdbdXtvz5aDP9JIlQIbi0jjmCAXtwE-1654217550-0-AXGT/y9rIUH6gJIlnEqWpT5159Gock12gejLcXA8iAIiRupGZiFDnKy4ZuGlP6BRH7V+mZcz1npqATjVPtjHHSc=
www.huntress.com/	1970-01-20 12:59:05	Name: __atuvc Value: 1%7C22
www.huntress.com/	1970-01-20 03:30:19	Name: __atuvs Value: 62995b4e766a9aff000
.addthis.com/	1970-01-20 12:59:05	Name: uvc Value: 1%7C22
.huntress.com/	1970-01-20 12:15:53	Name: _hjSessionUser_2159185 Value: eyJpZCI6ImE2YWNlNGQ5LTJiMWItNTkwMy1hZDU1LTI5NWFhNDIzYjA2NyIsImNyZWF0ZWQiOjE2NTQyMTc1NTE5NTAsImV4aXN0aW5nIjpmYWxzZX0=
.huntress.com/	1970-01-20 03:30:19	Name: _hjFirstSeen Value: 1
www.huntress.com/	1970-01-20 03:30:17	Name: _hjIncludedInSessionSample Value: 1
.huntress.com/	1970-01-20 03:30:19	Name: _hjSession_2159185 Value: eyJpZCI6ImYwNGVkMzExLWM4MDctNGUwNi1iYTM4LTRjMTk2ZmEzM2Q0OSIsImNyZWF0ZWQiOjE2NTQyMTc1NTE5NzUsImluU2FtcGxlIjp0cnVlfQ==
www.huntress.com/	1970-01-20 03:30:17	Name: _hjIncludedInPageviewSample Value: 1
.huntress.com/	1970-01-20 03:30:19	Name: _hjAbsoluteSessionInProgress Value: 0
.addthis.com/	1970-01-20 12:51:53	Name: ouid Value: 62995b4f00014c9d7f9319ad6f461a8e3a51c6149b335fc32489
.addthis.com/	1970-01-20 12:51:53	Name: di2 Value: aVR{[#%If#$M`M3qM3pM3oM3nM-tM-sM-_IDfI6y6Hq#1:R#19w
.addthis.com/	1970-01-20 12:51:53	Name: um Value: j.'2022060324523199100046726597'
.addthis.com/	1970-01-20 12:51:53	Name: uid Value: 62995b4f64f5876d
.addthis.com/	1970-01-20 12:51:53	Name: na_id Value: 2022060324523199100046726597
.addthis.com/	1970-01-20 12:51:53	Name: vc Value: 2
.addthis.com/	1970-01-20 12:59:05	Name: loc Value: MDAwMDBBU0pQMTQyMTUzMzE5NTAwMTAwMDBDSA==

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://d3hb14vkzrxvla.cloudfront.net/v1/a2ec884d-10aa-4e68-849f-686ccbb0037c Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

3911692.fs1.hubspotusercontent-na1.net
api.userback.io
app.hubspot.com
beacon-v2.helpscout.net
cdn.jsdelivr.net
cdn2.hubspot.net
cdnjs.cloudflare.com
code.jquery.com
connect.facebook.net
cta-service-cms2.hubspot.com
d3hb14vkzrxvla.cloudfront.net
dev.visualwebsiteoptimizer.com
fonts.googleapis.com
forms.hsforms.com
forms.hubspot.com
in.hotjar.com
js.hs-analytics.net
js.hs-banner.com
js.hsadspixel.net
js.hscollectedforms.net
js.hsleadflows.net
m.addthis.com
no-cache.hubspot.com
perf.hsforms.com
platform.linkedin.com
platform.twitter.com
s7.addthis.com
script.hotjar.com
static.hotjar.com
static.userback.io
syndication.twitter.com
track.hubspot.com
v1.addthisedge.com
vars.hotjar.com
ws2.hotjar.com
www.huntress.com
z.moatads.com
s7.addthis.com
104.244.42.72
13.225.159.33
13.32.50.92
13.33.210.76
143.204.126.66
151.101.108.157
2001:4de0:ac18::1:a:1b
23.44.53.234
23.45.60.123
2404:6800:4004:825::200a
2606:2800:247:5d5f:ace7:192d:5a4b:d3b8
2606:2c40::c73c:671c
2606:4700:4400::ac40:9a55
2606:4700:4400::ac40:9ad8
2606:4700::6810:5605
2606:4700::6810:5714
2606:4700::6810:5805
2606:4700::6811:190e
2606:4700::6811:47b0
2606:4700::6811:70b0
2606:4700::6811:83ab
2606:4700::6811:e6cc
2606:4700::6811:f2cc
2606:4700::6813:9a53
2606:4700::6813:9b53
2a03:2880:f00f:8:face:b00c:0:1
3.219.15.230
34.240.97.48
34.96.102.137
52.19.160.254
99.84.128.100
99.84.142.31
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
11bcaa66e2e5486338bbf15bc2af4136962618bd84574c350c82c501d64f6868
19a26d6046c4fcfe9e3efbc1fb7532f424c6b0b7590b9e193788e30bce8b9836
1f636be67ca5dd2c876b52162f64c68999ec15ac9542a0707082fc1bdb35b726
208a3e1f89faac87d6265ada98bddb6c97c8e3ad8515a49333771cd0fccba8a7
24846a3f194b09919bf75cec2a1d012653257442cea9342c648d618c8bddd844
2cc396bc55397996a318aa9d4302d467c9deca7af71fb809f8da89f317693e36
2cf5fbf0146a6e2e553f3ce52a1ed5a36127f61c739a745a2b9b8a8d0e1e480a
3367498692c5f6cdc662369af915c0c2f13b7f6af9e67a522d2e7fc1b3299364
3e0c0826c3a4726a52236c38c457216e7dc6d806e4acfda655afe329a89a6a61
41a3f1ffe1c2c8ef087dc9a0574ba968422e6bcd9d4baca76eaa533b834bc8b4
46b48c2cb2ba7e9deae742d0ee002166e145e11961de0bee3a58fb2cf59ec58d
4adb21f3fb8f2c89998efab4262933ba3eedf06ca49473157002193cf21a1c78
4aef4bd1350b9113754a42b15fe3eb1414e09d4a110376660ee95d799b3d542a
4c88237efbd80053668d55dfb4f84f10c756d3d69142f801bd440d5ca4c46468
51aacc56d3bbb7ccc9aed3f3281774bd4329939e8c19e5cf9ac96f2ca4e52f13
53557947eac2a467943dff75fae4a77a36bde47bda10a75f03ccfa5167ba6909
548fbd7d6ae9c307f6c00cf6b7f87f83853918ce97f13954e8b9ce3417897734
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5d247e1c2efc38a727967b2f5f9e99b961d0cbe2b0aa1ddcf170bd6933409403
5ddf3bce83b11af6e050f824bb5e154741057fecd0d79b9e26a262755ad58be2
5f24f835fafb7f57cc08914155dfc02e59ac4c233f06c4bfc14e8bf26d64e106
63be16a13fa3622f6851b62878300d9826ad06ab20d7ea95910f8c9727b8fe1d
6a69ee8c3372833b418bb6364b4b3b746900c95bd077be380e9ba121c0f9f1e1
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6affe796f981f272faee073e278d8b29879ed4c7543a2717863e0f8508009230
74ad0cc3a8d1b4b067fbe95b5ac82afec11745572d4a1dea9e674ffdaae1f15f
77f9c86a7751fed6c3160467a7633bc8b88149a2a4b4aec240c63559f37ea78c
7b6bfa13f0778c40bb2a00af9819bea2f07afcb4d071e7e4f436196953a5db4d
7cfaad31996f471104f017a77bb7d8cd9d5ef85d83a438a64bd609737fae8de4
7e44d592889d9f5915ae6254f0a68a71196a5bc2540db9620b81effd976eba5b
7f77149b1beed108b3d3ad88b9170a8a27e1c6eedb0ed30c698492b4586372d3
8309531b6b2107c16edd77efa774374f935a7924a84c7bae72973f19b962e0e5
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8635796c350308ea6419713250a1cae02120881c6cc990f3b0562821201e7266
8d85be67e2f4b7add266bb86a838be3e47bdf9551d1bd7a63a4c222b9cd50f94
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
9374d6c171d32b82502fa4cc8dcf759faeb35119c7bcb6d1482f693278dfc98a
96af1198e5efb6aaa0cc4a654068b4095799d36a1ccdce8f9f6b35d1234e3064
98e15110586a9877906d7a4ada5a789c0deaa285600027e1f3c7e925fb4b05b7
993599eac3e65b09a6fac3bd33ebabdc83fed0cf845bbfceeedcbf931e0698e1
999851e73532bde6fbd02755825dc5fe6db93f9a14c24a509bf388efe3fee8d3
99b339bc73a2fc0d4b5d522d9ea92e14cbcc7fd6d09c01d0468ee8ff3f5d76c7
a08b4400caa63756c56947620874d75d9d5cc728a8e835467950bc1f7a7afe7f
a94c003b3ea5ebb9d0841582df0639914d0ca84c4d3b4a2636747cae34cccfe3
ab43689f857d368e24794db3a32682ac8f39e1502495a6d6804399b9bc004208
acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403
ae12c234365e8bcc6511fedeb8dbf2d7df8ce2f3d32fd2d634abcdb54da91959
b72a7de5ea5adb72b4deb50850995f81c875a8610f8963b7c6621520bd0a7fd8
b783f02f4b04f811eb732aad8f8924e9a6255e56e321c8af469b3a7db82c0bfb
b82164023ffeb63ce744ab4acb2297464d1a8fa4bba966181109ec17f6d9fe9c
b94acb87b2f1cd9ef8c3bdfdb74fcb6b79f2fc4e493567ee15550d9f41c91020
b990552df973348baaa61af6a11d527c465edb14339f38e25d112b2a1a72ab0e
c43b4b8b9145718f73a236c8f9ff27a0d23a92f890b7693a9475dbceaa352cbb
c53ad8789e6d3a8dbd84a6de5ed8d5f22742d194b3d1a60fe60ec53118987c0e
c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e
cf95112a502127623014f195fe42fdf0636238e0f70389b8fc931dab411b6272
d17f3dbf0b86f2099247c1d96e21b11e159db2d76f754218b24519cf918bf7c2
d77743b5e14f7329db6ae2c42c696960a49cda585f29c09035154d78880a49ed
d9cdf9b8cd47c0a17356ff68e2581021800a4c86dd8d71aaf0ad5cfe025b114e
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dccafac57a7fcedce0d95d35007b502104f45b82f43f052159c370258ef13a53
dd6afc5ca21e20fba6c0f8063017e22fcbcf5f94d9ad50db0b5320133f0cfbb4
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5fae83c7b1bc318026072592130f5d8ac977970ad81b79218dd442235a59b6e
eaa894732bc901fc0aba390cd8bf6e8887d5903fb2afc83de091ca60e5505718
f05ac9ba83369cd58d06d8ee2e5f8d61c040d30d044e20752153f95577627dc6
f495e5937d0495eefc0951070a96dc7b10d4d96d7f436afc994f17dbd54cc58b
f7bdf8f9ec125444bedd4c013d5b956636ea5b8407e0b60c991a361f65beab99
f8b8c8146d6359d62410c5da0c4573717f95f8a2e79fcdf1c3ab242a70d10488
f8d46b39818ba85bdaa6d47dbfc8e9fd2b6c18dc78ba5bbe0497958b9208b2dd
fb56af9f7623a55839dfb9cf019b05664a62e1b41671d925f3ed587c506443b5
fd77c41d41a299d224e36572ee84e734bb53f2c56b3babe78619ec413d56d68a
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

www.huntress.com Open in urlscan Pro 2606:2c40::c73c:671c Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

86 Requests

99 %HTTPS

56 %IPv6

25 Domains

37 Subdomains

33 IPs

5 Countries

3113 kBTransfer

6592 kBSize

21 Cookies

25 Outgoing links

Redirected requests

86 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.huntress.com Open in urlscan Pro
2606:2c40::c73c:671c Public Scan

Screenshot
Live screenshot

Full Image

86
Requests

99 %
HTTPS

56 %
IPv6

25
Domains

37
Subdomains

33
IPs

5
Countries

3113 kB
Transfer

6592 kB
Size

21
Cookies

86 HTTP transactions
0 data transactions